Sample viewer

vx.netlux.org/Virus.DOS.Close.656

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:54:38.781018899Z	42	PC: 12c4e \| Get date 0x12c4e: cmp dh, 2 0x12c51: jb 0x12c68 0x12c53: cmp dh, 5 0x12c56: ja 0x12c68 0x12c58: cmp al, 4 0x12c5a: jb 0x12c68 0x12c5c: mov byte ptr es:[0x2b6], 0xee 0x12c62: mov byte ptr es:[0x2b7], 0 0x12c68: sub ax, ax 0x12c6a: sub dx, dx 0x12c6c: pop cx 0x12c6d: ret 0x12c6e: cmp ah, 0x4b 0x12c71: jne 0x12cba 0x12c73: cmp byte ptr cs:[0x2b6], 0xee 0x12c79: jne 0x12c8b 0x12c7b: inc byte ptr cs:[0x2b7] 0x12c80: cmp byte ptr cs:[0x2b7], 5 0x12c86: jne 0x12c8b 0x12c88: call 0x22ae2
2018-12-17T22:54:38.783813858Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11623,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:56.309643579Z	42	PC: 12c4e \| Get date 0x12c4e: cmp dh, 2 0x12c51: jb 0x12c68 0x12c53: cmp dh, 5 0x12c56: ja 0x12c68 0x12c58: cmp al, 4 0x12c5a: jb 0x12c68 0x12c5c: mov byte ptr es:[0x2b6], 0xee 0x12c62: mov byte ptr es:[0x2b7], 0 0x12c68: sub ax, ax 0x12c6a: sub dx, dx 0x12c6c: pop cx 0x12c6d: ret 0x12c6e: cmp ah, 0x4b 0x12c71: jne 0x12cba 0x12c73: cmp byte ptr cs:[0x2b6], 0xee 0x12c79: jne 0x12c8b 0x12c7b: inc byte ptr cs:[0x2b7] 0x12c80: cmp byte ptr cs:[0x2b7], 5 0x12c86: jne 0x12c8b 0x12c88: call 0x22ae2
2018-12-25T12:30:56.313327726Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11623,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:56.443146668Z	42	PC: 12c4e \| Get date 0x12c4e: cmp dh, 2 0x12c51: jb 0x12c68 0x12c53: cmp dh, 5 0x12c56: ja 0x12c68 0x12c58: cmp al, 4 0x12c5a: jb 0x12c68 0x12c5c: mov byte ptr es:[0x2b6], 0xee 0x12c62: mov byte ptr es:[0x2b7], 0 0x12c68: sub ax, ax 0x12c6a: sub dx, dx 0x12c6c: pop cx 0x12c6d: ret 0x12c6e: cmp ah, 0x4b 0x12c71: jne 0x12cba 0x12c73: cmp byte ptr cs:[0x2b6], 0xee 0x12c79: jne 0x12c8b 0x12c7b: inc byte ptr cs:[0x2b7] 0x12c80: cmp byte ptr cs:[0x2b7], 5 0x12c86: jne 0x12c8b 0x12c88: call 0x22ae2
2018-12-25T12:30:56.445754317Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11623,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:56.873171272Z	42	PC: 12c4e \| Get date 0x12c4e: cmp dh, 2 0x12c51: jb 0x12c68 0x12c53: cmp dh, 5 0x12c56: ja 0x12c68 0x12c58: cmp al, 4 0x12c5a: jb 0x12c68 0x12c5c: mov byte ptr es:[0x2b6], 0xee 0x12c62: mov byte ptr es:[0x2b7], 0 0x12c68: sub ax, ax 0x12c6a: sub dx, dx 0x12c6c: pop cx 0x12c6d: ret 0x12c6e: cmp ah, 0x4b 0x12c71: jne 0x12cba 0x12c73: cmp byte ptr cs:[0x2b6], 0xee 0x12c79: jne 0x12c8b 0x12c7b: inc byte ptr cs:[0x2b7] 0x12c80: cmp byte ptr cs:[0x2b7], 5 0x12c86: jne 0x12c8b 0x12c88: call 0x22ae2
2018-12-25T12:30:56.876233535Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":3,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11623,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:56.857383938Z	42	PC: 12c4e \| Get date 0x12c4e: cmp dh, 2 0x12c51: jb 0x12c68 0x12c53: cmp dh, 5 0x12c56: ja 0x12c68 0x12c58: cmp al, 4 0x12c5a: jb 0x12c68 0x12c5c: mov byte ptr es:[0x2b6], 0xee 0x12c62: mov byte ptr es:[0x2b7], 0 0x12c68: sub ax, ax 0x12c6a: sub dx, dx 0x12c6c: pop cx 0x12c6d: ret 0x12c6e: cmp ah, 0x4b 0x12c71: jne 0x12cba 0x12c73: cmp byte ptr cs:[0x2b6], 0xee 0x12c79: jne 0x12c8b 0x12c7b: inc byte ptr cs:[0x2b7] 0x12c80: cmp byte ptr cs:[0x2b7], 5 0x12c86: jne 0x12c8b 0x12c88: call 0x22ae2
2018-12-25T12:30:56.874857182Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')