Sample viewer

vx.netlux.org/Virus.DOS.KOV.Eddy.1551

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:11:45.186695276Z	42	PC: 12f84 \| Get date 0x12f84: cmp cx, 0x7cb 0x12f88: jne 0x12f94 0x12f8a: cmp dh, 4 0x12f8d: ja 0x12f94 0x12f8f: cmp dl, 0xf 0x12f92: jb 0x12fdd 0x12f94: mov al, 0xff 0x12f96: mov ah, 0xf 0x12f98: xchg al, ah 0x12f9a: nop 0x12f9b: int 0x21 0x12f9d: cmp ax, 0x101 0x12fa0: jne 0x12fa6 0x12fa2: call 0x12fe1 0x12fa5: nop 0x12fa6: mov ax, 0x3521 0x12fa9: nop 0x12faa: int 0x21 0x12fac: cmp word ptr es:[0xa], 0x4254 0x12fb3: jne 0x12fc1
2018-12-17T23:11:45.189964718Z	255	PC: 12f9d \| UNKNOWN!
2018-12-17T23:11:45.194040216Z	53	PC: 12fac \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:11:45.195547184Z	240	PC: 12fdb \| UNKNOWN!
2018-12-17T23:11:45.19675825Z	44	PC: 12ed9 \| Get time 0x12ed9: cmp cl, 6 0x12edc: jne 0x12f13 0x12ede: mov ax, 0xb800 0x12ee1: mov es, ax 0x12ee3: mov cx, 0x30 0x12ee6: push cx 0x12ee7: mov cx, 0x7c0 0x12eea: xor si, si 0x12eec: mov ah, byte ptr es:[si] 0x12eef: cmp ah, 0x77 0x12ef2: jb 0x12f01 0x12ef4: dec ah 0x12ef6: mov byte ptr es:[si], ah 0x12ef9: mov byte ptr es:[si + 1], 0x79 0x12efe: jmp 0x12f0b 0x12f00: nop 0x12f01: inc ah 0x12f03: mov byte ptr es:[si], ah 0x12f06: mov byte ptr es:[si + 1], 0x8f 0x12f0b: inc si
2018-12-17T23:11:45.200200424Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17296,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:21.630250475Z	42	PC: 12f84 \| Get date 0x12f84: cmp cx, 0x7cb 0x12f88: jne 0x12f94 0x12f8a: cmp dh, 4 0x12f8d: ja 0x12f94 0x12f8f: cmp dl, 0xf 0x12f92: jb 0x12fdd 0x12f94: mov al, 0xff 0x12f96: mov ah, 0xf 0x12f98: xchg al, ah 0x12f9a: nop 0x12f9b: int 0x21 0x12f9d: cmp ax, 0x101 0x12fa0: jne 0x12fa6 0x12fa2: call 0x12fe1 0x12fa5: nop 0x12fa6: mov ax, 0x3521 0x12fa9: nop 0x12faa: int 0x21 0x12fac: cmp word ptr es:[0xa], 0x4254 0x12fb3: jne 0x12fc1
2018-12-25T12:55:21.633317109Z	255	PC: 12f9d \| UNKNOWN!
2018-12-25T12:55:21.635383407Z	53	PC: 12fac \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:21.637193429Z	240	PC: 12fdb \| UNKNOWN!
2018-12-25T12:55:21.638741991Z	44	PC: 12ed9 \| Get time 0x12ed9: cmp cl, 6 0x12edc: jne 0x12f13 0x12ede: mov ax, 0xb800 0x12ee1: mov es, ax 0x12ee3: mov cx, 0x30 0x12ee6: push cx 0x12ee7: mov cx, 0x7c0 0x12eea: xor si, si 0x12eec: mov ah, byte ptr es:[si] 0x12eef: cmp ah, 0x77 0x12ef2: jb 0x12f01 0x12ef4: dec ah 0x12ef6: mov byte ptr es:[si], ah 0x12ef9: mov byte ptr es:[si + 1], 0x79 0x12efe: jmp 0x12f0b 0x12f00: nop 0x12f01: inc ah 0x12f03: mov byte ptr es:[si], ah 0x12f06: mov byte ptr es:[si + 1], 0x8f 0x12f0b: inc si
2018-12-25T12:55:21.64284869Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17296,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:22.313490115Z	42	PC: 12f84 \| Get date 0x12f84: cmp cx, 0x7cb 0x12f88: jne 0x12f94 0x12f8a: cmp dh, 4 0x12f8d: ja 0x12f94 0x12f8f: cmp dl, 0xf 0x12f92: jb 0x12fdd 0x12f94: mov al, 0xff 0x12f96: mov ah, 0xf 0x12f98: xchg al, ah 0x12f9a: nop 0x12f9b: int 0x21 0x12f9d: cmp ax, 0x101 0x12fa0: jne 0x12fa6 0x12fa2: call 0x12fe1 0x12fa5: nop 0x12fa6: mov ax, 0x3521 0x12fa9: nop 0x12faa: int 0x21 0x12fac: cmp word ptr es:[0xa], 0x4254 0x12fb3: jne 0x12fc1
2018-12-25T12:55:22.316250417Z	255	PC: 12f9d \| UNKNOWN!
2018-12-25T12:55:22.317001634Z	53	PC: 12fac \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:22.318035988Z	240	PC: 12fdb \| UNKNOWN!
2018-12-25T12:55:22.319568806Z	44	PC: 12ed9 \| Get time 0x12ed9: cmp cl, 6 0x12edc: jne 0x12f13 0x12ede: mov ax, 0xb800 0x12ee1: mov es, ax 0x12ee3: mov cx, 0x30 0x12ee6: push cx 0x12ee7: mov cx, 0x7c0 0x12eea: xor si, si 0x12eec: mov ah, byte ptr es:[si] 0x12eef: cmp ah, 0x77 0x12ef2: jb 0x12f01 0x12ef4: dec ah 0x12ef6: mov byte ptr es:[si], ah 0x12ef9: mov byte ptr es:[si + 1], 0x79 0x12efe: jmp 0x12f0b 0x12f00: nop 0x12f01: inc ah 0x12f03: mov byte ptr es:[si], ah 0x12f06: mov byte ptr es:[si + 1], 0x8f 0x12f0b: inc si
2018-12-25T12:55:22.321709402Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":6,"Second":0,"TimeBased":true,"OriginalID":17296,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:22.645687174Z	42	PC: 12f84 \| Get date 0x12f84: cmp cx, 0x7cb 0x12f88: jne 0x12f94 0x12f8a: cmp dh, 4 0x12f8d: ja 0x12f94 0x12f8f: cmp dl, 0xf 0x12f92: jb 0x12fdd 0x12f94: mov al, 0xff 0x12f96: mov ah, 0xf 0x12f98: xchg al, ah 0x12f9a: nop 0x12f9b: int 0x21 0x12f9d: cmp ax, 0x101 0x12fa0: jne 0x12fa6 0x12fa2: call 0x12fe1 0x12fa5: nop 0x12fa6: mov ax, 0x3521 0x12fa9: nop 0x12faa: int 0x21 0x12fac: cmp word ptr es:[0xa], 0x4254 0x12fb3: jne 0x12fc1
2018-12-25T12:55:22.654884146Z	255	PC: 12f9d \| UNKNOWN!
2018-12-25T12:55:22.655551605Z	53	PC: 12fac \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:22.656570574Z	240	PC: 12fdb \| UNKNOWN!
2018-12-25T12:55:22.664408284Z	44	PC: 12ed9 \| Get time 0x12ed9: cmp cl, 6 0x12edc: jne 0x12f13 0x12ede: mov ax, 0xb800 0x12ee1: mov es, ax 0x12ee3: mov cx, 0x30 0x12ee6: push cx 0x12ee7: mov cx, 0x7c0 0x12eea: xor si, si 0x12eec: mov ah, byte ptr es:[si] 0x12eef: cmp ah, 0x77 0x12ef2: jb 0x12f01 0x12ef4: dec ah 0x12ef6: mov byte ptr es:[si], ah 0x12ef9: mov byte ptr es:[si + 1], 0x79 0x12efe: jmp 0x12f0b 0x12f00: nop 0x12f01: inc ah 0x12f03: mov byte ptr es:[si], ah 0x12f06: mov byte ptr es:[si + 1], 0x8f 0x12f0b: inc si
2018-12-25T12:55:22.725527723Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":6,"Second":0,"TimeBased":true,"OriginalID":17296,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:23.08716712Z	42	PC: 12f84 \| Get date 0x12f84: cmp cx, 0x7cb 0x12f88: jne 0x12f94 0x12f8a: cmp dh, 4 0x12f8d: ja 0x12f94 0x12f8f: cmp dl, 0xf 0x12f92: jb 0x12fdd 0x12f94: mov al, 0xff 0x12f96: mov ah, 0xf 0x12f98: xchg al, ah 0x12f9a: nop 0x12f9b: int 0x21 0x12f9d: cmp ax, 0x101 0x12fa0: jne 0x12fa6 0x12fa2: call 0x12fe1 0x12fa5: nop 0x12fa6: mov ax, 0x3521 0x12fa9: nop 0x12faa: int 0x21 0x12fac: cmp word ptr es:[0xa], 0x4254 0x12fb3: jne 0x12fc1
2018-12-25T12:55:23.090292719Z	255	PC: 12f9d \| UNKNOWN!
2018-12-25T12:55:23.090944034Z	53	PC: 12fac \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:23.09185049Z	240	PC: 12fdb \| UNKNOWN!
2018-12-25T12:55:23.093533031Z	44	PC: 12ed9 \| Get time 0x12ed9: cmp cl, 6 0x12edc: jne 0x12f13 0x12ede: mov ax, 0xb800 0x12ee1: mov es, ax 0x12ee3: mov cx, 0x30 0x12ee6: push cx 0x12ee7: mov cx, 0x7c0 0x12eea: xor si, si 0x12eec: mov ah, byte ptr es:[si] 0x12eef: cmp ah, 0x77 0x12ef2: jb 0x12f01 0x12ef4: dec ah 0x12ef6: mov byte ptr es:[si], ah 0x12ef9: mov byte ptr es:[si + 1], 0x79 0x12efe: jmp 0x12f0b 0x12f00: nop 0x12f01: inc ah 0x12f03: mov byte ptr es:[si], ah 0x12f06: mov byte ptr es:[si + 1], 0x8f 0x12f0b: inc si
2018-12-25T12:55:23.151348355Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')