Sample viewer

vx.netlux.org/Virus.DOS.CyberTech.1313

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:56:22.0616589Z	42	PC: 12a58 \| Get date 0x12a58: cmp cx, 0x7c9 0x12a5c: ja 0x12a65 0x12a5e: jb 0x12ab4 0x12a60: cmp dh, 0xa 0x12a63: jb 0x12ab4 0x12a65: mov ax, 0xdead 0x12a68: int 0x21 0x12a6a: cmp ax, 0xaaaa 0x12a6d: je 0x12ab4 0x12a6f: mov ax, 0x3521 0x12a72: int 0x21 0x12a74: mov word ptr cs:[bp + 0x86], bx 0x12a79: mov word ptr cs:[bp + 0x88], es 0x12a7e: mov ax, cs 0x12a80: dec ax 0x12a81: mov ds, ax 0x12a83: cmp byte ptr [0], 0x5a 0x12a88: jne 0x12ab4 0x12a8a: mov ax, word ptr [3] 0x12a8d: sub ax, 0xb4
2018-12-17T22:56:22.064531231Z	222	PC: 12a6a \| UNKNOWN!
2018-12-17T22:56:22.082465343Z	53	PC: 12a74 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:56:22.096086194Z	37	PC: 12ab4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12198,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:08.855273492Z	42	PC: 12a58 \| Get date 0x12a58: cmp cx, 0x7c9 0x12a5c: ja 0x12a65 0x12a5e: jb 0x12ab4 0x12a60: cmp dh, 0xa 0x12a63: jb 0x12ab4 0x12a65: mov ax, 0xdead 0x12a68: int 0x21 0x12a6a: cmp ax, 0xaaaa 0x12a6d: je 0x12ab4 0x12a6f: mov ax, 0x3521 0x12a72: int 0x21 0x12a74: mov word ptr cs:[bp + 0x86], bx 0x12a79: mov word ptr cs:[bp + 0x88], es 0x12a7e: mov ax, cs 0x12a80: dec ax 0x12a81: mov ds, ax 0x12a83: cmp byte ptr [0], 0x5a 0x12a88: jne 0x12ab4 0x12a8a: mov ax, word ptr [3] 0x12a8d: sub ax, 0xb4

{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12198,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:08.900684246Z	42	PC: 12a58 \| Get date 0x12a58: cmp cx, 0x7c9 0x12a5c: ja 0x12a65 0x12a5e: jb 0x12ab4 0x12a60: cmp dh, 0xa 0x12a63: jb 0x12ab4 0x12a65: mov ax, 0xdead 0x12a68: int 0x21 0x12a6a: cmp ax, 0xaaaa 0x12a6d: je 0x12ab4 0x12a6f: mov ax, 0x3521 0x12a72: int 0x21 0x12a74: mov word ptr cs:[bp + 0x86], bx 0x12a79: mov word ptr cs:[bp + 0x88], es 0x12a7e: mov ax, cs 0x12a80: dec ax 0x12a81: mov ds, ax 0x12a83: cmp byte ptr [0], 0x5a 0x12a88: jne 0x12ab4 0x12a8a: mov ax, word ptr [3] 0x12a8d: sub ax, 0xb4

{"DateBased":true,"Day":1,"Month":10,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12198,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:09.206252339Z	42	PC: 12a58 \| Get date 0x12a58: cmp cx, 0x7c9 0x12a5c: ja 0x12a65 0x12a5e: jb 0x12ab4 0x12a60: cmp dh, 0xa 0x12a63: jb 0x12ab4 0x12a65: mov ax, 0xdead 0x12a68: int 0x21 0x12a6a: cmp ax, 0xaaaa 0x12a6d: je 0x12ab4 0x12a6f: mov ax, 0x3521 0x12a72: int 0x21 0x12a74: mov word ptr cs:[bp + 0x86], bx 0x12a79: mov word ptr cs:[bp + 0x88], es 0x12a7e: mov ax, cs 0x12a80: dec ax 0x12a81: mov ds, ax 0x12a83: cmp byte ptr [0], 0x5a 0x12a88: jne 0x12ab4 0x12a8a: mov ax, word ptr [3] 0x12a8d: sub ax, 0xb4
2018-12-25T12:32:09.209063852Z	222	PC: 12a6a \| UNKNOWN!
2018-12-25T12:32:09.209935501Z	53	PC: 12a74 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:32:09.211229327Z	37	PC: 12ab4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12198,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:09.542670384Z	42	PC: 12a58 \| Get date 0x12a58: cmp cx, 0x7c9 0x12a5c: ja 0x12a65 0x12a5e: jb 0x12ab4 0x12a60: cmp dh, 0xa 0x12a63: jb 0x12ab4 0x12a65: mov ax, 0xdead 0x12a68: int 0x21 0x12a6a: cmp ax, 0xaaaa 0x12a6d: je 0x12ab4 0x12a6f: mov ax, 0x3521 0x12a72: int 0x21 0x12a74: mov word ptr cs:[bp + 0x86], bx 0x12a79: mov word ptr cs:[bp + 0x88], es 0x12a7e: mov ax, cs 0x12a80: dec ax 0x12a81: mov ds, ax 0x12a83: cmp byte ptr [0], 0x5a 0x12a88: jne 0x12ab4 0x12a8a: mov ax, word ptr [3] 0x12a8d: sub ax, 0xb4
2018-12-25T12:32:09.545708078Z	222	PC: 12a6a \| UNKNOWN!
2018-12-25T12:32:09.546673617Z	53	PC: 12a74 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:32:09.547892991Z	37	PC: 12ab4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12198,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:11.125454636Z	42	PC: 12a58 \| Get date 0x12a58: cmp cx, 0x7c9 0x12a5c: ja 0x12a65 0x12a5e: jb 0x12ab4 0x12a60: cmp dh, 0xa 0x12a63: jb 0x12ab4 0x12a65: mov ax, 0xdead 0x12a68: int 0x21 0x12a6a: cmp ax, 0xaaaa 0x12a6d: je 0x12ab4 0x12a6f: mov ax, 0x3521 0x12a72: int 0x21 0x12a74: mov word ptr cs:[bp + 0x86], bx 0x12a79: mov word ptr cs:[bp + 0x88], es 0x12a7e: mov ax, cs 0x12a80: dec ax 0x12a81: mov ds, ax 0x12a83: cmp byte ptr [0], 0x5a 0x12a88: jne 0x12ab4 0x12a8a: mov ax, word ptr [3] 0x12a8d: sub ax, 0xb4

{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12198,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:11.200141828Z	42	PC: 12a58 \| Get date 0x12a58: cmp cx, 0x7c9 0x12a5c: ja 0x12a65 0x12a5e: jb 0x12ab4 0x12a60: cmp dh, 0xa 0x12a63: jb 0x12ab4 0x12a65: mov ax, 0xdead 0x12a68: int 0x21 0x12a6a: cmp ax, 0xaaaa 0x12a6d: je 0x12ab4 0x12a6f: mov ax, 0x3521 0x12a72: int 0x21 0x12a74: mov word ptr cs:[bp + 0x86], bx 0x12a79: mov word ptr cs:[bp + 0x88], es 0x12a7e: mov ax, cs 0x12a80: dec ax 0x12a81: mov ds, ax 0x12a83: cmp byte ptr [0], 0x5a 0x12a88: jne 0x12ab4 0x12a8a: mov ax, word ptr [3] 0x12a8d: sub ax, 0xb4

{"DateBased":true,"Day":1,"Month":10,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12198,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:11.262743828Z	42	PC: 12a58 \| Get date 0x12a58: cmp cx, 0x7c9 0x12a5c: ja 0x12a65 0x12a5e: jb 0x12ab4 0x12a60: cmp dh, 0xa 0x12a63: jb 0x12ab4 0x12a65: mov ax, 0xdead 0x12a68: int 0x21 0x12a6a: cmp ax, 0xaaaa 0x12a6d: je 0x12ab4 0x12a6f: mov ax, 0x3521 0x12a72: int 0x21 0x12a74: mov word ptr cs:[bp + 0x86], bx 0x12a79: mov word ptr cs:[bp + 0x88], es 0x12a7e: mov ax, cs 0x12a80: dec ax 0x12a81: mov ds, ax 0x12a83: cmp byte ptr [0], 0x5a 0x12a88: jne 0x12ab4 0x12a8a: mov ax, word ptr [3] 0x12a8d: sub ax, 0xb4
2018-12-25T12:32:11.266194448Z	222	PC: 12a6a \| UNKNOWN!
2018-12-25T12:32:11.267323134Z	53	PC: 12a74 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:32:11.268932997Z	37	PC: 12ab4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12198,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:13.304990469Z	42	PC: 12a58 \| Get date 0x12a58: cmp cx, 0x7c9 0x12a5c: ja 0x12a65 0x12a5e: jb 0x12ab4 0x12a60: cmp dh, 0xa 0x12a63: jb 0x12ab4 0x12a65: mov ax, 0xdead 0x12a68: int 0x21 0x12a6a: cmp ax, 0xaaaa 0x12a6d: je 0x12ab4 0x12a6f: mov ax, 0x3521 0x12a72: int 0x21 0x12a74: mov word ptr cs:[bp + 0x86], bx 0x12a79: mov word ptr cs:[bp + 0x88], es 0x12a7e: mov ax, cs 0x12a80: dec ax 0x12a81: mov ds, ax 0x12a83: cmp byte ptr [0], 0x5a 0x12a88: jne 0x12ab4 0x12a8a: mov ax, word ptr [3] 0x12a8d: sub ax, 0xb4
2018-12-25T12:32:13.30817855Z	222	PC: 12a6a \| UNKNOWN!
2018-12-25T12:32:13.309062635Z	53	PC: 12a74 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:32:13.310376998Z	37	PC: 12ab4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')