Sample viewer

vx.netlux.org/Virus.DOS.Geliyor.1356

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:54:37.805240504Z	75	PC: 12c76 \| Execute program
2018-12-17T22:54:37.808004174Z	42	PC: 12fb4 \| Get date 0x12fb4: cmp cx, 0x7ca 0x12fb8: ja 0x12fbf 0x12fba: je 0x12fdf 0x12fbc: jmp 0x13163 0x12fbf: cmp dh, 5 0x12fc2: jae 0x12fe9 0x12fc4: add dh, 6 0x12fc7: shl dh, 1 0x12fc9: mov al, dh 0x12fcb: cwde 0x12fcc: lea si, word ptr [bx + 0x3cd] 0x12fd0: add si, ax 0x12fd2: mov si, word ptr [si] 0x12fd4: or si, si 0x12fd6: je 0x12fbc 0x12fd8: add si, bx 0x12fda: call 0x130ea 0x12fdd: jmp 0x12fbc 0x12fdf: cmp dh, 6 0x12fe2: jb 0x12fbc
2018-12-17T22:54:37.811154163Z	53	PC: 12cde \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:37.812982557Z	37	PC: 12d19 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:37.815082633Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-17T22:54:37.821879541Z	76	PC: 12c28 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11619,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:55.18028234Z	75	PC: 12c76 \| Execute program
2018-12-25T12:30:55.188915875Z	42	PC: 12fb4 \| Get date 0x12fb4: cmp cx, 0x7ca 0x12fb8: ja 0x12fbf 0x12fba: je 0x12fdf 0x12fbc: jmp 0x13163 0x12fbf: cmp dh, 5 0x12fc2: jae 0x12fe9 0x12fc4: add dh, 6 0x12fc7: shl dh, 1 0x12fc9: mov al, dh 0x12fcb: cwde 0x12fcc: lea si, word ptr [bx + 0x3cd] 0x12fd0: add si, ax 0x12fd2: mov si, word ptr [si] 0x12fd4: or si, si 0x12fd6: je 0x12fbc 0x12fd8: add si, bx 0x12fda: call 0x130ea 0x12fdd: jmp 0x12fbc 0x12fdf: cmp dh, 6 0x12fe2: jb 0x12fbc
2018-12-25T12:30:55.191634369Z	53	PC: 12cde \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:55.193167507Z	37	PC: 12d19 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:55.19520795Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-25T12:30:55.201445879Z	76	PC: 12c28 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":6,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11619,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:55.479457972Z	75	PC: 12c76 \| Execute program
2018-12-25T12:30:55.481586601Z	42	PC: 12fb4 \| Get date 0x12fb4: cmp cx, 0x7ca 0x12fb8: ja 0x12fbf 0x12fba: je 0x12fdf 0x12fbc: jmp 0x13163 0x12fbf: cmp dh, 5 0x12fc2: jae 0x12fe9 0x12fc4: add dh, 6 0x12fc7: shl dh, 1 0x12fc9: mov al, dh 0x12fcb: cwde 0x12fcc: lea si, word ptr [bx + 0x3cd] 0x12fd0: add si, ax 0x12fd2: mov si, word ptr [si] 0x12fd4: or si, si 0x12fd6: je 0x12fbc 0x12fd8: add si, bx 0x12fda: call 0x130ea 0x12fdd: jmp 0x12fbc 0x12fdf: cmp dh, 6 0x12fe2: jb 0x12fbc
2018-12-25T12:30:55.484143332Z	53	PC: 12cde \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:55.485434049Z	37	PC: 12d19 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:55.487230187Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-25T12:30:55.492729139Z	76	PC: 12c28 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11619,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:55.571801255Z	75	PC: 12c76 \| Execute program
2018-12-25T12:30:55.575555512Z	42	PC: 12fb4 \| Get date 0x12fb4: cmp cx, 0x7ca 0x12fb8: ja 0x12fbf 0x12fba: je 0x12fdf 0x12fbc: jmp 0x13163 0x12fbf: cmp dh, 5 0x12fc2: jae 0x12fe9 0x12fc4: add dh, 6 0x12fc7: shl dh, 1 0x12fc9: mov al, dh 0x12fcb: cwde 0x12fcc: lea si, word ptr [bx + 0x3cd] 0x12fd0: add si, ax 0x12fd2: mov si, word ptr [si] 0x12fd4: or si, si 0x12fd6: je 0x12fbc 0x12fd8: add si, bx 0x12fda: call 0x130ea 0x12fdd: jmp 0x12fbc 0x12fdf: cmp dh, 6 0x12fe2: jb 0x12fbc
2018-12-25T12:30:55.578254929Z	53	PC: 12cde \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:55.57987768Z	37	PC: 12d19 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:55.581731822Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-25T12:30:55.589247642Z	76	PC: 12c28 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11619,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:55.977357975Z	75	PC: 12c76 \| Execute program
2018-12-25T12:30:55.980106206Z	42	PC: 12fb4 \| Get date 0x12fb4: cmp cx, 0x7ca 0x12fb8: ja 0x12fbf 0x12fba: je 0x12fdf 0x12fbc: jmp 0x13163 0x12fbf: cmp dh, 5 0x12fc2: jae 0x12fe9 0x12fc4: add dh, 6 0x12fc7: shl dh, 1 0x12fc9: mov al, dh 0x12fcb: cwde 0x12fcc: lea si, word ptr [bx + 0x3cd] 0x12fd0: add si, ax 0x12fd2: mov si, word ptr [si] 0x12fd4: or si, si 0x12fd6: je 0x12fbc 0x12fd8: add si, bx 0x12fda: call 0x130ea 0x12fdd: jmp 0x12fbc 0x12fdf: cmp dh, 6 0x12fe2: jb 0x12fbc
2018-12-25T12:30:55.982437545Z	53	PC: 12cde \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:55.984051709Z	37	PC: 12d19 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:55.986241971Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-25T12:30:55.992748006Z	76	PC: 12c28 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":6,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11619,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:56.15717913Z	75	PC: 12c76 \| Execute program
2018-12-25T12:30:56.15946512Z	42	PC: 12fb4 \| Get date 0x12fb4: cmp cx, 0x7ca 0x12fb8: ja 0x12fbf 0x12fba: je 0x12fdf 0x12fbc: jmp 0x13163 0x12fbf: cmp dh, 5 0x12fc2: jae 0x12fe9 0x12fc4: add dh, 6 0x12fc7: shl dh, 1 0x12fc9: mov al, dh 0x12fcb: cwde 0x12fcc: lea si, word ptr [bx + 0x3cd] 0x12fd0: add si, ax 0x12fd2: mov si, word ptr [si] 0x12fd4: or si, si 0x12fd6: je 0x12fbc 0x12fd8: add si, bx 0x12fda: call 0x130ea 0x12fdd: jmp 0x12fbc 0x12fdf: cmp dh, 6 0x12fe2: jb 0x12fbc
2018-12-25T12:30:56.162191796Z	53	PC: 12cde \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:56.163842018Z	37	PC: 12d19 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:56.165747269Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-25T12:30:56.171796499Z	76	PC: 12c28 \| Terminate with return code (Return code = '0')