Sample viewer

vx.netlux.org/Virus.DOS.FlashLight.960

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:02:32.061477564Z	221	PC: 12d31 \| UNKNOWN!
2018-12-17T23:02:32.063542139Z	74	PC: 12d4b \| Reallocate memory
2018-12-17T23:02:32.065591988Z	72	PC: 12d54 \| Allocate memory
2018-12-17T23:02:32.068329505Z	42	PC: 12d9c \| Get date 0x12d9c: cli 0x12d9d: cmp al, 1 0x12d9f: jne 0x12db0 0x12da1: cmp dl, 0x14 0x12da4: jb 0x12db0 0x12da6: mov word ptr [0x20], 0xa 0x12dac: mov word ptr [0x22], es 0x12db0: mov si, es 0x12db2: dec si 0x12db3: mov es, si 0x12db5: mov word ptr es:[1], 0x70 0x12dbc: sti 0x12dbd: cmp word ptr cs:[bp + 0x3b8], 0 0x12dc3: je 0x12df0 0x12dc5: mov ax, es 0x12dc7: add ax, 0x10 0x12dca: add word ptr cs:[bp + 0x3b8], ax 0x12dcf: add word ptr cs:[bp + 0x3bc], ax 0x12dd4: pop ds 0x12dd5: pop es
2018-12-17T23:02:32.072460049Z	76	PC: 12df8 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14249,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:11.98295187Z	221	PC: 12d31 \| UNKNOWN!
2018-12-25T12:40:11.984828028Z	74	PC: 12d4b \| Reallocate memory
2018-12-25T12:40:11.986490623Z	72	PC: 12d54 \| Allocate memory
2018-12-25T12:40:11.988558419Z	42	PC: 12d9c \| Get date 0x12d9c: cli 0x12d9d: cmp al, 1 0x12d9f: jne 0x12db0 0x12da1: cmp dl, 0x14 0x12da4: jb 0x12db0 0x12da6: mov word ptr [0x20], 0xa 0x12dac: mov word ptr [0x22], es 0x12db0: mov si, es 0x12db2: dec si 0x12db3: mov es, si 0x12db5: mov word ptr es:[1], 0x70 0x12dbc: sti 0x12dbd: cmp word ptr cs:[bp + 0x3b8], 0 0x12dc3: je 0x12df0 0x12dc5: mov ax, es 0x12dc7: add ax, 0x10 0x12dca: add word ptr cs:[bp + 0x3b8], ax 0x12dcf: add word ptr cs:[bp + 0x3bc], ax 0x12dd4: pop ds 0x12dd5: pop es
2018-12-25T12:40:11.991943672Z	76	PC: 12df8 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14249,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:12.295920921Z	221	PC: 12d31 \| UNKNOWN!
2018-12-25T12:40:12.297484885Z	74	PC: 12d4b \| Reallocate memory
2018-12-25T12:40:12.298990834Z	72	PC: 12d54 \| Allocate memory
2018-12-25T12:40:12.301107686Z	42	PC: 12d9c \| Get date 0x12d9c: cli 0x12d9d: cmp al, 1 0x12d9f: jne 0x12db0 0x12da1: cmp dl, 0x14 0x12da4: jb 0x12db0 0x12da6: mov word ptr [0x20], 0xa 0x12dac: mov word ptr [0x22], es 0x12db0: mov si, es 0x12db2: dec si 0x12db3: mov es, si 0x12db5: mov word ptr es:[1], 0x70 0x12dbc: sti 0x12dbd: cmp word ptr cs:[bp + 0x3b8], 0 0x12dc3: je 0x12df0 0x12dc5: mov ax, es 0x12dc7: add ax, 0x10 0x12dca: add word ptr cs:[bp + 0x3b8], ax 0x12dcf: add word ptr cs:[bp + 0x3bc], ax 0x12dd4: pop ds 0x12dd5: pop es
2018-12-25T12:40:12.303424398Z	76	PC: 12df8 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":21,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14249,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:12.584264679Z	221	PC: 12d31 \| UNKNOWN!
2018-12-25T12:40:12.585907759Z	74	PC: 12d4b \| Reallocate memory
2018-12-25T12:40:12.587608657Z	72	PC: 12d54 \| Allocate memory
2018-12-25T12:40:12.589566554Z	42	PC: 12d9c \| Get date 0x12d9c: cli 0x12d9d: cmp al, 1 0x12d9f: jne 0x12db0 0x12da1: cmp dl, 0x14 0x12da4: jb 0x12db0 0x12da6: mov word ptr [0x20], 0xa 0x12dac: mov word ptr [0x22], es 0x12db0: mov si, es 0x12db2: dec si 0x12db3: mov es, si 0x12db5: mov word ptr es:[1], 0x70 0x12dbc: sti 0x12dbd: cmp word ptr cs:[bp + 0x3b8], 0 0x12dc3: je 0x12df0 0x12dc5: mov ax, es 0x12dc7: add ax, 0x10 0x12dca: add word ptr cs:[bp + 0x3b8], ax 0x12dcf: add word ptr cs:[bp + 0x3bc], ax 0x12dd4: pop ds 0x12dd5: pop es
2018-12-25T12:40:12.593179922Z	76	PC: 12df8 \| Terminate with return code (Return code = '0')