Sample viewer

vx.netlux.org/Virus.DOS.KOV.Eddy.1478

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:03:31.959369474Z	42	PC: 1a13b \| Get date 0x1a13b: cmp cx, 0x7cb 0x1a13f: jne 0x1a14b 0x1a141: cmp dh, 3 0x1a144: ja 0x1a14b 0x1a146: cmp dl, 3 0x1a149: jb 0x1a194 0x1a14b: mov al, 0xff 0x1a14d: mov ah, 0xf 0x1a14f: xchg al, ah 0x1a151: nop 0x1a152: int 0x21 0x1a154: cmp ax, 0x101 0x1a157: jne 0x1a15d 0x1a159: call 0x1a198 0x1a15c: nop 0x1a15d: mov ax, 0x3521 0x1a160: nop 0x1a161: int 0x21 0x1a163: cmp word ptr es:[0xa], 0x4254 0x1a16a: jne 0x1a178
2018-12-17T23:03:31.971792372Z	255	PC: 1a154 \| UNKNOWN!
2018-12-17T23:03:31.97276723Z	53	PC: 1a163 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:31.974161756Z	240	PC: 1a192 \| UNKNOWN!
2018-12-17T23:03:31.976776187Z	44	PC: 1a090 \| Get time 0x1a090: cmp cl, 6 0x1a093: jne 0x1a0ca 0x1a095: mov ax, 0xb800 0x1a098: mov es, ax 0x1a09a: mov cx, 0x30 0x1a09d: push cx 0x1a09e: mov cx, 0x7c0 0x1a0a1: xor si, si 0x1a0a3: mov ah, byte ptr es:[si] 0x1a0a6: cmp ah, 0x77 0x1a0a9: jb 0x1a0b8 0x1a0ab: dec ah 0x1a0ad: mov byte ptr es:[si], ah 0x1a0b0: mov byte ptr es:[si + 1], 0x79 0x1a0b5: jmp 0x1a0c2 0x1a0b7: nop 0x1a0b8: inc ah 0x1a0ba: mov byte ptr es:[si], ah 0x1a0bd: mov byte ptr es:[si + 1], 0x8f 0x1a0c2: inc si
2018-12-17T23:03:31.981158565Z	9	PC: 12a5c \| Display string (Could not find end pointer)
2018-12-17T23:03:31.987859922Z	76	PC: 12a61 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14578,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:01.330440963Z	42	PC: 1a13b \| Get date 0x1a13b: cmp cx, 0x7cb 0x1a13f: jne 0x1a14b 0x1a141: cmp dh, 3 0x1a144: ja 0x1a14b 0x1a146: cmp dl, 3 0x1a149: jb 0x1a194 0x1a14b: mov al, 0xff 0x1a14d: mov ah, 0xf 0x1a14f: xchg al, ah 0x1a151: nop 0x1a152: int 0x21 0x1a154: cmp ax, 0x101 0x1a157: jne 0x1a15d 0x1a159: call 0x1a198 0x1a15c: nop 0x1a15d: mov ax, 0x3521 0x1a160: nop 0x1a161: int 0x21 0x1a163: cmp word ptr es:[0xa], 0x4254 0x1a16a: jne 0x1a178
2018-12-25T12:41:01.333448345Z	255	PC: 1a154 \| UNKNOWN!
2018-12-25T12:41:01.334576692Z	53	PC: 1a163 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:01.336150852Z	240	PC: 1a192 \| UNKNOWN!
2018-12-25T12:41:01.337609123Z	44	PC: 1a090 \| Get time 0x1a090: cmp cl, 6 0x1a093: jne 0x1a0ca 0x1a095: mov ax, 0xb800 0x1a098: mov es, ax 0x1a09a: mov cx, 0x30 0x1a09d: push cx 0x1a09e: mov cx, 0x7c0 0x1a0a1: xor si, si 0x1a0a3: mov ah, byte ptr es:[si] 0x1a0a6: cmp ah, 0x77 0x1a0a9: jb 0x1a0b8 0x1a0ab: dec ah 0x1a0ad: mov byte ptr es:[si], ah 0x1a0b0: mov byte ptr es:[si + 1], 0x79 0x1a0b5: jmp 0x1a0c2 0x1a0b7: nop 0x1a0b8: inc ah 0x1a0ba: mov byte ptr es:[si], ah 0x1a0bd: mov byte ptr es:[si + 1], 0x8f 0x1a0c2: inc si
2018-12-25T12:41:01.341000509Z	9	PC: 12a5c \| Display string (Could not find end pointer)
2018-12-25T12:41:01.344819281Z	76	PC: 12a61 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14578,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:01.622249841Z	42	PC: 1a13b \| Get date 0x1a13b: cmp cx, 0x7cb 0x1a13f: jne 0x1a14b 0x1a141: cmp dh, 3 0x1a144: ja 0x1a14b 0x1a146: cmp dl, 3 0x1a149: jb 0x1a194 0x1a14b: mov al, 0xff 0x1a14d: mov ah, 0xf 0x1a14f: xchg al, ah 0x1a151: nop 0x1a152: int 0x21 0x1a154: cmp ax, 0x101 0x1a157: jne 0x1a15d 0x1a159: call 0x1a198 0x1a15c: nop 0x1a15d: mov ax, 0x3521 0x1a160: nop 0x1a161: int 0x21 0x1a163: cmp word ptr es:[0xa], 0x4254 0x1a16a: jne 0x1a178
2018-12-25T12:41:01.625115735Z	255	PC: 1a154 \| UNKNOWN!
2018-12-25T12:41:01.629711169Z	53	PC: 1a163 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:01.630975011Z	240	PC: 1a192 \| UNKNOWN!
2018-12-25T12:41:01.633864855Z	44	PC: 1a090 \| Get time 0x1a090: cmp cl, 6 0x1a093: jne 0x1a0ca 0x1a095: mov ax, 0xb800 0x1a098: mov es, ax 0x1a09a: mov cx, 0x30 0x1a09d: push cx 0x1a09e: mov cx, 0x7c0 0x1a0a1: xor si, si 0x1a0a3: mov ah, byte ptr es:[si] 0x1a0a6: cmp ah, 0x77 0x1a0a9: jb 0x1a0b8 0x1a0ab: dec ah 0x1a0ad: mov byte ptr es:[si], ah 0x1a0b0: mov byte ptr es:[si + 1], 0x79 0x1a0b5: jmp 0x1a0c2 0x1a0b7: nop 0x1a0b8: inc ah 0x1a0ba: mov byte ptr es:[si], ah 0x1a0bd: mov byte ptr es:[si + 1], 0x8f 0x1a0c2: inc si
2018-12-25T12:41:01.636469644Z	9	PC: 12a5c \| Display string (Could not find end pointer)
2018-12-25T12:41:01.643609538Z	76	PC: 12a61 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":6,"Second":0,"TimeBased":true,"OriginalID":14578,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:02.733671119Z	42	PC: 1a13b \| Get date 0x1a13b: cmp cx, 0x7cb 0x1a13f: jne 0x1a14b 0x1a141: cmp dh, 3 0x1a144: ja 0x1a14b 0x1a146: cmp dl, 3 0x1a149: jb 0x1a194 0x1a14b: mov al, 0xff 0x1a14d: mov ah, 0xf 0x1a14f: xchg al, ah 0x1a151: nop 0x1a152: int 0x21 0x1a154: cmp ax, 0x101 0x1a157: jne 0x1a15d 0x1a159: call 0x1a198 0x1a15c: nop 0x1a15d: mov ax, 0x3521 0x1a160: nop 0x1a161: int 0x21 0x1a163: cmp word ptr es:[0xa], 0x4254 0x1a16a: jne 0x1a178
2018-12-25T12:41:02.737108383Z	255	PC: 1a154 \| UNKNOWN!
2018-12-25T12:41:02.738216779Z	53	PC: 1a163 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:02.74708304Z	240	PC: 1a192 \| UNKNOWN!
2018-12-25T12:41:02.749113322Z	44	PC: 1a090 \| Get time 0x1a090: cmp cl, 6 0x1a093: jne 0x1a0ca 0x1a095: mov ax, 0xb800 0x1a098: mov es, ax 0x1a09a: mov cx, 0x30 0x1a09d: push cx 0x1a09e: mov cx, 0x7c0 0x1a0a1: xor si, si 0x1a0a3: mov ah, byte ptr es:[si] 0x1a0a6: cmp ah, 0x77 0x1a0a9: jb 0x1a0b8 0x1a0ab: dec ah 0x1a0ad: mov byte ptr es:[si], ah 0x1a0b0: mov byte ptr es:[si + 1], 0x79 0x1a0b5: jmp 0x1a0c2 0x1a0b7: nop 0x1a0b8: inc ah 0x1a0ba: mov byte ptr es:[si], ah 0x1a0bd: mov byte ptr es:[si + 1], 0x8f 0x1a0c2: inc si
2018-12-25T12:41:02.806756909Z	9	PC: 12a5c \| Display string (Could not find end pointer)
2018-12-25T12:41:02.814155628Z	76	PC: 12a61 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":6,"Second":0,"TimeBased":true,"OriginalID":14578,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T13:09:46.064558311Z	42	PC: 1a13b \| Get date 0x1a13b: cmp cx, 0x7cb 0x1a13f: jne 0x1a14b 0x1a141: cmp dh, 3 0x1a144: ja 0x1a14b 0x1a146: cmp dl, 3 0x1a149: jb 0x1a194 0x1a14b: mov al, 0xff 0x1a14d: mov ah, 0xf 0x1a14f: xchg al, ah 0x1a151: nop 0x1a152: int 0x21 0x1a154: cmp ax, 0x101 0x1a157: jne 0x1a15d 0x1a159: call 0x1a198 0x1a15c: nop 0x1a15d: mov ax, 0x3521 0x1a160: nop 0x1a161: int 0x21 0x1a163: cmp word ptr es:[0xa], 0x4254 0x1a16a: jne 0x1a178
2018-12-25T13:09:46.070614367Z	255	PC: 1a154 \| UNKNOWN!
2018-12-25T13:09:46.071353158Z	53	PC: 1a163 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T13:09:46.072335526Z	240	PC: 1a192 \| UNKNOWN!
2018-12-25T13:09:46.073717478Z	44	PC: 1a090 \| Get time 0x1a090: cmp cl, 6 0x1a093: jne 0x1a0ca 0x1a095: mov ax, 0xb800 0x1a098: mov es, ax 0x1a09a: mov cx, 0x30 0x1a09d: push cx 0x1a09e: mov cx, 0x7c0 0x1a0a1: xor si, si 0x1a0a3: mov ah, byte ptr es:[si] 0x1a0a6: cmp ah, 0x77 0x1a0a9: jb 0x1a0b8 0x1a0ab: dec ah 0x1a0ad: mov byte ptr es:[si], ah 0x1a0b0: mov byte ptr es:[si + 1], 0x79 0x1a0b5: jmp 0x1a0c2 0x1a0b7: nop 0x1a0b8: inc ah 0x1a0ba: mov byte ptr es:[si], ah 0x1a0bd: mov byte ptr es:[si + 1], 0x8f 0x1a0c2: inc si
2018-12-25T13:09:46.128579603Z	9	PC: 12a5c \| Display string (Could not find end pointer)
2018-12-25T13:09:46.135556525Z	76	PC: 12a61 \| Terminate with return code (Return code = '0')