Sample viewer

vx.netlux.org/Virus.DOS.F4ff.2089

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:06:44.205389044Z	153	PC: 17a5e \| UNKNOWN!
2018-12-17T22:06:44.206463863Z	42	PC: 17fcc \| Get date 0x17fcc: cmp cx, 0x7cc 0x17fd0: jne 0x17fdc 0x17fd2: cmp dh, 0xb 0x17fd5: jb 0x17ff6 0x17fd7: cmp dl, 0xf 0x17fda: jb 0x17ff6 0x17fdc: mov ax, word ptr [0x24] 0x17fdf: mov word ptr es:[0x6e0], ax 0x17fe3: mov ax, word ptr [0x26] 0x17fe6: mov word ptr es:[0x6e2], ax 0x17fea: mov ax, 0x6c7 0x17fed: cli 0x17fee: mov word ptr [0x24], ax 0x17ff1: mov word ptr [0x26], es 0x17ff5: sti 0x17ff6: ret 0x17ff7: cmp word ptr cs:[0x6e4], 0x2710 0x17ffe: jne 0x1800a 0x18000: call 0x18016 0x18003: mov word ptr cs:[0x6e4], 0
2018-12-17T22:06:44.208575506Z	9	PC: 17a2a \| Display string (Could not find end pointer)
2018-12-17T22:06:44.213116129Z	76	PC: 17a2e \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":15,"Month":11,"Year":1996,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1868,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:28.954075959Z	153	PC: 17a5e \| UNKNOWN!
2018-12-25T11:44:28.95590478Z	42	PC: 17fcc \| Get date 0x17fcc: cmp cx, 0x7cc 0x17fd0: jne 0x17fdc 0x17fd2: cmp dh, 0xb 0x17fd5: jb 0x17ff6 0x17fd7: cmp dl, 0xf 0x17fda: jb 0x17ff6 0x17fdc: mov ax, word ptr [0x24] 0x17fdf: mov word ptr es:[0x6e0], ax 0x17fe3: mov ax, word ptr [0x26] 0x17fe6: mov word ptr es:[0x6e2], ax 0x17fea: mov ax, 0x6c7 0x17fed: cli 0x17fee: mov word ptr [0x24], ax 0x17ff1: mov word ptr [0x26], es 0x17ff5: sti 0x17ff6: ret 0x17ff7: cmp word ptr cs:[0x6e4], 0x2710 0x17ffe: jne 0x1800a 0x18000: call 0x18016 0x18003: mov word ptr cs:[0x6e4], 0
2018-12-25T11:44:28.958242487Z	9	PC: 17a2a \| Display string (Could not find end pointer)
2018-12-25T11:44:28.964586669Z	76	PC: 17a2e \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1868,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:28.954372315Z	153	PC: 17a5e \| UNKNOWN!
2018-12-25T11:44:28.955750461Z	42	PC: 17fcc \| Get date 0x17fcc: cmp cx, 0x7cc 0x17fd0: jne 0x17fdc 0x17fd2: cmp dh, 0xb 0x17fd5: jb 0x17ff6 0x17fd7: cmp dl, 0xf 0x17fda: jb 0x17ff6 0x17fdc: mov ax, word ptr [0x24] 0x17fdf: mov word ptr es:[0x6e0], ax 0x17fe3: mov ax, word ptr [0x26] 0x17fe6: mov word ptr es:[0x6e2], ax 0x17fea: mov ax, 0x6c7 0x17fed: cli 0x17fee: mov word ptr [0x24], ax 0x17ff1: mov word ptr [0x26], es 0x17ff5: sti 0x17ff6: ret 0x17ff7: cmp word ptr cs:[0x6e4], 0x2710 0x17ffe: jne 0x1800a 0x18000: call 0x18016 0x18003: mov word ptr cs:[0x6e4], 0
2018-12-25T11:44:28.958334916Z	9	PC: 17a2a \| Display string (Could not find end pointer)
2018-12-25T11:44:28.965100834Z	76	PC: 17a2e \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1996,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1868,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:29.076405133Z	153	PC: 17a5e \| UNKNOWN!
2018-12-25T11:44:29.077975612Z	42	PC: 17fcc \| Get date 0x17fcc: cmp cx, 0x7cc 0x17fd0: jne 0x17fdc 0x17fd2: cmp dh, 0xb 0x17fd5: jb 0x17ff6 0x17fd7: cmp dl, 0xf 0x17fda: jb 0x17ff6 0x17fdc: mov ax, word ptr [0x24] 0x17fdf: mov word ptr es:[0x6e0], ax 0x17fe3: mov ax, word ptr [0x26] 0x17fe6: mov word ptr es:[0x6e2], ax 0x17fea: mov ax, 0x6c7 0x17fed: cli 0x17fee: mov word ptr [0x24], ax 0x17ff1: mov word ptr [0x26], es 0x17ff5: sti 0x17ff6: ret 0x17ff7: cmp word ptr cs:[0x6e4], 0x2710 0x17ffe: jne 0x1800a 0x18000: call 0x18016 0x18003: mov word ptr cs:[0x6e4], 0
2018-12-25T11:44:29.079908933Z	9	PC: 17a2a \| Display string (Could not find end pointer)
2018-12-25T11:44:29.083410566Z	76	PC: 17a2e \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":11,"Year":1996,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1868,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:30.120052692Z	153	PC: 17a5e \| UNKNOWN!
2018-12-25T11:44:30.12246762Z	42	PC: 17fcc \| Get date 0x17fcc: cmp cx, 0x7cc 0x17fd0: jne 0x17fdc 0x17fd2: cmp dh, 0xb 0x17fd5: jb 0x17ff6 0x17fd7: cmp dl, 0xf 0x17fda: jb 0x17ff6 0x17fdc: mov ax, word ptr [0x24] 0x17fdf: mov word ptr es:[0x6e0], ax 0x17fe3: mov ax, word ptr [0x26] 0x17fe6: mov word ptr es:[0x6e2], ax 0x17fea: mov ax, 0x6c7 0x17fed: cli 0x17fee: mov word ptr [0x24], ax 0x17ff1: mov word ptr [0x26], es 0x17ff5: sti 0x17ff6: ret 0x17ff7: cmp word ptr cs:[0x6e4], 0x2710 0x17ffe: jne 0x1800a 0x18000: call 0x18016 0x18003: mov word ptr cs:[0x6e4], 0
2018-12-25T11:44:30.124751731Z	9	PC: 17a2a \| Display string (Could not find end pointer)
2018-12-25T11:44:30.130029981Z	76	PC: 17a2e \| Terminate with return code (Return code = '36')