Sample viewer

vx.netlux.org/Virus.DOS.DAN.585

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:44.770670864Z	250	PC: 12c21 \| UNKNOWN!
2018-12-17T22:43:44.772406266Z	144	PC: 12c2c \| UNKNOWN!
2018-12-17T22:43:44.775532289Z	53	PC: 12c3a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:44.777730954Z	74	PC: 12c5a \| Reallocate memory
2018-12-17T22:43:44.780060154Z	72	PC: 12c61 \| Allocate memory
2018-12-17T22:43:44.782982312Z	37	PC: 12c87 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:44.784921108Z	42	PC: 12a6a \| Get date 0x12a6a: cmp dx, 0x112 0x12a6e: je 0x12a71 0x12a70: ret 0x12a71: mov cx, 0x3f 0x12a74: mov al, cl 0x12a76: out 0x70, al 0x12a78: jmp 0x12a7b 0x12a7b: out 0x71, al 0x12a7d: loop 0x12a74 0x12a7f: ret 0x12a80: pushf 0x12a81: push ax 0x12a82: push bx 0x12a83: push cx 0x12a84: push dx 0x12a85: push ds 0x12a86: push di 0x12a87: mov bx, ax 0x12a89: cmp bx, 0x4b00 0x12a8d: je 0x12ad1

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7983,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:04.053560434Z	250	PC: 12c21 \| UNKNOWN!
2018-12-25T12:03:04.05568567Z	144	PC: 12c2c \| UNKNOWN!
2018-12-25T12:03:04.056378231Z	53	PC: 12c3a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:04.057424793Z	74	PC: 12c5a \| Reallocate memory
2018-12-25T12:03:04.058977177Z	72	PC: 12c61 \| Allocate memory
2018-12-25T12:03:04.063152382Z	37	PC: 12c87 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:04.064175194Z	42	PC: 12a6a \| Get date 0x12a6a: cmp dx, 0x112 0x12a6e: je 0x12a71 0x12a70: ret 0x12a71: mov cx, 0x3f 0x12a74: mov al, cl 0x12a76: out 0x70, al 0x12a78: jmp 0x12a7b 0x12a7b: out 0x71, al 0x12a7d: loop 0x12a74 0x12a7f: ret 0x12a80: pushf 0x12a81: push ax 0x12a82: push bx 0x12a83: push cx 0x12a84: push dx 0x12a85: push ds 0x12a86: push di 0x12a87: mov bx, ax 0x12a89: cmp bx, 0x4b00 0x12a8d: je 0x12ad1

{"DateBased":true,"Day":18,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7983,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:04.067668933Z	250	PC: 12c21 \| UNKNOWN!
2018-12-25T12:03:04.069324325Z	144	PC: 12c2c \| UNKNOWN!
2018-12-25T12:03:04.070358423Z	53	PC: 12c3a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:04.071709321Z	74	PC: 12c5a \| Reallocate memory
2018-12-25T12:03:04.073250534Z	72	PC: 12c61 \| Allocate memory
2018-12-25T12:03:04.078990991Z	37	PC: 12c87 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:04.080693461Z	42	PC: 12a6a \| Get date 0x12a6a: cmp dx, 0x112 0x12a6e: je 0x12a71 0x12a70: ret 0x12a71: mov cx, 0x3f 0x12a74: mov al, cl 0x12a76: out 0x70, al 0x12a78: jmp 0x12a7b 0x12a7b: out 0x71, al 0x12a7d: loop 0x12a74 0x12a7f: ret 0x12a80: pushf 0x12a81: push ax 0x12a82: push bx 0x12a83: push cx 0x12a84: push dx 0x12a85: push ds 0x12a86: push di 0x12a87: mov bx, ax 0x12a89: cmp bx, 0x4b00 0x12a8d: je 0x12ad1

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7983,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:04.224754167Z	250	PC: 12c21 \| UNKNOWN!
2018-12-25T12:03:04.225910813Z	144	PC: 12c2c \| UNKNOWN!
2018-12-25T12:03:04.227346488Z	53	PC: 12c3a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:04.228857493Z	74	PC: 12c5a \| Reallocate memory
2018-12-25T12:03:04.234506061Z	72	PC: 12c61 \| Allocate memory
2018-12-25T12:03:04.236350943Z	37	PC: 12c87 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:04.237944558Z	42	PC: 12a6a \| Get date 0x12a6a: cmp dx, 0x112 0x12a6e: je 0x12a71 0x12a70: ret 0x12a71: mov cx, 0x3f 0x12a74: mov al, cl 0x12a76: out 0x70, al 0x12a78: jmp 0x12a7b 0x12a7b: out 0x71, al 0x12a7d: loop 0x12a74 0x12a7f: ret 0x12a80: pushf 0x12a81: push ax 0x12a82: push bx 0x12a83: push cx 0x12a84: push dx 0x12a85: push ds 0x12a86: push di 0x12a87: mov bx, ax 0x12a89: cmp bx, 0x4b00 0x12a8d: je 0x12ad1

{"DateBased":true,"Day":18,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7983,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:04.235658765Z	250	PC: 12c21 \| UNKNOWN!
2018-12-25T12:03:04.237656367Z	144	PC: 12c2c \| UNKNOWN!
2018-12-25T12:03:04.239344771Z	53	PC: 12c3a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:04.241168192Z	74	PC: 12c5a \| Reallocate memory
2018-12-25T12:03:04.243691461Z	72	PC: 12c61 \| Allocate memory
2018-12-25T12:03:04.247269292Z	37	PC: 12c87 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:04.248833105Z	42	PC: 12a6a \| Get date 0x12a6a: cmp dx, 0x112 0x12a6e: je 0x12a71 0x12a70: ret 0x12a71: mov cx, 0x3f 0x12a74: mov al, cl 0x12a76: out 0x70, al 0x12a78: jmp 0x12a7b 0x12a7b: out 0x71, al 0x12a7d: loop 0x12a74 0x12a7f: ret 0x12a80: pushf 0x12a81: push ax 0x12a82: push bx 0x12a83: push cx 0x12a84: push dx 0x12a85: push ds 0x12a86: push di 0x12a87: mov bx, ax 0x12a89: cmp bx, 0x4b00 0x12a8d: je 0x12ad1