Sample viewer

vx.netlux.org/Virus.DOS.KOV.Eddy.1482

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:02:38.138883234Z	42	PC: 12f5f \| Get date 0x12f5f: cmp cx, 0x7cb 0x12f63: jne 0x12f75 0x12f65: cmp dh, 4 0x12f68: jne 0x12f75 0x12f6a: cmp dl, 0xf 0x12f6d: jb 0x12f75 0x12f6f: mov byte ptr cs:[si + 0x2d7], 1 0x12f75: mov al, 0xff 0x12f77: mov ah, 0xf 0x12f79: xchg al, ah 0x12f7b: nop 0x12f7c: int 0x21 0x12f7e: cmp ax, 0x101 0x12f81: jne 0x12f86 0x12f83: call 0x12fbd 0x12f86: mov ax, 0x3521 0x12f89: nop 0x12f8a: int 0x21 0x12f8c: cmp word ptr es:[0xa], 0x4254 0x12f93: jne 0x12fa1
2018-12-17T23:02:38.141688894Z	255	PC: 12f7e \| UNKNOWN!
2018-12-17T23:02:38.142565588Z	53	PC: 12f8c \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:02:38.143689343Z	240	PC: 12fbb \| UNKNOWN!
2018-12-17T23:02:38.145116748Z	44	PC: 12f12 \| Get time 0x12f12: cmp cl, 5 0x12f15: jne 0x12f4c 0x12f17: mov ax, 0xb800 0x12f1a: mov es, ax 0x12f1c: mov cx, 0x30 0x12f1f: push cx 0x12f20: mov cx, 0x7c0 0x12f23: xor si, si 0x12f25: mov ah, byte ptr es:[si] 0x12f28: cmp ah, 0x77 0x12f2b: jb 0x12f3a 0x12f2d: dec ah 0x12f2f: mov byte ptr es:[si], ah 0x12f32: mov byte ptr es:[si + 1], 0x79 0x12f37: jmp 0x12f44 0x12f39: nop 0x12f3a: inc ah 0x12f3c: mov byte ptr es:[si], ah 0x12f3f: mov byte ptr es:[si + 1], 0x8f 0x12f44: inc si
2018-12-17T23:02:38.148069858Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14279,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:19.93927455Z	42	PC: 12f5f \| Get date 0x12f5f: cmp cx, 0x7cb 0x12f63: jne 0x12f75 0x12f65: cmp dh, 4 0x12f68: jne 0x12f75 0x12f6a: cmp dl, 0xf 0x12f6d: jb 0x12f75 0x12f6f: mov byte ptr cs:[si + 0x2d7], 1 0x12f75: mov al, 0xff 0x12f77: mov ah, 0xf 0x12f79: xchg al, ah 0x12f7b: nop 0x12f7c: int 0x21 0x12f7e: cmp ax, 0x101 0x12f81: jne 0x12f86 0x12f83: call 0x12fbd 0x12f86: mov ax, 0x3521 0x12f89: nop 0x12f8a: int 0x21 0x12f8c: cmp word ptr es:[0xa], 0x4254 0x12f93: jne 0x12fa1
2018-12-25T12:40:19.94636774Z	255	PC: 12f7e \| UNKNOWN!
2018-12-25T12:40:19.947787575Z	53	PC: 12f8c \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:19.949529772Z	240	PC: 12fbb \| UNKNOWN!
2018-12-25T12:40:19.954797947Z	44	PC: 12f12 \| Get time 0x12f12: cmp cl, 5 0x12f15: jne 0x12f4c 0x12f17: mov ax, 0xb800 0x12f1a: mov es, ax 0x12f1c: mov cx, 0x30 0x12f1f: push cx 0x12f20: mov cx, 0x7c0 0x12f23: xor si, si 0x12f25: mov ah, byte ptr es:[si] 0x12f28: cmp ah, 0x77 0x12f2b: jb 0x12f3a 0x12f2d: dec ah 0x12f2f: mov byte ptr es:[si], ah 0x12f32: mov byte ptr es:[si + 1], 0x79 0x12f37: jmp 0x12f44 0x12f39: nop 0x12f3a: inc ah 0x12f3c: mov byte ptr es:[si], ah 0x12f3f: mov byte ptr es:[si + 1], 0x8f 0x12f44: inc si
2018-12-25T12:40:19.961174681Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14279,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:20.023267735Z	42	PC: 12f5f \| Get date 0x12f5f: cmp cx, 0x7cb 0x12f63: jne 0x12f75 0x12f65: cmp dh, 4 0x12f68: jne 0x12f75 0x12f6a: cmp dl, 0xf 0x12f6d: jb 0x12f75 0x12f6f: mov byte ptr cs:[si + 0x2d7], 1 0x12f75: mov al, 0xff 0x12f77: mov ah, 0xf 0x12f79: xchg al, ah 0x12f7b: nop 0x12f7c: int 0x21 0x12f7e: cmp ax, 0x101 0x12f81: jne 0x12f86 0x12f83: call 0x12fbd 0x12f86: mov ax, 0x3521 0x12f89: nop 0x12f8a: int 0x21 0x12f8c: cmp word ptr es:[0xa], 0x4254 0x12f93: jne 0x12fa1
2018-12-25T12:40:20.026260845Z	255	PC: 12f7e \| UNKNOWN!
2018-12-25T12:40:20.027193655Z	53	PC: 12f8c \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:20.029133136Z	240	PC: 12fbb \| UNKNOWN!
2018-12-25T12:40:20.031067462Z	44	PC: 12f12 \| Get time 0x12f12: cmp cl, 5 0x12f15: jne 0x12f4c 0x12f17: mov ax, 0xb800 0x12f1a: mov es, ax 0x12f1c: mov cx, 0x30 0x12f1f: push cx 0x12f20: mov cx, 0x7c0 0x12f23: xor si, si 0x12f25: mov ah, byte ptr es:[si] 0x12f28: cmp ah, 0x77 0x12f2b: jb 0x12f3a 0x12f2d: dec ah 0x12f2f: mov byte ptr es:[si], ah 0x12f32: mov byte ptr es:[si + 1], 0x79 0x12f37: jmp 0x12f44 0x12f39: nop 0x12f3a: inc ah 0x12f3c: mov byte ptr es:[si], ah 0x12f3f: mov byte ptr es:[si + 1], 0x8f 0x12f44: inc si
2018-12-25T12:40:20.034498547Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":5,"Second":0,"TimeBased":true,"OriginalID":14279,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:20.050583462Z	42	PC: 12f5f \| Get date 0x12f5f: cmp cx, 0x7cb 0x12f63: jne 0x12f75 0x12f65: cmp dh, 4 0x12f68: jne 0x12f75 0x12f6a: cmp dl, 0xf 0x12f6d: jb 0x12f75 0x12f6f: mov byte ptr cs:[si + 0x2d7], 1 0x12f75: mov al, 0xff 0x12f77: mov ah, 0xf 0x12f79: xchg al, ah 0x12f7b: nop 0x12f7c: int 0x21 0x12f7e: cmp ax, 0x101 0x12f81: jne 0x12f86 0x12f83: call 0x12fbd 0x12f86: mov ax, 0x3521 0x12f89: nop 0x12f8a: int 0x21 0x12f8c: cmp word ptr es:[0xa], 0x4254 0x12f93: jne 0x12fa1
2018-12-25T12:40:20.053623331Z	255	PC: 12f7e \| UNKNOWN!
2018-12-25T12:40:20.054663858Z	53	PC: 12f8c \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:20.056097457Z	240	PC: 12fbb \| UNKNOWN!
2018-12-25T12:40:20.05805289Z	44	PC: 12f12 \| Get time 0x12f12: cmp cl, 5 0x12f15: jne 0x12f4c 0x12f17: mov ax, 0xb800 0x12f1a: mov es, ax 0x12f1c: mov cx, 0x30 0x12f1f: push cx 0x12f20: mov cx, 0x7c0 0x12f23: xor si, si 0x12f25: mov ah, byte ptr es:[si] 0x12f28: cmp ah, 0x77 0x12f2b: jb 0x12f3a 0x12f2d: dec ah 0x12f2f: mov byte ptr es:[si], ah 0x12f32: mov byte ptr es:[si + 1], 0x79 0x12f37: jmp 0x12f44 0x12f39: nop 0x12f3a: inc ah 0x12f3c: mov byte ptr es:[si], ah 0x12f3f: mov byte ptr es:[si + 1], 0x8f 0x12f44: inc si
2018-12-25T12:40:20.131727892Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":5,"Second":0,"TimeBased":true,"OriginalID":14279,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:20.04528161Z	42	PC: 12f5f \| Get date 0x12f5f: cmp cx, 0x7cb 0x12f63: jne 0x12f75 0x12f65: cmp dh, 4 0x12f68: jne 0x12f75 0x12f6a: cmp dl, 0xf 0x12f6d: jb 0x12f75 0x12f6f: mov byte ptr cs:[si + 0x2d7], 1 0x12f75: mov al, 0xff 0x12f77: mov ah, 0xf 0x12f79: xchg al, ah 0x12f7b: nop 0x12f7c: int 0x21 0x12f7e: cmp ax, 0x101 0x12f81: jne 0x12f86 0x12f83: call 0x12fbd 0x12f86: mov ax, 0x3521 0x12f89: nop 0x12f8a: int 0x21 0x12f8c: cmp word ptr es:[0xa], 0x4254 0x12f93: jne 0x12fa1
2018-12-25T12:40:20.048629601Z	255	PC: 12f7e \| UNKNOWN!
2018-12-25T12:40:20.0500378Z	53	PC: 12f8c \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:20.051539293Z	240	PC: 12fbb \| UNKNOWN!
2018-12-25T12:40:20.05310895Z	44	PC: 12f12 \| Get time 0x12f12: cmp cl, 5 0x12f15: jne 0x12f4c 0x12f17: mov ax, 0xb800 0x12f1a: mov es, ax 0x12f1c: mov cx, 0x30 0x12f1f: push cx 0x12f20: mov cx, 0x7c0 0x12f23: xor si, si 0x12f25: mov ah, byte ptr es:[si] 0x12f28: cmp ah, 0x77 0x12f2b: jb 0x12f3a 0x12f2d: dec ah 0x12f2f: mov byte ptr es:[si], ah 0x12f32: mov byte ptr es:[si + 1], 0x79 0x12f37: jmp 0x12f44 0x12f39: nop 0x12f3a: inc ah 0x12f3c: mov byte ptr es:[si], ah 0x12f3f: mov byte ptr es:[si + 1], 0x8f 0x12f44: inc si
2018-12-25T12:40:20.120446298Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')