Sample viewer

vx.netlux.org/Virus.DOS.Corea.Nambul.1480

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:31:12.405902188Z	44	PC: 12aad \| Get time 0x12aad: mov byte ptr ds:[bp + 0x111], dl 0x12ab2: mov byte ptr ds:[bp + 0x10f], dl 0x12ab7: mov byte ptr ds:[bp + 0x106], dl 0x12abc: mov byte ptr ds:[bp + 0x107], dl 0x12ac1: mov byte ptr ds:[bp + 0x108], dl 0x12ac6: mov byte ptr ds:[bp + 0x109], dl 0x12acb: mov byte ptr ds:[bp + 0x10a], dl 0x12ad0: mov byte ptr ds:[bp + 0x10b], dl 0x12ad5: mov byte ptr ds:[bp + 0x10c], dl 0x12ada: lea si, word ptr [bp + 0x64d] 0x12ade: mov cx, 0x5c8 0x12ae1: mov al, byte ptr ds:[bp + 0x5aa] 0x12ae6: xor byte ptr ds:[bp + 0x64b], 0x14 0x12aec: xor byte ptr [si], al 0x12aee: inc si 0x12aef: loop 0x12aec 0x12af1: mov ah, 0x4e 0x12af3: lea dx, word ptr [bp + 0x695] 0x12af7: mov cx, 0 0x12afa: int 0x21
2018-12-17T22:31:12.409173183Z	78	PC: 12afc \| Find first file
2018-12-17T22:31:12.41503542Z	48	PC: 12b19 \| Get DOS version
2018-12-17T22:31:12.416455734Z	53	PC: 12b28 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:31:12.418483946Z	9	PC: 12a47 \| Display string (String= 'IYAGI 7.5 Crack Made By S.K [ ^ ^ ; ] ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5572,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:54.174664654Z	44	PC: 12aad \| Get time 0x12aad: mov byte ptr ds:[bp + 0x111], dl 0x12ab2: mov byte ptr ds:[bp + 0x10f], dl 0x12ab7: mov byte ptr ds:[bp + 0x106], dl 0x12abc: mov byte ptr ds:[bp + 0x107], dl 0x12ac1: mov byte ptr ds:[bp + 0x108], dl 0x12ac6: mov byte ptr ds:[bp + 0x109], dl 0x12acb: mov byte ptr ds:[bp + 0x10a], dl 0x12ad0: mov byte ptr ds:[bp + 0x10b], dl 0x12ad5: mov byte ptr ds:[bp + 0x10c], dl 0x12ada: lea si, word ptr [bp + 0x64d] 0x12ade: mov cx, 0x5c8 0x12ae1: mov al, byte ptr ds:[bp + 0x5aa] 0x12ae6: xor byte ptr ds:[bp + 0x64b], 0x14 0x12aec: xor byte ptr [si], al 0x12aee: inc si 0x12aef: loop 0x12aec 0x12af1: mov ah, 0x4e 0x12af3: lea dx, word ptr [bp + 0x695] 0x12af7: mov cx, 0 0x12afa: int 0x21
2018-12-25T11:54:54.178069544Z	78	PC: 12afc \| Find first file
2018-12-25T11:54:54.182700015Z	48	PC: 12b19 \| Get DOS version
2018-12-25T11:54:54.183791455Z	53	PC: 12b28 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:54.185620952Z	9	PC: 12a47 \| Display string (String= 'IYAGI 7.5 Crack Made By S.K [ ^ ^ ; ] ')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5572,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:54.335236994Z	44	PC: 12aad \| Get time 0x12aad: mov byte ptr ds:[bp + 0x111], dl 0x12ab2: mov byte ptr ds:[bp + 0x10f], dl 0x12ab7: mov byte ptr ds:[bp + 0x106], dl 0x12abc: mov byte ptr ds:[bp + 0x107], dl 0x12ac1: mov byte ptr ds:[bp + 0x108], dl 0x12ac6: mov byte ptr ds:[bp + 0x109], dl 0x12acb: mov byte ptr ds:[bp + 0x10a], dl 0x12ad0: mov byte ptr ds:[bp + 0x10b], dl 0x12ad5: mov byte ptr ds:[bp + 0x10c], dl 0x12ada: lea si, word ptr [bp + 0x64d] 0x12ade: mov cx, 0x5c8 0x12ae1: mov al, byte ptr ds:[bp + 0x5aa] 0x12ae6: xor byte ptr ds:[bp + 0x64b], 0x14 0x12aec: xor byte ptr [si], al 0x12aee: inc si 0x12aef: loop 0x12aec 0x12af1: mov ah, 0x4e 0x12af3: lea dx, word ptr [bp + 0x695] 0x12af7: mov cx, 0 0x12afa: int 0x21
2018-12-25T11:54:54.338869236Z	78	PC: 12afc \| Find first file
2018-12-25T11:54:54.344014177Z	48	PC: 12b19 \| Get DOS version
2018-12-25T11:54:54.34561916Z	53	PC: 12b28 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:54.347813151Z	9	PC: 12a47 \| Display string (String= 'IYAGI 7.5 Crack Made By S.K [ ^ ^ ; ] ')

{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5572,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:54.858601037Z	44	PC: 12aad \| Get time 0x12aad: mov byte ptr ds:[bp + 0x111], dl 0x12ab2: mov byte ptr ds:[bp + 0x10f], dl 0x12ab7: mov byte ptr ds:[bp + 0x106], dl 0x12abc: mov byte ptr ds:[bp + 0x107], dl 0x12ac1: mov byte ptr ds:[bp + 0x108], dl 0x12ac6: mov byte ptr ds:[bp + 0x109], dl 0x12acb: mov byte ptr ds:[bp + 0x10a], dl 0x12ad0: mov byte ptr ds:[bp + 0x10b], dl 0x12ad5: mov byte ptr ds:[bp + 0x10c], dl 0x12ada: lea si, word ptr [bp + 0x64d] 0x12ade: mov cx, 0x5c8 0x12ae1: mov al, byte ptr ds:[bp + 0x5aa] 0x12ae6: xor byte ptr ds:[bp + 0x64b], 0x14 0x12aec: xor byte ptr [si], al 0x12aee: inc si 0x12aef: loop 0x12aec 0x12af1: mov ah, 0x4e 0x12af3: lea dx, word ptr [bp + 0x695] 0x12af7: mov cx, 0 0x12afa: int 0x21
2018-12-25T11:54:54.861777041Z	78	PC: 12afc \| Find first file
2018-12-25T11:54:54.86587732Z	48	PC: 12b19 \| Get DOS version
2018-12-25T11:54:54.866912329Z	53	PC: 12b28 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:54.869304702Z	9	PC: 12a47 \| Display string (String= 'IYAGI 7.5 Crack Made By S.K [ ^ ^ ; ] ')

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5572,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:55.536481308Z	44	PC: 12aad \| Get time 0x12aad: mov byte ptr ds:[bp + 0x111], dl 0x12ab2: mov byte ptr ds:[bp + 0x10f], dl 0x12ab7: mov byte ptr ds:[bp + 0x106], dl 0x12abc: mov byte ptr ds:[bp + 0x107], dl 0x12ac1: mov byte ptr ds:[bp + 0x108], dl 0x12ac6: mov byte ptr ds:[bp + 0x109], dl 0x12acb: mov byte ptr ds:[bp + 0x10a], dl 0x12ad0: mov byte ptr ds:[bp + 0x10b], dl 0x12ad5: mov byte ptr ds:[bp + 0x10c], dl 0x12ada: lea si, word ptr [bp + 0x64d] 0x12ade: mov cx, 0x5c8 0x12ae1: mov al, byte ptr ds:[bp + 0x5aa] 0x12ae6: xor byte ptr ds:[bp + 0x64b], 0x14 0x12aec: xor byte ptr [si], al 0x12aee: inc si 0x12aef: loop 0x12aec 0x12af1: mov ah, 0x4e 0x12af3: lea dx, word ptr [bp + 0x695] 0x12af7: mov cx, 0 0x12afa: int 0x21
2018-12-25T11:54:55.539899981Z	78	PC: 12afc \| Find first file
2018-12-25T11:54:55.544281278Z	48	PC: 12b19 \| Get DOS version
2018-12-25T11:54:55.545616536Z	53	PC: 12b28 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:55.54734201Z	9	PC: 12a47 \| Display string (String= 'IYAGI 7.5 Crack Made By S.K [ ^ ^ ; ] ')

{"DateBased":true,"Day":5,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5572,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:55.610639554Z	44	PC: 12aad \| Get time 0x12aad: mov byte ptr ds:[bp + 0x111], dl 0x12ab2: mov byte ptr ds:[bp + 0x10f], dl 0x12ab7: mov byte ptr ds:[bp + 0x106], dl 0x12abc: mov byte ptr ds:[bp + 0x107], dl 0x12ac1: mov byte ptr ds:[bp + 0x108], dl 0x12ac6: mov byte ptr ds:[bp + 0x109], dl 0x12acb: mov byte ptr ds:[bp + 0x10a], dl 0x12ad0: mov byte ptr ds:[bp + 0x10b], dl 0x12ad5: mov byte ptr ds:[bp + 0x10c], dl 0x12ada: lea si, word ptr [bp + 0x64d] 0x12ade: mov cx, 0x5c8 0x12ae1: mov al, byte ptr ds:[bp + 0x5aa] 0x12ae6: xor byte ptr ds:[bp + 0x64b], 0x14 0x12aec: xor byte ptr [si], al 0x12aee: inc si 0x12aef: loop 0x12aec 0x12af1: mov ah, 0x4e 0x12af3: lea dx, word ptr [bp + 0x695] 0x12af7: mov cx, 0 0x12afa: int 0x21
2018-12-25T11:54:55.613884705Z	78	PC: 12afc \| Find first file
2018-12-25T11:54:55.617966058Z	48	PC: 12b19 \| Get DOS version
2018-12-25T11:54:55.618938063Z	53	PC: 12b28 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:55.622361609Z	9	PC: 12a47 \| Display string (String= 'IYAGI 7.5 Crack Made By S.K [ ^ ^ ; ] ')

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5572,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:57.132344872Z	44	PC: 12aad \| Get time 0x12aad: mov byte ptr ds:[bp + 0x111], dl 0x12ab2: mov byte ptr ds:[bp + 0x10f], dl 0x12ab7: mov byte ptr ds:[bp + 0x106], dl 0x12abc: mov byte ptr ds:[bp + 0x107], dl 0x12ac1: mov byte ptr ds:[bp + 0x108], dl 0x12ac6: mov byte ptr ds:[bp + 0x109], dl 0x12acb: mov byte ptr ds:[bp + 0x10a], dl 0x12ad0: mov byte ptr ds:[bp + 0x10b], dl 0x12ad5: mov byte ptr ds:[bp + 0x10c], dl 0x12ada: lea si, word ptr [bp + 0x64d] 0x12ade: mov cx, 0x5c8 0x12ae1: mov al, byte ptr ds:[bp + 0x5aa] 0x12ae6: xor byte ptr ds:[bp + 0x64b], 0x14 0x12aec: xor byte ptr [si], al 0x12aee: inc si 0x12aef: loop 0x12aec 0x12af1: mov ah, 0x4e 0x12af3: lea dx, word ptr [bp + 0x695] 0x12af7: mov cx, 0 0x12afa: int 0x21
2018-12-25T11:54:57.135110414Z	78	PC: 12afc \| Find first file
2018-12-25T11:54:57.140744734Z	48	PC: 12b19 \| Get DOS version
2018-12-25T11:54:57.142134944Z	53	PC: 12b28 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:57.143657845Z	9	PC: 12a47 \| Display string (String= 'IYAGI 7.5 Crack Made By S.K [ ^ ^ ; ] ')

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5572,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:58.499447276Z	44	PC: 12aad \| Get time 0x12aad: mov byte ptr ds:[bp + 0x111], dl 0x12ab2: mov byte ptr ds:[bp + 0x10f], dl 0x12ab7: mov byte ptr ds:[bp + 0x106], dl 0x12abc: mov byte ptr ds:[bp + 0x107], dl 0x12ac1: mov byte ptr ds:[bp + 0x108], dl 0x12ac6: mov byte ptr ds:[bp + 0x109], dl 0x12acb: mov byte ptr ds:[bp + 0x10a], dl 0x12ad0: mov byte ptr ds:[bp + 0x10b], dl 0x12ad5: mov byte ptr ds:[bp + 0x10c], dl 0x12ada: lea si, word ptr [bp + 0x64d] 0x12ade: mov cx, 0x5c8 0x12ae1: mov al, byte ptr ds:[bp + 0x5aa] 0x12ae6: xor byte ptr ds:[bp + 0x64b], 0x14 0x12aec: xor byte ptr [si], al 0x12aee: inc si 0x12aef: loop 0x12aec 0x12af1: mov ah, 0x4e 0x12af3: lea dx, word ptr [bp + 0x695] 0x12af7: mov cx, 0 0x12afa: int 0x21
2018-12-25T11:54:58.502756138Z	78	PC: 12afc \| Find first file
2018-12-25T11:54:58.507009468Z	48	PC: 12b19 \| Get DOS version
2018-12-25T11:54:58.508337976Z	53	PC: 12b28 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:58.510450344Z	9	PC: 12a47 \| Display string (String= 'IYAGI 7.5 Crack Made By S.K [ ^ ^ ; ] ')