Sample viewer

vx.netlux.org/Virus.DOS.LAVI.Cough.1495

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:04:19.693293886Z 9 PC: 12c99 | Display string (String= 'p€õ9CLOCK')
2018-12-17T23:04:19.698434285Z 42 PC: 12ae5 | Get date 0x12ae5: mov di, di
0x12ae7: cmp dh, 0xc
0x12aea: jne 0x12afa
0x12aec: cmp dl, 3
0x12aef: jne 0x12afa
0x12af1: add dx, 0
0x12af4: call 0x12cb5
0x12af7: sub cx, 0
0x12afa: mov dx, dx
0x12afc: sub ch, 0
0x12aff: add cx, 0
0x12b02: push cs
0x12b03: pop es
0x12b04: mov bx, bx
0x12b06: add cx, 0
0x12b09: mov si, 0x13b
0x12b0c: add ah, 0
0x12b0f: mov cx, cx
0x12b11: cmp word ptr [bp + si + 1], 0x414c
0x12b16: jne 0x12b26
2018-12-17T23:04:19.700971865Z 201 PC: 12b1e | UNKNOWN!
2018-12-17T23:04:19.702637669Z 74 PC: 12b85 | Reallocate memory
2018-12-17T23:04:19.706444865Z 53 PC: 12b8a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:19.707679236Z 37 PC: 12bb2 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:19.709569985Z 75 PC: 12c60 | Execute program
2018-12-17T23:04:19.724288065Z 9 PC: 134f9 | Display string (String= 'p€õ9CLOCK')
2018-12-17T23:04:19.726977416Z 42 PC: 13345 | Get date 0x13345: mov di, di
0x13347: cmp dh, 0xc
0x1334a: jne 0x1335a
0x1334c: cmp dl, 3
0x1334f: jne 0x1335a
0x13351: add dx, 0
0x13354: call 0x13515
0x13357: sub cx, 0
0x1335a: mov dx, dx
0x1335c: sub ch, 0
0x1335f: add cx, 0
0x13362: push cs
0x13363: pop es
0x13364: mov bx, bx
0x13366: add cx, 0
0x13369: mov si, 0x13b
0x1336c: add ah, 0
0x1336f: mov cx, cx
0x13371: cmp word ptr [bp + si + 1], 0x414c
0x13376: jne 0x13386
2018-12-17T23:04:19.729200548Z 76 PC: 132a4 | Terminate with return code (Return code = '1')
2018-12-17T23:04:19.733103042Z 73 PC: 12c80 | Release memory
2018-12-17T23:04:19.735644205Z 49 PC: 12c8a | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14830,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:44.483645998Z 9 PC: 12c99 | Display string (String= 'p€õ9CLOCK')
2018-12-25T12:41:44.486628937Z 42 PC: 12ae5 | Get date 0x12ae5: mov di, di
0x12ae7: cmp dh, 0xc
0x12aea: jne 0x12afa
0x12aec: cmp dl, 3
0x12aef: jne 0x12afa
0x12af1: add dx, 0
0x12af4: call 0x12cb5
0x12af7: sub cx, 0
0x12afa: mov dx, dx
0x12afc: sub ch, 0
0x12aff: add cx, 0
0x12b02: push cs
0x12b03: pop es
0x12b04: mov bx, bx
0x12b06: add cx, 0
0x12b09: mov si, 0x13b
0x12b0c: add ah, 0
0x12b0f: mov cx, cx
0x12b11: cmp word ptr [bp + si + 1], 0x414c
0x12b16: jne 0x12b26
2018-12-25T12:41:44.488885786Z 201 PC: 12b1e | UNKNOWN!
2018-12-25T12:41:44.49048699Z 74 PC: 12b85 | Reallocate memory
2018-12-25T12:41:44.49244623Z 53 PC: 12b8a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:44.493813231Z 37 PC: 12bb2 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:44.495067738Z 75 PC: 12c60 | Execute program
2018-12-25T12:41:44.512234067Z 9 PC: 134f9 | Display string (String= 'p€õ9CLOCK')
2018-12-25T12:41:44.51649994Z 42 PC: 13345 | Get date 0x13345: mov di, di
0x13347: cmp dh, 0xc
0x1334a: jne 0x1335a
0x1334c: cmp dl, 3
0x1334f: jne 0x1335a
0x13351: add dx, 0
0x13354: call 0x13515
0x13357: sub cx, 0
0x1335a: mov dx, dx
0x1335c: sub ch, 0
0x1335f: add cx, 0
0x13362: push cs
0x13363: pop es
0x13364: mov bx, bx
0x13366: add cx, 0
0x13369: mov si, 0x13b
0x1336c: add ah, 0
0x1336f: mov cx, cx
0x13371: cmp word ptr [bp + si + 1], 0x414c
0x13376: jne 0x13386
2018-12-25T12:41:44.518853077Z 76 PC: 132a4 | Terminate with return code (Return code = '1')
2018-12-25T12:41:44.522002135Z 73 PC: 12c80 | Release memory
2018-12-25T12:41:44.523526492Z 49 PC: 12c8a | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":3,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14830,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:44.570838099Z 9 PC: 12c99 | Display string (String= 'p€õ9CLOCK')
2018-12-25T12:41:44.573558597Z 42 PC: 12ae5 | Get date 0x12ae5: mov di, di
0x12ae7: cmp dh, 0xc
0x12aea: jne 0x12afa
0x12aec: cmp dl, 3
0x12aef: jne 0x12afa
0x12af1: add dx, 0
0x12af4: call 0x12cb5
0x12af7: sub cx, 0
0x12afa: mov dx, dx
0x12afc: sub ch, 0
0x12aff: add cx, 0
0x12b02: push cs
0x12b03: pop es
0x12b04: mov bx, bx
0x12b06: add cx, 0
0x12b09: mov si, 0x13b
0x12b0c: add ah, 0
0x12b0f: mov cx, cx
0x12b11: cmp word ptr [bp + si + 1], 0x414c
0x12b16: jne 0x12b26

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14830,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:44.764105242Z 9 PC: 12c99 | Display string (String= 'p€õ9CLOCK')
2018-12-25T12:41:44.767266032Z 42 PC: 12ae5 | Get date 0x12ae5: mov di, di
0x12ae7: cmp dh, 0xc
0x12aea: jne 0x12afa
0x12aec: cmp dl, 3
0x12aef: jne 0x12afa
0x12af1: add dx, 0
0x12af4: call 0x12cb5
0x12af7: sub cx, 0
0x12afa: mov dx, dx
0x12afc: sub ch, 0
0x12aff: add cx, 0
0x12b02: push cs
0x12b03: pop es
0x12b04: mov bx, bx
0x12b06: add cx, 0
0x12b09: mov si, 0x13b
0x12b0c: add ah, 0
0x12b0f: mov cx, cx
0x12b11: cmp word ptr [bp + si + 1], 0x414c
0x12b16: jne 0x12b26
2018-12-25T12:41:44.77010534Z 201 PC: 12b1e | UNKNOWN!
2018-12-25T12:41:44.771690722Z 74 PC: 12b85 | Reallocate memory
2018-12-25T12:41:44.773733276Z 53 PC: 12b8a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:44.774983237Z 37 PC: 12bb2 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:44.776338291Z 75 PC: 12c60 | Execute program
2018-12-25T12:41:44.792189149Z 9 PC: 134f9 | Display string (String= 'p€õ9CLOCK')
2018-12-25T12:41:44.796210969Z 42 PC: 13345 | Get date 0x13345: mov di, di
0x13347: cmp dh, 0xc
0x1334a: jne 0x1335a
0x1334c: cmp dl, 3
0x1334f: jne 0x1335a
0x13351: add dx, 0
0x13354: call 0x13515
0x13357: sub cx, 0
0x1335a: mov dx, dx
0x1335c: sub ch, 0
0x1335f: add cx, 0
0x13362: push cs
0x13363: pop es
0x13364: mov bx, bx
0x13366: add cx, 0
0x13369: mov si, 0x13b
0x1336c: add ah, 0
0x1336f: mov cx, cx
0x13371: cmp word ptr [bp + si + 1], 0x414c
0x13376: jne 0x13386
2018-12-25T12:41:44.798511294Z 76 PC: 132a4 | Terminate with return code (Return code = '2')
2018-12-25T12:41:44.801806137Z 73 PC: 12c80 | Release memory
2018-12-25T12:41:44.803232824Z 49 PC: 12c8a | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14830,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:45.930191605Z 9 PC: 12c99 | Display string (String= 'p€õ9CLOCK')
2018-12-25T12:41:45.933367345Z 42 PC: 12ae5 | Get date 0x12ae5: mov di, di
0x12ae7: cmp dh, 0xc
0x12aea: jne 0x12afa
0x12aec: cmp dl, 3
0x12aef: jne 0x12afa
0x12af1: add dx, 0
0x12af4: call 0x12cb5
0x12af7: sub cx, 0
0x12afa: mov dx, dx
0x12afc: sub ch, 0
0x12aff: add cx, 0
0x12b02: push cs
0x12b03: pop es
0x12b04: mov bx, bx
0x12b06: add cx, 0
0x12b09: mov si, 0x13b
0x12b0c: add ah, 0
0x12b0f: mov cx, cx
0x12b11: cmp word ptr [bp + si + 1], 0x414c
0x12b16: jne 0x12b26
2018-12-25T12:41:45.93651088Z 201 PC: 12b1e | UNKNOWN!
2018-12-25T12:41:45.938295671Z 74 PC: 12b85 | Reallocate memory
2018-12-25T12:41:45.940172877Z 53 PC: 12b8a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:45.94492195Z 37 PC: 12bb2 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:45.946305678Z 75 PC: 12c60 | Execute program
2018-12-25T12:41:45.961774126Z 9 PC: 134f9 | Display string (String= 'p€õ9CLOCK')
2018-12-25T12:41:45.96658447Z 42 PC: 13345 | Get date 0x13345: mov di, di
0x13347: cmp dh, 0xc
0x1334a: jne 0x1335a
0x1334c: cmp dl, 3
0x1334f: jne 0x1335a
0x13351: add dx, 0
0x13354: call 0x13515
0x13357: sub cx, 0
0x1335a: mov dx, dx
0x1335c: sub ch, 0
0x1335f: add cx, 0
0x13362: push cs
0x13363: pop es
0x13364: mov bx, bx
0x13366: add cx, 0
0x13369: mov si, 0x13b
0x1336c: add ah, 0
0x1336f: mov cx, cx
0x13371: cmp word ptr [bp + si + 1], 0x414c
0x13376: jne 0x13386
2018-12-25T12:41:45.96963972Z 76 PC: 132a4 | Terminate with return code (Return code = '2')
2018-12-25T12:41:45.973263043Z 73 PC: 12c80 | Release memory
2018-12-25T12:41:45.975842141Z 49 PC: 12c8a | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14830,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:45.978278099Z 9 PC: 12c99 | Display string (String= 'p€õ9CLOCK')
2018-12-25T12:41:45.981486249Z 42 PC: 12ae5 | Get date 0x12ae5: mov di, di
0x12ae7: cmp dh, 0xc
0x12aea: jne 0x12afa
0x12aec: cmp dl, 3
0x12aef: jne 0x12afa
0x12af1: add dx, 0
0x12af4: call 0x12cb5
0x12af7: sub cx, 0
0x12afa: mov dx, dx
0x12afc: sub ch, 0
0x12aff: add cx, 0
0x12b02: push cs
0x12b03: pop es
0x12b04: mov bx, bx
0x12b06: add cx, 0
0x12b09: mov si, 0x13b
0x12b0c: add ah, 0
0x12b0f: mov cx, cx
0x12b11: cmp word ptr [bp + si + 1], 0x414c
0x12b16: jne 0x12b26
2018-12-25T12:41:45.985055336Z 201 PC: 12b1e | UNKNOWN!
2018-12-25T12:41:45.987190945Z 74 PC: 12b85 | Reallocate memory
2018-12-25T12:41:45.989055739Z 53 PC: 12b8a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:45.991279116Z 37 PC: 12bb2 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:45.993159117Z 75 PC: 12c60 | Execute program
2018-12-25T12:41:46.008486618Z 9 PC: 134f9 | Display string (String= 'p€õ9CLOCK')
2018-12-25T12:41:46.012976674Z 42 PC: 13345 | Get date 0x13345: mov di, di
0x13347: cmp dh, 0xc
0x1334a: jne 0x1335a
0x1334c: cmp dl, 3
0x1334f: jne 0x1335a
0x13351: add dx, 0
0x13354: call 0x13515
0x13357: sub cx, 0
0x1335a: mov dx, dx
0x1335c: sub ch, 0
0x1335f: add cx, 0
0x13362: push cs
0x13363: pop es
0x13364: mov bx, bx
0x13366: add cx, 0
0x13369: mov si, 0x13b
0x1336c: add ah, 0
0x1336f: mov cx, cx
0x13371: cmp word ptr [bp + si + 1], 0x414c
0x13376: jne 0x13386
2018-12-25T12:41:46.015273921Z 76 PC: 132a4 | Terminate with return code (Return code = '1')
2018-12-25T12:41:46.019049875Z 73 PC: 12c80 | Release memory
2018-12-25T12:41:46.02223659Z 49 PC: 12c8a | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":3,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14830,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:46.112635106Z 9 PC: 12c99 | Display string (String= 'p€õ9CLOCK')
2018-12-25T12:41:46.117487686Z 42 PC: 12ae5 | Get date 0x12ae5: mov di, di
0x12ae7: cmp dh, 0xc
0x12aea: jne 0x12afa
0x12aec: cmp dl, 3
0x12aef: jne 0x12afa
0x12af1: add dx, 0
0x12af4: call 0x12cb5
0x12af7: sub cx, 0
0x12afa: mov dx, dx
0x12afc: sub ch, 0
0x12aff: add cx, 0
0x12b02: push cs
0x12b03: pop es
0x12b04: mov bx, bx
0x12b06: add cx, 0
0x12b09: mov si, 0x13b
0x12b0c: add ah, 0
0x12b0f: mov cx, cx
0x12b11: cmp word ptr [bp + si + 1], 0x414c
0x12b16: jne 0x12b26

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14830,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T13:07:27.242115107Z 9 PC: 12c99 | Display string (String= 'p€õ9CLOCK')
2018-12-25T13:07:27.248247355Z 42 PC: 12ae5 | Get date 0x12ae5: mov di, di
0x12ae7: cmp dh, 0xc
0x12aea: jne 0x12afa
0x12aec: cmp dl, 3
0x12aef: jne 0x12afa
0x12af1: add dx, 0
0x12af4: call 0x12cb5
0x12af7: sub cx, 0
0x12afa: mov dx, dx
0x12afc: sub ch, 0
0x12aff: add cx, 0
0x12b02: push cs
0x12b03: pop es
0x12b04: mov bx, bx
0x12b06: add cx, 0
0x12b09: mov si, 0x13b
0x12b0c: add ah, 0
0x12b0f: mov cx, cx
0x12b11: cmp word ptr [bp + si + 1], 0x414c
0x12b16: jne 0x12b26
2018-12-25T13:07:27.251810464Z 201 PC: 12b1e | UNKNOWN!
2018-12-25T13:07:27.2543744Z 74 PC: 12b85 | Reallocate memory
2018-12-25T13:07:27.256884522Z 53 PC: 12b8a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T13:07:27.260150308Z 37 PC: 12bb2 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T13:07:27.261186464Z 75 PC: 12c60 | Execute program
2018-12-25T13:07:27.271788043Z 9 PC: 134f9 | Display string (String= 'p€õ9CLOCK')
2018-12-25T13:07:27.275839105Z 42 PC: 13345 | Get date 0x13345: mov di, di
0x13347: cmp dh, 0xc
0x1334a: jne 0x1335a
0x1334c: cmp dl, 3
0x1334f: jne 0x1335a
0x13351: add dx, 0
0x13354: call 0x13515
0x13357: sub cx, 0
0x1335a: mov dx, dx
0x1335c: sub ch, 0
0x1335f: add cx, 0
0x13362: push cs
0x13363: pop es
0x13364: mov bx, bx
0x13366: add cx, 0
0x13369: mov si, 0x13b
0x1336c: add ah, 0
0x1336f: mov cx, cx
0x13371: cmp word ptr [bp + si + 1], 0x414c
0x13376: jne 0x13386
2018-12-25T13:07:27.278509157Z 76 PC: 132a4 | Terminate with return code (Return code = '2')
2018-12-25T13:07:27.281857752Z 73 PC: 12c80 | Release memory
2018-12-25T13:07:27.284102085Z 49 PC: 12c8a | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14830,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:46.440918206Z 9 PC: 12c99 | Display string (String= 'p€õ9CLOCK')
2018-12-25T12:41:46.444124576Z 42 PC: 12ae5 | Get date 0x12ae5: mov di, di
0x12ae7: cmp dh, 0xc
0x12aea: jne 0x12afa
0x12aec: cmp dl, 3
0x12aef: jne 0x12afa
0x12af1: add dx, 0
0x12af4: call 0x12cb5
0x12af7: sub cx, 0
0x12afa: mov dx, dx
0x12afc: sub ch, 0
0x12aff: add cx, 0
0x12b02: push cs
0x12b03: pop es
0x12b04: mov bx, bx
0x12b06: add cx, 0
0x12b09: mov si, 0x13b
0x12b0c: add ah, 0
0x12b0f: mov cx, cx
0x12b11: cmp word ptr [bp + si + 1], 0x414c
0x12b16: jne 0x12b26
2018-12-25T12:41:46.446637605Z 201 PC: 12b1e | UNKNOWN!
2018-12-25T12:41:46.448217286Z 74 PC: 12b85 | Reallocate memory
2018-12-25T12:41:46.450267919Z 53 PC: 12b8a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:46.459724369Z 37 PC: 12bb2 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:46.461195738Z 75 PC: 12c60 | Execute program
2018-12-25T12:41:46.475403883Z 9 PC: 134f9 | Display string (String= 'p€õ9CLOCK')
2018-12-25T12:41:46.478758408Z 42 PC: 13345 | Get date 0x13345: mov di, di
0x13347: cmp dh, 0xc
0x1334a: jne 0x1335a
0x1334c: cmp dl, 3
0x1334f: jne 0x1335a
0x13351: add dx, 0
0x13354: call 0x13515
0x13357: sub cx, 0
0x1335a: mov dx, dx
0x1335c: sub ch, 0
0x1335f: add cx, 0
0x13362: push cs
0x13363: pop es
0x13364: mov bx, bx
0x13366: add cx, 0
0x13369: mov si, 0x13b
0x1336c: add ah, 0
0x1336f: mov cx, cx
0x13371: cmp word ptr [bp + si + 1], 0x414c
0x13376: jne 0x13386
2018-12-25T12:41:46.480793484Z 76 PC: 132a4 | Terminate with return code (Return code = '1')
2018-12-25T12:41:46.482939294Z 73 PC: 12c80 | Release memory
2018-12-25T12:41:46.484646648Z 49 PC: 12c8a | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":3,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14830,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:46.968940228Z 9 PC: 12c99 | Display string (String= 'p€õ9CLOCK')
2018-12-25T12:41:46.971683291Z 42 PC: 12ae5 | Get date 0x12ae5: mov di, di
0x12ae7: cmp dh, 0xc
0x12aea: jne 0x12afa
0x12aec: cmp dl, 3
0x12aef: jne 0x12afa
0x12af1: add dx, 0
0x12af4: call 0x12cb5
0x12af7: sub cx, 0
0x12afa: mov dx, dx
0x12afc: sub ch, 0
0x12aff: add cx, 0
0x12b02: push cs
0x12b03: pop es
0x12b04: mov bx, bx
0x12b06: add cx, 0
0x12b09: mov si, 0x13b
0x12b0c: add ah, 0
0x12b0f: mov cx, cx
0x12b11: cmp word ptr [bp + si + 1], 0x414c
0x12b16: jne 0x12b26