Sample viewer

vx.netlux.org/Virus.DOS.KOV.Eddy.1326

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:57:59.255017114Z	42	PC: 12ecb \| Get date 0x12ecb: cmp cx, 0x7cb 0x12ecf: jne 0x12ee1 0x12ed1: cmp dh, 4 0x12ed4: jne 0x12ee1 0x12ed6: cmp dl, 0xf 0x12ed9: jb 0x12ee1 0x12edb: mov byte ptr cs:[si + 0x285], 1 0x12ee1: mov al, 0xff 0x12ee3: mov ah, 0xf 0x12ee5: xchg al, ah 0x12ee7: nop 0x12ee8: int 0x21 0x12eea: cmp ax, 0x101 0x12eed: je 0x12f23 0x12eef: mov ax, 0x3521 0x12ef2: nop 0x12ef3: int 0x21 0x12ef5: cmp word ptr es:[0xa], 0x4254 0x12efc: jne 0x12f07 0x12efe: cmp word ptr es:[0xc], 0x5244
2018-12-17T22:57:59.25853701Z	255	PC: 12eea \| UNKNOWN!
2018-12-17T22:57:59.25950168Z	53	PC: 12ef5 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:59.261064794Z	240	PC: 12f21 \| UNKNOWN!
2018-12-17T22:57:59.263443207Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":4,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12735,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:09.461275017Z	42	PC: 12ecb \| Get date 0x12ecb: cmp cx, 0x7cb 0x12ecf: jne 0x12ee1 0x12ed1: cmp dh, 4 0x12ed4: jne 0x12ee1 0x12ed6: cmp dl, 0xf 0x12ed9: jb 0x12ee1 0x12edb: mov byte ptr cs:[si + 0x285], 1 0x12ee1: mov al, 0xff 0x12ee3: mov ah, 0xf 0x12ee5: xchg al, ah 0x12ee7: nop 0x12ee8: int 0x21 0x12eea: cmp ax, 0x101 0x12eed: je 0x12f23 0x12eef: mov ax, 0x3521 0x12ef2: nop 0x12ef3: int 0x21 0x12ef5: cmp word ptr es:[0xa], 0x4254 0x12efc: jne 0x12f07 0x12efe: cmp word ptr es:[0xc], 0x5244
2018-12-25T12:36:09.463794248Z	255	PC: 12eea \| UNKNOWN!
2018-12-25T12:36:09.46459557Z	53	PC: 12ef5 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:09.465783564Z	240	PC: 12f21 \| UNKNOWN!
2018-12-25T12:36:09.467651961Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":15,"Month":4,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12735,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:10.564039544Z	42	PC: 12ecb \| Get date 0x12ecb: cmp cx, 0x7cb 0x12ecf: jne 0x12ee1 0x12ed1: cmp dh, 4 0x12ed4: jne 0x12ee1 0x12ed6: cmp dl, 0xf 0x12ed9: jb 0x12ee1 0x12edb: mov byte ptr cs:[si + 0x285], 1 0x12ee1: mov al, 0xff 0x12ee3: mov ah, 0xf 0x12ee5: xchg al, ah 0x12ee7: nop 0x12ee8: int 0x21 0x12eea: cmp ax, 0x101 0x12eed: je 0x12f23 0x12eef: mov ax, 0x3521 0x12ef2: nop 0x12ef3: int 0x21 0x12ef5: cmp word ptr es:[0xa], 0x4254 0x12efc: jne 0x12f07 0x12efe: cmp word ptr es:[0xc], 0x5244
2018-12-25T12:36:10.566888399Z	255	PC: 12eea \| UNKNOWN!
2018-12-25T12:36:10.569029983Z	53	PC: 12ef5 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:10.570760445Z	240	PC: 12f21 \| UNKNOWN!
2018-12-25T12:36:10.57258373Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12735,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:10.785976086Z	42	PC: 12ecb \| Get date 0x12ecb: cmp cx, 0x7cb 0x12ecf: jne 0x12ee1 0x12ed1: cmp dh, 4 0x12ed4: jne 0x12ee1 0x12ed6: cmp dl, 0xf 0x12ed9: jb 0x12ee1 0x12edb: mov byte ptr cs:[si + 0x285], 1 0x12ee1: mov al, 0xff 0x12ee3: mov ah, 0xf 0x12ee5: xchg al, ah 0x12ee7: nop 0x12ee8: int 0x21 0x12eea: cmp ax, 0x101 0x12eed: je 0x12f23 0x12eef: mov ax, 0x3521 0x12ef2: nop 0x12ef3: int 0x21 0x12ef5: cmp word ptr es:[0xa], 0x4254 0x12efc: jne 0x12f07 0x12efe: cmp word ptr es:[0xc], 0x5244
2018-12-25T12:36:10.788780402Z	255	PC: 12eea \| UNKNOWN!
2018-12-25T12:36:10.789922116Z	53	PC: 12ef5 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:10.791062854Z	240	PC: 12f21 \| UNKNOWN!
2018-12-25T12:36:10.792221874Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12735,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:11.062490142Z	42	PC: 12ecb \| Get date 0x12ecb: cmp cx, 0x7cb 0x12ecf: jne 0x12ee1 0x12ed1: cmp dh, 4 0x12ed4: jne 0x12ee1 0x12ed6: cmp dl, 0xf 0x12ed9: jb 0x12ee1 0x12edb: mov byte ptr cs:[si + 0x285], 1 0x12ee1: mov al, 0xff 0x12ee3: mov ah, 0xf 0x12ee5: xchg al, ah 0x12ee7: nop 0x12ee8: int 0x21 0x12eea: cmp ax, 0x101 0x12eed: je 0x12f23 0x12eef: mov ax, 0x3521 0x12ef2: nop 0x12ef3: int 0x21 0x12ef5: cmp word ptr es:[0xa], 0x4254 0x12efc: jne 0x12f07 0x12efe: cmp word ptr es:[0xc], 0x5244
2018-12-25T12:36:11.065712353Z	255	PC: 12eea \| UNKNOWN!
2018-12-25T12:36:11.066675296Z	53	PC: 12ef5 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:11.068009053Z	240	PC: 12f21 \| UNKNOWN!
2018-12-25T12:36:11.070140326Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')