Sample viewer

vx.netlux.org/Virus.DOS.LoveChild.2710

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:26:06.319290156Z	44	PC: 13fd6 \| Get time 0x13fd6: cmp cl, 3 0x13fd9: ja 0x13fdd 0x13fdb: int 5 0x13fdd: mov ah, 0x2a 0x13fdf: int 0x21 0x13fe1: cmp dx, 0xb05 0x13fe5: je 0x14009 0x13fe7: cmp dx, 0x216 0x13feb: je 0x14009 0x13fed: cmp dx, 0x617 0x13ff1: je 0x14009 0x13ff3: cmp dx, 0x420 0x13ff7: je 0x14009 0x13ff9: cmp dx, 0x818 0x13ffd: je 0x14009 0x13fff: cmp dx, 0xa06 0x14003: je 0x14009 0x14005: call 0x14749 0x14008: ret 0x14009: push si
2018-12-17T22:26:06.321921634Z	42	PC: 13fe1 \| Get date 0x13fe1: cmp dx, 0xb05 0x13fe5: je 0x14009 0x13fe7: cmp dx, 0x216 0x13feb: je 0x14009 0x13fed: cmp dx, 0x617 0x13ff1: je 0x14009 0x13ff3: cmp dx, 0x420 0x13ff7: je 0x14009 0x13ff9: cmp dx, 0x818 0x13ffd: je 0x14009 0x13fff: cmp dx, 0xa06 0x14003: je 0x14009 0x14005: call 0x14749 0x14008: ret 0x14009: push si 0x1400a: push ds 0x1400b: call 0x1401f 0x1400e: jno 0x14030 0x14010: pop ax 0x14011: pop si
2018-12-17T22:26:06.325869806Z	42	PC: 13ea5 \| Get date 0x13ea5: cmp al, 1 0x13ea7: jne 0x13eba 0x13ea9: cmp dl, 3 0x13eac: ja 0x13eba 0x13eae: mov ah, 0x2c 0x13eb0: int 0x21 0x13eb2: cmp ch, 0xc 0x13eb5: jae 0x13eba 0x13eb7: jmp 0x14031 0x13eba: mov ah, 0x30 0x13ebc: int 0x21 0x13ebe: cmp ax, 0x1e03 0x13ec1: jne 0x13ec6 0x13ec3: jmp 0x13f48 0x13ec6: push si 0x13ec7: push ds 0x13ec8: call 0x13f0d 0x13ecb: outsb dx, byte ptr [si] 0x13ecc: pop bx 0x13ecd: pop di
2018-12-17T22:26:06.328248363Z	48	PC: 13ebe \| Get DOS version

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4623,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:30.481169308Z	44	PC: 13fd6 \| Get time 0x13fd6: cmp cl, 3 0x13fd9: ja 0x13fdd 0x13fdb: int 5 0x13fdd: mov ah, 0x2a 0x13fdf: int 0x21 0x13fe1: cmp dx, 0xb05 0x13fe5: je 0x14009 0x13fe7: cmp dx, 0x216 0x13feb: je 0x14009 0x13fed: cmp dx, 0x617 0x13ff1: je 0x14009 0x13ff3: cmp dx, 0x420 0x13ff7: je 0x14009 0x13ff9: cmp dx, 0x818 0x13ffd: je 0x14009 0x13fff: cmp dx, 0xa06 0x14003: je 0x14009 0x14005: call 0x14749 0x14008: ret 0x14009: push si
2018-12-25T11:52:30.484911573Z	42	PC: 13fe1 \| Get date 0x13fe1: cmp dx, 0xb05 0x13fe5: je 0x14009 0x13fe7: cmp dx, 0x216 0x13feb: je 0x14009 0x13fed: cmp dx, 0x617 0x13ff1: je 0x14009 0x13ff3: cmp dx, 0x420 0x13ff7: je 0x14009 0x13ff9: cmp dx, 0x818 0x13ffd: je 0x14009 0x13fff: cmp dx, 0xa06 0x14003: je 0x14009 0x14005: call 0x14749 0x14008: ret 0x14009: push si 0x1400a: push ds 0x1400b: call 0x1401f 0x1400e: jno 0x14030 0x14010: pop ax 0x14011: pop si
2018-12-25T11:52:30.487672384Z	42	PC: 13ea5 \| Get date 0x13ea5: cmp al, 1 0x13ea7: jne 0x13eba 0x13ea9: cmp dl, 3 0x13eac: ja 0x13eba 0x13eae: mov ah, 0x2c 0x13eb0: int 0x21 0x13eb2: cmp ch, 0xc 0x13eb5: jae 0x13eba 0x13eb7: jmp 0x14031 0x13eba: mov ah, 0x30 0x13ebc: int 0x21 0x13ebe: cmp ax, 0x1e03 0x13ec1: jne 0x13ec6 0x13ec3: jmp 0x13f48 0x13ec6: push si 0x13ec7: push ds 0x13ec8: call 0x13f0d 0x13ecb: outsb dx, byte ptr [si] 0x13ecc: pop bx 0x13ecd: pop di
2018-12-25T11:52:30.490405642Z	48	PC: 13ebe \| Get DOS version

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4623,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:31.088825528Z	44	PC: 13fd6 \| Get time 0x13fd6: cmp cl, 3 0x13fd9: ja 0x13fdd 0x13fdb: int 5 0x13fdd: mov ah, 0x2a 0x13fdf: int 0x21 0x13fe1: cmp dx, 0xb05 0x13fe5: je 0x14009 0x13fe7: cmp dx, 0x216 0x13feb: je 0x14009 0x13fed: cmp dx, 0x617 0x13ff1: je 0x14009 0x13ff3: cmp dx, 0x420 0x13ff7: je 0x14009 0x13ff9: cmp dx, 0x818 0x13ffd: je 0x14009 0x13fff: cmp dx, 0xa06 0x14003: je 0x14009 0x14005: call 0x14749 0x14008: ret 0x14009: push si
2018-12-25T11:52:31.091635372Z	42	PC: 13fe1 \| Get date 0x13fe1: cmp dx, 0xb05 0x13fe5: je 0x14009 0x13fe7: cmp dx, 0x216 0x13feb: je 0x14009 0x13fed: cmp dx, 0x617 0x13ff1: je 0x14009 0x13ff3: cmp dx, 0x420 0x13ff7: je 0x14009 0x13ff9: cmp dx, 0x818 0x13ffd: je 0x14009 0x13fff: cmp dx, 0xa06 0x14003: je 0x14009 0x14005: call 0x14749 0x14008: ret 0x14009: push si 0x1400a: push ds 0x1400b: call 0x1401f 0x1400e: jno 0x14030 0x14010: pop ax 0x14011: pop si
2018-12-25T11:52:31.093647515Z	42	PC: 13ea5 \| Get date 0x13ea5: cmp al, 1 0x13ea7: jne 0x13eba 0x13ea9: cmp dl, 3 0x13eac: ja 0x13eba 0x13eae: mov ah, 0x2c 0x13eb0: int 0x21 0x13eb2: cmp ch, 0xc 0x13eb5: jae 0x13eba 0x13eb7: jmp 0x14031 0x13eba: mov ah, 0x30 0x13ebc: int 0x21 0x13ebe: cmp ax, 0x1e03 0x13ec1: jne 0x13ec6 0x13ec3: jmp 0x13f48 0x13ec6: push si 0x13ec7: push ds 0x13ec8: call 0x13f0d 0x13ecb: outsb dx, byte ptr [si] 0x13ecc: pop bx 0x13ecd: pop di
2018-12-25T11:52:31.095480491Z	48	PC: 13ebe \| Get DOS version

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":4,"Second":0,"TimeBased":true,"OriginalID":4623,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:32.990628106Z	44	PC: 13fd6 \| Get time 0x13fd6: cmp cl, 3 0x13fd9: ja 0x13fdd 0x13fdb: int 5 0x13fdd: mov ah, 0x2a 0x13fdf: int 0x21 0x13fe1: cmp dx, 0xb05 0x13fe5: je 0x14009 0x13fe7: cmp dx, 0x216 0x13feb: je 0x14009 0x13fed: cmp dx, 0x617 0x13ff1: je 0x14009 0x13ff3: cmp dx, 0x420 0x13ff7: je 0x14009 0x13ff9: cmp dx, 0x818 0x13ffd: je 0x14009 0x13fff: cmp dx, 0xa06 0x14003: je 0x14009 0x14005: call 0x14749 0x14008: ret 0x14009: push si
2018-12-25T11:52:32.993058137Z	42	PC: 13fe1 \| Get date 0x13fe1: cmp dx, 0xb05 0x13fe5: je 0x14009 0x13fe7: cmp dx, 0x216 0x13feb: je 0x14009 0x13fed: cmp dx, 0x617 0x13ff1: je 0x14009 0x13ff3: cmp dx, 0x420 0x13ff7: je 0x14009 0x13ff9: cmp dx, 0x818 0x13ffd: je 0x14009 0x13fff: cmp dx, 0xa06 0x14003: je 0x14009 0x14005: call 0x14749 0x14008: ret 0x14009: push si 0x1400a: push ds 0x1400b: call 0x1401f 0x1400e: jno 0x14030 0x14010: pop ax 0x14011: pop si
2018-12-25T11:52:32.996517835Z	42	PC: 13ea5 \| Get date 0x13ea5: cmp al, 1 0x13ea7: jne 0x13eba 0x13ea9: cmp dl, 3 0x13eac: ja 0x13eba 0x13eae: mov ah, 0x2c 0x13eb0: int 0x21 0x13eb2: cmp ch, 0xc 0x13eb5: jae 0x13eba 0x13eb7: jmp 0x14031 0x13eba: mov ah, 0x30 0x13ebc: int 0x21 0x13ebe: cmp ax, 0x1e03 0x13ec1: jne 0x13ec6 0x13ec3: jmp 0x13f48 0x13ec6: push si 0x13ec7: push ds 0x13ec8: call 0x13f0d 0x13ecb: outsb dx, byte ptr [si] 0x13ecc: pop bx 0x13ecd: pop di
2018-12-25T11:52:32.998998741Z	48	PC: 13ebe \| Get DOS version

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":4,"Second":0,"TimeBased":true,"OriginalID":4623,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:33.492582543Z	44	PC: 13fd6 \| Get time 0x13fd6: cmp cl, 3 0x13fd9: ja 0x13fdd 0x13fdb: int 5 0x13fdd: mov ah, 0x2a 0x13fdf: int 0x21 0x13fe1: cmp dx, 0xb05 0x13fe5: je 0x14009 0x13fe7: cmp dx, 0x216 0x13feb: je 0x14009 0x13fed: cmp dx, 0x617 0x13ff1: je 0x14009 0x13ff3: cmp dx, 0x420 0x13ff7: je 0x14009 0x13ff9: cmp dx, 0x818 0x13ffd: je 0x14009 0x13fff: cmp dx, 0xa06 0x14003: je 0x14009 0x14005: call 0x14749 0x14008: ret 0x14009: push si
2018-12-25T11:52:33.495763211Z	42	PC: 13fe1 \| Get date 0x13fe1: cmp dx, 0xb05 0x13fe5: je 0x14009 0x13fe7: cmp dx, 0x216 0x13feb: je 0x14009 0x13fed: cmp dx, 0x617 0x13ff1: je 0x14009 0x13ff3: cmp dx, 0x420 0x13ff7: je 0x14009 0x13ff9: cmp dx, 0x818 0x13ffd: je 0x14009 0x13fff: cmp dx, 0xa06 0x14003: je 0x14009 0x14005: call 0x14749 0x14008: ret 0x14009: push si 0x1400a: push ds 0x1400b: call 0x1401f 0x1400e: jno 0x14030 0x14010: pop ax 0x14011: pop si
2018-12-25T11:52:33.49883108Z	42	PC: 13ea5 \| Get date 0x13ea5: cmp al, 1 0x13ea7: jne 0x13eba 0x13ea9: cmp dl, 3 0x13eac: ja 0x13eba 0x13eae: mov ah, 0x2c 0x13eb0: int 0x21 0x13eb2: cmp ch, 0xc 0x13eb5: jae 0x13eba 0x13eb7: jmp 0x14031 0x13eba: mov ah, 0x30 0x13ebc: int 0x21 0x13ebe: cmp ax, 0x1e03 0x13ec1: jne 0x13ec6 0x13ec3: jmp 0x13f48 0x13ec6: push si 0x13ec7: push ds 0x13ec8: call 0x13f0d 0x13ecb: outsb dx, byte ptr [si] 0x13ecc: pop bx 0x13ecd: pop di
2018-12-25T11:52:33.501381254Z	48	PC: 13ebe \| Get DOS version