Sample viewer

vx.netlux.org/Virus.DOS.TimerJack.1106

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:25:01.65029252Z	15	PC: 17692 \| Open file (Filename = '.‰„.‹„.‰„X.„ŽÐ.‹„ ‹àéÆþœ= uS‹Ú?þ[u.Æ¸ýÏœ.ÿÜÃ=Ktëf.€>uè`PSèh‹ÚC€?uúQVWƒë¿ègt.ÆèF_^Y.‰ŒØ.£[Xèªÿœ.€>tèPSœT[ƒÃ XP6‰[XÏêlÊœPSQRVW.Æ.‹ŽÚ.‹¸CèeÿQ€áRt ¸C¹èTÿ¸Â=èNÿrëé6‹Ø¸Wà')
2018-12-17T22:25:01.653052776Z	81	PC: 176cf \| Get current PSP
2018-12-17T22:25:01.654400969Z	42	PC: 17723 \| Get date 0x17723: cli 0x17724: cmp cx, 0x7ca 0x17728: jne 0x17734 0x1772a: cmp dh, 8 0x1772d: je 0x1774d 0x1772f: cmp dh, 9 0x17732: je 0x1774d 0x17734: add dh, dh 0x17736: cmp dl, dh 0x17738: jne 0x17743 0x1773a: mov word ptr [0x20], 0x37f 0x17740: jmp 0x17749 0x17742: nop 0x17743: mov word ptr [0x20], 0x3a6 0x17749: mov word ptr [0x22], es 0x1774d: popf 0x1774e: push cs 0x1774f: pop ds 0x17750: mov ah, byte ptr cs:[si + 0x116] 0x17755: cmp ah, 0
2018-12-17T22:25:01.657081957Z	9	PC: 1765a \| Display string (Could not find end pointer)
2018-12-17T22:25:01.685969273Z	76	PC: 17660 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4416,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:42.09897296Z	15	PC: 17692 \| Open file (Filename = '.‰„.‹„.‰„X.„ŽÐ.‹„ ‹àéÆþœ= uS‹Ú?þ[u.Æ¸ýÏœ.ÿÜÃ=Ktëf.€>uè`PSèh‹ÚC€?uúQVWƒë¿ègt.ÆèF_^Y.‰ŒØ.£[Xèªÿœ.€>tèPSœT[ƒÃ XP6‰[XÏêlÊœPSQRVW.Æ.‹ŽÚ.‹¸CèeÿQ€áRt ¸C¹èTÿ¸Â=èNÿrëé6‹Ø¸Wà')
2018-12-25T11:51:42.101096131Z	81	PC: 176cf \| Get current PSP
2018-12-25T11:51:42.102404669Z	42	PC: 17723 \| Get date 0x17723: cli 0x17724: cmp cx, 0x7ca 0x17728: jne 0x17734 0x1772a: cmp dh, 8 0x1772d: je 0x1774d 0x1772f: cmp dh, 9 0x17732: je 0x1774d 0x17734: add dh, dh 0x17736: cmp dl, dh 0x17738: jne 0x17743 0x1773a: mov word ptr [0x20], 0x37f 0x17740: jmp 0x17749 0x17742: nop 0x17743: mov word ptr [0x20], 0x3a6 0x17749: mov word ptr [0x22], es 0x1774d: popf 0x1774e: push cs 0x1774f: pop ds 0x17750: mov ah, byte ptr cs:[si + 0x116] 0x17755: cmp ah, 0
2018-12-25T11:51:42.107124775Z	9	PC: 1765a \| Display string (Could not find end pointer)
2018-12-25T11:51:42.113322943Z	76	PC: 17660 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4416,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:44.847793257Z	15	PC: 17692 \| Open file (Filename = '.‰„.‹„.‰„X.„ŽÐ.‹„ ‹àéÆþœ= uS‹Ú?þ[u.Æ¸ýÏœ.ÿÜÃ=Ktëf.€>uè`PSèh‹ÚC€?uúQVWƒë¿ègt.ÆèF_^Y.‰ŒØ.£[Xèªÿœ.€>tèPSœT[ƒÃ XP6‰[XÏêlÊœPSQRVW.Æ.‹ŽÚ.‹¸CèeÿQ€áRt ¸C¹èTÿ¸Â=èNÿrëé6‹Ø¸Wà')
2018-12-25T11:51:44.851047669Z	81	PC: 176cf \| Get current PSP
2018-12-25T11:51:44.852124809Z	42	PC: 17723 \| Get date 0x17723: cli 0x17724: cmp cx, 0x7ca 0x17728: jne 0x17734 0x1772a: cmp dh, 8 0x1772d: je 0x1774d 0x1772f: cmp dh, 9 0x17732: je 0x1774d 0x17734: add dh, dh 0x17736: cmp dl, dh 0x17738: jne 0x17743 0x1773a: mov word ptr [0x20], 0x37f 0x17740: jmp 0x17749 0x17742: nop 0x17743: mov word ptr [0x20], 0x3a6 0x17749: mov word ptr [0x22], es 0x1774d: popf 0x1774e: push cs 0x1774f: pop ds 0x17750: mov ah, byte ptr cs:[si + 0x116] 0x17755: cmp ah, 0
2018-12-25T11:51:44.854366945Z	9	PC: 1765a \| Display string (Could not find end pointer)
2018-12-25T11:51:44.860775534Z	76	PC: 17660 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4416,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:47.087672158Z	15	PC: 17692 \| Open file (Filename = '.‰„.‹„.‰„X.„ŽÐ.‹„ ‹àéÆþœ= uS‹Ú?þ[u.Æ¸ýÏœ.ÿÜÃ=Ktëf.€>uè`PSèh‹ÚC€?uúQVWƒë¿ègt.ÆèF_^Y.‰ŒØ.£[Xèªÿœ.€>tèPSœT[ƒÃ XP6‰[XÏêlÊœPSQRVW.Æ.‹ŽÚ.‹¸CèeÿQ€áRt ¸C¹èTÿ¸Â=èNÿrëé6‹Ø¸Wà')
2018-12-25T11:51:47.093800442Z	81	PC: 176cf \| Get current PSP
2018-12-25T11:51:47.102530847Z	42	PC: 17723 \| Get date 0x17723: cli 0x17724: cmp cx, 0x7ca 0x17728: jne 0x17734 0x1772a: cmp dh, 8 0x1772d: je 0x1774d 0x1772f: cmp dh, 9 0x17732: je 0x1774d 0x17734: add dh, dh 0x17736: cmp dl, dh 0x17738: jne 0x17743 0x1773a: mov word ptr [0x20], 0x37f 0x17740: jmp 0x17749 0x17742: nop 0x17743: mov word ptr [0x20], 0x3a6 0x17749: mov word ptr [0x22], es 0x1774d: popf 0x1774e: push cs 0x1774f: pop ds 0x17750: mov ah, byte ptr cs:[si + 0x116] 0x17755: cmp ah, 0
2018-12-25T11:51:47.105564347Z	9	PC: 1765a \| Display string (Could not find end pointer)
2018-12-25T11:51:47.11326288Z	76	PC: 17660 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":2,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4416,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:47.503519374Z	15	PC: 17692 \| Open file (Filename = '.‰„.‹„.‰„X.„ŽÐ.‹„ ‹àéÆþœ= uS‹Ú?þ[u.Æ¸ýÏœ.ÿÜÃ=Ktëf.€>uè`PSèh‹ÚC€?uúQVWƒë¿ègt.ÆèF_^Y.‰ŒØ.£[Xèªÿœ.€>tèPSœT[ƒÃ XP6‰[XÏêlÊœPSQRVW.Æ.‹ŽÚ.‹¸CèeÿQ€áRt ¸C¹èTÿ¸Â=èNÿrëé6‹Ø¸Wà')
2018-12-25T11:51:47.506176889Z	81	PC: 176cf \| Get current PSP
2018-12-25T11:51:47.507442337Z	42	PC: 17723 \| Get date 0x17723: cli 0x17724: cmp cx, 0x7ca 0x17728: jne 0x17734 0x1772a: cmp dh, 8 0x1772d: je 0x1774d 0x1772f: cmp dh, 9 0x17732: je 0x1774d 0x17734: add dh, dh 0x17736: cmp dl, dh 0x17738: jne 0x17743 0x1773a: mov word ptr [0x20], 0x37f 0x17740: jmp 0x17749 0x17742: nop 0x17743: mov word ptr [0x20], 0x3a6 0x17749: mov word ptr [0x22], es 0x1774d: popf 0x1774e: push cs 0x1774f: pop ds 0x17750: mov ah, byte ptr cs:[si + 0x116] 0x17755: cmp ah, 0
2018-12-25T11:51:47.510104261Z	9	PC: 1765a \| Display string (Could not find end pointer)
2018-12-25T11:51:47.516673625Z	76	PC: 17660 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":8,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4416,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:48.752161732Z	15	PC: 17692 \| Open file (Filename = '.‰„.‹„.‰„X.„ŽÐ.‹„ ‹àéÆþœ= uS‹Ú?þ[u.Æ¸ýÏœ.ÿÜÃ=Ktëf.€>uè`PSèh‹ÚC€?uúQVWƒë¿ègt.ÆèF_^Y.‰ŒØ.£[Xèªÿœ.€>tèPSœT[ƒÃ XP6‰[XÏêlÊœPSQRVW.Æ.‹ŽÚ.‹¸CèeÿQ€áRt ¸C¹èTÿ¸Â=èNÿrëé6‹Ø¸Wà')
2018-12-25T11:51:48.755301523Z	81	PC: 176cf \| Get current PSP
2018-12-25T11:51:48.75657901Z	42	PC: 17723 \| Get date 0x17723: cli 0x17724: cmp cx, 0x7ca 0x17728: jne 0x17734 0x1772a: cmp dh, 8 0x1772d: je 0x1774d 0x1772f: cmp dh, 9 0x17732: je 0x1774d 0x17734: add dh, dh 0x17736: cmp dl, dh 0x17738: jne 0x17743 0x1773a: mov word ptr [0x20], 0x37f 0x17740: jmp 0x17749 0x17742: nop 0x17743: mov word ptr [0x20], 0x3a6 0x17749: mov word ptr [0x22], es 0x1774d: popf 0x1774e: push cs 0x1774f: pop ds 0x17750: mov ah, byte ptr cs:[si + 0x116] 0x17755: cmp ah, 0
2018-12-25T11:51:48.759158234Z	9	PC: 1765a \| Display string (Could not find end pointer)
2018-12-25T11:51:48.765445342Z	76	PC: 17660 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":9,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4416,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:48.778256769Z	15	PC: 17692 \| Open file (Filename = '.‰„.‹„.‰„X.„ŽÐ.‹„ ‹àéÆþœ= uS‹Ú?þ[u.Æ¸ýÏœ.ÿÜÃ=Ktëf.€>uè`PSèh‹ÚC€?uúQVWƒë¿ègt.ÆèF_^Y.‰ŒØ.£[Xèªÿœ.€>tèPSœT[ƒÃ XP6‰[XÏêlÊœPSQRVW.Æ.‹ŽÚ.‹¸CèeÿQ€áRt ¸C¹èTÿ¸Â=èNÿrëé6‹Ø¸Wà')
2018-12-25T11:51:48.780567061Z	81	PC: 176cf \| Get current PSP
2018-12-25T11:51:48.78203319Z	42	PC: 17723 \| Get date 0x17723: cli 0x17724: cmp cx, 0x7ca 0x17728: jne 0x17734 0x1772a: cmp dh, 8 0x1772d: je 0x1774d 0x1772f: cmp dh, 9 0x17732: je 0x1774d 0x17734: add dh, dh 0x17736: cmp dl, dh 0x17738: jne 0x17743 0x1773a: mov word ptr [0x20], 0x37f 0x17740: jmp 0x17749 0x17742: nop 0x17743: mov word ptr [0x20], 0x3a6 0x17749: mov word ptr [0x22], es 0x1774d: popf 0x1774e: push cs 0x1774f: pop ds 0x17750: mov ah, byte ptr cs:[si + 0x116] 0x17755: cmp ah, 0
2018-12-25T11:51:48.784994072Z	9	PC: 1765a \| Display string (Could not find end pointer)
2018-12-25T11:51:48.791931451Z	76	PC: 17660 \| Terminate with return code (Return code = '0')