Sample viewer

vx.netlux.org/Virus.DOS.Virogen.1673

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:59:14.804558494Z	42	PC: 135ad \| Get date 0x135ad: cmp dl, 2 0x135b0: jne 0x135e8 0x135b2: mov ah, 9 0x135b4: lea dx, word ptr [bp + 0x6af] 0x135b8: int 0x21 0x135ba: xor ax, ax 0x135bc: mov es, ax 0x135be: mov dx, 0xaaaa 0x135c1: mov word ptr es:[0x416], dx 0x135c6: ror dx, 1 0x135c8: mov cx, 0x101 0x135cb: mov ah, 5 0x135cd: int 0x16 0x135cf: mov ah, 0x10 0x135d1: int 0x16 0x135d3: int 5 0x135d5: mov ax, 0xa07 0x135d8: xor bh, bh 0x135da: mov cx, 1 0x135dd: int 0x10
2018-12-17T22:59:14.807411742Z	127	PC: 135ec \| UNKNOWN!
2018-12-17T22:59:14.808835206Z	42	PC: 12eee \| Get date 0x12eee: cmp dl, 2 0x12ef1: jne 0x12f29 0x12ef3: mov ah, 9 0x12ef5: lea dx, word ptr [bp + 0x6af] 0x12ef9: int 0x21 0x12efb: xor ax, ax 0x12efd: mov es, ax 0x12eff: mov dx, 0xaaaa 0x12f02: mov word ptr es:[0x416], dx 0x12f07: ror dx, 1 0x12f09: mov cx, 0x101 0x12f0c: mov ah, 5 0x12f0e: int 0x16 0x12f10: mov ah, 0x10 0x12f12: int 0x16 0x12f14: int 5 0x12f16: mov ax, 0xa07 0x12f19: xor bh, bh 0x12f1b: mov cx, 1 0x12f1e: int 0x10
2018-12-17T22:59:14.810858154Z	250	PC: 12f2d \| UNKNOWN!
2018-12-17T22:59:14.812100462Z	74	PC: 12fa0 \| Reallocate memory
2018-12-17T22:59:14.813463136Z	75	PC: 12faf \| Execute program
2018-12-17T22:59:14.818035006Z	76	PC: 12fb3 \| Terminate with return code (Return code = '5')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13141,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:37.009139261Z	42	PC: 135ad \| Get date 0x135ad: cmp dl, 2 0x135b0: jne 0x135e8 0x135b2: mov ah, 9 0x135b4: lea dx, word ptr [bp + 0x6af] 0x135b8: int 0x21 0x135ba: xor ax, ax 0x135bc: mov es, ax 0x135be: mov dx, 0xaaaa 0x135c1: mov word ptr es:[0x416], dx 0x135c6: ror dx, 1 0x135c8: mov cx, 0x101 0x135cb: mov ah, 5 0x135cd: int 0x16 0x135cf: mov ah, 0x10 0x135d1: int 0x16 0x135d3: int 5 0x135d5: mov ax, 0xa07 0x135d8: xor bh, bh 0x135da: mov cx, 1 0x135dd: int 0x10
2018-12-25T12:37:37.012212439Z	127	PC: 135ec \| UNKNOWN!
2018-12-25T12:37:37.013453524Z	42	PC: 12eee \| Get date 0x12eee: cmp dl, 2 0x12ef1: jne 0x12f29 0x12ef3: mov ah, 9 0x12ef5: lea dx, word ptr [bp + 0x6af] 0x12ef9: int 0x21 0x12efb: xor ax, ax 0x12efd: mov es, ax 0x12eff: mov dx, 0xaaaa 0x12f02: mov word ptr es:[0x416], dx 0x12f07: ror dx, 1 0x12f09: mov cx, 0x101 0x12f0c: mov ah, 5 0x12f0e: int 0x16 0x12f10: mov ah, 0x10 0x12f12: int 0x16 0x12f14: int 5 0x12f16: mov ax, 0xa07 0x12f19: xor bh, bh 0x12f1b: mov cx, 1 0x12f1e: int 0x10
2018-12-25T12:37:37.015271384Z	250	PC: 12f2d \| UNKNOWN!
2018-12-25T12:37:37.01615048Z	74	PC: 12fa0 \| Reallocate memory
2018-12-25T12:37:37.017617361Z	75	PC: 12faf \| Execute program
2018-12-25T12:37:37.022592265Z	76	PC: 12fb3 \| Terminate with return code (Return code = '5')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13141,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:37.016316263Z	42	PC: 135ad \| Get date 0x135ad: cmp dl, 2 0x135b0: jne 0x135e8 0x135b2: mov ah, 9 0x135b4: lea dx, word ptr [bp + 0x6af] 0x135b8: int 0x21 0x135ba: xor ax, ax 0x135bc: mov es, ax 0x135be: mov dx, 0xaaaa 0x135c1: mov word ptr es:[0x416], dx 0x135c6: ror dx, 1 0x135c8: mov cx, 0x101 0x135cb: mov ah, 5 0x135cd: int 0x16 0x135cf: mov ah, 0x10 0x135d1: int 0x16 0x135d3: int 5 0x135d5: mov ax, 0xa07 0x135d8: xor bh, bh 0x135da: mov cx, 1 0x135dd: int 0x10
2018-12-25T12:37:37.019085495Z	9	PC: 135ba \| Display string (String= ' ASeXual Virus V0.99 - Your computer has been artificially Phucked!')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13141,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:37.114609282Z	42	PC: 135ad \| Get date 0x135ad: cmp dl, 2 0x135b0: jne 0x135e8 0x135b2: mov ah, 9 0x135b4: lea dx, word ptr [bp + 0x6af] 0x135b8: int 0x21 0x135ba: xor ax, ax 0x135bc: mov es, ax 0x135be: mov dx, 0xaaaa 0x135c1: mov word ptr es:[0x416], dx 0x135c6: ror dx, 1 0x135c8: mov cx, 0x101 0x135cb: mov ah, 5 0x135cd: int 0x16 0x135cf: mov ah, 0x10 0x135d1: int 0x16 0x135d3: int 5 0x135d5: mov ax, 0xa07 0x135d8: xor bh, bh 0x135da: mov cx, 1 0x135dd: int 0x10
2018-12-25T12:37:37.116766718Z	9	PC: 135ba \| Display string (String= ' ASeXual Virus V0.99 - Your computer has been artificially Phucked!')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13141,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:37.276004384Z	42	PC: 135ad \| Get date 0x135ad: cmp dl, 2 0x135b0: jne 0x135e8 0x135b2: mov ah, 9 0x135b4: lea dx, word ptr [bp + 0x6af] 0x135b8: int 0x21 0x135ba: xor ax, ax 0x135bc: mov es, ax 0x135be: mov dx, 0xaaaa 0x135c1: mov word ptr es:[0x416], dx 0x135c6: ror dx, 1 0x135c8: mov cx, 0x101 0x135cb: mov ah, 5 0x135cd: int 0x16 0x135cf: mov ah, 0x10 0x135d1: int 0x16 0x135d3: int 5 0x135d5: mov ax, 0xa07 0x135d8: xor bh, bh 0x135da: mov cx, 1 0x135dd: int 0x10
2018-12-25T12:37:37.278836641Z	127	PC: 135ec \| UNKNOWN!
2018-12-25T12:37:37.279948523Z	42	PC: 12eee \| Get date 0x12eee: cmp dl, 2 0x12ef1: jne 0x12f29 0x12ef3: mov ah, 9 0x12ef5: lea dx, word ptr [bp + 0x6af] 0x12ef9: int 0x21 0x12efb: xor ax, ax 0x12efd: mov es, ax 0x12eff: mov dx, 0xaaaa 0x12f02: mov word ptr es:[0x416], dx 0x12f07: ror dx, 1 0x12f09: mov cx, 0x101 0x12f0c: mov ah, 5 0x12f0e: int 0x16 0x12f10: mov ah, 0x10 0x12f12: int 0x16 0x12f14: int 5 0x12f16: mov ax, 0xa07 0x12f19: xor bh, bh 0x12f1b: mov cx, 1 0x12f1e: int 0x10
2018-12-25T12:37:37.282253877Z	250	PC: 12f2d \| UNKNOWN!
2018-12-25T12:37:37.283599819Z	74	PC: 12fa0 \| Reallocate memory
2018-12-25T12:37:37.285059379Z	75	PC: 12faf \| Execute program
2018-12-25T12:37:37.290140378Z	76	PC: 12fb3 \| Terminate with return code (Return code = '5')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13141,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:37.358073602Z	42	PC: 135ad \| Get date 0x135ad: cmp dl, 2 0x135b0: jne 0x135e8 0x135b2: mov ah, 9 0x135b4: lea dx, word ptr [bp + 0x6af] 0x135b8: int 0x21 0x135ba: xor ax, ax 0x135bc: mov es, ax 0x135be: mov dx, 0xaaaa 0x135c1: mov word ptr es:[0x416], dx 0x135c6: ror dx, 1 0x135c8: mov cx, 0x101 0x135cb: mov ah, 5 0x135cd: int 0x16 0x135cf: mov ah, 0x10 0x135d1: int 0x16 0x135d3: int 5 0x135d5: mov ax, 0xa07 0x135d8: xor bh, bh 0x135da: mov cx, 1 0x135dd: int 0x10
2018-12-25T12:37:37.360420143Z	127	PC: 135ec \| UNKNOWN!
2018-12-25T12:37:37.361240899Z	42	PC: 12eee \| Get date 0x12eee: cmp dl, 2 0x12ef1: jne 0x12f29 0x12ef3: mov ah, 9 0x12ef5: lea dx, word ptr [bp + 0x6af] 0x12ef9: int 0x21 0x12efb: xor ax, ax 0x12efd: mov es, ax 0x12eff: mov dx, 0xaaaa 0x12f02: mov word ptr es:[0x416], dx 0x12f07: ror dx, 1 0x12f09: mov cx, 0x101 0x12f0c: mov ah, 5 0x12f0e: int 0x16 0x12f10: mov ah, 0x10 0x12f12: int 0x16 0x12f14: int 5 0x12f16: mov ax, 0xa07 0x12f19: xor bh, bh 0x12f1b: mov cx, 1 0x12f1e: int 0x10
2018-12-25T12:37:37.363229096Z	250	PC: 12f2d \| UNKNOWN!
2018-12-25T12:37:37.364270319Z	74	PC: 12fa0 \| Reallocate memory
2018-12-25T12:37:37.366340424Z	75	PC: 12faf \| Execute program
2018-12-25T12:37:37.370729096Z	76	PC: 12fb3 \| Terminate with return code (Return code = '5')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13141,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:37.38133729Z	42	PC: 135ad \| Get date 0x135ad: cmp dl, 2 0x135b0: jne 0x135e8 0x135b2: mov ah, 9 0x135b4: lea dx, word ptr [bp + 0x6af] 0x135b8: int 0x21 0x135ba: xor ax, ax 0x135bc: mov es, ax 0x135be: mov dx, 0xaaaa 0x135c1: mov word ptr es:[0x416], dx 0x135c6: ror dx, 1 0x135c8: mov cx, 0x101 0x135cb: mov ah, 5 0x135cd: int 0x16 0x135cf: mov ah, 0x10 0x135d1: int 0x16 0x135d3: int 5 0x135d5: mov ax, 0xa07 0x135d8: xor bh, bh 0x135da: mov cx, 1 0x135dd: int 0x10
2018-12-25T12:37:37.384605152Z	9	PC: 135ba \| Display string (String= ' ASeXual Virus V0.99 - Your computer has been artificially Phucked!')