Sample viewer

vx.netlux.org/Virus.DOS.LaDiosa.2361

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:35:22.813483657Z	58	PC: 12a5f \| Remove subdirectory
2018-12-17T22:35:22.819065445Z	53	PC: 12a6b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:35:22.821198664Z	74	PC: 12a88 \| Reallocate memory
2018-12-17T22:35:22.822910616Z	72	PC: 12a8f \| Allocate memory
2018-12-17T22:35:22.82481048Z	37	PC: 12ab5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:35:22.835783287Z	42	PC: 12ac0 \| Get date 0x12ac0: cmp dh, 5 0x12ac3: jne 0x12ad5 0x12ac5: cmp dl, 5 0x12ac8: jne 0x12ad5 0x12aca: mov ax, 0x900 0x12acd: lea dx, word ptr [bp + 0x8b9] 0x12ad1: int 0x21 0x12ad3: jmp 0x12ad3 0x12ad5: pop es 0x12ad6: pop ds 0x12ad7: mov ax, ds 0x12ad9: add ax, word ptr cs:[bp + 0x89b] 0x12ade: add ax, 0x10 0x12ae1: cli 0x12ae2: mov ss, ax 0x12ae4: mov sp, word ptr cs:[bp + 0x89d] 0x12ae9: sti 0x12aea: mov ax, ds 0x12aec: add ax, word ptr cs:[bp + 0x8a3] 0x12af1: add ax, 0x10
2018-12-17T22:35:22.838457122Z	9	PC: 13386 \| Display string (String= '��P�� ((002��HHHHHHHHHHHHHH: �@Virus LA DIOSA ,dedicado a ANRUELO virus demostraci�n del NEP ..... ....Virus LA DIOSA por nIgrOmAntE 1998. (VALENCIA)')
2018-12-17T22:35:22.842587512Z	76	PC: 1338e \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6369,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:14.017216903Z	58	PC: 12a5f \| Remove subdirectory
2018-12-25T11:59:14.022173991Z	53	PC: 12a6b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:14.023379225Z	74	PC: 12a88 \| Reallocate memory
2018-12-25T11:59:14.024886386Z	72	PC: 12a8f \| Allocate memory
2018-12-25T11:59:14.028064368Z	37	PC: 12ab5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:14.029517409Z	42	PC: 12ac0 \| Get date 0x12ac0: cmp dh, 5 0x12ac3: jne 0x12ad5 0x12ac5: cmp dl, 5 0x12ac8: jne 0x12ad5 0x12aca: mov ax, 0x900 0x12acd: lea dx, word ptr [bp + 0x8b9] 0x12ad1: int 0x21 0x12ad3: jmp 0x12ad3 0x12ad5: pop es 0x12ad6: pop ds 0x12ad7: mov ax, ds 0x12ad9: add ax, word ptr cs:[bp + 0x89b] 0x12ade: add ax, 0x10 0x12ae1: cli 0x12ae2: mov ss, ax 0x12ae4: mov sp, word ptr cs:[bp + 0x89d] 0x12ae9: sti 0x12aea: mov ax, ds 0x12aec: add ax, word ptr cs:[bp + 0x8a3] 0x12af1: add ax, 0x10
2018-12-25T11:59:14.032019918Z	9	PC: 13386 \| Display string (String= '��P�� ((002��HHHHHHHHHHHHHH: �@Virus LA DIOSA ,dedicado a ANRUELO virus demostraci�n del NEP ..... ....Virus LA DIOSA por nIgrOmAntE 1998. (VALENCIA)')
2018-12-25T11:59:14.036667805Z	76	PC: 1338e \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6369,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:14.21738048Z	58	PC: 12a5f \| Remove subdirectory
2018-12-25T11:59:14.222639569Z	53	PC: 12a6b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:14.224591085Z	74	PC: 12a88 \| Reallocate memory
2018-12-25T11:59:14.226634495Z	72	PC: 12a8f \| Allocate memory
2018-12-25T11:59:14.228982836Z	37	PC: 12ab5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:14.231425702Z	42	PC: 12ac0 \| Get date 0x12ac0: cmp dh, 5 0x12ac3: jne 0x12ad5 0x12ac5: cmp dl, 5 0x12ac8: jne 0x12ad5 0x12aca: mov ax, 0x900 0x12acd: lea dx, word ptr [bp + 0x8b9] 0x12ad1: int 0x21 0x12ad3: jmp 0x12ad3 0x12ad5: pop es 0x12ad6: pop ds 0x12ad7: mov ax, ds 0x12ad9: add ax, word ptr cs:[bp + 0x89b] 0x12ade: add ax, 0x10 0x12ae1: cli 0x12ae2: mov ss, ax 0x12ae4: mov sp, word ptr cs:[bp + 0x89d] 0x12ae9: sti 0x12aea: mov ax, ds 0x12aec: add ax, word ptr cs:[bp + 0x8a3] 0x12af1: add ax, 0x10
2018-12-25T11:59:14.233885205Z	9	PC: 13386 \| Display string (String= '��P�� ((002��HHHHHHHHHHHHHH: �@Virus LA DIOSA ,dedicado a ANRUELO virus demostraci�n del NEP ..... ....Virus LA DIOSA por nIgrOmAntE 1998. (VALENCIA)')
2018-12-25T11:59:14.237891796Z	76	PC: 1338e \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":5,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6369,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:14.559982279Z	58	PC: 12a5f \| Remove subdirectory
2018-12-25T11:59:14.565508712Z	53	PC: 12a6b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:14.568157051Z	74	PC: 12a88 \| Reallocate memory
2018-12-25T11:59:14.570092927Z	72	PC: 12a8f \| Allocate memory
2018-12-25T11:59:14.57232153Z	37	PC: 12ab5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:14.576507361Z	42	PC: 12ac0 \| Get date 0x12ac0: cmp dh, 5 0x12ac3: jne 0x12ad5 0x12ac5: cmp dl, 5 0x12ac8: jne 0x12ad5 0x12aca: mov ax, 0x900 0x12acd: lea dx, word ptr [bp + 0x8b9] 0x12ad1: int 0x21 0x12ad3: jmp 0x12ad3 0x12ad5: pop es 0x12ad6: pop ds 0x12ad7: mov ax, ds 0x12ad9: add ax, word ptr cs:[bp + 0x89b] 0x12ade: add ax, 0x10 0x12ae1: cli 0x12ae2: mov ss, ax 0x12ae4: mov sp, word ptr cs:[bp + 0x89d] 0x12ae9: sti 0x12aea: mov ax, ds 0x12aec: add ax, word ptr cs:[bp + 0x8a3] 0x12af1: add ax, 0x10
2018-12-25T11:59:14.579364566Z	9	PC: 12ad3 \| Display string (Could not find end pointer)