Sample viewer

vx.netlux.org/Virus.DOS.I13.Paraguay.2867

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:06:25.14522877Z 219 PC: 12ae7 | UNKNOWN!
2018-12-17T22:06:25.147004833Z 205 PC: 12af3 | UNKNOWN!
2018-12-17T22:06:25.147794253Z 53 PC: 12b01 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:06:25.149037354Z 53 PC: 12b1a | Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-17T22:06:25.151503579Z 74 PC: 12b6f | Reallocate memory
2018-12-17T22:06:25.15328564Z 72 PC: 12b76 | Allocate memory
2018-12-17T22:06:25.155388702Z 42 PC: 12bbe | Get date 0x12bbe: cmp dh, 5
0x12bc1: jne 0x12c04
0x12bc3: in ax, 0x40
0x12bc5: cmp al, 0xc8
0x12bc7: jb 0x12c04
0x12bc9: push cs
0x12bca: pop ds
0x12bcb: mov ah, 0x3b
0x12bcd: lea dx, word ptr [bp + 0x6dc]
0x12bd1: int 0x21
0x12bd3: jb 0x12bea
0x12bd5: lea ax, word ptr [bp + 0x1b6]
0x12bd9: push ax
0x12bda: push cs
0x12bdb: pushf
0x12bdc: mov cl, 0x13
0x12bde: lea dx, word ptr [bp + 0x6ef]
0x12be2: sub ax, ax
0x12be4: push ax
0x12be5: mov ax, 0xc0
2018-12-17T22:06:25.158063014Z 76 PC: 140e4 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1841,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:28.538685927Z 219 PC: 12ae7 | UNKNOWN!
2018-12-25T11:44:28.540313843Z 205 PC: 12af3 | UNKNOWN!
2018-12-25T11:44:28.541099004Z 53 PC: 12b01 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:44:28.542230119Z 53 PC: 12b1a | Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T11:44:28.55729146Z 74 PC: 12b6f | Reallocate memory
2018-12-25T11:44:28.558888255Z 72 PC: 12b76 | Allocate memory
2018-12-25T11:44:28.560966329Z 42 PC: 12bbe | Get date 0x12bbe: cmp dh, 5
0x12bc1: jne 0x12c04
0x12bc3: in ax, 0x40
0x12bc5: cmp al, 0xc8
0x12bc7: jb 0x12c04
0x12bc9: push cs
0x12bca: pop ds
0x12bcb: mov ah, 0x3b
0x12bcd: lea dx, word ptr [bp + 0x6dc]
0x12bd1: int 0x21
0x12bd3: jb 0x12bea
0x12bd5: lea ax, word ptr [bp + 0x1b6]
0x12bd9: push ax
0x12bda: push cs
0x12bdb: pushf
0x12bdc: mov cl, 0x13
0x12bde: lea dx, word ptr [bp + 0x6ef]
0x12be2: sub ax, ax
0x12be4: push ax
0x12be5: mov ax, 0xc0
2018-12-25T11:44:28.567923144Z 76 PC: 140e4 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1841,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:28.670651861Z 219 PC: 12ae7 | UNKNOWN!
2018-12-25T11:44:28.672440655Z 205 PC: 12af3 | UNKNOWN!
2018-12-25T11:44:28.673509788Z 53 PC: 12b01 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:44:28.675082197Z 53 PC: 12b1a | Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T11:44:28.677317014Z 74 PC: 12b6f | Reallocate memory
2018-12-25T11:44:28.67941844Z 72 PC: 12b76 | Allocate memory
2018-12-25T11:44:28.682257219Z 42 PC: 12bbe | Get date 0x12bbe: cmp dh, 5
0x12bc1: jne 0x12c04
0x12bc3: in ax, 0x40
0x12bc5: cmp al, 0xc8
0x12bc7: jb 0x12c04
0x12bc9: push cs
0x12bca: pop ds
0x12bcb: mov ah, 0x3b
0x12bcd: lea dx, word ptr [bp + 0x6dc]
0x12bd1: int 0x21
0x12bd3: jb 0x12bea
0x12bd5: lea ax, word ptr [bp + 0x1b6]
0x12bd9: push ax
0x12bda: push cs
0x12bdb: pushf
0x12bdc: mov cl, 0x13
0x12bde: lea dx, word ptr [bp + 0x6ef]
0x12be2: sub ax, ax
0x12be4: push ax
0x12be5: mov ax, 0xc0
2018-12-25T11:44:28.686401087Z 76 PC: 140e4 | Terminate with return code (Return code = '0')