Sample viewer

vx.netlux.org/Virus.DOS.Cryptor.3278

Time	Syscall Op	Syscall Name
2018-12-17T23:00:17.819306025Z	235	PC: 12a50 \| UNKNOWN!
2018-12-17T23:00:17.821676978Z	53	PC: 12aab \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:00:17.825655144Z	37	PC: 12abc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:00:17.827172456Z	42	PC: 135f2 \| Get date 0x135f2: cmp dl, 2 0x135f5: jne 0x13607 0x135f7: mov ah, 0x2c 0x135f9: int 0x21 0x135fb: cmp ch, cl 0x135fd: jne 0x13607 0x135ff: mov ah, 9 0x13601: lea dx, word ptr [bp + 0xd80] 0x13605: int 0x21 0x13607: ret 0x13608: cld 0x13609: mov si, dx 0x1360b: mov di, dx 0x1360d: lodsb al, byte ptr [si] 0x1360e: cmp al, 0x5c 0x13610: jne 0x13614 0x13612: mov di, si 0x13614: cmp al, 0x3a 0x13616: jne 0x1361a 0x13618: mov di, si

Time	Syscall Op	Syscall Name
2018-12-25T12:38:18.009064956Z	235	PC: 12a50 \| UNKNOWN!
2018-12-25T12:38:18.011001632Z	53	PC: 12aab \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:18.012232352Z	37	PC: 12abc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:18.013506208Z	42	PC: 135f2 \| Get date 0x135f2: cmp dl, 2 0x135f5: jne 0x13607 0x135f7: mov ah, 0x2c 0x135f9: int 0x21 0x135fb: cmp ch, cl 0x135fd: jne 0x13607 0x135ff: mov ah, 9 0x13601: lea dx, word ptr [bp + 0xd80] 0x13605: int 0x21 0x13607: ret 0x13608: cld 0x13609: mov si, dx 0x1360b: mov di, dx 0x1360d: lodsb al, byte ptr [si] 0x1360e: cmp al, 0x5c 0x13610: jne 0x13614 0x13612: mov di, si 0x13614: cmp al, 0x3a 0x13616: jne 0x1361a 0x13618: mov di, si

Time	Syscall Op	Syscall Name
2018-12-25T12:38:18.478311744Z	235	PC: 12a50 \| UNKNOWN!
2018-12-25T12:38:18.479835122Z	53	PC: 12aab \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:18.481184092Z	37	PC: 12abc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:18.482475021Z	42	PC: 135f2 \| Get date 0x135f2: cmp dl, 2 0x135f5: jne 0x13607 0x135f7: mov ah, 0x2c 0x135f9: int 0x21 0x135fb: cmp ch, cl 0x135fd: jne 0x13607 0x135ff: mov ah, 9 0x13601: lea dx, word ptr [bp + 0xd80] 0x13605: int 0x21 0x13607: ret 0x13608: cld 0x13609: mov si, dx 0x1360b: mov di, dx 0x1360d: lodsb al, byte ptr [si] 0x1360e: cmp al, 0x5c 0x13610: jne 0x13614 0x13612: mov di, si 0x13614: cmp al, 0x3a 0x13616: jne 0x1361a 0x13618: mov di, si
2018-12-25T12:38:18.485795546Z	44	PC: 135fb \| Get time 0x135fb: cmp ch, cl 0x135fd: jne 0x13607 0x135ff: mov ah, 9 0x13601: lea dx, word ptr [bp + 0xd80] 0x13605: int 0x21 0x13607: ret 0x13608: cld 0x13609: mov si, dx 0x1360b: mov di, dx 0x1360d: lodsb al, byte ptr [si] 0x1360e: cmp al, 0x5c 0x13610: jne 0x13614 0x13612: mov di, si 0x13614: cmp al, 0x3a 0x13616: jne 0x1361a 0x13618: mov di, si 0x1361a: or al, al 0x1361c: jne 0x1360d 0x1361e: ret 0x1361f: push sp