Sample viewer

vx.netlux.org/Virus.DOS.Avatar.Acid.736

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:08:19.501131339Z	160	PC: 13295 \| UNKNOWN!
2018-12-17T22:08:19.502740376Z	53	PC: 132a1 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:08:19.504801137Z	37	PC: 132f6 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:08:19.506889929Z	42	PC: 132fb \| Get date 0x132fb: cmp al, 1 0x132fd: je 0x13323 0x132ff: cmp sp, 0xabcd 0x13303: jne 0x13334 0x13305: push es 0x13306: pop ds 0x13307: mov ax, es 0x13309: add ax, 0x10 0x1330c: add word ptr cs:[bp + 0x9b], ax 0x13311: add ax, word ptr cs:[bp + 0x2de] 0x13316: cli 0x13317: mov ss, ax 0x13319: mov sp, word ptr [bp + 0x2dc] 0x1331d: sti 0x1331e: ljmp 0xb0:0x4cb4 0x13323: in al, 0x40 0x13325: xchg ah, al 0x13327: in al, 0x40 0x13329: xchg ax, dx 0x1332a: mov cx, 1
2018-12-17T22:08:19.517045927Z	76	PC: 12a46 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2048,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:49.092843136Z	160	PC: 13295 \| UNKNOWN!
2018-12-25T11:44:49.094519109Z	53	PC: 132a1 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:44:49.095683105Z	37	PC: 132f6 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:44:49.096875863Z	42	PC: 132fb \| Get date 0x132fb: cmp al, 1 0x132fd: je 0x13323 0x132ff: cmp sp, 0xabcd 0x13303: jne 0x13334 0x13305: push es 0x13306: pop ds 0x13307: mov ax, es 0x13309: add ax, 0x10 0x1330c: add word ptr cs:[bp + 0x9b], ax 0x13311: add ax, word ptr cs:[bp + 0x2de] 0x13316: cli 0x13317: mov ss, ax 0x13319: mov sp, word ptr [bp + 0x2dc] 0x1331d: sti 0x1331e: ljmp 0xb0:0x4cb4 0x13323: in al, 0x40 0x13325: xchg ah, al 0x13327: in al, 0x40 0x13329: xchg ax, dx 0x1332a: mov cx, 1
2018-12-25T11:44:49.100616752Z	76	PC: 12a46 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2048,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:49.450891727Z	160	PC: 13295 \| UNKNOWN!
2018-12-25T11:44:49.452150807Z	53	PC: 132a1 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:44:49.453664895Z	37	PC: 132f6 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:44:49.455115279Z	42	PC: 132fb \| Get date 0x132fb: cmp al, 1 0x132fd: je 0x13323 0x132ff: cmp sp, 0xabcd 0x13303: jne 0x13334 0x13305: push es 0x13306: pop ds 0x13307: mov ax, es 0x13309: add ax, 0x10 0x1330c: add word ptr cs:[bp + 0x9b], ax 0x13311: add ax, word ptr cs:[bp + 0x2de] 0x13316: cli 0x13317: mov ss, ax 0x13319: mov sp, word ptr [bp + 0x2dc] 0x1331d: sti 0x1331e: ljmp 0xb0:0x4cb4 0x13323: in al, 0x40 0x13325: xchg ah, al 0x13327: in al, 0x40 0x13329: xchg ax, dx 0x1332a: mov cx, 1
2018-12-25T11:44:49.457880635Z	76	PC: 12a46 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2048,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:49.879117576Z	160	PC: 13295 \| UNKNOWN!
2018-12-25T11:44:49.881729192Z	53	PC: 132a1 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:44:49.883180385Z	37	PC: 132f6 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:44:49.884843983Z	42	PC: 132fb \| Get date 0x132fb: cmp al, 1 0x132fd: je 0x13323 0x132ff: cmp sp, 0xabcd 0x13303: jne 0x13334 0x13305: push es 0x13306: pop ds 0x13307: mov ax, es 0x13309: add ax, 0x10 0x1330c: add word ptr cs:[bp + 0x9b], ax 0x13311: add ax, word ptr cs:[bp + 0x2de] 0x13316: cli 0x13317: mov ss, ax 0x13319: mov sp, word ptr [bp + 0x2dc] 0x1331d: sti 0x1331e: ljmp 0xb0:0x4cb4 0x13323: in al, 0x40 0x13325: xchg ah, al 0x13327: in al, 0x40 0x13329: xchg ax, dx 0x1332a: mov cx, 1
2018-12-25T11:44:49.887163851Z	76	PC: 12a46 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2048,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:50.256122689Z	160	PC: 13295 \| UNKNOWN!
2018-12-25T11:44:50.25738993Z	53	PC: 132a1 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:44:50.258872559Z	37	PC: 132f6 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:44:50.26023203Z	42	PC: 132fb \| Get date 0x132fb: cmp al, 1 0x132fd: je 0x13323 0x132ff: cmp sp, 0xabcd 0x13303: jne 0x13334 0x13305: push es 0x13306: pop ds 0x13307: mov ax, es 0x13309: add ax, 0x10 0x1330c: add word ptr cs:[bp + 0x9b], ax 0x13311: add ax, word ptr cs:[bp + 0x2de] 0x13316: cli 0x13317: mov ss, ax 0x13319: mov sp, word ptr [bp + 0x2dc] 0x1331d: sti 0x1331e: ljmp 0xb0:0x4cb4 0x13323: in al, 0x40 0x13325: xchg ah, al 0x13327: in al, 0x40 0x13329: xchg ax, dx 0x1332a: mov cx, 1
2018-12-25T11:44:50.263710323Z	76	PC: 12a46 \| Terminate with return code (Return code = '0')