Sample viewer

vx.netlux.org/Virus.DOS.NWO.833

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:06:07.450810128Z	255	PC: 12d3c \| UNKNOWN!
2018-12-17T23:06:07.452091137Z	53	PC: 12d49 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:06:07.455824156Z	37	PC: 12d8e \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:06:07.457052084Z	42	PC: 12d9b \| Get date 0x12d9b: cmp dx, 0x60c 0x12d9f: jne 0x12db3 0x12da1: mov ax, 0x311 0x12da4: mov dx, 0x80 0x12da7: mov cx, 1 0x12daa: int 0x13 0x12dac: inc dh 0x12dae: mov ax, 0x311 0x12db1: int 0x13 0x12db3: mov ah, 0x2a 0x12db5: int 0x21 0x12db7: cmp dx, 0x503 0x12dbb: jne 0x12dc8 0x12dbd: push ds 0x12dbe: push cs 0x12dbf: pop ds 0x12dc0: mov ah, 9 0x12dc2: mov dx, 0x204 0x12dc5: int 0x21 0x12dc7: pop ds
2018-12-17T23:06:07.459856457Z	42	PC: 12db7 \| Get date 0x12db7: cmp dx, 0x503 0x12dbb: jne 0x12dc8 0x12dbd: push ds 0x12dbe: push cs 0x12dbf: pop ds 0x12dc0: mov ah, 9 0x12dc2: mov dx, 0x204 0x12dc5: int 0x21 0x12dc7: pop ds 0x12dc8: cmp byte ptr cs:[bp + 0x249], 0 0x12dce: jne 0x12def 0x12dd0: lea si, word ptr [bp + 0x223] 0x12dd4: mov di, 0x100 0x12dd7: mov cx, 3 0x12dda: cld 0x12ddb: rep movsb byte ptr es:[di], byte ptr [si] 0x12ddd: mov ax, 0x100 0x12de0: push ax 0x12de1: xor ax, ax 0x12de3: cdq
2018-12-17T23:06:07.464622007Z	9	PC: 12ac8 \| Display string (Could not find end pointer)
2018-12-17T23:06:07.484354267Z	76	PC: 12acc \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15439,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:25.963714651Z	255	PC: 12d3c \| UNKNOWN!
2018-12-25T12:43:25.965169221Z	53	PC: 12d49 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:25.96691336Z	37	PC: 12d8e \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:25.96792832Z	42	PC: 12d9b \| Get date 0x12d9b: cmp dx, 0x60c 0x12d9f: jne 0x12db3 0x12da1: mov ax, 0x311 0x12da4: mov dx, 0x80 0x12da7: mov cx, 1 0x12daa: int 0x13 0x12dac: inc dh 0x12dae: mov ax, 0x311 0x12db1: int 0x13 0x12db3: mov ah, 0x2a 0x12db5: int 0x21 0x12db7: cmp dx, 0x503 0x12dbb: jne 0x12dc8 0x12dbd: push ds 0x12dbe: push cs 0x12dbf: pop ds 0x12dc0: mov ah, 9 0x12dc2: mov dx, 0x204 0x12dc5: int 0x21 0x12dc7: pop ds
2018-12-25T12:43:25.970373103Z	42	PC: 12db7 \| Get date 0x12db7: cmp dx, 0x503 0x12dbb: jne 0x12dc8 0x12dbd: push ds 0x12dbe: push cs 0x12dbf: pop ds 0x12dc0: mov ah, 9 0x12dc2: mov dx, 0x204 0x12dc5: int 0x21 0x12dc7: pop ds 0x12dc8: cmp byte ptr cs:[bp + 0x249], 0 0x12dce: jne 0x12def 0x12dd0: lea si, word ptr [bp + 0x223] 0x12dd4: mov di, 0x100 0x12dd7: mov cx, 3 0x12dda: cld 0x12ddb: rep movsb byte ptr es:[di], byte ptr [si] 0x12ddd: mov ax, 0x100 0x12de0: push ax 0x12de1: xor ax, ax 0x12de3: cdq
2018-12-25T12:43:25.97245863Z	9	PC: 12ac8 \| Display string (Could not find end pointer)
2018-12-25T12:43:25.984269155Z	76	PC: 12acc \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":12,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15439,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:26.102907858Z	255	PC: 12d3c \| UNKNOWN!
2018-12-25T12:43:26.103880359Z	53	PC: 12d49 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:26.105010738Z	37	PC: 12d8e \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:26.105727084Z	42	PC: 12d9b \| Get date 0x12d9b: cmp dx, 0x60c 0x12d9f: jne 0x12db3 0x12da1: mov ax, 0x311 0x12da4: mov dx, 0x80 0x12da7: mov cx, 1 0x12daa: int 0x13 0x12dac: inc dh 0x12dae: mov ax, 0x311 0x12db1: int 0x13 0x12db3: mov ah, 0x2a 0x12db5: int 0x21 0x12db7: cmp dx, 0x503 0x12dbb: jne 0x12dc8 0x12dbd: push ds 0x12dbe: push cs 0x12dbf: pop ds 0x12dc0: mov ah, 9 0x12dc2: mov dx, 0x204 0x12dc5: int 0x21 0x12dc7: pop ds
2018-12-25T12:43:26.679240342Z	42	PC: 12db7 \| Get date 0x12db7: cmp dx, 0x503 0x12dbb: jne 0x12dc8 0x12dbd: push ds 0x12dbe: push cs 0x12dbf: pop ds 0x12dc0: mov ah, 9 0x12dc2: mov dx, 0x204 0x12dc5: int 0x21 0x12dc7: pop ds 0x12dc8: cmp byte ptr cs:[bp + 0x249], 0 0x12dce: jne 0x12def 0x12dd0: lea si, word ptr [bp + 0x223] 0x12dd4: mov di, 0x100 0x12dd7: mov cx, 3 0x12dda: cld 0x12ddb: rep movsb byte ptr es:[di], byte ptr [si] 0x12ddd: mov ax, 0x100 0x12de0: push ax 0x12de1: xor ax, ax 0x12de3: cdq
2018-12-25T12:43:26.681504303Z	9	PC: 12ac8 \| Display string (Could not find end pointer)
2018-12-25T12:43:26.696285622Z	76	PC: 12acc \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15439,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:26.399972628Z	255	PC: 12d3c \| UNKNOWN!
2018-12-25T12:43:26.40123462Z	53	PC: 12d49 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:26.402322287Z	37	PC: 12d8e \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:26.403294979Z	42	PC: 12d9b \| Get date 0x12d9b: cmp dx, 0x60c 0x12d9f: jne 0x12db3 0x12da1: mov ax, 0x311 0x12da4: mov dx, 0x80 0x12da7: mov cx, 1 0x12daa: int 0x13 0x12dac: inc dh 0x12dae: mov ax, 0x311 0x12db1: int 0x13 0x12db3: mov ah, 0x2a 0x12db5: int 0x21 0x12db7: cmp dx, 0x503 0x12dbb: jne 0x12dc8 0x12dbd: push ds 0x12dbe: push cs 0x12dbf: pop ds 0x12dc0: mov ah, 9 0x12dc2: mov dx, 0x204 0x12dc5: int 0x21 0x12dc7: pop ds
2018-12-25T12:43:26.405767651Z	42	PC: 12db7 \| Get date 0x12db7: cmp dx, 0x503 0x12dbb: jne 0x12dc8 0x12dbd: push ds 0x12dbe: push cs 0x12dbf: pop ds 0x12dc0: mov ah, 9 0x12dc2: mov dx, 0x204 0x12dc5: int 0x21 0x12dc7: pop ds 0x12dc8: cmp byte ptr cs:[bp + 0x249], 0 0x12dce: jne 0x12def 0x12dd0: lea si, word ptr [bp + 0x223] 0x12dd4: mov di, 0x100 0x12dd7: mov cx, 3 0x12dda: cld 0x12ddb: rep movsb byte ptr es:[di], byte ptr [si] 0x12ddd: mov ax, 0x100 0x12de0: push ax 0x12de1: xor ax, ax 0x12de3: cdq
2018-12-25T12:43:26.407776713Z	9	PC: 12ac8 \| Display string (Could not find end pointer)
2018-12-25T12:43:26.420966632Z	76	PC: 12acc \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":3,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15439,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:26.44979934Z	255	PC: 12d3c \| UNKNOWN!
2018-12-25T12:43:26.451034577Z	53	PC: 12d49 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:26.4530559Z	37	PC: 12d8e \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:26.454350506Z	42	PC: 12d9b \| Get date 0x12d9b: cmp dx, 0x60c 0x12d9f: jne 0x12db3 0x12da1: mov ax, 0x311 0x12da4: mov dx, 0x80 0x12da7: mov cx, 1 0x12daa: int 0x13 0x12dac: inc dh 0x12dae: mov ax, 0x311 0x12db1: int 0x13 0x12db3: mov ah, 0x2a 0x12db5: int 0x21 0x12db7: cmp dx, 0x503 0x12dbb: jne 0x12dc8 0x12dbd: push ds 0x12dbe: push cs 0x12dbf: pop ds 0x12dc0: mov ah, 9 0x12dc2: mov dx, 0x204 0x12dc5: int 0x21 0x12dc7: pop ds
2018-12-25T12:43:26.456781665Z	42	PC: 12db7 \| Get date 0x12db7: cmp dx, 0x503 0x12dbb: jne 0x12dc8 0x12dbd: push ds 0x12dbe: push cs 0x12dbf: pop ds 0x12dc0: mov ah, 9 0x12dc2: mov dx, 0x204 0x12dc5: int 0x21 0x12dc7: pop ds 0x12dc8: cmp byte ptr cs:[bp + 0x249], 0 0x12dce: jne 0x12def 0x12dd0: lea si, word ptr [bp + 0x223] 0x12dd4: mov di, 0x100 0x12dd7: mov cx, 3 0x12dda: cld 0x12ddb: rep movsb byte ptr es:[di], byte ptr [si] 0x12ddd: mov ax, 0x100 0x12de0: push ax 0x12de1: xor ax, ax 0x12de3: cdq
2018-12-25T12:43:26.460033787Z	9	PC: 12dc7 \| Display string (Could not find end pointer)
2018-12-25T12:43:26.464305517Z	9	PC: 12ac8 \| Display string (Could not find end pointer)
2018-12-25T12:43:26.480810524Z	76	PC: 12acc \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15439,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:27.882113707Z	255	PC: 12d3c \| UNKNOWN!
2018-12-25T12:43:27.884481794Z	53	PC: 12d49 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:27.886460847Z	37	PC: 12d8e \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:27.888290471Z	42	PC: 12d9b \| Get date 0x12d9b: cmp dx, 0x60c 0x12d9f: jne 0x12db3 0x12da1: mov ax, 0x311 0x12da4: mov dx, 0x80 0x12da7: mov cx, 1 0x12daa: int 0x13 0x12dac: inc dh 0x12dae: mov ax, 0x311 0x12db1: int 0x13 0x12db3: mov ah, 0x2a 0x12db5: int 0x21 0x12db7: cmp dx, 0x503 0x12dbb: jne 0x12dc8 0x12dbd: push ds 0x12dbe: push cs 0x12dbf: pop ds 0x12dc0: mov ah, 9 0x12dc2: mov dx, 0x204 0x12dc5: int 0x21 0x12dc7: pop ds
2018-12-25T12:43:27.893305967Z	42	PC: 12db7 \| Get date 0x12db7: cmp dx, 0x503 0x12dbb: jne 0x12dc8 0x12dbd: push ds 0x12dbe: push cs 0x12dbf: pop ds 0x12dc0: mov ah, 9 0x12dc2: mov dx, 0x204 0x12dc5: int 0x21 0x12dc7: pop ds 0x12dc8: cmp byte ptr cs:[bp + 0x249], 0 0x12dce: jne 0x12def 0x12dd0: lea si, word ptr [bp + 0x223] 0x12dd4: mov di, 0x100 0x12dd7: mov cx, 3 0x12dda: cld 0x12ddb: rep movsb byte ptr es:[di], byte ptr [si] 0x12ddd: mov ax, 0x100 0x12de0: push ax 0x12de1: xor ax, ax 0x12de3: cdq
2018-12-25T12:43:27.896893096Z	9	PC: 12ac8 \| Display string (Could not find end pointer)
2018-12-25T12:43:27.91403687Z	76	PC: 12acc \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":12,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15439,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:28.786927467Z	255	PC: 12d3c \| UNKNOWN!
2018-12-25T12:43:28.788516362Z	53	PC: 12d49 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:28.790453851Z	37	PC: 12d8e \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:28.792106174Z	42	PC: 12d9b \| Get date 0x12d9b: cmp dx, 0x60c 0x12d9f: jne 0x12db3 0x12da1: mov ax, 0x311 0x12da4: mov dx, 0x80 0x12da7: mov cx, 1 0x12daa: int 0x13 0x12dac: inc dh 0x12dae: mov ax, 0x311 0x12db1: int 0x13 0x12db3: mov ah, 0x2a 0x12db5: int 0x21 0x12db7: cmp dx, 0x503 0x12dbb: jne 0x12dc8 0x12dbd: push ds 0x12dbe: push cs 0x12dbf: pop ds 0x12dc0: mov ah, 9 0x12dc2: mov dx, 0x204 0x12dc5: int 0x21 0x12dc7: pop ds
2018-12-25T12:43:29.138444908Z	42	PC: 12db7 \| Get date 0x12db7: cmp dx, 0x503 0x12dbb: jne 0x12dc8 0x12dbd: push ds 0x12dbe: push cs 0x12dbf: pop ds 0x12dc0: mov ah, 9 0x12dc2: mov dx, 0x204 0x12dc5: int 0x21 0x12dc7: pop ds 0x12dc8: cmp byte ptr cs:[bp + 0x249], 0 0x12dce: jne 0x12def 0x12dd0: lea si, word ptr [bp + 0x223] 0x12dd4: mov di, 0x100 0x12dd7: mov cx, 3 0x12dda: cld 0x12ddb: rep movsb byte ptr es:[di], byte ptr [si] 0x12ddd: mov ax, 0x100 0x12de0: push ax 0x12de1: xor ax, ax 0x12de3: cdq
2018-12-25T12:43:29.140525019Z	9	PC: 12ac8 \| Display string (Could not find end pointer)
2018-12-25T12:43:29.148625383Z	76	PC: 12acc \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15439,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:28.787893113Z	255	PC: 12d3c \| UNKNOWN!
2018-12-25T12:43:28.789098771Z	53	PC: 12d49 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:28.790549221Z	37	PC: 12d8e \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:28.791631068Z	42	PC: 12d9b \| Get date 0x12d9b: cmp dx, 0x60c 0x12d9f: jne 0x12db3 0x12da1: mov ax, 0x311 0x12da4: mov dx, 0x80 0x12da7: mov cx, 1 0x12daa: int 0x13 0x12dac: inc dh 0x12dae: mov ax, 0x311 0x12db1: int 0x13 0x12db3: mov ah, 0x2a 0x12db5: int 0x21 0x12db7: cmp dx, 0x503 0x12dbb: jne 0x12dc8 0x12dbd: push ds 0x12dbe: push cs 0x12dbf: pop ds 0x12dc0: mov ah, 9 0x12dc2: mov dx, 0x204 0x12dc5: int 0x21 0x12dc7: pop ds
2018-12-25T12:43:28.794150607Z	42	PC: 12db7 \| Get date 0x12db7: cmp dx, 0x503 0x12dbb: jne 0x12dc8 0x12dbd: push ds 0x12dbe: push cs 0x12dbf: pop ds 0x12dc0: mov ah, 9 0x12dc2: mov dx, 0x204 0x12dc5: int 0x21 0x12dc7: pop ds 0x12dc8: cmp byte ptr cs:[bp + 0x249], 0 0x12dce: jne 0x12def 0x12dd0: lea si, word ptr [bp + 0x223] 0x12dd4: mov di, 0x100 0x12dd7: mov cx, 3 0x12dda: cld 0x12ddb: rep movsb byte ptr es:[di], byte ptr [si] 0x12ddd: mov ax, 0x100 0x12de0: push ax 0x12de1: xor ax, ax 0x12de3: cdq
2018-12-25T12:43:28.796726931Z	9	PC: 12ac8 \| Display string (Could not find end pointer)
2018-12-25T12:43:28.814678875Z	76	PC: 12acc \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":3,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15439,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:28.888187395Z	255	PC: 12d3c \| UNKNOWN!
2018-12-25T12:43:28.890305066Z	53	PC: 12d49 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:28.892305619Z	37	PC: 12d8e \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:28.893742094Z	42	PC: 12d9b \| Get date 0x12d9b: cmp dx, 0x60c 0x12d9f: jne 0x12db3 0x12da1: mov ax, 0x311 0x12da4: mov dx, 0x80 0x12da7: mov cx, 1 0x12daa: int 0x13 0x12dac: inc dh 0x12dae: mov ax, 0x311 0x12db1: int 0x13 0x12db3: mov ah, 0x2a 0x12db5: int 0x21 0x12db7: cmp dx, 0x503 0x12dbb: jne 0x12dc8 0x12dbd: push ds 0x12dbe: push cs 0x12dbf: pop ds 0x12dc0: mov ah, 9 0x12dc2: mov dx, 0x204 0x12dc5: int 0x21 0x12dc7: pop ds
2018-12-25T12:43:28.896430442Z	42	PC: 12db7 \| Get date 0x12db7: cmp dx, 0x503 0x12dbb: jne 0x12dc8 0x12dbd: push ds 0x12dbe: push cs 0x12dbf: pop ds 0x12dc0: mov ah, 9 0x12dc2: mov dx, 0x204 0x12dc5: int 0x21 0x12dc7: pop ds 0x12dc8: cmp byte ptr cs:[bp + 0x249], 0 0x12dce: jne 0x12def 0x12dd0: lea si, word ptr [bp + 0x223] 0x12dd4: mov di, 0x100 0x12dd7: mov cx, 3 0x12dda: cld 0x12ddb: rep movsb byte ptr es:[di], byte ptr [si] 0x12ddd: mov ax, 0x100 0x12de0: push ax 0x12de1: xor ax, ax 0x12de3: cdq
2018-12-25T12:43:28.899638637Z	9	PC: 12dc7 \| Display string (Could not find end pointer)
2018-12-25T12:43:28.903665557Z	9	PC: 12ac8 \| Display string (Could not find end pointer)
2018-12-25T12:43:28.917467875Z	76	PC: 12acc \| Terminate with return code (Return code = '36')