Sample viewer

vx.netlux.org/Virus.DOS.CivilWar.Ratboy.545

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:52:41.337964306Z	42	PC: 12ad6 \| Get date 0x12ad6: cmp al, 0 0x12ad8: jne 0x12adf 0x12ada: cmp dl, 0xf 0x12add: jae 0x12b03 0x12adf: mov cx, 5 0x12ae2: mov di, 0x100 0x12ae5: lea si, word ptr [bp + 0x2f1] 0x12ae9: rep movsb byte ptr es:[di], byte ptr [si] 0x12aeb: mov ah, 0x19 0x12aed: int 0x21 0x12aef: cmp al, 2 0x12af1: jae 0x12af6 0x12af3: jmp 0x12bc4 0x12af6: mov ah, 0x1a 0x12af8: lea dx, word ptr [bp + 0x326] 0x12afc: int 0x21 0x12afe: mov ah, 0x4e 0x12b00: jmp 0x12b06 0x12b02: nop 0x12b03: jmp 0x12bb0
2018-12-17T22:52:41.341249357Z	25	PC: 12aef \| Get default drive
2018-12-17T22:52:41.343720088Z	26	PC: 12bcb \| Set disk transfer address
2018-12-17T22:52:41.345380637Z	9	PC: 12a47 \| Display string (String= ' /\---/\ ( . . ) \ / \ / \*/ # RaT-BoY Bait File')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10976,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:44.412801269Z	42	PC: 12ad6 \| Get date 0x12ad6: cmp al, 0 0x12ad8: jne 0x12adf 0x12ada: cmp dl, 0xf 0x12add: jae 0x12b03 0x12adf: mov cx, 5 0x12ae2: mov di, 0x100 0x12ae5: lea si, word ptr [bp + 0x2f1] 0x12ae9: rep movsb byte ptr es:[di], byte ptr [si] 0x12aeb: mov ah, 0x19 0x12aed: int 0x21 0x12aef: cmp al, 2 0x12af1: jae 0x12af6 0x12af3: jmp 0x12bc4 0x12af6: mov ah, 0x1a 0x12af8: lea dx, word ptr [bp + 0x326] 0x12afc: int 0x21 0x12afe: mov ah, 0x4e 0x12b00: jmp 0x12b06 0x12b02: nop 0x12b03: jmp 0x12bb0
2018-12-25T12:29:44.415336856Z	25	PC: 12aef \| Get default drive
2018-12-25T12:29:44.416256688Z	26	PC: 12bcb \| Set disk transfer address
2018-12-25T12:29:44.417302218Z	9	PC: 12a47 \| Display string (String= ' /\---/\ ( . . ) \ / \ / \*/ # RaT-BoY Bait File')

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10976,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:44.448367676Z	42	PC: 12ad6 \| Get date 0x12ad6: cmp al, 0 0x12ad8: jne 0x12adf 0x12ada: cmp dl, 0xf 0x12add: jae 0x12b03 0x12adf: mov cx, 5 0x12ae2: mov di, 0x100 0x12ae5: lea si, word ptr [bp + 0x2f1] 0x12ae9: rep movsb byte ptr es:[di], byte ptr [si] 0x12aeb: mov ah, 0x19 0x12aed: int 0x21 0x12aef: cmp al, 2 0x12af1: jae 0x12af6 0x12af3: jmp 0x12bc4 0x12af6: mov ah, 0x1a 0x12af8: lea dx, word ptr [bp + 0x326] 0x12afc: int 0x21 0x12afe: mov ah, 0x4e 0x12b00: jmp 0x12b06 0x12b02: nop 0x12b03: jmp 0x12bb0
2018-12-25T12:29:44.45065824Z	25	PC: 12aef \| Get default drive
2018-12-25T12:29:44.451854393Z	26	PC: 12bcb \| Set disk transfer address
2018-12-25T12:29:44.453343801Z	9	PC: 12a47 \| Display string (String= ' /\---/\ ( . . ) \ / \ / \*/ # RaT-BoY Bait File')

{"DateBased":true,"Day":20,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10976,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T13:07:18.276077427Z	42	PC: 12ad6 \| Get date 0x12ad6: cmp al, 0 0x12ad8: jne 0x12adf 0x12ada: cmp dl, 0xf 0x12add: jae 0x12b03 0x12adf: mov cx, 5 0x12ae2: mov di, 0x100 0x12ae5: lea si, word ptr [bp + 0x2f1] 0x12ae9: rep movsb byte ptr es:[di], byte ptr [si] 0x12aeb: mov ah, 0x19 0x12aed: int 0x21 0x12aef: cmp al, 2 0x12af1: jae 0x12af6 0x12af3: jmp 0x12bc4 0x12af6: mov ah, 0x1a 0x12af8: lea dx, word ptr [bp + 0x326] 0x12afc: int 0x21 0x12afe: mov ah, 0x4e 0x12b00: jmp 0x12b06 0x12b02: nop 0x12b03: jmp 0x12bb0