Sample viewer

vx.netlux.org/Virus.DOS.Asahi.1061

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:38:54.670856939Z	221	PC: 12a45 \| UNKNOWN!
2018-12-17T22:38:54.67411472Z	72	PC: 12b2c \| Allocate memory
2018-12-17T22:38:54.675424306Z	44	PC: 12b7f \| Get time 0x12b7f: cmp ch, 0xd 0x12b82: je 0x12b89 0x12b84: cmp ch, 0x14 0x12b87: jne 0x12b8c 0x12b89: call 0x12ba5 0x12b8c: pop es 0x12b8d: ret 0x12b8e: cli 0x12b8f: xor cx, cx 0x12b91: mov es, cx 0x12b93: mov word ptr es:[0x84], 0x282 0x12b9a: mov cx, word ptr [0x2c1] 0x12b9e: mov word ptr es:[0x86], cx 0x12ba3: sti 0x12ba4: ret 0x12ba5: cli 0x12ba6: xor cx, cx 0x12ba8: mov es, cx 0x12baa: mov word ptr es:[0x20], 0x159 0x12bb1: mov cx, word ptr [0x2c1]
2018-12-17T22:38:54.677206744Z	9	PC: 12a51 \| Display string (String= 'This is a sample!')
2018-12-17T22:38:54.679488451Z	76	PC: 12a56 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6662,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:08.405924782Z	221	PC: 12a45 \| UNKNOWN!
2018-12-25T12:00:08.40791419Z	72	PC: 12b2c \| Allocate memory
2018-12-25T12:00:08.41022388Z	44	PC: 12b7f \| Get time 0x12b7f: cmp ch, 0xd 0x12b82: je 0x12b89 0x12b84: cmp ch, 0x14 0x12b87: jne 0x12b8c 0x12b89: call 0x12ba5 0x12b8c: pop es 0x12b8d: ret 0x12b8e: cli 0x12b8f: xor cx, cx 0x12b91: mov es, cx 0x12b93: mov word ptr es:[0x84], 0x282 0x12b9a: mov cx, word ptr [0x2c1] 0x12b9e: mov word ptr es:[0x86], cx 0x12ba3: sti 0x12ba4: ret 0x12ba5: cli 0x12ba6: xor cx, cx 0x12ba8: mov es, cx 0x12baa: mov word ptr es:[0x20], 0x159 0x12bb1: mov cx, word ptr [0x2c1]
2018-12-25T12:00:08.413265584Z	9	PC: 12a51 \| Display string (String= 'This is a sample!')
2018-12-25T12:00:08.416530692Z	76	PC: 12a56 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":13,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6662,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:08.41318468Z	221	PC: 12a45 \| UNKNOWN!
2018-12-25T12:00:08.414713071Z	72	PC: 12b2c \| Allocate memory
2018-12-25T12:00:08.416518043Z	44	PC: 12b7f \| Get time 0x12b7f: cmp ch, 0xd 0x12b82: je 0x12b89 0x12b84: cmp ch, 0x14 0x12b87: jne 0x12b8c 0x12b89: call 0x12ba5 0x12b8c: pop es 0x12b8d: ret 0x12b8e: cli 0x12b8f: xor cx, cx 0x12b91: mov es, cx 0x12b93: mov word ptr es:[0x84], 0x282 0x12b9a: mov cx, word ptr [0x2c1] 0x12b9e: mov word ptr es:[0x86], cx 0x12ba3: sti 0x12ba4: ret 0x12ba5: cli 0x12ba6: xor cx, cx 0x12ba8: mov es, cx 0x12baa: mov word ptr es:[0x20], 0x159 0x12bb1: mov cx, word ptr [0x2c1]
2018-12-25T12:00:08.419023075Z	9	PC: 12a51 \| Display string (String= 'This is a sample!')
2018-12-25T12:00:08.421902731Z	76	PC: 12a56 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":20,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6662,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:08.382278008Z	221	PC: 12a45 \| UNKNOWN!
2018-12-25T12:00:08.384208711Z	72	PC: 12b2c \| Allocate memory
2018-12-25T12:00:08.386763771Z	44	PC: 12b7f \| Get time 0x12b7f: cmp ch, 0xd 0x12b82: je 0x12b89 0x12b84: cmp ch, 0x14 0x12b87: jne 0x12b8c 0x12b89: call 0x12ba5 0x12b8c: pop es 0x12b8d: ret 0x12b8e: cli 0x12b8f: xor cx, cx 0x12b91: mov es, cx 0x12b93: mov word ptr es:[0x84], 0x282 0x12b9a: mov cx, word ptr [0x2c1] 0x12b9e: mov word ptr es:[0x86], cx 0x12ba3: sti 0x12ba4: ret 0x12ba5: cli 0x12ba6: xor cx, cx 0x12ba8: mov es, cx 0x12baa: mov word ptr es:[0x20], 0x159 0x12bb1: mov cx, word ptr [0x2c1]
2018-12-25T12:00:08.3903619Z	9	PC: 12a51 \| Display string (String= 'This is a sample!')
2018-12-25T12:00:08.394093958Z	76	PC: 12a56 \| Terminate with return code (Return code = '0')