Sample viewer

vx.netlux.org/Virus.DOS.Ocsana.692

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:23:55.163317414Z 171 PC: 12bd3 | UNKNOWN!
2018-12-17T22:23:55.164957113Z 53 PC: 12bec | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:23:55.176236566Z 53 PC: 12bfb | Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-17T22:23:55.181147537Z 42 PC: 12c09 | Get date 0x12c09: cmp dh, 8
0x12c0c: jne 0x12c34
0x12c0e: cmp dl, 0xd
0x12c11: jne 0x12c34
0x12c13: mov di, 0x386
0x12c16: mov cx, 0x17
0x12c19: nop
0x12c1a: mov al, 0xcf
0x12c1c: xor byte ptr cs:[di], al
0x12c1f: inc byte ptr cs:[di]
0x12c22: xor byte ptr cs:[di], al
0x12c25: inc di
0x12c26: dec al
0x12c28: loop 0x12c1c
0x12c2a: mov dx, 0x386
0x12c2d: mov ah, 9
0x12c2f: int 0x21
0x12c31: jmp 0x12c8c
0x12c33: nop
0x12c34: mov ah, 0x48
2018-12-17T22:23:55.186782534Z 72 PC: 12c3b | Allocate memory
2018-12-17T22:23:55.188923403Z 73 PC: 12c5d | Release memory

{"DateBased":true,"Day":13,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4198,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:08.3687416Z 171 PC: 12bd3 | UNKNOWN!
2018-12-25T11:51:08.369529333Z 53 PC: 12bec | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:08.371319398Z 53 PC: 12bfb | Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T11:51:08.372365042Z 42 PC: 12c09 | Get date 0x12c09: cmp dh, 8
0x12c0c: jne 0x12c34
0x12c0e: cmp dl, 0xd
0x12c11: jne 0x12c34
0x12c13: mov di, 0x386
0x12c16: mov cx, 0x17
0x12c19: nop
0x12c1a: mov al, 0xcf
0x12c1c: xor byte ptr cs:[di], al
0x12c1f: inc byte ptr cs:[di]
0x12c22: xor byte ptr cs:[di], al
0x12c25: inc di
0x12c26: dec al
0x12c28: loop 0x12c1c
0x12c2a: mov dx, 0x386
0x12c2d: mov ah, 9
0x12c2f: int 0x21
0x12c31: jmp 0x12c8c
0x12c33: nop
0x12c34: mov ah, 0x48
2018-12-25T11:51:08.374661425Z 9 PC: 12c31 | Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4198,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:08.556076269Z 171 PC: 12bd3 | UNKNOWN!
2018-12-25T11:51:08.557701922Z 53 PC: 12bec | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:08.5586888Z 53 PC: 12bfb | Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T11:51:08.559635763Z 42 PC: 12c09 | Get date 0x12c09: cmp dh, 8
0x12c0c: jne 0x12c34
0x12c0e: cmp dl, 0xd
0x12c11: jne 0x12c34
0x12c13: mov di, 0x386
0x12c16: mov cx, 0x17
0x12c19: nop
0x12c1a: mov al, 0xcf
0x12c1c: xor byte ptr cs:[di], al
0x12c1f: inc byte ptr cs:[di]
0x12c22: xor byte ptr cs:[di], al
0x12c25: inc di
0x12c26: dec al
0x12c28: loop 0x12c1c
0x12c2a: mov dx, 0x386
0x12c2d: mov ah, 9
0x12c2f: int 0x21
0x12c31: jmp 0x12c8c
0x12c33: nop
0x12c34: mov ah, 0x48
2018-12-25T11:51:08.562190708Z 72 PC: 12c3b | Allocate memory
2018-12-25T11:51:08.564218778Z 73 PC: 12c5d | Release memory

{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4198,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:08.5728619Z 171 PC: 12bd3 | UNKNOWN!
2018-12-25T11:51:08.574679714Z 53 PC: 12bec | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:08.576131008Z 53 PC: 12bfb | Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T11:51:08.577297227Z 42 PC: 12c09 | Get date 0x12c09: cmp dh, 8
0x12c0c: jne 0x12c34
0x12c0e: cmp dl, 0xd
0x12c11: jne 0x12c34
0x12c13: mov di, 0x386
0x12c16: mov cx, 0x17
0x12c19: nop
0x12c1a: mov al, 0xcf
0x12c1c: xor byte ptr cs:[di], al
0x12c1f: inc byte ptr cs:[di]
0x12c22: xor byte ptr cs:[di], al
0x12c25: inc di
0x12c26: dec al
0x12c28: loop 0x12c1c
0x12c2a: mov dx, 0x386
0x12c2d: mov ah, 9
0x12c2f: int 0x21
0x12c31: jmp 0x12c8c
0x12c33: nop
0x12c34: mov ah, 0x48
2018-12-25T11:51:08.58018969Z 72 PC: 12c3b | Allocate memory
2018-12-25T11:51:08.583068015Z 73 PC: 12c5d | Release memory