Sample viewer

vx.netlux.org/Virus.DOS.Timishoara.2132

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:07:07.447541525Z 73 PC: 12a58 | Release memory
2018-12-17T23:07:07.450184457Z 72 PC: 12a5f | Allocate memory
2018-12-17T23:07:07.452163159Z 74 PC: 12a6c | Reallocate memory
2018-12-17T23:07:07.461498618Z 74 PC: 12a7a | Reallocate memory
2018-12-17T23:07:07.464132972Z 204 PC: 9f421 | UNKNOWN!
2018-12-17T23:07:07.465342014Z 42 PC: 9f465 | Get date 0x9f465: cmp dl, 1
0x9f468: jne 0x9f472
0x9f46a: mov byte ptr cs:[0x784], 1
0x9f470: jmp 0x9f478
0x9f472: mov byte ptr cs:[0x784], 0
0x9f478: mov word ptr cs:[0x785], 0
0x9f47f: mov word ptr cs:[0x770], 0
0x9f486: mov word ptr [0x20], 0x68f
0x9f48c: mov word ptr [0x22], cs
0x9f490: cmp al, 5
0x9f492: jne 0x9f49e
0x9f494: mov word ptr [0x24], 0x5f4
0x9f49a: mov word ptr [0x26], cs
0x9f49e: mov ds, word ptr cs:[0x797]
0x9f4a3: push ds
0x9f4a4: pop es
0x9f4a5: cmp byte ptr cs:[0x7bb], 0
0x9f4ab: jne 0x9f4cd
0x9f4ad: mov ds, word ptr cs:[0x799]
0x9f4b2: push ds

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15763,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:29.96227558Z 73 PC: 12a58 | Release memory
2018-12-25T12:44:29.964382369Z 72 PC: 12a5f | Allocate memory
2018-12-25T12:44:29.966439926Z 74 PC: 12a6c | Reallocate memory
2018-12-25T12:44:29.968646977Z 74 PC: 12a7a | Reallocate memory
2018-12-25T12:44:29.971569254Z 204 PC: 9f421 | UNKNOWN!
2018-12-25T12:44:29.97405884Z 42 PC: 9f465 | Get date 0x9f465: cmp dl, 1
0x9f468: jne 0x9f472
0x9f46a: mov byte ptr cs:[0x784], 1
0x9f470: jmp 0x9f478
0x9f472: mov byte ptr cs:[0x784], 0
0x9f478: mov word ptr cs:[0x785], 0
0x9f47f: mov word ptr cs:[0x770], 0
0x9f486: mov word ptr [0x20], 0x68f
0x9f48c: mov word ptr [0x22], cs
0x9f490: cmp al, 5
0x9f492: jne 0x9f49e
0x9f494: mov word ptr [0x24], 0x5f4
0x9f49a: mov word ptr [0x26], cs
0x9f49e: mov ds, word ptr cs:[0x797]
0x9f4a3: push ds
0x9f4a4: pop es
0x9f4a5: cmp byte ptr cs:[0x7bb], 0
0x9f4ab: jne 0x9f4cd
0x9f4ad: mov ds, word ptr cs:[0x799]
0x9f4b2: push ds

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15763,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:30.338943913Z 73 PC: 12a58 | Release memory
2018-12-25T12:44:30.341133856Z 72 PC: 12a5f | Allocate memory
2018-12-25T12:44:30.342822157Z 74 PC: 12a6c | Reallocate memory
2018-12-25T12:44:30.344085298Z 74 PC: 12a7a | Reallocate memory
2018-12-25T12:44:30.346384916Z 204 PC: 9f421 | UNKNOWN!
2018-12-25T12:44:30.347151067Z 42 PC: 9f465 | Get date 0x9f465: cmp dl, 1
0x9f468: jne 0x9f472
0x9f46a: mov byte ptr cs:[0x784], 1
0x9f470: jmp 0x9f478
0x9f472: mov byte ptr cs:[0x784], 0
0x9f478: mov word ptr cs:[0x785], 0
0x9f47f: mov word ptr cs:[0x770], 0
0x9f486: mov word ptr [0x20], 0x68f
0x9f48c: mov word ptr [0x22], cs
0x9f490: cmp al, 5
0x9f492: jne 0x9f49e
0x9f494: mov word ptr [0x24], 0x5f4
0x9f49a: mov word ptr [0x26], cs
0x9f49e: mov ds, word ptr cs:[0x797]
0x9f4a3: push ds
0x9f4a4: pop es
0x9f4a5: cmp byte ptr cs:[0x7bb], 0
0x9f4ab: jne 0x9f4cd
0x9f4ad: mov ds, word ptr cs:[0x799]
0x9f4b2: push ds