Sample viewer

vx.netlux.org/Virus.DOS.DBCE.3403

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:06:31.647765562Z	254	PC: 12a59 \| UNKNOWN!
2018-12-17T23:06:31.653804796Z	42	PC: 12a63 \| Get date 0x12a63: cmp cx, 0x7c9 0x12a67: je 0x12ac4 0x12a69: cmp cx, 0x7ca 0x12a6d: ja 0x12a7b 0x12a6f: cmp dh, 7 0x12a72: jb 0x12ac4 0x12a74: ja 0x12a7b 0x12a76: cmp dl, 9 0x12a79: jbe 0x12ac4 0x12a7b: push cs 0x12a7c: pop ds 0x12a7d: pop es 0x12a7e: cmp word ptr [0xd2d], 0x5a4d 0x12a84: je 0x12a9a 0x12a86: mov si, 0xd2d 0x12a89: mov di, 0x100 0x12a8c: mov cx, 3 0x12a8f: rep movsb byte ptr es:[di], byte ptr [si] 0x12a91: push es 0x12a92: pop ds

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15563,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:49.887955276Z	254	PC: 12a59 \| UNKNOWN!
2018-12-25T12:43:49.889430169Z	42	PC: 12a63 \| Get date 0x12a63: cmp cx, 0x7c9 0x12a67: je 0x12ac4 0x12a69: cmp cx, 0x7ca 0x12a6d: ja 0x12a7b 0x12a6f: cmp dh, 7 0x12a72: jb 0x12ac4 0x12a74: ja 0x12a7b 0x12a76: cmp dl, 9 0x12a79: jbe 0x12ac4 0x12a7b: push cs 0x12a7c: pop ds 0x12a7d: pop es 0x12a7e: cmp word ptr [0xd2d], 0x5a4d 0x12a84: je 0x12a9a 0x12a86: mov si, 0xd2d 0x12a89: mov di, 0x100 0x12a8c: mov cx, 3 0x12a8f: rep movsb byte ptr es:[di], byte ptr [si] 0x12a91: push es 0x12a92: pop ds
2018-12-25T12:43:49.891524691Z	73	PC: 12ac8 \| Release memory
2018-12-25T12:43:49.892732217Z	72	PC: 12acf \| Allocate memory
2018-12-25T12:43:49.894735006Z	74	PC: 12ad7 \| Reallocate memory
2018-12-25T12:43:49.895930015Z	74	PC: 12aed \| Reallocate memory

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15563,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:50.021422127Z	254	PC: 12a59 \| UNKNOWN!
2018-12-25T12:43:50.022586939Z	42	PC: 12a63 \| Get date 0x12a63: cmp cx, 0x7c9 0x12a67: je 0x12ac4 0x12a69: cmp cx, 0x7ca 0x12a6d: ja 0x12a7b 0x12a6f: cmp dh, 7 0x12a72: jb 0x12ac4 0x12a74: ja 0x12a7b 0x12a76: cmp dl, 9 0x12a79: jbe 0x12ac4 0x12a7b: push cs 0x12a7c: pop ds 0x12a7d: pop es 0x12a7e: cmp word ptr [0xd2d], 0x5a4d 0x12a84: je 0x12a9a 0x12a86: mov si, 0xd2d 0x12a89: mov di, 0x100 0x12a8c: mov cx, 3 0x12a8f: rep movsb byte ptr es:[di], byte ptr [si] 0x12a91: push es 0x12a92: pop ds
2018-12-25T12:43:50.024758252Z	73	PC: 12ac8 \| Release memory
2018-12-25T12:43:50.025880266Z	72	PC: 12acf \| Allocate memory
2018-12-25T12:43:50.028094011Z	74	PC: 12ad7 \| Reallocate memory
2018-12-25T12:43:50.029526397Z	74	PC: 12aed \| Reallocate memory

{"DateBased":true,"Day":9,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15563,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:50.412718189Z	254	PC: 12a59 \| UNKNOWN!
2018-12-25T12:43:50.414496742Z	42	PC: 12a63 \| Get date 0x12a63: cmp cx, 0x7c9 0x12a67: je 0x12ac4 0x12a69: cmp cx, 0x7ca 0x12a6d: ja 0x12a7b 0x12a6f: cmp dh, 7 0x12a72: jb 0x12ac4 0x12a74: ja 0x12a7b 0x12a76: cmp dl, 9 0x12a79: jbe 0x12ac4 0x12a7b: push cs 0x12a7c: pop ds 0x12a7d: pop es 0x12a7e: cmp word ptr [0xd2d], 0x5a4d 0x12a84: je 0x12a9a 0x12a86: mov si, 0xd2d 0x12a89: mov di, 0x100 0x12a8c: mov cx, 3 0x12a8f: rep movsb byte ptr es:[di], byte ptr [si] 0x12a91: push es 0x12a92: pop ds
2018-12-25T12:43:50.420227316Z	73	PC: 12ac8 \| Release memory
2018-12-25T12:43:50.421726585Z	72	PC: 12acf \| Allocate memory
2018-12-25T12:43:50.426651105Z	74	PC: 12ad7 \| Reallocate memory
2018-12-25T12:43:50.42859244Z	74	PC: 12aed \| Reallocate memory

{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15563,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:50.763356004Z	254	PC: 12a59 \| UNKNOWN!
2018-12-25T12:43:50.764805167Z	42	PC: 12a63 \| Get date 0x12a63: cmp cx, 0x7c9 0x12a67: je 0x12ac4 0x12a69: cmp cx, 0x7ca 0x12a6d: ja 0x12a7b 0x12a6f: cmp dh, 7 0x12a72: jb 0x12ac4 0x12a74: ja 0x12a7b 0x12a76: cmp dl, 9 0x12a79: jbe 0x12ac4 0x12a7b: push cs 0x12a7c: pop ds 0x12a7d: pop es 0x12a7e: cmp word ptr [0xd2d], 0x5a4d 0x12a84: je 0x12a9a 0x12a86: mov si, 0xd2d 0x12a89: mov di, 0x100 0x12a8c: mov cx, 3 0x12a8f: rep movsb byte ptr es:[di], byte ptr [si] 0x12a91: push es 0x12a92: pop ds

{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15563,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:51.159386148Z	254	PC: 12a59 \| UNKNOWN!
2018-12-25T12:43:51.179363321Z	42	PC: 12a63 \| Get date 0x12a63: cmp cx, 0x7c9 0x12a67: je 0x12ac4 0x12a69: cmp cx, 0x7ca 0x12a6d: ja 0x12a7b 0x12a6f: cmp dh, 7 0x12a72: jb 0x12ac4 0x12a74: ja 0x12a7b 0x12a76: cmp dl, 9 0x12a79: jbe 0x12ac4 0x12a7b: push cs 0x12a7c: pop ds 0x12a7d: pop es 0x12a7e: cmp word ptr [0xd2d], 0x5a4d 0x12a84: je 0x12a9a 0x12a86: mov si, 0xd2d 0x12a89: mov di, 0x100 0x12a8c: mov cx, 3 0x12a8f: rep movsb byte ptr es:[di], byte ptr [si] 0x12a91: push es 0x12a92: pop ds
2018-12-25T12:43:51.183178462Z	73	PC: 12ac8 \| Release memory
2018-12-25T12:43:51.185259615Z	72	PC: 12acf \| Allocate memory
2018-12-25T12:43:51.193623806Z	74	PC: 12ad7 \| Reallocate memory
2018-12-25T12:43:51.197623326Z	74	PC: 12aed \| Reallocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15563,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:51.359977895Z	254	PC: 12a59 \| UNKNOWN!
2018-12-25T12:43:51.361836863Z	42	PC: 12a63 \| Get date 0x12a63: cmp cx, 0x7c9 0x12a67: je 0x12ac4 0x12a69: cmp cx, 0x7ca 0x12a6d: ja 0x12a7b 0x12a6f: cmp dh, 7 0x12a72: jb 0x12ac4 0x12a74: ja 0x12a7b 0x12a76: cmp dl, 9 0x12a79: jbe 0x12ac4 0x12a7b: push cs 0x12a7c: pop ds 0x12a7d: pop es 0x12a7e: cmp word ptr [0xd2d], 0x5a4d 0x12a84: je 0x12a9a 0x12a86: mov si, 0xd2d 0x12a89: mov di, 0x100 0x12a8c: mov cx, 3 0x12a8f: rep movsb byte ptr es:[di], byte ptr [si] 0x12a91: push es 0x12a92: pop ds