Sample viewer

vx.netlux.org/Virus.DOS.Corrupted.Eupm.1731

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:55:52.163151712Z	255	PC: 14f09 \| UNKNOWN!
2018-12-17T22:55:52.164976273Z	42	PC: 14f95 \| Get date 0x14f95: cmp cx, 0x7c8 0x14f99: jge 0x14f9e 0x14f9b: jmp 0x14fa6 0x14f9d: nop 0x14f9e: cmp dl, 1 0x14fa1: jne 0x14fa6 0x14fa3: call 0x150e8 0x14fa6: xor ax, ax 0x14fa8: mov es, ax 0x14faa: mov ax, word ptr es:[0x3fc] 0x14fae: mov word ptr cs:[0x53], ax 0x14fb2: mov ax, word ptr es:[0x3fe] 0x14fb6: mov word ptr cs:[0x55], ax 0x14fba: mov word ptr es:[0x3fc], 0xa4f3 0x14fc1: mov word ptr es:[0x3fe], 0xcb 0x14fc8: mov ax, word ptr cs:[1] 0x14fcc: add ax, 0x10 0x14fcf: mov es, ax 0x14fd1: xor di, di 0x14fd3: mov si, 0

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12035,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:52.33507927Z	255	PC: 14f09 \| UNKNOWN!
2018-12-25T12:31:52.336636391Z	42	PC: 14f95 \| Get date 0x14f95: cmp cx, 0x7c8 0x14f99: jge 0x14f9e 0x14f9b: jmp 0x14fa6 0x14f9d: nop 0x14f9e: cmp dl, 1 0x14fa1: jne 0x14fa6 0x14fa3: call 0x150e8 0x14fa6: xor ax, ax 0x14fa8: mov es, ax 0x14faa: mov ax, word ptr es:[0x3fc] 0x14fae: mov word ptr cs:[0x53], ax 0x14fb2: mov ax, word ptr es:[0x3fe] 0x14fb6: mov word ptr cs:[0x55], ax 0x14fba: mov word ptr es:[0x3fc], 0xa4f3 0x14fc1: mov word ptr es:[0x3fe], 0xcb 0x14fc8: mov ax, word ptr cs:[1] 0x14fcc: add ax, 0x10 0x14fcf: mov es, ax 0x14fd1: xor di, di 0x14fd3: mov si, 0

{"DateBased":true,"Day":1,"Month":1,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12035,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:52.345553179Z	255	PC: 14f09 \| UNKNOWN!
2018-12-25T12:31:52.346958743Z	42	PC: 14f95 \| Get date 0x14f95: cmp cx, 0x7c8 0x14f99: jge 0x14f9e 0x14f9b: jmp 0x14fa6 0x14f9d: nop 0x14f9e: cmp dl, 1 0x14fa1: jne 0x14fa6 0x14fa3: call 0x150e8 0x14fa6: xor ax, ax 0x14fa8: mov es, ax 0x14faa: mov ax, word ptr es:[0x3fc] 0x14fae: mov word ptr cs:[0x53], ax 0x14fb2: mov ax, word ptr es:[0x3fe] 0x14fb6: mov word ptr cs:[0x55], ax 0x14fba: mov word ptr es:[0x3fc], 0xa4f3 0x14fc1: mov word ptr es:[0x3fe], 0xcb 0x14fc8: mov ax, word ptr cs:[1] 0x14fcc: add ax, 0x10 0x14fcf: mov es, ax 0x14fd1: xor di, di 0x14fd3: mov si, 0

{"DateBased":true,"Day":2,"Month":1,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12035,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:52.99891642Z	255	PC: 14f09 \| UNKNOWN!
2018-12-25T12:31:53.00142465Z	42	PC: 14f95 \| Get date 0x14f95: cmp cx, 0x7c8 0x14f99: jge 0x14f9e 0x14f9b: jmp 0x14fa6 0x14f9d: nop 0x14f9e: cmp dl, 1 0x14fa1: jne 0x14fa6 0x14fa3: call 0x150e8 0x14fa6: xor ax, ax 0x14fa8: mov es, ax 0x14faa: mov ax, word ptr es:[0x3fc] 0x14fae: mov word ptr cs:[0x53], ax 0x14fb2: mov ax, word ptr es:[0x3fe] 0x14fb6: mov word ptr cs:[0x55], ax 0x14fba: mov word ptr es:[0x3fc], 0xa4f3 0x14fc1: mov word ptr es:[0x3fe], 0xcb 0x14fc8: mov ax, word ptr cs:[1] 0x14fcc: add ax, 0x10 0x14fcf: mov es, ax 0x14fd1: xor di, di 0x14fd3: mov si, 0