Sample viewer

vx.netlux.org/Virus.DOS.KOV.Eddy.1316

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:34:51.152592918Z	42	PC: 12ed4 \| Get date 0x12ed4: cmp cx, 0x7cb 0x12ed8: jne 0x12ee5 0x12eda: cmp dh, 4 0x12edd: jne 0x12ee5 0x12edf: mov byte ptr cs:[si + 0x28f], 1 0x12ee5: mov al, 0xff 0x12ee7: mov ah, 0xf 0x12ee9: xchg al, ah 0x12eeb: nop 0x12eec: int 0x21 0x12eee: cmp ax, 0x101 0x12ef1: je 0x12f27 0x12ef3: mov ax, 0x3521 0x12ef6: nop 0x12ef7: int 0x21 0x12ef9: cmp word ptr es:[0xa], 0x4254 0x12f00: jne 0x12f0b 0x12f02: cmp word ptr es:[0xc], 0x5244 0x12f09: je 0x12f27 0x12f0b: cmp byte ptr es:[bx], 0xea
2018-12-17T22:34:51.155759122Z	255	PC: 12eee \| UNKNOWN!
2018-12-17T22:34:51.15651805Z	53	PC: 12ef9 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:34:51.157678824Z	240	PC: 12f25 \| UNKNOWN!
2018-12-17T22:34:51.158913025Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":4,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6243,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:58.280849981Z	42	PC: 12ed4 \| Get date 0x12ed4: cmp cx, 0x7cb 0x12ed8: jne 0x12ee5 0x12eda: cmp dh, 4 0x12edd: jne 0x12ee5 0x12edf: mov byte ptr cs:[si + 0x28f], 1 0x12ee5: mov al, 0xff 0x12ee7: mov ah, 0xf 0x12ee9: xchg al, ah 0x12eeb: nop 0x12eec: int 0x21 0x12eee: cmp ax, 0x101 0x12ef1: je 0x12f27 0x12ef3: mov ax, 0x3521 0x12ef6: nop 0x12ef7: int 0x21 0x12ef9: cmp word ptr es:[0xa], 0x4254 0x12f00: jne 0x12f0b 0x12f02: cmp word ptr es:[0xc], 0x5244 0x12f09: je 0x12f27 0x12f0b: cmp byte ptr es:[bx], 0xea
2018-12-25T11:58:58.287620356Z	255	PC: 12eee \| UNKNOWN!
2018-12-25T11:58:58.288284447Z	53	PC: 12ef9 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:58.289283075Z	240	PC: 12f25 \| UNKNOWN!
2018-12-25T11:58:58.296172568Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6243,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:58.437322623Z	42	PC: 12ed4 \| Get date 0x12ed4: cmp cx, 0x7cb 0x12ed8: jne 0x12ee5 0x12eda: cmp dh, 4 0x12edd: jne 0x12ee5 0x12edf: mov byte ptr cs:[si + 0x28f], 1 0x12ee5: mov al, 0xff 0x12ee7: mov ah, 0xf 0x12ee9: xchg al, ah 0x12eeb: nop 0x12eec: int 0x21 0x12eee: cmp ax, 0x101 0x12ef1: je 0x12f27 0x12ef3: mov ax, 0x3521 0x12ef6: nop 0x12ef7: int 0x21 0x12ef9: cmp word ptr es:[0xa], 0x4254 0x12f00: jne 0x12f0b 0x12f02: cmp word ptr es:[0xc], 0x5244 0x12f09: je 0x12f27 0x12f0b: cmp byte ptr es:[bx], 0xea
2018-12-25T11:58:58.439331716Z	255	PC: 12eee \| UNKNOWN!
2018-12-25T11:58:58.440327037Z	53	PC: 12ef9 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:58.44142356Z	240	PC: 12f25 \| UNKNOWN!
2018-12-25T11:58:58.443222047Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6243,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:58.459949296Z	42	PC: 12ed4 \| Get date 0x12ed4: cmp cx, 0x7cb 0x12ed8: jne 0x12ee5 0x12eda: cmp dh, 4 0x12edd: jne 0x12ee5 0x12edf: mov byte ptr cs:[si + 0x28f], 1 0x12ee5: mov al, 0xff 0x12ee7: mov ah, 0xf 0x12ee9: xchg al, ah 0x12eeb: nop 0x12eec: int 0x21 0x12eee: cmp ax, 0x101 0x12ef1: je 0x12f27 0x12ef3: mov ax, 0x3521 0x12ef6: nop 0x12ef7: int 0x21 0x12ef9: cmp word ptr es:[0xa], 0x4254 0x12f00: jne 0x12f0b 0x12f02: cmp word ptr es:[0xc], 0x5244 0x12f09: je 0x12f27 0x12f0b: cmp byte ptr es:[bx], 0xea
2018-12-25T11:58:58.462138185Z	255	PC: 12eee \| UNKNOWN!
2018-12-25T11:58:58.463132161Z	53	PC: 12ef9 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:58.464265835Z	240	PC: 12f25 \| UNKNOWN!
2018-12-25T11:58:58.465321487Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')