Sample viewer

vx.netlux.org/Virus.DOS.LaDiosa.2369

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:16:23.40931839Z	58	PC: 12a5f \| Remove subdirectory
2018-12-17T22:16:23.413808262Z	53	PC: 12a6b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:16:23.414838812Z	74	PC: 12a88 \| Reallocate memory
2018-12-17T22:16:23.415898063Z	72	PC: 12a8f \| Allocate memory
2018-12-17T22:16:23.417901621Z	37	PC: 12ab5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:16:23.419038309Z	42	PC: 12ac0 \| Get date 0x12ac0: cmp dh, 5 0x12ac3: jne 0x12ad5 0x12ac5: cmp dl, 5 0x12ac8: jne 0x12ad5 0x12aca: mov ax, 0x900 0x12acd: lea dx, word ptr [bp + 0x8c1] 0x12ad1: int 0x21 0x12ad3: jmp 0x12ad3 0x12ad5: pop es 0x12ad6: pop ds 0x12ad7: mov ax, ds 0x12ad9: add ax, word ptr cs:[bp + 0x8a3] 0x12ade: add ax, 0x10 0x12ae1: cli 0x12ae2: mov ss, ax 0x12ae4: mov sp, word ptr cs:[bp + 0x8a5] 0x12ae9: sti 0x12aea: mov ax, ds 0x12aec: add ax, word ptr cs:[bp + 0x8ab] 0x12af1: add ax, 0x10
2018-12-17T22:16:23.42117091Z	9	PC: 1338e \| Display string (String= '��P�� ((002��HHHHHHHHHHHHHHB �@Virus LA DIOSA ,dedicado a ANRUELO virus demostraci�n del NEP ..... ....Virus LA DIOSA por nIgrOmAntE 1998. (VALENCIA)')
2018-12-17T22:16:23.424949121Z	76	PC: 13396 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2933,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:48.6052604Z	58	PC: 12a5f \| Remove subdirectory
2018-12-25T11:47:48.610828521Z	53	PC: 12a6b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:48.612890692Z	74	PC: 12a88 \| Reallocate memory
2018-12-25T11:47:48.614555819Z	72	PC: 12a8f \| Allocate memory
2018-12-25T11:47:48.617342606Z	37	PC: 12ab5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:48.619179112Z	42	PC: 12ac0 \| Get date 0x12ac0: cmp dh, 5 0x12ac3: jne 0x12ad5 0x12ac5: cmp dl, 5 0x12ac8: jne 0x12ad5 0x12aca: mov ax, 0x900 0x12acd: lea dx, word ptr [bp + 0x8c1] 0x12ad1: int 0x21 0x12ad3: jmp 0x12ad3 0x12ad5: pop es 0x12ad6: pop ds 0x12ad7: mov ax, ds 0x12ad9: add ax, word ptr cs:[bp + 0x8a3] 0x12ade: add ax, 0x10 0x12ae1: cli 0x12ae2: mov ss, ax 0x12ae4: mov sp, word ptr cs:[bp + 0x8a5] 0x12ae9: sti 0x12aea: mov ax, ds 0x12aec: add ax, word ptr cs:[bp + 0x8ab] 0x12af1: add ax, 0x10
2018-12-25T11:47:48.621659101Z	9	PC: 1338e \| Display string (String= '��P�� ((002��HHHHHHHHHHHHHHB �@Virus LA DIOSA ,dedicado a ANRUELO virus demostraci�n del NEP ..... ....Virus LA DIOSA por nIgrOmAntE 1998. (VALENCIA)')
2018-12-25T11:47:48.625791247Z	76	PC: 13396 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2933,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:48.652996501Z	58	PC: 12a5f \| Remove subdirectory
2018-12-25T11:47:48.65807322Z	53	PC: 12a6b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:48.659494769Z	74	PC: 12a88 \| Reallocate memory
2018-12-25T11:47:48.66124856Z	72	PC: 12a8f \| Allocate memory
2018-12-25T11:47:48.663896808Z	37	PC: 12ab5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:48.665478847Z	42	PC: 12ac0 \| Get date 0x12ac0: cmp dh, 5 0x12ac3: jne 0x12ad5 0x12ac5: cmp dl, 5 0x12ac8: jne 0x12ad5 0x12aca: mov ax, 0x900 0x12acd: lea dx, word ptr [bp + 0x8c1] 0x12ad1: int 0x21 0x12ad3: jmp 0x12ad3 0x12ad5: pop es 0x12ad6: pop ds 0x12ad7: mov ax, ds 0x12ad9: add ax, word ptr cs:[bp + 0x8a3] 0x12ade: add ax, 0x10 0x12ae1: cli 0x12ae2: mov ss, ax 0x12ae4: mov sp, word ptr cs:[bp + 0x8a5] 0x12ae9: sti 0x12aea: mov ax, ds 0x12aec: add ax, word ptr cs:[bp + 0x8ab] 0x12af1: add ax, 0x10
2018-12-25T11:47:48.668111514Z	9	PC: 1338e \| Display string (String= '��P�� ((002��HHHHHHHHHHHHHHB �@Virus LA DIOSA ,dedicado a ANRUELO virus demostraci�n del NEP ..... ....Virus LA DIOSA por nIgrOmAntE 1998. (VALENCIA)')
2018-12-25T11:47:48.67245364Z	76	PC: 13396 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":5,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2933,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:48.981005678Z	58	PC: 12a5f \| Remove subdirectory
2018-12-25T11:47:48.986579857Z	53	PC: 12a6b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:48.987829101Z	74	PC: 12a88 \| Reallocate memory
2018-12-25T11:47:48.989427602Z	72	PC: 12a8f \| Allocate memory
2018-12-25T11:47:48.991907285Z	37	PC: 12ab5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:48.993352308Z	42	PC: 12ac0 \| Get date 0x12ac0: cmp dh, 5 0x12ac3: jne 0x12ad5 0x12ac5: cmp dl, 5 0x12ac8: jne 0x12ad5 0x12aca: mov ax, 0x900 0x12acd: lea dx, word ptr [bp + 0x8c1] 0x12ad1: int 0x21 0x12ad3: jmp 0x12ad3 0x12ad5: pop es 0x12ad6: pop ds 0x12ad7: mov ax, ds 0x12ad9: add ax, word ptr cs:[bp + 0x8a3] 0x12ade: add ax, 0x10 0x12ae1: cli 0x12ae2: mov ss, ax 0x12ae4: mov sp, word ptr cs:[bp + 0x8a5] 0x12ae9: sti 0x12aea: mov ax, ds 0x12aec: add ax, word ptr cs:[bp + 0x8ab] 0x12af1: add ax, 0x10
2018-12-25T11:47:48.99571289Z	9	PC: 12ad3 \| Display string (Could not find end pointer)