Sample viewer

vx.netlux.org/Virus.DOS.SVC.Caco.2965

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:10:44.997883758Z	254	PC: 1548d \| UNKNOWN!
2018-12-17T23:10:45.000005479Z	73	PC: 14aa2 \| Release memory
2018-12-17T23:10:45.001503858Z	72	PC: 14aae \| Allocate memory
2018-12-17T23:10:45.003431314Z	74	PC: 14ac0 \| Reallocate memory
2018-12-17T23:10:45.005349152Z	74	PC: 14ad0 \| Reallocate memory
2018-12-17T23:10:45.009714302Z	42	PC: 154ca \| Get date 0x154ca: cmp cx, 0x7ca 0x154ce: ja 0x154dc 0x154d0: cmp dh, 9 0x154d3: jb 0x154ec 0x154d5: ja 0x154dc 0x154d7: cmp dl, 0x14 0x154da: jb 0x154ec 0x154dc: cmp al, 2 0x154de: jne 0x154ec 0x154e0: mov byte ptr [si + 0xb20], 1 0x154e5: nop 0x154e6: mov word ptr [si + 0xb21], 0x82c8 0x154ec: ret 0x154ed: iret 0x154ee: mov al, 3 0x154f0: iret 0x154f1: xor word ptr [0x3230], bp 0x154f5: add byte ptr [bp + di - 0x224], bh 0x154f9: push ds 0x154fa: aas
2018-12-17T23:10:45.012246917Z	82	PC: 14afe \| Get DOS internal pointers (SYSVARS)
2018-12-17T23:10:45.013840595Z	48	PC: 14b50 \| Get DOS version

{"DateBased":true,"Day":23,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16963,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:26.092711713Z	254	PC: 1548d \| UNKNOWN!
2018-12-25T12:54:26.094308494Z	73	PC: 14aa2 \| Release memory
2018-12-25T12:54:26.095417224Z	72	PC: 14aae \| Allocate memory
2018-12-25T12:54:26.096882248Z	74	PC: 14ac0 \| Reallocate memory
2018-12-25T12:54:26.098726807Z	74	PC: 14ad0 \| Reallocate memory
2018-12-25T12:54:26.099990318Z	42	PC: 154ca \| Get date 0x154ca: cmp cx, 0x7ca 0x154ce: ja 0x154dc 0x154d0: cmp dh, 9 0x154d3: jb 0x154ec 0x154d5: ja 0x154dc 0x154d7: cmp dl, 0x14 0x154da: jb 0x154ec 0x154dc: cmp al, 2 0x154de: jne 0x154ec 0x154e0: mov byte ptr [si + 0xb20], 1 0x154e5: nop 0x154e6: mov word ptr [si + 0xb21], 0x82c8 0x154ec: ret 0x154ed: iret 0x154ee: mov al, 3 0x154f0: iret 0x154f1: xor word ptr [0x3230], bp 0x154f5: add byte ptr [bp + di - 0x224], bh 0x154f9: push ds 0x154fa: aas
2018-12-25T12:54:26.10200957Z	82	PC: 14afe \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:54:26.103333579Z	48	PC: 14b50 \| Get DOS version

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16963,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:26.597892594Z	254	PC: 1548d \| UNKNOWN!
2018-12-25T12:54:26.600199716Z	73	PC: 14aa2 \| Release memory
2018-12-25T12:54:26.602055223Z	72	PC: 14aae \| Allocate memory
2018-12-25T12:54:26.60428673Z	74	PC: 14ac0 \| Reallocate memory
2018-12-25T12:54:26.606711672Z	74	PC: 14ad0 \| Reallocate memory
2018-12-25T12:54:26.608601316Z	42	PC: 154ca \| Get date 0x154ca: cmp cx, 0x7ca 0x154ce: ja 0x154dc 0x154d0: cmp dh, 9 0x154d3: jb 0x154ec 0x154d5: ja 0x154dc 0x154d7: cmp dl, 0x14 0x154da: jb 0x154ec 0x154dc: cmp al, 2 0x154de: jne 0x154ec 0x154e0: mov byte ptr [si + 0xb20], 1 0x154e5: nop 0x154e6: mov word ptr [si + 0xb21], 0x82c8 0x154ec: ret 0x154ed: iret 0x154ee: mov al, 3 0x154f0: iret 0x154f1: xor word ptr [0x3230], bp 0x154f5: add byte ptr [bp + di - 0x224], bh 0x154f9: push ds 0x154fa: aas
2018-12-25T12:54:26.611090362Z	82	PC: 14afe \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:54:26.612703587Z	48	PC: 14b50 \| Get DOS version

{"DateBased":true,"Day":7,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16963,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:26.78931027Z	254	PC: 1548d \| UNKNOWN!
2018-12-25T12:54:26.790709269Z	73	PC: 14aa2 \| Release memory
2018-12-25T12:54:26.796648898Z	72	PC: 14aae \| Allocate memory
2018-12-25T12:54:26.799123501Z	74	PC: 14ac0 \| Reallocate memory
2018-12-25T12:54:26.801969463Z	74	PC: 14ad0 \| Reallocate memory
2018-12-25T12:54:26.8034086Z	42	PC: 154ca \| Get date 0x154ca: cmp cx, 0x7ca 0x154ce: ja 0x154dc 0x154d0: cmp dh, 9 0x154d3: jb 0x154ec 0x154d5: ja 0x154dc 0x154d7: cmp dl, 0x14 0x154da: jb 0x154ec 0x154dc: cmp al, 2 0x154de: jne 0x154ec 0x154e0: mov byte ptr [si + 0xb20], 1 0x154e5: nop 0x154e6: mov word ptr [si + 0xb21], 0x82c8 0x154ec: ret 0x154ed: iret 0x154ee: mov al, 3 0x154f0: iret 0x154f1: xor word ptr [0x3230], bp 0x154f5: add byte ptr [bp + di - 0x224], bh 0x154f9: push ds 0x154fa: aas
2018-12-25T12:54:26.805936188Z	82	PC: 14afe \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:54:26.80745736Z	48	PC: 14b50 \| Get DOS version

{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16963,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:27.119109505Z	254	PC: 1548d \| UNKNOWN!
2018-12-25T12:54:27.120230464Z	73	PC: 14aa2 \| Release memory
2018-12-25T12:54:27.122108978Z	72	PC: 14aae \| Allocate memory
2018-12-25T12:54:27.123980949Z	74	PC: 14ac0 \| Reallocate memory
2018-12-25T12:54:27.125501972Z	74	PC: 14ad0 \| Reallocate memory
2018-12-25T12:54:27.12884426Z	42	PC: 154ca \| Get date 0x154ca: cmp cx, 0x7ca 0x154ce: ja 0x154dc 0x154d0: cmp dh, 9 0x154d3: jb 0x154ec 0x154d5: ja 0x154dc 0x154d7: cmp dl, 0x14 0x154da: jb 0x154ec 0x154dc: cmp al, 2 0x154de: jne 0x154ec 0x154e0: mov byte ptr [si + 0xb20], 1 0x154e5: nop 0x154e6: mov word ptr [si + 0xb21], 0x82c8 0x154ec: ret 0x154ed: iret 0x154ee: mov al, 3 0x154f0: iret 0x154f1: xor word ptr [0x3230], bp 0x154f5: add byte ptr [bp + di - 0x224], bh 0x154f9: push ds 0x154fa: aas
2018-12-25T12:54:27.131645411Z	82	PC: 14afe \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:54:27.133368234Z	48	PC: 14b50 \| Get DOS version

{"DateBased":true,"Day":3,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16963,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:27.84677452Z	254	PC: 1548d \| UNKNOWN!
2018-12-25T12:54:27.849398484Z	73	PC: 14aa2 \| Release memory
2018-12-25T12:54:27.851003745Z	72	PC: 14aae \| Allocate memory
2018-12-25T12:54:27.852884944Z	74	PC: 14ac0 \| Reallocate memory
2018-12-25T12:54:27.854682214Z	74	PC: 14ad0 \| Reallocate memory
2018-12-25T12:54:27.85973198Z	42	PC: 154ca \| Get date 0x154ca: cmp cx, 0x7ca 0x154ce: ja 0x154dc 0x154d0: cmp dh, 9 0x154d3: jb 0x154ec 0x154d5: ja 0x154dc 0x154d7: cmp dl, 0x14 0x154da: jb 0x154ec 0x154dc: cmp al, 2 0x154de: jne 0x154ec 0x154e0: mov byte ptr [si + 0xb20], 1 0x154e5: nop 0x154e6: mov word ptr [si + 0xb21], 0x82c8 0x154ec: ret 0x154ed: iret 0x154ee: mov al, 3 0x154f0: iret 0x154f1: xor word ptr [0x3230], bp 0x154f5: add byte ptr [bp + di - 0x224], bh 0x154f9: push ds 0x154fa: aas
2018-12-25T12:54:27.866393828Z	82	PC: 14afe \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:54:27.867870004Z	48	PC: 14b50 \| Get DOS version

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16963,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:27.975652362Z	254	PC: 1548d \| UNKNOWN!
2018-12-25T12:54:27.977875637Z	73	PC: 14aa2 \| Release memory
2018-12-25T12:54:27.980036957Z	72	PC: 14aae \| Allocate memory
2018-12-25T12:54:27.983019488Z	74	PC: 14ac0 \| Reallocate memory
2018-12-25T12:54:27.984846761Z	74	PC: 14ad0 \| Reallocate memory
2018-12-25T12:54:27.986954058Z	42	PC: 154ca \| Get date 0x154ca: cmp cx, 0x7ca 0x154ce: ja 0x154dc 0x154d0: cmp dh, 9 0x154d3: jb 0x154ec 0x154d5: ja 0x154dc 0x154d7: cmp dl, 0x14 0x154da: jb 0x154ec 0x154dc: cmp al, 2 0x154de: jne 0x154ec 0x154e0: mov byte ptr [si + 0xb20], 1 0x154e5: nop 0x154e6: mov word ptr [si + 0xb21], 0x82c8 0x154ec: ret 0x154ed: iret 0x154ee: mov al, 3 0x154f0: iret 0x154f1: xor word ptr [0x3230], bp 0x154f5: add byte ptr [bp + di - 0x224], bh 0x154f9: push ds 0x154fa: aas
2018-12-25T12:54:27.98939485Z	82	PC: 14afe \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:54:27.990799313Z	48	PC: 14b50 \| Get DOS version

{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16963,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:28.561824956Z	254	PC: 1548d \| UNKNOWN!
2018-12-25T12:54:28.564043385Z	73	PC: 14aa2 \| Release memory
2018-12-25T12:54:28.565699186Z	72	PC: 14aae \| Allocate memory
2018-12-25T12:54:28.567801371Z	74	PC: 14ac0 \| Reallocate memory
2018-12-25T12:54:28.569774657Z	74	PC: 14ad0 \| Reallocate memory
2018-12-25T12:54:28.572261525Z	42	PC: 154ca \| Get date 0x154ca: cmp cx, 0x7ca 0x154ce: ja 0x154dc 0x154d0: cmp dh, 9 0x154d3: jb 0x154ec 0x154d5: ja 0x154dc 0x154d7: cmp dl, 0x14 0x154da: jb 0x154ec 0x154dc: cmp al, 2 0x154de: jne 0x154ec 0x154e0: mov byte ptr [si + 0xb20], 1 0x154e5: nop 0x154e6: mov word ptr [si + 0xb21], 0x82c8 0x154ec: ret 0x154ed: iret 0x154ee: mov al, 3 0x154f0: iret 0x154f1: xor word ptr [0x3230], bp 0x154f5: add byte ptr [bp + di - 0x224], bh 0x154f9: push ds 0x154fa: aas
2018-12-25T12:54:28.574934484Z	82	PC: 14afe \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:54:28.576592367Z	48	PC: 14b50 \| Get DOS version

{"DateBased":true,"Day":20,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16963,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:29.809209785Z	254	PC: 1548d \| UNKNOWN!
2018-12-25T12:54:29.811578007Z	73	PC: 14aa2 \| Release memory
2018-12-25T12:54:29.814003012Z	72	PC: 14aae \| Allocate memory
2018-12-25T12:54:29.816853813Z	74	PC: 14ac0 \| Reallocate memory
2018-12-25T12:54:29.819621032Z	74	PC: 14ad0 \| Reallocate memory
2018-12-25T12:54:29.821875189Z	42	PC: 154ca \| Get date 0x154ca: cmp cx, 0x7ca 0x154ce: ja 0x154dc 0x154d0: cmp dh, 9 0x154d3: jb 0x154ec 0x154d5: ja 0x154dc 0x154d7: cmp dl, 0x14 0x154da: jb 0x154ec 0x154dc: cmp al, 2 0x154de: jne 0x154ec 0x154e0: mov byte ptr [si + 0xb20], 1 0x154e5: nop 0x154e6: mov word ptr [si + 0xb21], 0x82c8 0x154ec: ret 0x154ed: iret 0x154ee: mov al, 3 0x154f0: iret 0x154f1: xor word ptr [0x3230], bp 0x154f5: add byte ptr [bp + di - 0x224], bh 0x154f9: push ds 0x154fa: aas
2018-12-25T12:54:29.824577864Z	82	PC: 14afe \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:54:29.826102866Z	48	PC: 14b50 \| Get DOS version