Sample viewer

vx.netlux.org/Virus.DOS.Virogen.Offspring.1285

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:02:23.323502105Z 42 PC: 12bf7 | Get date 0x12bf7: cmp dl, 0xe
0x12bfa: jne 0x12c04
0x12bfc: mov ah, 9
0x12bfe: lea dx, word ptr [si + 0x135]
0x12c02: int 0x21
0x12c04: call 0x12c3d
0x12c07: cmp byte ptr [si + 0x11d], 1
0x12c0c: je 0x12c2b
0x12c0e: mov bx, 0x637
0x12c11: mov cl, 4
0x12c13: shr bx, cl
0x12c15: inc bx
0x12c16: mov ah, 0x4a
0x12c18: int 0x21
0x12c1a: lea dx, word ptr [si + 0x1b4]
0x12c1e: lea bx, word ptr [si + 0x20c]
0x12c22: mov ax, 0x4b00
0x12c25: int 0x21
0x12c27: mov ah, 0x4c
0x12c29: int 0x21
2018-12-17T22:02:23.326243799Z 125 PC: 12c41 | UNKNOWN!
2018-12-17T22:02:23.327909128Z 252 PC: 12c1a | UNKNOWN!
2018-12-17T22:02:23.328925841Z 252 PC: 12c27 | UNKNOWN!
2018-12-17T22:02:23.331042409Z 252 PC: 12c2b | UNKNOWN!

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1383,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:30.626365489Z 42 PC: 12bf7 | Get date 0x12bf7: cmp dl, 0xe
0x12bfa: jne 0x12c04
0x12bfc: mov ah, 9
0x12bfe: lea dx, word ptr [si + 0x135]
0x12c02: int 0x21
0x12c04: call 0x12c3d
0x12c07: cmp byte ptr [si + 0x11d], 1
0x12c0c: je 0x12c2b
0x12c0e: mov bx, 0x637
0x12c11: mov cl, 4
0x12c13: shr bx, cl
0x12c15: inc bx
0x12c16: mov ah, 0x4a
0x12c18: int 0x21
0x12c1a: lea dx, word ptr [si + 0x1b4]
0x12c1e: lea bx, word ptr [si + 0x20c]
0x12c22: mov ax, 0x4b00
0x12c25: int 0x21
0x12c27: mov ah, 0x4c
0x12c29: int 0x21
2018-12-25T11:43:30.628680394Z 125 PC: 12c41 | UNKNOWN!
2018-12-25T11:43:30.629831551Z 252 PC: 12c1a | UNKNOWN!
2018-12-25T11:43:30.63072726Z 252 PC: 12c27 | UNKNOWN!
2018-12-25T11:43:30.632426168Z 252 PC: 12c2b | UNKNOWN!

{"DateBased":true,"Day":14,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1383,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:30.629288519Z 42 PC: 12bf7 | Get date 0x12bf7: cmp dl, 0xe
0x12bfa: jne 0x12c04
0x12bfc: mov ah, 9
0x12bfe: lea dx, word ptr [si + 0x135]
0x12c02: int 0x21
0x12c04: call 0x12c3d
0x12c07: cmp byte ptr [si + 0x11d], 1
0x12c0c: je 0x12c2b
0x12c0e: mov bx, 0x637
0x12c11: mov cl, 4
0x12c13: shr bx, cl
0x12c15: inc bx
0x12c16: mov ah, 0x4a
0x12c18: int 0x21
0x12c1a: lea dx, word ptr [si + 0x1b4]
0x12c1e: lea bx, word ptr [si + 0x20c]
0x12c22: mov ax, 0x4b00
0x12c25: int 0x21
0x12c27: mov ah, 0x4c
0x12c29: int 0x21
2018-12-25T11:43:30.631525352Z 9 PC: 12c04 | Display string (String= ' (c)1993 negoriV * Thank you for providing me and my offspring with a safe place * Offspring I v0.07. * ')
2018-12-25T11:43:30.638800309Z 125 PC: 12c41 | UNKNOWN!
2018-12-25T11:43:30.639900067Z 252 PC: 12c1a | UNKNOWN!
2018-12-25T11:43:30.641165217Z 252 PC: 12c27 | UNKNOWN!
2018-12-25T11:43:30.64184916Z 252 PC: 12c2b | UNKNOWN!