Sample viewer

vx.netlux.org/Virus.DOS.Virogen.Pinworm.2032

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:14:20.17700264Z 250 PC: 12bc0 | UNKNOWN!
2018-12-17T22:14:20.188630255Z 42 PC: 12bcb | Get date 0x12bcb: cmp dl, 0x13
0x12bce: jne 0x12bda
0x12bd0: nop
0x12bd1: nop
0x12bd2: nop
0x12bd3: mov byte ptr cs:[bp + 0x702], 1
0x12bd9: nop
0x12bda: mov ax, es
0x12bdc: dec ax
0x12bdd: mov ds, ax
0x12bdf: cmp byte ptr [0], 0x5a
0x12be4: jne 0x12c31
0x12be6: nop
0x12be7: nop
0x12be8: nop
0x12be9: sub word ptr [3], 0x180
0x12bef: sub word ptr [0x12], 0x180
0x12bf5: mov es, word ptr [0x12]
0x12bf9: push cs
0x12bfa: pop ds
2018-12-17T22:14:20.191180099Z 44 PC: 13066 | Get time 0x13066: ret
0x13067: and dh, bh
0x13069: and byte ptr [bx + si + 0x49], dl
0x1306c: out dx, ax
0x1306d: push di
0x1306e: jmp 0x17de3
0x13071: push word ptr [bp + 0x31]
0x13074: xor byte ptr cs:[bx + si], dh
0x13077: and byte ptr [di], ch
0x13079: and byte ptr [bp + di + 0x6f], al
0x1307c: and byte ptr fs:[bp + si + 0x79], ah
0x13082: and bl, bh
0x13084: imul si, word ptr [bp + si + 0x6f], 0x6567
0x13089: outsb dx, byte ptr [si]
0x1308a: and byte ptr [bx + di + 0x6e], ch
0x1308d: and byte ptr [bx + di + 0x70], al
0x13090: jb 0x130fb
0x13092: insb byte ptr es:[di], dx
0x13093: and byte ptr [bx + di], dh
0x13095: cmp word ptr [bx + di], di

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2710,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:18.389863448Z 250 PC: 12bc0 | UNKNOWN!
2018-12-25T11:46:18.391101345Z 42 PC: 12bcb | Get date 0x12bcb: cmp dl, 0x13
0x12bce: jne 0x12bda
0x12bd0: nop
0x12bd1: nop
0x12bd2: nop
0x12bd3: mov byte ptr cs:[bp + 0x702], 1
0x12bd9: nop
0x12bda: mov ax, es
0x12bdc: dec ax
0x12bdd: mov ds, ax
0x12bdf: cmp byte ptr [0], 0x5a
0x12be4: jne 0x12c31
0x12be6: nop
0x12be7: nop
0x12be8: nop
0x12be9: sub word ptr [3], 0x180
0x12bef: sub word ptr [0x12], 0x180
0x12bf5: mov es, word ptr [0x12]
0x12bf9: push cs
0x12bfa: pop ds
2018-12-25T11:46:18.394205995Z 44 PC: 13066 | Get time 0x13066: ret
0x13067: and dh, bh
0x13069: and byte ptr [bx + si + 0x49], dl
0x1306c: out dx, ax
0x1306d: push di
0x1306e: jmp 0x17de3
0x13071: push word ptr [bp + 0x31]
0x13074: xor byte ptr cs:[bx + si], dh
0x13077: and byte ptr [di], ch
0x13079: and byte ptr [bp + di + 0x6f], al
0x1307c: and byte ptr fs:[bp + si + 0x79], ah
0x13082: and bl, bh
0x13084: imul si, word ptr [bp + si + 0x6f], 0x6567
0x13089: outsb dx, byte ptr [si]
0x1308a: and byte ptr [bx + di + 0x6e], ch
0x1308d: and byte ptr [bx + di + 0x70], al
0x13090: jb 0x130fb
0x13092: insb byte ptr es:[di], dx
0x13093: and byte ptr [bx + di], dh
0x13095: cmp word ptr [bx + di], di

{"DateBased":true,"Day":19,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2710,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:18.884602717Z 250 PC: 12bc0 | UNKNOWN!
2018-12-25T11:46:18.885912354Z 42 PC: 12bcb | Get date 0x12bcb: cmp dl, 0x13
0x12bce: jne 0x12bda
0x12bd0: nop
0x12bd1: nop
0x12bd2: nop
0x12bd3: mov byte ptr cs:[bp + 0x702], 1
0x12bd9: nop
0x12bda: mov ax, es
0x12bdc: dec ax
0x12bdd: mov ds, ax
0x12bdf: cmp byte ptr [0], 0x5a
0x12be4: jne 0x12c31
0x12be6: nop
0x12be7: nop
0x12be8: nop
0x12be9: sub word ptr [3], 0x180
0x12bef: sub word ptr [0x12], 0x180
0x12bf5: mov es, word ptr [0x12]
0x12bf9: push cs
0x12bfa: pop ds
2018-12-25T11:46:18.888569713Z 44 PC: 13066 | Get time 0x13066: ret
0x13067: and dh, bh
0x13069: and byte ptr [bx + si + 0x49], dl
0x1306c: out dx, ax
0x1306d: push di
0x1306e: jmp 0x17de3
0x13071: push word ptr [bp + 0x31]
0x13074: xor byte ptr cs:[bx + si], dh
0x13077: and byte ptr [di], ch
0x13079: and byte ptr [bp + di + 0x6f], al
0x1307c: and byte ptr fs:[bp + si + 0x79], ah
0x13082: and bl, bh
0x13084: imul si, word ptr [bp + si + 0x6f], 0x6567
0x13089: outsb dx, byte ptr [si]
0x1308a: and byte ptr [bx + di + 0x6e], ch
0x1308d: and byte ptr [bx + di + 0x70], al
0x13090: jb 0x130fb
0x13092: insb byte ptr es:[di], dx
0x13093: and byte ptr [bx + di], dh
0x13095: cmp word ptr [bx + di], di