Sample viewer

vx.netlux.org/Virus.DOS.Eliza.1282

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:42:59.730969254Z	42	PC: 12a69 \| Get date 0x12a69: cmp dl, 0xd 0x12a6c: jne 0x12a77 0x12a6e: cmp al, 5 0x12a70: jne 0x12a77 0x12a72: mov byte ptr [0x5be], 1 0x12a77: mov al, dh 0x12a79: mov ah, 0 0x12a7b: mov dh, 0 0x12a7d: add ax, dx 0x12a7f: mov dl, byte ptr [0x5ba] 0x12a83: mov bx, dx 0x12a85: cdq 0x12a86: idiv bx 0x12a88: or dx, dx 0x12a8a: jne 0x12a97 0x12a8c: cmp cx, 0x7c6 0x12a90: jbe 0x12a97 0x12a92: mov ax, 1 0x12a95: jmp 0x12a99 0x12a97: xor ax, ax
2018-12-17T22:42:59.734014434Z	44	PC: 12aa0 \| Get time 0x12aa0: mov ah, dh 0x12aa2: add ah, 2 0x12aa5: cmp ah, 0x2b 0x12aa8: jbe 0x12aac 0x12aaa: mov ah, 0x2b 0x12aac: mov byte ptr [0x5ba], ah 0x12ab0: mov al, dh 0x12ab2: mov ah, 0 0x12ab4: mov dl, byte ptr [0x5bc] 0x12ab8: mov dh, 0 0x12aba: mov bx, dx 0x12abc: cdq 0x12abd: idiv bx 0x12abf: or dx, dx 0x12ac1: jle 0x12ac6 0x12ac3: jmp 0x12b98 0x12ac6: mov ah, 0x2c 0x12ac8: int 0x21 0x12aca: mov al, dh 0x12acc: add al, 2

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7731,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:32.461560443Z	42	PC: 12a69 \| Get date 0x12a69: cmp dl, 0xd 0x12a6c: jne 0x12a77 0x12a6e: cmp al, 5 0x12a70: jne 0x12a77 0x12a72: mov byte ptr [0x5be], 1 0x12a77: mov al, dh 0x12a79: mov ah, 0 0x12a7b: mov dh, 0 0x12a7d: add ax, dx 0x12a7f: mov dl, byte ptr [0x5ba] 0x12a83: mov bx, dx 0x12a85: cdq 0x12a86: idiv bx 0x12a88: or dx, dx 0x12a8a: jne 0x12a97 0x12a8c: cmp cx, 0x7c6 0x12a90: jbe 0x12a97 0x12a92: mov ax, 1 0x12a95: jmp 0x12a99 0x12a97: xor ax, ax
2018-12-25T12:02:32.464754489Z	44	PC: 12aa0 \| Get time 0x12aa0: mov ah, dh 0x12aa2: add ah, 2 0x12aa5: cmp ah, 0x2b 0x12aa8: jbe 0x12aac 0x12aaa: mov ah, 0x2b 0x12aac: mov byte ptr [0x5ba], ah 0x12ab0: mov al, dh 0x12ab2: mov ah, 0 0x12ab4: mov dl, byte ptr [0x5bc] 0x12ab8: mov dh, 0 0x12aba: mov bx, dx 0x12abc: cdq 0x12abd: idiv bx 0x12abf: or dx, dx 0x12ac1: jle 0x12ac6 0x12ac3: jmp 0x12b98 0x12ac6: mov ah, 0x2c 0x12ac8: int 0x21 0x12aca: mov al, dh 0x12acc: add al, 2

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7731,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:32.591747177Z	42	PC: 12a69 \| Get date 0x12a69: cmp dl, 0xd 0x12a6c: jne 0x12a77 0x12a6e: cmp al, 5 0x12a70: jne 0x12a77 0x12a72: mov byte ptr [0x5be], 1 0x12a77: mov al, dh 0x12a79: mov ah, 0 0x12a7b: mov dh, 0 0x12a7d: add ax, dx 0x12a7f: mov dl, byte ptr [0x5ba] 0x12a83: mov bx, dx 0x12a85: cdq 0x12a86: idiv bx 0x12a88: or dx, dx 0x12a8a: jne 0x12a97 0x12a8c: cmp cx, 0x7c6 0x12a90: jbe 0x12a97 0x12a92: mov ax, 1 0x12a95: jmp 0x12a99 0x12a97: xor ax, ax
2018-12-25T12:02:32.59504821Z	44	PC: 12aa0 \| Get time 0x12aa0: mov ah, dh 0x12aa2: add ah, 2 0x12aa5: cmp ah, 0x2b 0x12aa8: jbe 0x12aac 0x12aaa: mov ah, 0x2b 0x12aac: mov byte ptr [0x5ba], ah 0x12ab0: mov al, dh 0x12ab2: mov ah, 0 0x12ab4: mov dl, byte ptr [0x5bc] 0x12ab8: mov dh, 0 0x12aba: mov bx, dx 0x12abc: cdq 0x12abd: idiv bx 0x12abf: or dx, dx 0x12ac1: jle 0x12ac6 0x12ac3: jmp 0x12b98 0x12ac6: mov ah, 0x2c 0x12ac8: int 0x21 0x12aca: mov al, dh 0x12acc: add al, 2

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":41,"TimeBased":true,"OriginalID":7731,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:32.609588472Z	42	PC: 12a69 \| Get date 0x12a69: cmp dl, 0xd 0x12a6c: jne 0x12a77 0x12a6e: cmp al, 5 0x12a70: jne 0x12a77 0x12a72: mov byte ptr [0x5be], 1 0x12a77: mov al, dh 0x12a79: mov ah, 0 0x12a7b: mov dh, 0 0x12a7d: add ax, dx 0x12a7f: mov dl, byte ptr [0x5ba] 0x12a83: mov bx, dx 0x12a85: cdq 0x12a86: idiv bx 0x12a88: or dx, dx 0x12a8a: jne 0x12a97 0x12a8c: cmp cx, 0x7c6 0x12a90: jbe 0x12a97 0x12a92: mov ax, 1 0x12a95: jmp 0x12a99 0x12a97: xor ax, ax
2018-12-25T12:02:32.613363397Z	44	PC: 12aa0 \| Get time 0x12aa0: mov ah, dh 0x12aa2: add ah, 2 0x12aa5: cmp ah, 0x2b 0x12aa8: jbe 0x12aac 0x12aaa: mov ah, 0x2b 0x12aac: mov byte ptr [0x5ba], ah 0x12ab0: mov al, dh 0x12ab2: mov ah, 0 0x12ab4: mov dl, byte ptr [0x5bc] 0x12ab8: mov dh, 0 0x12aba: mov bx, dx 0x12abc: cdq 0x12abd: idiv bx 0x12abf: or dx, dx 0x12ac1: jle 0x12ac6 0x12ac3: jmp 0x12b98 0x12ac6: mov ah, 0x2c 0x12ac8: int 0x21 0x12aca: mov al, dh 0x12acc: add al, 2

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":41,"TimeBased":true,"OriginalID":7731,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:32.733165342Z	42	PC: 12a69 \| Get date 0x12a69: cmp dl, 0xd 0x12a6c: jne 0x12a77 0x12a6e: cmp al, 5 0x12a70: jne 0x12a77 0x12a72: mov byte ptr [0x5be], 1 0x12a77: mov al, dh 0x12a79: mov ah, 0 0x12a7b: mov dh, 0 0x12a7d: add ax, dx 0x12a7f: mov dl, byte ptr [0x5ba] 0x12a83: mov bx, dx 0x12a85: cdq 0x12a86: idiv bx 0x12a88: or dx, dx 0x12a8a: jne 0x12a97 0x12a8c: cmp cx, 0x7c6 0x12a90: jbe 0x12a97 0x12a92: mov ax, 1 0x12a95: jmp 0x12a99 0x12a97: xor ax, ax
2018-12-25T12:02:32.736298872Z	44	PC: 12aa0 \| Get time 0x12aa0: mov ah, dh 0x12aa2: add ah, 2 0x12aa5: cmp ah, 0x2b 0x12aa8: jbe 0x12aac 0x12aaa: mov ah, 0x2b 0x12aac: mov byte ptr [0x5ba], ah 0x12ab0: mov al, dh 0x12ab2: mov ah, 0 0x12ab4: mov dl, byte ptr [0x5bc] 0x12ab8: mov dh, 0 0x12aba: mov bx, dx 0x12abc: cdq 0x12abd: idiv bx 0x12abf: or dx, dx 0x12ac1: jle 0x12ac6 0x12ac3: jmp 0x12b98 0x12ac6: mov ah, 0x2c 0x12ac8: int 0x21 0x12aca: mov al, dh 0x12acc: add al, 2