Sample viewer

vx.netlux.org/Virus.DOS.KOV.Eddy.1333

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:12:11.162649134Z	42	PC: 12f0b \| Get date 0x12f0b: cmp cx, 0x7cb 0x12f0f: jne 0x12f21 0x12f11: cmp dh, 3 0x12f14: jne 0x12f21 0x12f16: cmp dl, 0xe 0x12f19: jb 0x12f21 0x12f1b: mov byte ptr cs:[si + 0x289], 1 0x12f21: mov al, 0xff 0x12f23: mov ah, 0xf 0x12f25: xchg al, ah 0x12f27: nop 0x12f28: int 0x21 0x12f2a: cmp ax, 0x101 0x12f2d: je 0x12f63 0x12f2f: mov ax, 0x3521 0x12f32: nop 0x12f33: int 0x21 0x12f35: cmp word ptr es:[0xa], 0x4254 0x12f3c: jne 0x12f47 0x12f3e: cmp word ptr es:[0xc], 0x5244
2018-12-17T23:12:11.179580673Z	255	PC: 12f2a \| UNKNOWN!
2018-12-17T23:12:11.180587012Z	53	PC: 12f35 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:12:11.182045911Z	240	PC: 12f61 \| UNKNOWN!
2018-12-17T23:12:11.183556034Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17434,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:44.413257079Z	42	PC: 12f0b \| Get date 0x12f0b: cmp cx, 0x7cb 0x12f0f: jne 0x12f21 0x12f11: cmp dh, 3 0x12f14: jne 0x12f21 0x12f16: cmp dl, 0xe 0x12f19: jb 0x12f21 0x12f1b: mov byte ptr cs:[si + 0x289], 1 0x12f21: mov al, 0xff 0x12f23: mov ah, 0xf 0x12f25: xchg al, ah 0x12f27: nop 0x12f28: int 0x21 0x12f2a: cmp ax, 0x101 0x12f2d: je 0x12f63 0x12f2f: mov ax, 0x3521 0x12f32: nop 0x12f33: int 0x21 0x12f35: cmp word ptr es:[0xa], 0x4254 0x12f3c: jne 0x12f47 0x12f3e: cmp word ptr es:[0xc], 0x5244
2018-12-25T12:55:44.416364811Z	255	PC: 12f2a \| UNKNOWN!
2018-12-25T12:55:44.417343228Z	53	PC: 12f35 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:44.418608003Z	240	PC: 12f61 \| UNKNOWN!
2018-12-25T12:55:44.420599026Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17434,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:44.436452861Z	42	PC: 12f0b \| Get date 0x12f0b: cmp cx, 0x7cb 0x12f0f: jne 0x12f21 0x12f11: cmp dh, 3 0x12f14: jne 0x12f21 0x12f16: cmp dl, 0xe 0x12f19: jb 0x12f21 0x12f1b: mov byte ptr cs:[si + 0x289], 1 0x12f21: mov al, 0xff 0x12f23: mov ah, 0xf 0x12f25: xchg al, ah 0x12f27: nop 0x12f28: int 0x21 0x12f2a: cmp ax, 0x101 0x12f2d: je 0x12f63 0x12f2f: mov ax, 0x3521 0x12f32: nop 0x12f33: int 0x21 0x12f35: cmp word ptr es:[0xa], 0x4254 0x12f3c: jne 0x12f47 0x12f3e: cmp word ptr es:[0xc], 0x5244
2018-12-25T12:55:44.438829218Z	255	PC: 12f2a \| UNKNOWN!
2018-12-25T12:55:44.439544557Z	53	PC: 12f35 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:44.44060253Z	240	PC: 12f61 \| UNKNOWN!
2018-12-25T12:55:44.441878048Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":3,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17434,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:44.626028803Z	42	PC: 12f0b \| Get date 0x12f0b: cmp cx, 0x7cb 0x12f0f: jne 0x12f21 0x12f11: cmp dh, 3 0x12f14: jne 0x12f21 0x12f16: cmp dl, 0xe 0x12f19: jb 0x12f21 0x12f1b: mov byte ptr cs:[si + 0x289], 1 0x12f21: mov al, 0xff 0x12f23: mov ah, 0xf 0x12f25: xchg al, ah 0x12f27: nop 0x12f28: int 0x21 0x12f2a: cmp ax, 0x101 0x12f2d: je 0x12f63 0x12f2f: mov ax, 0x3521 0x12f32: nop 0x12f33: int 0x21 0x12f35: cmp word ptr es:[0xa], 0x4254 0x12f3c: jne 0x12f47 0x12f3e: cmp word ptr es:[0xc], 0x5244
2018-12-25T12:55:44.628947633Z	255	PC: 12f2a \| UNKNOWN!
2018-12-25T12:55:44.631475171Z	53	PC: 12f35 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:44.633253401Z	240	PC: 12f61 \| UNKNOWN!
2018-12-25T12:55:44.634994067Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":14,"Month":3,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17434,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:44.786036319Z	42	PC: 12f0b \| Get date 0x12f0b: cmp cx, 0x7cb 0x12f0f: jne 0x12f21 0x12f11: cmp dh, 3 0x12f14: jne 0x12f21 0x12f16: cmp dl, 0xe 0x12f19: jb 0x12f21 0x12f1b: mov byte ptr cs:[si + 0x289], 1 0x12f21: mov al, 0xff 0x12f23: mov ah, 0xf 0x12f25: xchg al, ah 0x12f27: nop 0x12f28: int 0x21 0x12f2a: cmp ax, 0x101 0x12f2d: je 0x12f63 0x12f2f: mov ax, 0x3521 0x12f32: nop 0x12f33: int 0x21 0x12f35: cmp word ptr es:[0xa], 0x4254 0x12f3c: jne 0x12f47 0x12f3e: cmp word ptr es:[0xc], 0x5244
2018-12-25T12:55:44.788462436Z	255	PC: 12f2a \| UNKNOWN!
2018-12-25T12:55:44.789170649Z	53	PC: 12f35 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:44.79026476Z	240	PC: 12f61 \| UNKNOWN!
2018-12-25T12:55:44.791909711Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')