Sample viewer

vx.netlux.org/Virus.DOS.Puppets.960

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:01:57.712065628Z	42	PC: 9f5ad \| Get date 0x9f5ad: cmp cx, 0x7c8 0x9f5b1: ja 0x9f5c3 0x9f5b3: cmp dh, 0xa 0x9f5b6: jae 0x9f5c3 0x9f5b8: mov byte ptr cs:[0x3f1], 0 0x9f5be: nop 0x9f5bf: jmp 0x9f5ca 0x9f5c1: nop 0x9f5c2: mov ax, 0xc62e 0x9f5c5: push es 0x9f5c6: int1 0x9f5c7: add ax, word ptr [bx + di] 0x9f5c9: nop 0x9f5ca: pop dx 0x9f5cb: pop cx 0x9f5cc: pop ax 0x9f5cd: pop si 0x9f5ce: jmp 0x9f507 0x9f5d1: mov ax, 0xe450 0x9f5d4: pushaw

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14050,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:44.760822801Z	42	PC: 9f5ad \| Get date 0x9f5ad: cmp cx, 0x7c8 0x9f5b1: ja 0x9f5c3 0x9f5b3: cmp dh, 0xa 0x9f5b6: jae 0x9f5c3 0x9f5b8: mov byte ptr cs:[0x3f1], 0 0x9f5be: nop 0x9f5bf: jmp 0x9f5ca 0x9f5c1: nop 0x9f5c2: mov ax, 0xc62e 0x9f5c5: push es 0x9f5c6: int1 0x9f5c7: add ax, word ptr [bx + di] 0x9f5c9: nop 0x9f5ca: pop dx 0x9f5cb: pop cx 0x9f5cc: pop ax 0x9f5cd: pop si 0x9f5ce: jmp 0x9f507 0x9f5d1: mov ax, 0xe450 0x9f5d4: pushaw

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14050,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:44.847048918Z	42	PC: 9f5ad \| Get date 0x9f5ad: cmp cx, 0x7c8 0x9f5b1: ja 0x9f5c3 0x9f5b3: cmp dh, 0xa 0x9f5b6: jae 0x9f5c3 0x9f5b8: mov byte ptr cs:[0x3f1], 0 0x9f5be: nop 0x9f5bf: jmp 0x9f5ca 0x9f5c1: nop 0x9f5c2: mov ax, 0xc62e 0x9f5c5: push es 0x9f5c6: int1 0x9f5c7: add ax, word ptr [bx + di] 0x9f5c9: nop 0x9f5ca: pop dx 0x9f5cb: pop cx 0x9f5cc: pop ax 0x9f5cd: pop si 0x9f5ce: jmp 0x9f507 0x9f5d1: mov ax, 0xe450 0x9f5d4: pushaw

{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14050,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:44.860582552Z	42	PC: 9f5ad \| Get date 0x9f5ad: cmp cx, 0x7c8 0x9f5b1: ja 0x9f5c3 0x9f5b3: cmp dh, 0xa 0x9f5b6: jae 0x9f5c3 0x9f5b8: mov byte ptr cs:[0x3f1], 0 0x9f5be: nop 0x9f5bf: jmp 0x9f5ca 0x9f5c1: nop 0x9f5c2: mov ax, 0xc62e 0x9f5c5: push es 0x9f5c6: int1 0x9f5c7: add ax, word ptr [bx + di] 0x9f5c9: nop 0x9f5ca: pop dx 0x9f5cb: pop cx 0x9f5cc: pop ax 0x9f5cd: pop si 0x9f5ce: jmp 0x9f507 0x9f5d1: mov ax, 0xe450 0x9f5d4: pushaw