Sample viewer

vx.netlux.org/Virus.DOS.TPVO.Glacier.1196

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:07:53.165147692Z 131 PC: 12c8e | UNKNOWN!
2018-12-17T23:07:53.174883334Z 53 PC: 12d39 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:07:53.176151484Z 37 PC: 12d48 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:07:53.177426741Z 53 PC: 12d4d | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:07:53.178674458Z 37 PC: 12d5c | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:07:53.181788655Z 42 PC: 12c97 | Get date 0x12c97: cmp dx, 0x40d
0x12c9b: jne 0x12cd4
0x12c9d: add si, 0x3c6
0x12ca1: push si
0x12ca2: push si
0x12ca3: pop di
0x12ca4: mov cx, 0xc2
0x12ca7: lodsb al, byte ptr [si]
0x12ca8: xor al, 0x45
0x12caa: stosb byte ptr es:[di], al
0x12cab: loop 0x12ca7
0x12cad: pop si
0x12cae: xor bx, bx
0x12cb0: mov ax, 0x9100
0x12cb3: int 0x10
0x12cb5: or bx, bx
0x12cb7: je 0x12cc9
0x12cb9: test dh, 0x80
0x12cbc: jne 0x12cc9
0x12cbe: add si, 0x64

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16004,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:02.518121273Z 131 PC: 12c8e | UNKNOWN!
2018-12-25T12:45:02.528405613Z 53 PC: 12d39 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:02.53040492Z 37 PC: 12d48 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:02.531766485Z 53 PC: 12d4d | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:45:02.534032013Z 37 PC: 12d5c | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:45:02.535446418Z 42 PC: 12c97 | Get date 0x12c97: cmp dx, 0x40d
0x12c9b: jne 0x12cd4
0x12c9d: add si, 0x3c6
0x12ca1: push si
0x12ca2: push si
0x12ca3: pop di
0x12ca4: mov cx, 0xc2
0x12ca7: lodsb al, byte ptr [si]
0x12ca8: xor al, 0x45
0x12caa: stosb byte ptr es:[di], al
0x12cab: loop 0x12ca7
0x12cad: pop si
0x12cae: xor bx, bx
0x12cb0: mov ax, 0x9100
0x12cb3: int 0x10
0x12cb5: or bx, bx
0x12cb7: je 0x12cc9
0x12cb9: test dh, 0x80
0x12cbc: jne 0x12cc9
0x12cbe: add si, 0x64

{"DateBased":true,"Day":13,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16004,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:02.554717823Z 131 PC: 12c8e | UNKNOWN!
2018-12-25T12:45:02.556319444Z 53 PC: 12d39 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:02.557661034Z 37 PC: 12d48 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:02.559182676Z 53 PC: 12d4d | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:45:02.561588002Z 37 PC: 12d5c | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:45:02.563206635Z 42 PC: 12c97 | Get date 0x12c97: cmp dx, 0x40d
0x12c9b: jne 0x12cd4
0x12c9d: add si, 0x3c6
0x12ca1: push si
0x12ca2: push si
0x12ca3: pop di
0x12ca4: mov cx, 0xc2
0x12ca7: lodsb al, byte ptr [si]
0x12ca8: xor al, 0x45
0x12caa: stosb byte ptr es:[di], al
0x12cab: loop 0x12ca7
0x12cad: pop si
0x12cae: xor bx, bx
0x12cb0: mov ax, 0x9100
0x12cb3: int 0x10
0x12cb5: or bx, bx
0x12cb7: je 0x12cc9
0x12cb9: test dh, 0x80
0x12cbc: jne 0x12cc9
0x12cbe: add si, 0x64