Sample viewer

vx.netlux.org/Virus.DOS.Amber.Trivial.1432

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:06:33.467596003Z 78 PC: 12a6f | Find first file
2018-12-17T23:06:33.474053888Z 79 PC: 12a6f | Find next file
2018-12-17T23:06:33.476587298Z 79 PC: 12a6f | Find next file
2018-12-17T23:06:33.479247275Z 79 PC: 12a6f | Find next file
2018-12-17T23:06:33.482297975Z 79 PC: 12a6f | Find next file
2018-12-17T23:06:33.489380108Z 79 PC: 12a6f | Find next file
2018-12-17T23:06:33.491928839Z 79 PC: 12a6f | Find next file
2018-12-17T23:06:33.496915267Z 79 PC: 12a6f | Find next file
2018-12-17T23:06:33.500430729Z 42 PC: 12b68 | Get date 0x12b68: cmp dh, dl
0x12b6a: jne 0x12b75
0x12b6c: mov dx, 0x149
0x12b6f: add dx, bp
0x12b71: mov ah, 9
0x12b73: int 0x21
0x12b75: xor ax, ax
0x12b77: xor bx, bx
0x12b79: mov cx, 0xff
0x12b7c: mov bp, sp
0x12b7e: mov si, 0x100
0x12b81: jmp si
0x12b83: sub ch, byte ptr [0x6f63]
0x12b87: insw word ptr es:[di], dx
0x12b88: add byte ptr [si + 0x55], cl
0x12b8b: inc bx
0x12b8c: dec bx
0x12b8d: pop cx
0x12b8e: and byte ptr [di + 0x53], dl
0x12b91: inc bp

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15574,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:52.25615021Z 78 PC: 12a6f | Find first file
2018-12-25T12:43:52.264082461Z 79 PC: 12a6f | Find next file (See above)
2018-12-25T12:43:52.268560231Z 79 PC: 12a6f | Find next file (See above)
2018-12-25T12:43:52.272041228Z 79 PC: 12a6f | Find next file (See above)
2018-12-25T12:43:52.274924012Z 79 PC: 12a6f | Find next file (See above)
2018-12-25T12:43:52.27918148Z 79 PC: 12a6f | Find next file (See above)
2018-12-25T12:43:52.282202019Z 79 PC: 12a6f | Find next file (See above)
2018-12-25T12:43:52.285409027Z 79 PC: 12a6f | Find next file (See above)
2018-12-25T12:43:52.295409618Z 42 PC: 12b68 | Get date 0x12b68: cmp dh, dl
0x12b6a: jne 0x12b75
0x12b6c: mov dx, 0x149
0x12b6f: add dx, bp
0x12b71: mov ah, 9
0x12b73: int 0x21
0x12b75: xor ax, ax
0x12b77: xor bx, bx
0x12b79: mov cx, 0xff
0x12b7c: mov bp, sp
0x12b7e: mov si, 0x100
0x12b81: jmp si
0x12b83: sub ch, byte ptr [0x6f63]
0x12b87: insw word ptr es:[di], dx
0x12b88: add byte ptr [si + 0x55], cl
0x12b8b: inc bx
0x12b8c: dec bx
0x12b8d: pop cx
0x12b8e: and byte ptr [di + 0x53], dl
0x12b91: inc bp

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15574,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:52.870117593Z 78 PC: 12a6f | Find first file
2018-12-25T12:43:52.877411805Z 79 PC: 12a6f | Find next file (See above)
2018-12-25T12:43:52.880358524Z 79 PC: 12a6f | Find next file (See above)
2018-12-25T12:43:52.883258376Z 79 PC: 12a6f | Find next file (See above)
2018-12-25T12:43:52.886154198Z 79 PC: 12a6f | Find next file (See above)
2018-12-25T12:43:52.889631425Z 79 PC: 12a6f | Find next file (See above)
2018-12-25T12:43:52.892431515Z 79 PC: 12a6f | Find next file (See above)
2018-12-25T12:43:52.895238472Z 79 PC: 12a6f | Find next file (See above)
2018-12-25T12:43:52.898814902Z 42 PC: 12b68 | Get date 0x12b68: cmp dh, dl
0x12b6a: jne 0x12b75
0x12b6c: mov dx, 0x149
0x12b6f: add dx, bp
0x12b71: mov ah, 9
0x12b73: int 0x21
0x12b75: xor ax, ax
0x12b77: xor bx, bx
0x12b79: mov cx, 0xff
0x12b7c: mov bp, sp
0x12b7e: mov si, 0x100
0x12b81: jmp si
0x12b83: sub ch, byte ptr [0x6f63]
0x12b87: insw word ptr es:[di], dx
0x12b88: add byte ptr [si + 0x55], cl
0x12b8b: inc bx
0x12b8c: dec bx
0x12b8d: pop cx
0x12b8e: and byte ptr [di + 0x53], dl
0x12b91: inc bp
2018-12-25T12:43:52.901189522Z 9 PC: 12b75 | Display string (String= 'LUCKY USES � ��]���[AMBER1.07@beta]X�o%�G�G�G�G')