Sample viewer

vx.netlux.org/Virus.DOS.Virogen.Drunk.2117

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:38:33.838758833Z 250 PC: 12c04 | UNKNOWN!
2018-12-17T22:38:33.841004952Z 42 PC: 12c0c | Get date 0x12c0c: cmp dl, 0xf
0x12c0f: jne 0x12c18
0x12c11: mov byte ptr cs:[bp + 0x6a8], 1
0x12c17: nop
0x12c18: mov ax, es
0x12c1a: dec ax
0x12c1b: mov ds, ax
0x12c1d: cmp byte ptr [0], 0x5a
0x12c22: jne 0x12c69
0x12c24: sub word ptr [3], 0x180
0x12c2a: sub word ptr [0x12], 0x180
0x12c30: mov es, word ptr [0x12]
0x12c34: push cs
0x12c35: pop ds
0x12c36: mov si, bp
0x12c38: mov cx, 0x41f
0x12c3b: xor di, di
0x12c3d: rep movsd dword ptr es:[di], dword ptr [si]
0x12c3f: xor ax, ax
0x12c41: mov ds, ax
2018-12-17T22:38:33.84508688Z 44 PC: 1305a | Get time 0x1305a: ret
0x1305b: inc bx
0x1305c: dec ax
0x1305d: dec bx
0x1305e: dec sp
0x1305f: dec cx
0x13060: push bx
0x13061: push sp
0x13062: dec bp
0x13064: push bx
0x13065: add byte ptr [bp + di + 0x48], al
0x13068: dec bx
0x13069: dec sp
0x1306a: dec cx
0x1306b: push bx
0x1306c: push sp
0x1306d: inc bx
0x1306f: push ax
0x13070: push bx
0x13071: add byte ptr [bx + di + 0x4e], al
2018-12-17T22:38:33.848074793Z 76 PC: 12a45 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6618,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:01.479741751Z 250 PC: 12c04 | UNKNOWN!
2018-12-25T12:00:01.48089034Z 42 PC: 12c0c | Get date 0x12c0c: cmp dl, 0xf
0x12c0f: jne 0x12c18
0x12c11: mov byte ptr cs:[bp + 0x6a8], 1
0x12c17: nop
0x12c18: mov ax, es
0x12c1a: dec ax
0x12c1b: mov ds, ax
0x12c1d: cmp byte ptr [0], 0x5a
0x12c22: jne 0x12c69
0x12c24: sub word ptr [3], 0x180
0x12c2a: sub word ptr [0x12], 0x180
0x12c30: mov es, word ptr [0x12]
0x12c34: push cs
0x12c35: pop ds
0x12c36: mov si, bp
0x12c38: mov cx, 0x41f
0x12c3b: xor di, di
0x12c3d: rep movsd dword ptr es:[di], dword ptr [si]
0x12c3f: xor ax, ax
0x12c41: mov ds, ax
2018-12-25T12:00:01.483166388Z 44 PC: 1305a | Get time 0x1305a: ret
0x1305b: inc bx
0x1305c: dec ax
0x1305d: dec bx
0x1305e: dec sp
0x1305f: dec cx
0x13060: push bx
0x13061: push sp
0x13062: dec bp
0x13064: push bx
0x13065: add byte ptr [bp + di + 0x48], al
0x13068: dec bx
0x13069: dec sp
0x1306a: dec cx
0x1306b: push bx
0x1306c: push sp
0x1306d: inc bx
0x1306f: push ax
0x13070: push bx
0x13071: add byte ptr [bx + di + 0x4e], al
2018-12-25T12:00:01.485294023Z 76 PC: 12a45 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":15,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6618,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:01.647010042Z 250 PC: 12c04 | UNKNOWN!
2018-12-25T12:00:01.648765172Z 42 PC: 12c0c | Get date 0x12c0c: cmp dl, 0xf
0x12c0f: jne 0x12c18
0x12c11: mov byte ptr cs:[bp + 0x6a8], 1
0x12c17: nop
0x12c18: mov ax, es
0x12c1a: dec ax
0x12c1b: mov ds, ax
0x12c1d: cmp byte ptr [0], 0x5a
0x12c22: jne 0x12c69
0x12c24: sub word ptr [3], 0x180
0x12c2a: sub word ptr [0x12], 0x180
0x12c30: mov es, word ptr [0x12]
0x12c34: push cs
0x12c35: pop ds
0x12c36: mov si, bp
0x12c38: mov cx, 0x41f
0x12c3b: xor di, di
0x12c3d: rep movsd dword ptr es:[di], dword ptr [si]
0x12c3f: xor ax, ax
0x12c41: mov ds, ax
2018-12-25T12:00:01.651749172Z 44 PC: 1305a | Get time 0x1305a: ret
0x1305b: inc bx
0x1305c: dec ax
0x1305d: dec bx
0x1305e: dec sp
0x1305f: dec cx
0x13060: push bx
0x13061: push sp
0x13062: dec bp
0x13064: push bx
0x13065: add byte ptr [bp + di + 0x48], al
0x13068: dec bx
0x13069: dec sp
0x1306a: dec cx
0x1306b: push bx
0x1306c: push sp
0x1306d: inc bx
0x1306f: push ax
0x13070: push bx
0x13071: add byte ptr [bx + di + 0x4e], al
2018-12-25T12:00:01.654672784Z 76 PC: 12a45 | Terminate with return code (Return code = '0')