Sample viewer

vx.netlux.org/Virus.DOS.TPVO.Glacier.1183

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:05:25.956442348Z 131 PC: 12f8a | UNKNOWN!
2018-12-17T23:05:25.958296383Z 53 PC: 13030 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:25.959271031Z 37 PC: 1303f | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:25.960183296Z 53 PC: 13044 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:05:25.962831178Z 37 PC: 13053 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:05:25.964786449Z 42 PC: 12f93 | Get date 0x12f93: cmp dx, 0x40d
0x12f97: jne 0x12fcc
0x12f99: add si, 0x3b9
0x12f9d: push si
0x12f9e: push si
0x12f9f: pop di
0x12fa0: mov cx, 0xc2
0x12fa3: lodsb al, byte ptr [si]
0x12fa4: xor al, 0x45
0x12fa6: stosb byte ptr es:[di], al
0x12fa7: loop 0x12fa3
0x12fa9: pop si
0x12faa: xor bx, bx
0x12fac: mov ax, 0x9100
0x12faf: int 0x10
0x12fb1: or bx, bx
0x12fb3: je 0x12fc2
0x12fb5: test dh, 0x80
0x12fb8: jne 0x12fc2
0x12fba: add si, 0x64

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15196,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:51.826657143Z 131 PC: 12f8a | UNKNOWN!
2018-12-25T12:42:51.828290687Z 53 PC: 13030 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:42:51.830477331Z 37 PC: 1303f | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:42:51.831879717Z 53 PC: 13044 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:51.833883443Z 37 PC: 13053 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:51.835890046Z 42 PC: 12f93 | Get date 0x12f93: cmp dx, 0x40d
0x12f97: jne 0x12fcc
0x12f99: add si, 0x3b9
0x12f9d: push si
0x12f9e: push si
0x12f9f: pop di
0x12fa0: mov cx, 0xc2
0x12fa3: lodsb al, byte ptr [si]
0x12fa4: xor al, 0x45
0x12fa6: stosb byte ptr es:[di], al
0x12fa7: loop 0x12fa3
0x12fa9: pop si
0x12faa: xor bx, bx
0x12fac: mov ax, 0x9100
0x12faf: int 0x10
0x12fb1: or bx, bx
0x12fb3: je 0x12fc2
0x12fb5: test dh, 0x80
0x12fb8: jne 0x12fc2
0x12fba: add si, 0x64

{"DateBased":true,"Day":13,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15196,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:53.087302962Z 131 PC: 12f8a | UNKNOWN!
2018-12-25T12:42:53.088470068Z 53 PC: 13030 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:42:53.089760028Z 37 PC: 1303f | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:42:53.091445007Z 53 PC: 13044 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:53.093339554Z 37 PC: 13053 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:42:53.094980772Z 42 PC: 12f93 | Get date 0x12f93: cmp dx, 0x40d
0x12f97: jne 0x12fcc
0x12f99: add si, 0x3b9
0x12f9d: push si
0x12f9e: push si
0x12f9f: pop di
0x12fa0: mov cx, 0xc2
0x12fa3: lodsb al, byte ptr [si]
0x12fa4: xor al, 0x45
0x12fa6: stosb byte ptr es:[di], al
0x12fa7: loop 0x12fa3
0x12fa9: pop si
0x12faa: xor bx, bx
0x12fac: mov ax, 0x9100
0x12faf: int 0x10
0x12fb1: or bx, bx
0x12fb3: je 0x12fc2
0x12fb5: test dh, 0x80
0x12fb8: jne 0x12fc2
0x12fba: add si, 0x64