Sample viewer

vx.netlux.org/Virus.DOS.Keeper.Fly.1036

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:28:39.179377951Z	44	PC: 12a61 \| Get time 0x12a61: cmp cl, dh 0x12a63: je 0x12a6b 0x12a65: cmp dh, dl 0x12a67: je 0x12a74 0x12a69: jmp 0x12a84 0x12a6b: mov dx, 0x282 0x12a6e: mov ah, 9 0x12a70: int 0x21 0x12a72: jmp 0x12a84 0x12a74: mov dx, 0x282 0x12a77: mov ah, 9 0x12a79: int 0x21 0x12a7b: mov dx, 0x1a8 0x12a7e: mov ah, 9 0x12a80: int 0x21 0x12a82: int 5 0x12a84: push cs 0x12a85: pop ds 0x12a86: call 0x12b91 0x12a89: sub ax, 0x1000
2018-12-17T22:28:39.182291786Z	53	PC: 12aa4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:28:39.184941261Z	37	PC: 12e4b \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5113,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:42.758321401Z	44	PC: 12a61 \| Get time 0x12a61: cmp cl, dh 0x12a63: je 0x12a6b 0x12a65: cmp dh, dl 0x12a67: je 0x12a74 0x12a69: jmp 0x12a84 0x12a6b: mov dx, 0x282 0x12a6e: mov ah, 9 0x12a70: int 0x21 0x12a72: jmp 0x12a84 0x12a74: mov dx, 0x282 0x12a77: mov ah, 9 0x12a79: int 0x21 0x12a7b: mov dx, 0x1a8 0x12a7e: mov ah, 9 0x12a80: int 0x21 0x12a82: int 5 0x12a84: push cs 0x12a85: pop ds 0x12a86: call 0x12b91 0x12a89: sub ax, 0x1000
2018-12-25T11:53:42.761150912Z	53	PC: 12aa4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:42.764837758Z	37	PC: 12e4b \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":5113,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:42.774985785Z	44	PC: 12a61 \| Get time 0x12a61: cmp cl, dh 0x12a63: je 0x12a6b 0x12a65: cmp dh, dl 0x12a67: je 0x12a74 0x12a69: jmp 0x12a84 0x12a6b: mov dx, 0x282 0x12a6e: mov ah, 9 0x12a70: int 0x21 0x12a72: jmp 0x12a84 0x12a74: mov dx, 0x282 0x12a77: mov ah, 9 0x12a79: int 0x21 0x12a7b: mov dx, 0x1a8 0x12a7e: mov ah, 9 0x12a80: int 0x21 0x12a82: int 5 0x12a84: push cs 0x12a85: pop ds 0x12a86: call 0x12b91 0x12a89: sub ax, 0x1000
2018-12-25T11:53:42.777519528Z	53	PC: 12aa4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:42.783687611Z	37	PC: 12e4b \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":5113,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:42.828649564Z	44	PC: 12a61 \| Get time 0x12a61: cmp cl, dh 0x12a63: je 0x12a6b 0x12a65: cmp dh, dl 0x12a67: je 0x12a74 0x12a69: jmp 0x12a84 0x12a6b: mov dx, 0x282 0x12a6e: mov ah, 9 0x12a70: int 0x21 0x12a72: jmp 0x12a84 0x12a74: mov dx, 0x282 0x12a77: mov ah, 9 0x12a79: int 0x21 0x12a7b: mov dx, 0x1a8 0x12a7e: mov ah, 9 0x12a80: int 0x21 0x12a82: int 5 0x12a84: push cs 0x12a85: pop ds 0x12a86: call 0x12b91 0x12a89: sub ax, 0x1000
2018-12-25T11:53:42.832271729Z	53	PC: 12aa4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:42.836932806Z	37	PC: 12e4b \| Set interrupt vector (Interrupt = '33' AKA 'Random read')