Sample viewer

vx.netlux.org/Virus.DOS.KOV.Eddy.1430

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:16:48.801335663Z 42 PC: 12f0b | Get date 0x12f0b: cmp cx, 0x7cc
0x12f0f: jne 0x12f1b
0x12f11: cmp dh, 4
0x12f14: ja 0x12f1b
0x12f16: cmp dl, 0xf
0x12f19: jb 0x12f64
0x12f1b: mov al, 0xff
0x12f1d: mov ah, 0xf
0x12f1f: xchg al, ah
0x12f21: nop
0x12f22: int 0x21
0x12f24: cmp ax, 0x101
0x12f27: jne 0x12f2d
0x12f29: call 0x12f68
0x12f2c: nop
0x12f2d: mov ax, 0x3521
0x12f30: nop
0x12f31: int 0x21
0x12f33: cmp word ptr es:[0xa], 0x4254
0x12f3a: jne 0x12f48
2018-12-17T22:16:48.803530633Z 255 PC: 12f24 | UNKNOWN!
2018-12-17T22:16:48.804932187Z 53 PC: 12f33 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:16:48.806425277Z 240 PC: 12f62 | UNKNOWN!
2018-12-17T22:16:48.807580626Z 44 PC: 12e60 | Get time 0x12e60: cmp cl, 6
0x12e63: jne 0x12e9a
0x12e65: mov ax, 0xb800
0x12e68: mov es, ax
0x12e6a: mov cx, 0x30
0x12e6d: push cx
0x12e6e: mov cx, 0x7c0
0x12e71: xor si, si
0x12e73: mov ah, byte ptr es:[si]
0x12e76: cmp ah, 0x77
0x12e79: jb 0x12e88
0x12e7b: dec ah
0x12e7d: mov byte ptr es:[si], ah
0x12e80: mov byte ptr es:[si + 1], 0x79
0x12e85: jmp 0x12e92
0x12e87: nop
0x12e88: inc ah
0x12e8a: mov byte ptr es:[si], ah
0x12e8d: mov byte ptr es:[si + 1], 0x8f
0x12e92: inc si
2018-12-17T22:16:48.81923601Z 98 PC: 16c00 | Get current PSP
2018-12-17T22:16:48.82143406Z 99 PC: 148d4 | Get DBCS lead byte table pointer
2018-12-17T22:16:48.823275891Z 68 PC: 148ee | I/O control for devices (Set for = '')
2018-12-17T22:16:48.827407147Z 68 PC: 148f9 | I/O control for devices (Set for = '')
2018-12-17T22:16:48.829362576Z 68 PC: 14904 | I/O control for devices (Set for = '')
2018-12-17T22:16:48.830753804Z 68 PC: 1490c | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-17T22:16:48.833475378Z 48 PC: 14911 | Get DOS version
2018-12-17T22:16:48.835242484Z 64 PC: 14a46 | Write file or device (Write 23 bytes on handle 2)
2018-12-17T22:16:48.839904193Z 76 PC: 16c3a | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2978,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:47:57.119295562Z 42 PC: 12f0b | Get date 0x12f0b: cmp cx, 0x7cc
0x12f0f: jne 0x12f1b
0x12f11: cmp dh, 4
0x12f14: ja 0x12f1b
0x12f16: cmp dl, 0xf
0x12f19: jb 0x12f64
0x12f1b: mov al, 0xff
0x12f1d: mov ah, 0xf
0x12f1f: xchg al, ah
0x12f21: nop
0x12f22: int 0x21
0x12f24: cmp ax, 0x101
0x12f27: jne 0x12f2d
0x12f29: call 0x12f68
0x12f2c: nop
0x12f2d: mov ax, 0x3521
0x12f30: nop
0x12f31: int 0x21
0x12f33: cmp word ptr es:[0xa], 0x4254
0x12f3a: jne 0x12f48
2018-12-25T11:47:57.12235464Z 255 PC: 12f24 | UNKNOWN!
2018-12-25T11:47:57.123361653Z 53 PC: 12f33 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:57.125261261Z 240 PC: 12f62 | UNKNOWN!
2018-12-25T11:47:57.126921514Z 44 PC: 12e60 | Get time 0x12e60: cmp cl, 6
0x12e63: jne 0x12e9a
0x12e65: mov ax, 0xb800
0x12e68: mov es, ax
0x12e6a: mov cx, 0x30
0x12e6d: push cx
0x12e6e: mov cx, 0x7c0
0x12e71: xor si, si
0x12e73: mov ah, byte ptr es:[si]
0x12e76: cmp ah, 0x77
0x12e79: jb 0x12e88
0x12e7b: dec ah
0x12e7d: mov byte ptr es:[si], ah
0x12e80: mov byte ptr es:[si + 1], 0x79
0x12e85: jmp 0x12e92
0x12e87: nop
0x12e88: inc ah
0x12e8a: mov byte ptr es:[si], ah
0x12e8d: mov byte ptr es:[si + 1], 0x8f
0x12e92: inc si
2018-12-25T11:47:57.13815271Z 98 PC: 16c00 | Get current PSP
2018-12-25T11:47:57.139786485Z 99 PC: 148d4 | Get DBCS lead byte table pointer
2018-12-25T11:47:57.148628255Z 68 PC: 148ee | I/O control for devices (Set for = '')
2018-12-25T11:47:57.150014114Z 68 PC: 148f9 | I/O control for devices (Set for = '')
2018-12-25T11:47:57.151490681Z 68 PC: 14904 | I/O control for devices (Set for = '')
2018-12-25T11:47:57.153370484Z 68 PC: 1490c | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T11:47:57.155054767Z 48 PC: 14911 | Get DOS version
2018-12-25T11:47:57.156699353Z 64 PC: 14a46 | Write file or device (Write 23 bytes on handle 2)
2018-12-25T11:47:57.161788108Z 76 PC: 16c3a | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2978,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:47:57.10171212Z 42 PC: 12f0b | Get date 0x12f0b: cmp cx, 0x7cc
0x12f0f: jne 0x12f1b
0x12f11: cmp dh, 4
0x12f14: ja 0x12f1b
0x12f16: cmp dl, 0xf
0x12f19: jb 0x12f64
0x12f1b: mov al, 0xff
0x12f1d: mov ah, 0xf
0x12f1f: xchg al, ah
0x12f21: nop
0x12f22: int 0x21
0x12f24: cmp ax, 0x101
0x12f27: jne 0x12f2d
0x12f29: call 0x12f68
0x12f2c: nop
0x12f2d: mov ax, 0x3521
0x12f30: nop
0x12f31: int 0x21
0x12f33: cmp word ptr es:[0xa], 0x4254
0x12f3a: jne 0x12f48
2018-12-25T11:47:57.10483647Z 255 PC: 12f24 | UNKNOWN!
2018-12-25T11:47:57.105905508Z 53 PC: 12f33 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:57.107265933Z 240 PC: 12f62 | UNKNOWN!
2018-12-25T11:47:57.117590821Z 44 PC: 12e60 | Get time 0x12e60: cmp cl, 6
0x12e63: jne 0x12e9a
0x12e65: mov ax, 0xb800
0x12e68: mov es, ax
0x12e6a: mov cx, 0x30
0x12e6d: push cx
0x12e6e: mov cx, 0x7c0
0x12e71: xor si, si
0x12e73: mov ah, byte ptr es:[si]
0x12e76: cmp ah, 0x77
0x12e79: jb 0x12e88
0x12e7b: dec ah
0x12e7d: mov byte ptr es:[si], ah
0x12e80: mov byte ptr es:[si + 1], 0x79
0x12e85: jmp 0x12e92
0x12e87: nop
0x12e88: inc ah
0x12e8a: mov byte ptr es:[si], ah
0x12e8d: mov byte ptr es:[si + 1], 0x8f
0x12e92: inc si
2018-12-25T11:47:57.132614703Z 98 PC: 16c00 | Get current PSP
2018-12-25T11:47:57.133996512Z 99 PC: 148d4 | Get DBCS lead byte table pointer
2018-12-25T11:47:57.13615437Z 68 PC: 148ee | I/O control for devices (Set for = '')
2018-12-25T11:47:57.137677565Z 68 PC: 148f9 | I/O control for devices (Set for = '')
2018-12-25T11:47:57.139379639Z 68 PC: 14904 | I/O control for devices (Set for = '')
2018-12-25T11:47:57.140732409Z 68 PC: 1490c | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T11:47:57.142802367Z 48 PC: 14911 | Get DOS version
2018-12-25T11:47:57.144786608Z 64 PC: 14a46 | Write file or device (Write 23 bytes on handle 2)
2018-12-25T11:47:57.150094372Z 76 PC: 16c3a | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":6,"Second":0,"TimeBased":true,"OriginalID":2978,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:47:58.790916079Z 42 PC: 12f0b | Get date 0x12f0b: cmp cx, 0x7cc
0x12f0f: jne 0x12f1b
0x12f11: cmp dh, 4
0x12f14: ja 0x12f1b
0x12f16: cmp dl, 0xf
0x12f19: jb 0x12f64
0x12f1b: mov al, 0xff
0x12f1d: mov ah, 0xf
0x12f1f: xchg al, ah
0x12f21: nop
0x12f22: int 0x21
0x12f24: cmp ax, 0x101
0x12f27: jne 0x12f2d
0x12f29: call 0x12f68
0x12f2c: nop
0x12f2d: mov ax, 0x3521
0x12f30: nop
0x12f31: int 0x21
0x12f33: cmp word ptr es:[0xa], 0x4254
0x12f3a: jne 0x12f48
2018-12-25T11:47:58.79309616Z 255 PC: 12f24 | UNKNOWN!
2018-12-25T11:47:58.793776523Z 53 PC: 12f33 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:58.79559067Z 240 PC: 12f62 | UNKNOWN!
2018-12-25T11:47:58.796936172Z 44 PC: 12e60 | Get time 0x12e60: cmp cl, 6
0x12e63: jne 0x12e9a
0x12e65: mov ax, 0xb800
0x12e68: mov es, ax
0x12e6a: mov cx, 0x30
0x12e6d: push cx
0x12e6e: mov cx, 0x7c0
0x12e71: xor si, si
0x12e73: mov ah, byte ptr es:[si]
0x12e76: cmp ah, 0x77
0x12e79: jb 0x12e88
0x12e7b: dec ah
0x12e7d: mov byte ptr es:[si], ah
0x12e80: mov byte ptr es:[si + 1], 0x79
0x12e85: jmp 0x12e92
0x12e87: nop
0x12e88: inc ah
0x12e8a: mov byte ptr es:[si], ah
0x12e8d: mov byte ptr es:[si + 1], 0x8f
0x12e92: inc si
2018-12-25T11:47:58.834884292Z 98 PC: 16c00 | Get current PSP
2018-12-25T11:47:58.836128693Z 99 PC: 148d4 | Get DBCS lead byte table pointer
2018-12-25T11:47:58.838278213Z 68 PC: 148ee | I/O control for devices (Set for = '')
2018-12-25T11:47:58.840471013Z 68 PC: 148f9 | I/O control for devices (Set for = '')
2018-12-25T11:47:58.84204594Z 68 PC: 14904 | I/O control for devices (Set for = '')
2018-12-25T11:47:58.844385501Z 68 PC: 1490c | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T11:47:58.846353894Z 48 PC: 14911 | Get DOS version
2018-12-25T11:47:58.848379841Z 64 PC: 14a46 | Write file or device (Write 23 bytes on handle 2)
2018-12-25T11:47:58.857891784Z 76 PC: 16c3a | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":6,"Second":0,"TimeBased":true,"OriginalID":2978,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:47:58.939186967Z 42 PC: 12f0b | Get date 0x12f0b: cmp cx, 0x7cc
0x12f0f: jne 0x12f1b
0x12f11: cmp dh, 4
0x12f14: ja 0x12f1b
0x12f16: cmp dl, 0xf
0x12f19: jb 0x12f64
0x12f1b: mov al, 0xff
0x12f1d: mov ah, 0xf
0x12f1f: xchg al, ah
0x12f21: nop
0x12f22: int 0x21
0x12f24: cmp ax, 0x101
0x12f27: jne 0x12f2d
0x12f29: call 0x12f68
0x12f2c: nop
0x12f2d: mov ax, 0x3521
0x12f30: nop
0x12f31: int 0x21
0x12f33: cmp word ptr es:[0xa], 0x4254
0x12f3a: jne 0x12f48
2018-12-25T11:47:58.941609104Z 255 PC: 12f24 | UNKNOWN!
2018-12-25T11:47:58.942347262Z 53 PC: 12f33 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:58.943552644Z 240 PC: 12f62 | UNKNOWN!
2018-12-25T11:47:58.944897233Z 44 PC: 12e60 | Get time 0x12e60: cmp cl, 6
0x12e63: jne 0x12e9a
0x12e65: mov ax, 0xb800
0x12e68: mov es, ax
0x12e6a: mov cx, 0x30
0x12e6d: push cx
0x12e6e: mov cx, 0x7c0
0x12e71: xor si, si
0x12e73: mov ah, byte ptr es:[si]
0x12e76: cmp ah, 0x77
0x12e79: jb 0x12e88
0x12e7b: dec ah
0x12e7d: mov byte ptr es:[si], ah
0x12e80: mov byte ptr es:[si + 1], 0x79
0x12e85: jmp 0x12e92
0x12e87: nop
0x12e88: inc ah
0x12e8a: mov byte ptr es:[si], ah
0x12e8d: mov byte ptr es:[si + 1], 0x8f
0x12e92: inc si
2018-12-25T11:47:58.979442565Z 98 PC: 16c00 | Get current PSP
2018-12-25T11:47:58.984178957Z 99 PC: 148d4 | Get DBCS lead byte table pointer
2018-12-25T11:47:58.985581991Z 68 PC: 148ee | I/O control for devices (Set for = '')
2018-12-25T11:47:58.986711026Z 68 PC: 148f9 | I/O control for devices (Set for = '')
2018-12-25T11:47:58.987933879Z 68 PC: 14904 | I/O control for devices (Set for = '')
2018-12-25T11:47:58.991116795Z 68 PC: 1490c | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T11:47:58.993015493Z 48 PC: 14911 | Get DOS version
2018-12-25T11:47:58.994247338Z 64 PC: 14a46 | Write file or device (Write 23 bytes on handle 2)
2018-12-25T11:47:58.997998194Z 76 PC: 16c3a | Terminate with return code (Return code = '0')