Sample viewer

vx.netlux.org/Virus.DOS.DJIFX.2372

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:04:09.697955711Z	42	PC: 132ed \| Get date 0x132ed: mov dh, 4 0x132ef: cmp dl, 0xf 0x132f2: je 0x132ff 0x132f4: mov dh, 9 0x132f6: cmp dl, 0xc 0x132f9: je 0x132ff 0x132fb: pop dx 0x132fc: pop cx 0x132fd: pop ax 0x132fe: ret 0x132ff: mov ah, 0x2b 0x13301: mov cx, 0x7cc 0x13304: int 0x21 0x13306: mov ah, 0x2d 0x13308: xor cx, cx 0x1330a: xor dx, dx 0x1330c: int 0x21 0x1330e: jmp 0x132fb 0x13310: call 0x13331 0x13313: mov word ptr cs:[0x714], 0x4000
2018-12-17T22:04:09.702130138Z	153	PC: 12d33 \| UNKNOWN!
2018-12-17T22:04:09.703518141Z	9	PC: 12b17 \| Display string (Could not find end pointer)
2018-12-17T22:04:09.718963453Z	76	PC: 12b1c \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1580,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:56.275708872Z	42	PC: 132ed \| Get date 0x132ed: mov dh, 4 0x132ef: cmp dl, 0xf 0x132f2: je 0x132ff 0x132f4: mov dh, 9 0x132f6: cmp dl, 0xc 0x132f9: je 0x132ff 0x132fb: pop dx 0x132fc: pop cx 0x132fd: pop ax 0x132fe: ret 0x132ff: mov ah, 0x2b 0x13301: mov cx, 0x7cc 0x13304: int 0x21 0x13306: mov ah, 0x2d 0x13308: xor cx, cx 0x1330a: xor dx, dx 0x1330c: int 0x21 0x1330e: jmp 0x132fb 0x13310: call 0x13331 0x13313: mov word ptr cs:[0x714], 0x4000
2018-12-25T11:43:56.279567165Z	153	PC: 12d33 \| UNKNOWN!
2018-12-25T11:43:56.280883825Z	9	PC: 12b17 \| Display string (Could not find end pointer)
2018-12-25T11:43:56.29606318Z	76	PC: 12b1c \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":12,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1580,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T13:06:46.146734887Z	42	PC: 132ed \| Get date 0x132ed: mov dh, 4 0x132ef: cmp dl, 0xf 0x132f2: je 0x132ff 0x132f4: mov dh, 9 0x132f6: cmp dl, 0xc 0x132f9: je 0x132ff 0x132fb: pop dx 0x132fc: pop cx 0x132fd: pop ax 0x132fe: ret 0x132ff: mov ah, 0x2b 0x13301: mov cx, 0x7cc 0x13304: int 0x21 0x13306: mov ah, 0x2d 0x13308: xor cx, cx 0x1330a: xor dx, dx 0x1330c: int 0x21 0x1330e: jmp 0x132fb 0x13310: call 0x13331 0x13313: mov word ptr cs:[0x714], 0x4000
2018-12-25T13:06:46.149373538Z	43	PC: 13306 \| Set date
2018-12-25T13:06:46.153051147Z	45	PC: 1330e \| Set time
2018-12-25T13:06:46.157138801Z	153	PC: 12d33 \| UNKNOWN!
2018-12-25T13:06:46.158470106Z	9	PC: 12b17 \| Display string (Could not find end pointer)
2018-12-25T13:06:46.174016064Z	76	PC: 12b1c \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":15,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1580,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:56.879030538Z	42	PC: 132ed \| Get date 0x132ed: mov dh, 4 0x132ef: cmp dl, 0xf 0x132f2: je 0x132ff 0x132f4: mov dh, 9 0x132f6: cmp dl, 0xc 0x132f9: je 0x132ff 0x132fb: pop dx 0x132fc: pop cx 0x132fd: pop ax 0x132fe: ret 0x132ff: mov ah, 0x2b 0x13301: mov cx, 0x7cc 0x13304: int 0x21 0x13306: mov ah, 0x2d 0x13308: xor cx, cx 0x1330a: xor dx, dx 0x1330c: int 0x21 0x1330e: jmp 0x132fb 0x13310: call 0x13331 0x13313: mov word ptr cs:[0x714], 0x4000
2018-12-25T11:43:56.881664728Z	43	PC: 13306 \| Set date
2018-12-25T11:43:56.885318341Z	45	PC: 1330e \| Set time
2018-12-25T11:43:56.88958817Z	153	PC: 12d33 \| UNKNOWN!
2018-12-25T11:43:56.891362472Z	9	PC: 12b17 \| Display string (Could not find end pointer)
2018-12-25T11:43:56.908125304Z	76	PC: 12b1c \| Terminate with return code (Return code = '0')