Sample viewer

vx.netlux.org/Virus.DOS.Anti-Aznar.666

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:44:18.023084931Z 202 PC: 12a55 | UNKNOWN!
2018-12-17T22:44:18.024530707Z 42 PC: 12acf | Get date 0x12acf: cmp dx, 0x707
0x12ad3: jne 0x12b0c
0x12ad5: mov cx, 0x7d0
0x12ad8: xor dx, dx
0x12ada: mov ah, 0x2b
0x12adc: int 0x21
0x12ade: mov ah, 9
0x12ae0: mov dx, 0x37c
0x12ae3: int 0x21
0x12ae5: push es
0x12ae6: push ds
0x12ae7: xor ax, ax
0x12ae9: mov ds, ax
0x12aeb: mov es, word ptr cs:[0x366]
0x12af0: mov ax, word ptr [0x40]
0x12af3: mov word ptr es:[0x362], ax
0x12af7: mov ax, word ptr [0x42]
0x12afa: mov word ptr es:[0x364], ax
0x12afe: mov ax, 0x219
0x12b01: cli
2018-12-17T22:44:18.026491719Z 9 PC: 12a51 | Display string (String= 'This is a mid COM sample!')
2018-12-17T22:44:18.028286129Z 76 PC: 12a56 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8166,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:36.629184336Z 202 PC: 12a55 | UNKNOWN!
2018-12-25T12:03:36.631031977Z 42 PC: 12acf | Get date 0x12acf: cmp dx, 0x707
0x12ad3: jne 0x12b0c
0x12ad5: mov cx, 0x7d0
0x12ad8: xor dx, dx
0x12ada: mov ah, 0x2b
0x12adc: int 0x21
0x12ade: mov ah, 9
0x12ae0: mov dx, 0x37c
0x12ae3: int 0x21
0x12ae5: push es
0x12ae6: push ds
0x12ae7: xor ax, ax
0x12ae9: mov ds, ax
0x12aeb: mov es, word ptr cs:[0x366]
0x12af0: mov ax, word ptr [0x40]
0x12af3: mov word ptr es:[0x362], ax
0x12af7: mov ax, word ptr [0x42]
0x12afa: mov word ptr es:[0x364], ax
0x12afe: mov ax, 0x219
0x12b01: cli
2018-12-25T12:03:36.633707968Z 9 PC: 12a51 | Display string (String= 'This is a mid COM sample!')
2018-12-25T12:03:36.636275592Z 76 PC: 12a56 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":7,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8166,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:36.841542958Z 202 PC: 12a55 | UNKNOWN!
2018-12-25T12:03:36.844241715Z 42 PC: 12acf | Get date 0x12acf: cmp dx, 0x707
0x12ad3: jne 0x12b0c
0x12ad5: mov cx, 0x7d0
0x12ad8: xor dx, dx
0x12ada: mov ah, 0x2b
0x12adc: int 0x21
0x12ade: mov ah, 9
0x12ae0: mov dx, 0x37c
0x12ae3: int 0x21
0x12ae5: push es
0x12ae6: push ds
0x12ae7: xor ax, ax
0x12ae9: mov ds, ax
0x12aeb: mov es, word ptr cs:[0x366]
0x12af0: mov ax, word ptr [0x40]
0x12af3: mov word ptr es:[0x362], ax
0x12af7: mov ax, word ptr [0x42]
0x12afa: mov word ptr es:[0x364], ax
0x12afe: mov ax, 0x219
0x12b01: cli
2018-12-25T12:03:36.846564439Z 43 PC: 12ade | Set date
2018-12-25T12:03:36.848000647Z 9 PC: 12ae5 | Display string (String= 'VIRUS ANTI-AZNAR por JoDT VM')
2018-12-25T12:03:36.856482448Z 9 PC: 12a51 | Display string (String= 'This is a mid COM sample!')
2018-12-25T12:03:36.861096099Z 76 PC: 12a56 | Terminate with return code (Return code = '0')