Sample viewer

vx.netlux.org/Virus.DOS.KOV.Eddy.1309

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:22:00.076408345Z	42	PC: 12ef3 \| Get date 0x12ef3: cmp cx, 0x7cb 0x12ef7: jne 0x12f09 0x12ef9: cmp dh, 3 0x12efc: jne 0x12f09 0x12efe: cmp dl, 0xe 0x12f01: jb 0x12f09 0x12f03: mov byte ptr cs:[0x278], 1 0x12f09: mov al, 0xff 0x12f0b: mov ah, 0xf 0x12f0d: xchg al, ah 0x12f0f: nop 0x12f10: int 0x21 0x12f12: cmp ax, 0x101 0x12f15: je 0x12f4b 0x12f17: mov ax, 0x3521 0x12f1a: nop 0x12f1b: int 0x21 0x12f1d: cmp word ptr es:[0xa], 0x4254 0x12f24: jne 0x12f2f 0x12f26: cmp word ptr es:[0xc], 0x5244
2018-12-17T22:22:00.079773884Z	255	PC: 12f12 \| UNKNOWN!
2018-12-17T22:22:00.081581227Z	53	PC: 12f1d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:22:00.083391173Z	240	PC: 12f49 \| UNKNOWN!
2018-12-17T22:22:00.085215115Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3848,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:18.139704913Z	42	PC: 12ef3 \| Get date 0x12ef3: cmp cx, 0x7cb 0x12ef7: jne 0x12f09 0x12ef9: cmp dh, 3 0x12efc: jne 0x12f09 0x12efe: cmp dl, 0xe 0x12f01: jb 0x12f09 0x12f03: mov byte ptr cs:[0x278], 1 0x12f09: mov al, 0xff 0x12f0b: mov ah, 0xf 0x12f0d: xchg al, ah 0x12f0f: nop 0x12f10: int 0x21 0x12f12: cmp ax, 0x101 0x12f15: je 0x12f4b 0x12f17: mov ax, 0x3521 0x12f1a: nop 0x12f1b: int 0x21 0x12f1d: cmp word ptr es:[0xa], 0x4254 0x12f24: jne 0x12f2f 0x12f26: cmp word ptr es:[0xc], 0x5244
2018-12-25T11:50:18.143308525Z	255	PC: 12f12 \| UNKNOWN!
2018-12-25T11:50:18.144407497Z	53	PC: 12f1d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:50:18.145630658Z	240	PC: 12f49 \| UNKNOWN!
2018-12-25T11:50:18.146955672Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3848,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:18.361070463Z	42	PC: 12ef3 \| Get date 0x12ef3: cmp cx, 0x7cb 0x12ef7: jne 0x12f09 0x12ef9: cmp dh, 3 0x12efc: jne 0x12f09 0x12efe: cmp dl, 0xe 0x12f01: jb 0x12f09 0x12f03: mov byte ptr cs:[0x278], 1 0x12f09: mov al, 0xff 0x12f0b: mov ah, 0xf 0x12f0d: xchg al, ah 0x12f0f: nop 0x12f10: int 0x21 0x12f12: cmp ax, 0x101 0x12f15: je 0x12f4b 0x12f17: mov ax, 0x3521 0x12f1a: nop 0x12f1b: int 0x21 0x12f1d: cmp word ptr es:[0xa], 0x4254 0x12f24: jne 0x12f2f 0x12f26: cmp word ptr es:[0xc], 0x5244
2018-12-25T11:50:18.363562964Z	255	PC: 12f12 \| UNKNOWN!
2018-12-25T11:50:18.36471299Z	53	PC: 12f1d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:50:18.366094514Z	240	PC: 12f49 \| UNKNOWN!
2018-12-25T11:50:18.367881534Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":3,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3848,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:19.068940506Z	42	PC: 12ef3 \| Get date 0x12ef3: cmp cx, 0x7cb 0x12ef7: jne 0x12f09 0x12ef9: cmp dh, 3 0x12efc: jne 0x12f09 0x12efe: cmp dl, 0xe 0x12f01: jb 0x12f09 0x12f03: mov byte ptr cs:[0x278], 1 0x12f09: mov al, 0xff 0x12f0b: mov ah, 0xf 0x12f0d: xchg al, ah 0x12f0f: nop 0x12f10: int 0x21 0x12f12: cmp ax, 0x101 0x12f15: je 0x12f4b 0x12f17: mov ax, 0x3521 0x12f1a: nop 0x12f1b: int 0x21 0x12f1d: cmp word ptr es:[0xa], 0x4254 0x12f24: jne 0x12f2f 0x12f26: cmp word ptr es:[0xc], 0x5244
2018-12-25T11:50:19.071982925Z	255	PC: 12f12 \| UNKNOWN!
2018-12-25T11:50:19.074022116Z	53	PC: 12f1d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:50:19.075356715Z	240	PC: 12f49 \| UNKNOWN!
2018-12-25T11:50:19.076744048Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":14,"Month":3,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3848,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:19.351203309Z	42	PC: 12ef3 \| Get date 0x12ef3: cmp cx, 0x7cb 0x12ef7: jne 0x12f09 0x12ef9: cmp dh, 3 0x12efc: jne 0x12f09 0x12efe: cmp dl, 0xe 0x12f01: jb 0x12f09 0x12f03: mov byte ptr cs:[0x278], 1 0x12f09: mov al, 0xff 0x12f0b: mov ah, 0xf 0x12f0d: xchg al, ah 0x12f0f: nop 0x12f10: int 0x21 0x12f12: cmp ax, 0x101 0x12f15: je 0x12f4b 0x12f17: mov ax, 0x3521 0x12f1a: nop 0x12f1b: int 0x21 0x12f1d: cmp word ptr es:[0xa], 0x4254 0x12f24: jne 0x12f2f 0x12f26: cmp word ptr es:[0xc], 0x5244
2018-12-25T11:50:19.35449995Z	255	PC: 12f12 \| UNKNOWN!
2018-12-25T11:50:19.355143695Z	53	PC: 12f1d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:50:19.355988379Z	240	PC: 12f49 \| UNKNOWN!
2018-12-25T11:50:19.35728842Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')