Sample viewer

vx.netlux.org/Virus.DOS.Aref.890

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:31:27.915835869Z 153 PC: 13ebc | UNKNOWN!
2018-12-17T22:31:27.917223463Z 42 PC: 13f1d | Get date 0x13f1d: cmp al, 4
0x13f1f: jne 0x13f40
0x13f21: mov bx, word ptr [0x70]
0x13f25: mov word ptr es:[0x34c], bx
0x13f2a: mov bx, word ptr [0x72]
0x13f2e: mov word ptr es:[0x34e], bx
0x13f33: mov word ptr [0x70], 0x3d
0x13f39: mov word ptr [0x72], es
0x13f3d: call 0x23c6b
0x13f40: pop ds
0x13f41: pop es
0x13f42: mov al, byte ptr cs:[bp + 0x355]
0x13f47: cmp al, 2
0x13f49: je 0x13f7a
0x13f4b: mov ax, ds
0x13f4d: mov si, es
0x13f4f: add ax, 0x10
0x13f52: add word ptr cs:[bp + 0x334], ax
0x13f57: add ax, word ptr cs:[bp + 0x336]
0x13f5c: cli
2018-12-17T22:31:27.919620844Z 9 PC: 12a5c | Display string (Could not find end pointer)
2018-12-17T22:31:27.924978353Z 76 PC: 12a61 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5619,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:00.393585038Z 153 PC: 13ebc | UNKNOWN!
2018-12-25T11:55:00.394909893Z 42 PC: 13f1d | Get date 0x13f1d: cmp al, 4
0x13f1f: jne 0x13f40
0x13f21: mov bx, word ptr [0x70]
0x13f25: mov word ptr es:[0x34c], bx
0x13f2a: mov bx, word ptr [0x72]
0x13f2e: mov word ptr es:[0x34e], bx
0x13f33: mov word ptr [0x70], 0x3d
0x13f39: mov word ptr [0x72], es
0x13f3d: call 0x23c6b
0x13f40: pop ds
0x13f41: pop es
0x13f42: mov al, byte ptr cs:[bp + 0x355]
0x13f47: cmp al, 2
0x13f49: je 0x13f7a
0x13f4b: mov ax, ds
0x13f4d: mov si, es
0x13f4f: add ax, 0x10
0x13f52: add word ptr cs:[bp + 0x334], ax
0x13f57: add ax, word ptr cs:[bp + 0x336]
0x13f5c: cli
2018-12-25T11:55:00.398759854Z 9 PC: 12a5c | Display string (Could not find end pointer)
2018-12-25T11:55:00.405669262Z 76 PC: 12a61 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5619,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:00.58702783Z 153 PC: 13ebc | UNKNOWN!
2018-12-25T11:55:00.58921041Z 42 PC: 13f1d | Get date 0x13f1d: cmp al, 4
0x13f1f: jne 0x13f40
0x13f21: mov bx, word ptr [0x70]
0x13f25: mov word ptr es:[0x34c], bx
0x13f2a: mov bx, word ptr [0x72]
0x13f2e: mov word ptr es:[0x34e], bx
0x13f33: mov word ptr [0x70], 0x3d
0x13f39: mov word ptr [0x72], es
0x13f3d: call 0x23c6b
0x13f40: pop ds
0x13f41: pop es
0x13f42: mov al, byte ptr cs:[bp + 0x355]
0x13f47: cmp al, 2
0x13f49: je 0x13f7a
0x13f4b: mov ax, ds
0x13f4d: mov si, es
0x13f4f: add ax, 0x10
0x13f52: add word ptr cs:[bp + 0x334], ax
0x13f57: add ax, word ptr cs:[bp + 0x336]
0x13f5c: cli
2018-12-25T11:55:00.591959203Z 9 PC: 12a5c | Display string (Could not find end pointer)
2018-12-25T11:55:00.597332168Z 76 PC: 12a61 | Terminate with return code (Return code = '0')