Sample viewer

vx.netlux.org/Virus.DOS.ELCN.374

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:29:13.878774603Z	71	PC: 12a5e \| Get current directory
2018-12-17T22:29:13.882679233Z	78	PC: 12a72 \| Find first file
2018-12-17T22:29:13.889939402Z	79	PC: 12b2d \| Find next file
2018-12-17T22:29:13.893257463Z	79	PC: 12b2d \| Find next file
2018-12-17T22:29:13.897494018Z	79	PC: 12b2d \| Find next file
2018-12-17T22:29:13.900466645Z	59	PC: 12b39 \| Change current directory
2018-12-17T22:29:13.905111021Z	59	PC: 12b45 \| Change current directory
2018-12-17T22:29:13.907784549Z	44	PC: 12b49 \| Get time 0x12b49: cmp ch, 8 0x12b4c: je 0x12b53 0x12b4e: cmp ch, 0x14 0x12b51: jne 0x12b66 0x12b53: mov si, 0x253 0x12b56: mov cx, 0x17 0x12b59: xor byte ptr [si], 0x7a 0x12b5c: inc si 0x12b5d: loop 0x12b59 0x12b5f: mov dx, 0x253 0x12b62: mov ah, 9 0x12b64: int 0x21 0x12b66: mov ax, word ptr [0xb0] 0x12b69: mov si, 0xfb00 0x12b6c: push si 0x12b6d: push si 0x12b6e: mov di, 0x80 0x12b71: mov cx, 0x100 0x12b74: rep movsb byte ptr es:[di], byte ptr [si] 0x12b76: pop di
2018-12-17T22:29:13.910967643Z	9	PC: 12a85 \| Display string (String= ' ')
2018-12-17T22:29:13.917153216Z	0	PC: 12a89 \| Program terminate

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5219,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:00.494784737Z	71	PC: 12a5e \| Get current directory
2018-12-25T11:54:00.513195654Z	78	PC: 12a72 \| Find first file
2018-12-25T11:54:00.519052691Z	79	PC: 12b2d \| Find next file
2018-12-25T11:54:00.521686856Z	79	PC: 12b2d \| Find next file (See above)
2018-12-25T11:54:00.52487405Z	79	PC: 12b2d \| Find next file (See above)
2018-12-25T11:54:00.533844069Z	59	PC: 12b39 \| Change current directory
2018-12-25T11:54:00.538023166Z	59	PC: 12b45 \| Change current directory
2018-12-25T11:54:00.540722132Z	44	PC: 12b49 \| Get time 0x12b49: cmp ch, 8 0x12b4c: je 0x12b53 0x12b4e: cmp ch, 0x14 0x12b51: jne 0x12b66 0x12b53: mov si, 0x253 0x12b56: mov cx, 0x17 0x12b59: xor byte ptr [si], 0x7a 0x12b5c: inc si 0x12b5d: loop 0x12b59 0x12b5f: mov dx, 0x253 0x12b62: mov ah, 9 0x12b64: int 0x21 0x12b66: mov ax, word ptr [0xb0] 0x12b69: mov si, 0xfb00 0x12b6c: push si 0x12b6d: push si 0x12b6e: mov di, 0x80 0x12b71: mov cx, 0x100 0x12b74: rep movsb byte ptr es:[di], byte ptr [si] 0x12b76: pop di
2018-12-25T11:54:00.543575718Z	9	PC: 12a85 \| Display string (String= ' ')
2018-12-25T11:54:00.549427201Z	0	PC: 12a89 \| Program terminate

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":8,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5219,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:00.610272492Z	71	PC: 12a5e \| Get current directory
2018-12-25T11:54:00.613330354Z	78	PC: 12a72 \| Find first file
2018-12-25T11:54:00.619804296Z	79	PC: 12b2d \| Find next file
2018-12-25T11:54:00.62326343Z	79	PC: 12b2d \| Find next file (See above)
2018-12-25T11:54:00.625910118Z	79	PC: 12b2d \| Find next file (See above)
2018-12-25T11:54:00.628683224Z	59	PC: 12b39 \| Change current directory
2018-12-25T11:54:00.63364196Z	59	PC: 12b45 \| Change current directory
2018-12-25T11:54:00.635023945Z	44	PC: 12b49 \| Get time 0x12b49: cmp ch, 8 0x12b4c: je 0x12b53 0x12b4e: cmp ch, 0x14 0x12b51: jne 0x12b66 0x12b53: mov si, 0x253 0x12b56: mov cx, 0x17 0x12b59: xor byte ptr [si], 0x7a 0x12b5c: inc si 0x12b5d: loop 0x12b59 0x12b5f: mov dx, 0x253 0x12b62: mov ah, 9 0x12b64: int 0x21 0x12b66: mov ax, word ptr [0xb0] 0x12b69: mov si, 0xfb00 0x12b6c: push si 0x12b6d: push si 0x12b6e: mov di, 0x80 0x12b71: mov cx, 0x100 0x12b74: rep movsb byte ptr es:[di], byte ptr [si] 0x12b76: pop di
2018-12-25T11:54:00.636622567Z	9	PC: 12b66 \| Display string (String= '��᪨� - �� !!! ')
2018-12-25T11:54:00.639528721Z	9	PC: 12a85 \| Display string (String= ' ')
2018-12-25T11:54:00.644850965Z	0	PC: 12a89 \| Program terminate

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":20,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5219,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:01.103411269Z	71	PC: 12a5e \| Get current directory
2018-12-25T11:54:01.107926256Z	78	PC: 12a72 \| Find first file
2018-12-25T11:54:01.113969825Z	79	PC: 12b2d \| Find next file
2018-12-25T11:54:01.116867512Z	79	PC: 12b2d \| Find next file (See above)
2018-12-25T11:54:01.119887591Z	79	PC: 12b2d \| Find next file (See above)
2018-12-25T11:54:01.12252073Z	59	PC: 12b39 \| Change current directory
2018-12-25T11:54:01.126852736Z	59	PC: 12b45 \| Change current directory
2018-12-25T11:54:01.12941408Z	44	PC: 12b49 \| Get time 0x12b49: cmp ch, 8 0x12b4c: je 0x12b53 0x12b4e: cmp ch, 0x14 0x12b51: jne 0x12b66 0x12b53: mov si, 0x253 0x12b56: mov cx, 0x17 0x12b59: xor byte ptr [si], 0x7a 0x12b5c: inc si 0x12b5d: loop 0x12b59 0x12b5f: mov dx, 0x253 0x12b62: mov ah, 9 0x12b64: int 0x21 0x12b66: mov ax, word ptr [0xb0] 0x12b69: mov si, 0xfb00 0x12b6c: push si 0x12b6d: push si 0x12b6e: mov di, 0x80 0x12b71: mov cx, 0x100 0x12b74: rep movsb byte ptr es:[di], byte ptr [si] 0x12b76: pop di
2018-12-25T11:54:01.132128643Z	9	PC: 12b66 \| Display string (String= '��᪨� - �� !!! ')
2018-12-25T11:54:01.136903237Z	9	PC: 12a85 \| Display string (String= ' ')
2018-12-25T11:54:01.14276736Z	0	PC: 12a89 \| Program terminate