Sample viewer

vx.netlux.org/Virus.DOS.A&A.506.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:56:22.024267904Z 42 PC: 12aa4 | Get date 0x12aa4: cmp dh, 0xb
0x12aa7: jae 0x12acc
0x12aa9: cmp dh, 1
0x12aac: je 0x12acc
0x12aae: mov ax, word ptr es:[0xa0]
0x12ab2: mov word ptr es:[0x320], ax
0x12ab6: mov ax, word ptr es:[0xa2]
0x12aba: mov word ptr es:[0x322], ax
0x12abe: mov word ptr es:[0xa0], 0x2d2
0x12ac5: mov word ptr es:[0xa2], 0
0x12acc: push ds
0x12acd: pop es
0x12ace: ljmp 0:0x288
0x12ad3: call 0x224d9
0x12ad6: add word ptr [bp + di + 0x41], di
0x12ad9: inc cx
0x12adb: jge 0x12a9c
0x12add: add byte ptr [bx + di], al
0x12adf: add si, 0x100
0x12ae3: push es

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12197,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:32:06.735694389Z 42 PC: 12aa4 | Get date 0x12aa4: cmp dh, 0xb
0x12aa7: jae 0x12acc
0x12aa9: cmp dh, 1
0x12aac: je 0x12acc
0x12aae: mov ax, word ptr es:[0xa0]
0x12ab2: mov word ptr es:[0x320], ax
0x12ab6: mov ax, word ptr es:[0xa2]
0x12aba: mov word ptr es:[0x322], ax
0x12abe: mov word ptr es:[0xa0], 0x2d2
0x12ac5: mov word ptr es:[0xa2], 0
0x12acc: push ds
0x12acd: pop es
0x12ace: ljmp 0:0x288
0x12ad3: call 0x224d9
0x12ad6: add word ptr [bp + di + 0x41], di
0x12ad9: inc cx
0x12adb: jge 0x12a9c
0x12add: add byte ptr [bx + di], al
0x12adf: add si, 0x100
0x12ae3: push es

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12197,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:32:08.526196163Z 42 PC: 12aa4 | Get date 0x12aa4: cmp dh, 0xb
0x12aa7: jae 0x12acc
0x12aa9: cmp dh, 1
0x12aac: je 0x12acc
0x12aae: mov ax, word ptr es:[0xa0]
0x12ab2: mov word ptr es:[0x320], ax
0x12ab6: mov ax, word ptr es:[0xa2]
0x12aba: mov word ptr es:[0x322], ax
0x12abe: mov word ptr es:[0xa0], 0x2d2
0x12ac5: mov word ptr es:[0xa2], 0
0x12acc: push ds
0x12acd: pop es
0x12ace: ljmp 0:0x288
0x12ad3: call 0x224d9
0x12ad6: add word ptr [bp + di + 0x41], di
0x12ad9: inc cx
0x12adb: jge 0x12a9c
0x12add: add byte ptr [bx + di], al
0x12adf: add si, 0x100
0x12ae3: push es