Sample viewer

vx.netlux.org/Virus.DOS.Cryptor.4500

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:10:04.191767853Z	42	PC: 12a4f \| Get date 0x12a4f: cmp al, 5 0x12a51: jne 0x12a6d 0x12a53: cmp dl, dh 0x12a55: jae 0x12a6d 0x12a57: in al, 0x40 0x12a59: cmp al, 0x10 0x12a5b: ja 0x12a6d 0x12a5d: xor ch, ch 0x12a5f: mov cl, 0x1a 0x12a61: mov al, cl 0x12a63: out 0x70, al 0x12a65: jmp 0x12a67 0x12a67: mov al, 0 0x12a69: out 0x71, al 0x12a6b: loop 0x12a61 0x12a6d: mov ax, 0xdead 0x12a70: int 0x21 0x12a72: cmp ax, 0xda 0x12a75: je 0x12ad4 0x12a77: mov ax, ds
2018-12-17T23:10:04.195281105Z	222	PC: 12a72 \| UNKNOWN!
2018-12-17T23:10:04.196518691Z	53	PC: 12ac4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:10:04.197932638Z	37	PC: 12ad4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16740,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:41.02019781Z	42	PC: 12a4f \| Get date 0x12a4f: cmp al, 5 0x12a51: jne 0x12a6d 0x12a53: cmp dl, dh 0x12a55: jae 0x12a6d 0x12a57: in al, 0x40 0x12a59: cmp al, 0x10 0x12a5b: ja 0x12a6d 0x12a5d: xor ch, ch 0x12a5f: mov cl, 0x1a 0x12a61: mov al, cl 0x12a63: out 0x70, al 0x12a65: jmp 0x12a67 0x12a67: mov al, 0 0x12a69: out 0x71, al 0x12a6b: loop 0x12a61 0x12a6d: mov ax, 0xdead 0x12a70: int 0x21 0x12a72: cmp ax, 0xda 0x12a75: je 0x12ad4 0x12a77: mov ax, ds
2018-12-25T12:53:41.037667298Z	222	PC: 12a72 \| UNKNOWN!
2018-12-25T12:53:41.038657255Z	53	PC: 12ac4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:41.039771978Z	37	PC: 12ad4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16740,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:41.074130313Z	42	PC: 12a4f \| Get date 0x12a4f: cmp al, 5 0x12a51: jne 0x12a6d 0x12a53: cmp dl, dh 0x12a55: jae 0x12a6d 0x12a57: in al, 0x40 0x12a59: cmp al, 0x10 0x12a5b: ja 0x12a6d 0x12a5d: xor ch, ch 0x12a5f: mov cl, 0x1a 0x12a61: mov al, cl 0x12a63: out 0x70, al 0x12a65: jmp 0x12a67 0x12a67: mov al, 0 0x12a69: out 0x71, al 0x12a6b: loop 0x12a61 0x12a6d: mov ax, 0xdead 0x12a70: int 0x21 0x12a72: cmp ax, 0xda 0x12a75: je 0x12ad4 0x12a77: mov ax, ds
2018-12-25T12:53:41.076509822Z	222	PC: 12a72 \| UNKNOWN!
2018-12-25T12:53:41.077599003Z	53	PC: 12ac4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:41.078636451Z	37	PC: 12ad4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16740,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:42.370617482Z	42	PC: 12a4f \| Get date 0x12a4f: cmp al, 5 0x12a51: jne 0x12a6d 0x12a53: cmp dl, dh 0x12a55: jae 0x12a6d 0x12a57: in al, 0x40 0x12a59: cmp al, 0x10 0x12a5b: ja 0x12a6d 0x12a5d: xor ch, ch 0x12a5f: mov cl, 0x1a 0x12a61: mov al, cl 0x12a63: out 0x70, al 0x12a65: jmp 0x12a67 0x12a67: mov al, 0 0x12a69: out 0x71, al 0x12a6b: loop 0x12a61 0x12a6d: mov ax, 0xdead 0x12a70: int 0x21 0x12a72: cmp ax, 0xda 0x12a75: je 0x12ad4 0x12a77: mov ax, ds
2018-12-25T12:53:42.373301879Z	222	PC: 12a72 \| UNKNOWN!
2018-12-25T12:53:42.374512573Z	53	PC: 12ac4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:42.375921721Z	37	PC: 12ad4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')