Sample viewer

vx.netlux.org/Virus.DOS.Nado.Rabin.807.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:55:06.058930718Z 136 PC: 12b62 | UNKNOWN!
2018-12-17T21:55:06.061008999Z 74 PC: 12b6f | Reallocate memory
2018-12-17T21:55:06.063482683Z 74 PC: 12b77 | Reallocate memory
2018-12-17T21:55:06.065258204Z 72 PC: 12b7e | Allocate memory
2018-12-17T21:55:06.067950354Z 44 PC: 12ba3 | Get time 0x12ba3: cmp cl, 0xa
0x12ba6: jbe 0x12bce
0x12ba8: cmp cl, 0x37
0x12bab: jge 0x12bad
0x12bad: xor ax, ax
0x12baf: mov ds, ax
0x12bb1: push ds
0x12bb2: lds ax, ptr [0x98]
0x12bb6: mov word ptr es:[0x2fb], ax
0x12bba: mov word ptr es:[0x2fd], ds
0x12bbf: pop ds
0x12bc0: mov word ptr [0x98], 0x29a
0x12bc6: mov bx, es
0x12bc8: mov word ptr [0x9a], bx
0x12bcc: jmp 0x12bed
0x12bce: xor ax, ax
0x12bd0: mov ds, ax
0x12bd2: push ds
0x12bd3: lds ax, ptr [0x24]
0x12bd7: mov word ptr es:[0x2f3], ax
2018-12-17T21:55:06.076877464Z 76 PC: 12a5b | Terminate with return code (Return code = '1')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":552,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:20.328905454Z 136 PC: 12b62 | UNKNOWN!
2018-12-25T11:41:20.330445978Z 74 PC: 12b6f | Reallocate memory
2018-12-25T11:41:20.332764439Z 74 PC: 12b77 | Reallocate memory
2018-12-25T11:41:20.334587362Z 72 PC: 12b7e | Allocate memory
2018-12-25T11:41:20.33662009Z 44 PC: 12ba3 | Get time 0x12ba3: cmp cl, 0xa
0x12ba6: jbe 0x12bce
0x12ba8: cmp cl, 0x37
0x12bab: jge 0x12bad
0x12bad: xor ax, ax
0x12baf: mov ds, ax
0x12bb1: push ds
0x12bb2: lds ax, ptr [0x98]
0x12bb6: mov word ptr es:[0x2fb], ax
0x12bba: mov word ptr es:[0x2fd], ds
0x12bbf: pop ds
0x12bc0: mov word ptr [0x98], 0x29a
0x12bc6: mov bx, es
0x12bc8: mov word ptr [0x9a], bx
0x12bcc: jmp 0x12bed
0x12bce: xor ax, ax
0x12bd0: mov ds, ax
0x12bd2: push ds
0x12bd3: lds ax, ptr [0x24]
0x12bd7: mov word ptr es:[0x2f3], ax
2018-12-25T11:41:20.348967874Z 76 PC: 12a5b | Terminate with return code (Return code = '1')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":10,"Second":0,"TimeBased":true,"OriginalID":552,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:20.354647525Z 136 PC: 12b62 | UNKNOWN!
2018-12-25T11:41:20.355853437Z 74 PC: 12b6f | Reallocate memory
2018-12-25T11:41:20.357799352Z 74 PC: 12b77 | Reallocate memory
2018-12-25T11:41:20.359157711Z 72 PC: 12b7e | Allocate memory
2018-12-25T11:41:20.360746865Z 44 PC: 12ba3 | Get time 0x12ba3: cmp cl, 0xa
0x12ba6: jbe 0x12bce
0x12ba8: cmp cl, 0x37
0x12bab: jge 0x12bad
0x12bad: xor ax, ax
0x12baf: mov ds, ax
0x12bb1: push ds
0x12bb2: lds ax, ptr [0x98]
0x12bb6: mov word ptr es:[0x2fb], ax
0x12bba: mov word ptr es:[0x2fd], ds
0x12bbf: pop ds
0x12bc0: mov word ptr [0x98], 0x29a
0x12bc6: mov bx, es
0x12bc8: mov word ptr [0x9a], bx
0x12bcc: jmp 0x12bed
0x12bce: xor ax, ax
0x12bd0: mov ds, ax
0x12bd2: push ds
0x12bd3: lds ax, ptr [0x24]
0x12bd7: mov word ptr es:[0x2f3], ax
2018-12-25T11:41:20.363693007Z 76 PC: 12a5b | Terminate with return code (Return code = '1')