Sample viewer

vx.netlux.org/Virus.DOS.Virogen.Offspring.1127

Time	Syscall Op	Syscall Name
2018-12-17T22:57:17.812482251Z	42	PC: 12a76 \| Get date 0x12a76: cmp dl, 9 0x12a79: jne 0x12ab1 0x12a7b: mov ah, 9 0x12a7d: lea dx, word ptr [bp + 0x4eb] 0x12a81: int 0x21 0x12a83: xor ax, ax 0x12a85: mov es, ax 0x12a87: mov dx, 0xaaaa 0x12a8a: mov word ptr es:[0x416], dx 0x12a8f: ror dx, 1 0x12a91: mov cx, 0x101 0x12a94: mov ah, 5 0x12a96: int 0x16 0x12a98: mov ah, 0x10 0x12a9a: int 0x16 0x12a9c: int 5 0x12a9e: mov ax, 0xa07 0x12aa1: xor bh, bh 0x12aa3: mov cx, 1 0x12aa6: int 0x10
2018-12-17T22:57:17.815975258Z	125	PC: 12af0 \| UNKNOWN!
2018-12-17T22:57:17.817207504Z	74	PC: 12ac7 \| Reallocate memory
2018-12-17T22:57:17.818840474Z	75	PC: 12ad4 \| Execute program
2018-12-17T22:57:17.825025061Z	76	PC: 12ad8 \| Terminate with return code (Return code = '5')

Time	Syscall Op	Syscall Name
2018-12-25T12:35:33.576460615Z	42	PC: 12a76 \| Get date 0x12a76: cmp dl, 9 0x12a79: jne 0x12ab1 0x12a7b: mov ah, 9 0x12a7d: lea dx, word ptr [bp + 0x4eb] 0x12a81: int 0x21 0x12a83: xor ax, ax 0x12a85: mov es, ax 0x12a87: mov dx, 0xaaaa 0x12a8a: mov word ptr es:[0x416], dx 0x12a8f: ror dx, 1 0x12a91: mov cx, 0x101 0x12a94: mov ah, 5 0x12a96: int 0x16 0x12a98: mov ah, 0x10 0x12a9a: int 0x16 0x12a9c: int 5 0x12a9e: mov ax, 0xa07 0x12aa1: xor bh, bh 0x12aa3: mov cx, 1 0x12aa6: int 0x10
2018-12-25T12:35:33.579519425Z	125	PC: 12af0 \| UNKNOWN!
2018-12-25T12:35:33.580779364Z	74	PC: 12ac7 \| Reallocate memory
2018-12-25T12:35:33.582372638Z	75	PC: 12ad4 \| Execute program
2018-12-25T12:35:33.587407325Z	76	PC: 12ad8 \| Terminate with return code (Return code = '5')

Time	Syscall Op	Syscall Name
2018-12-25T12:35:33.905284398Z	42	PC: 12a76 \| Get date 0x12a76: cmp dl, 9 0x12a79: jne 0x12ab1 0x12a7b: mov ah, 9 0x12a7d: lea dx, word ptr [bp + 0x4eb] 0x12a81: int 0x21 0x12a83: xor ax, ax 0x12a85: mov es, ax 0x12a87: mov dx, 0xaaaa 0x12a8a: mov word ptr es:[0x416], dx 0x12a8f: ror dx, 1 0x12a91: mov cx, 0x101 0x12a94: mov ah, 5 0x12a96: int 0x16 0x12a98: mov ah, 0x10 0x12a9a: int 0x16 0x12a9c: int 5 0x12a9e: mov ax, 0xa07 0x12aa1: xor bh, bh 0x12aa3: mov cx, 1 0x12aa6: int 0x10
2018-12-25T12:35:33.907520595Z	9	PC: 12a83 \| Display string (String= ' OFFSPRING V0.8')