Sample viewer

vx.netlux.org/Virus.DOS.Virogen.Offspring.1294

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:44:52.898242815Z 42 PC: 12c05 | Get date 0x12c05: cmp dl, 0xe
0x12c08: jne 0x12c12
0x12c0a: mov ah, 9
0x12c0c: lea dx, word ptr [si + 0x135]
0x12c10: int 0x21
0x12c12: call 0x12c4b
0x12c15: cmp byte ptr [si + 0x11d], 1
0x12c1a: je 0x12c39
0x12c1c: mov bx, 0x640
0x12c1f: mov cl, 4
0x12c21: shr bx, cl
0x12c23: inc bx
0x12c24: mov ah, 0x4a
0x12c26: int 0x21
0x12c28: lea dx, word ptr [si + 0x1bd]
0x12c2c: lea bx, word ptr [si + 0x215]
0x12c30: mov ax, 0x4b00
0x12c33: int 0x21
0x12c35: mov ah, 0x4c
0x12c37: int 0x21
2018-12-17T22:44:52.900798825Z 125 PC: 12c4f | UNKNOWN!
2018-12-17T22:44:52.902004409Z 74 PC: 12c28 | Reallocate memory
2018-12-17T22:44:52.903461902Z 75 PC: 12c35 | Execute program
2018-12-17T22:44:52.908407827Z 76 PC: 12c39 | Terminate with return code (Return code = '5')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8360,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:04:29.620904447Z 42 PC: 12c05 | Get date 0x12c05: cmp dl, 0xe
0x12c08: jne 0x12c12
0x12c0a: mov ah, 9
0x12c0c: lea dx, word ptr [si + 0x135]
0x12c10: int 0x21
0x12c12: call 0x12c4b
0x12c15: cmp byte ptr [si + 0x11d], 1
0x12c1a: je 0x12c39
0x12c1c: mov bx, 0x640
0x12c1f: mov cl, 4
0x12c21: shr bx, cl
0x12c23: inc bx
0x12c24: mov ah, 0x4a
0x12c26: int 0x21
0x12c28: lea dx, word ptr [si + 0x1bd]
0x12c2c: lea bx, word ptr [si + 0x215]
0x12c30: mov ax, 0x4b00
0x12c33: int 0x21
0x12c35: mov ah, 0x4c
0x12c37: int 0x21
2018-12-25T12:04:29.623503949Z 125 PC: 12c4f | UNKNOWN!
2018-12-25T12:04:29.624567513Z 74 PC: 12c28 | Reallocate memory
2018-12-25T12:04:29.625895765Z 75 PC: 12c35 | Execute program
2018-12-25T12:04:29.63237559Z 76 PC: 12c39 | Terminate with return code (Return code = '5')

{"DateBased":true,"Day":14,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8360,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:04:29.730689591Z 42 PC: 12c05 | Get date 0x12c05: cmp dl, 0xe
0x12c08: jne 0x12c12
0x12c0a: mov ah, 9
0x12c0c: lea dx, word ptr [si + 0x135]
0x12c10: int 0x21
0x12c12: call 0x12c4b
0x12c15: cmp byte ptr [si + 0x11d], 1
0x12c1a: je 0x12c39
0x12c1c: mov bx, 0x640
0x12c1f: mov cl, 4
0x12c21: shr bx, cl
0x12c23: inc bx
0x12c24: mov ah, 0x4a
0x12c26: int 0x21
0x12c28: lea dx, word ptr [si + 0x1bd]
0x12c2c: lea bx, word ptr [si + 0x215]
0x12c30: mov ax, 0x4b00
0x12c33: int 0x21
0x12c35: mov ah, 0x4c
0x12c37: int 0x21
2018-12-25T12:04:29.733086176Z 9 PC: 12c12 | Display string (String= ' (c)1993 negoriV * Thank you for providing me and my offspring with a safe place to live * * Offspring I v0.07. * ')
2018-12-25T12:04:29.743331827Z 125 PC: 12c4f | UNKNOWN!
2018-12-25T12:04:29.744199645Z 74 PC: 12c28 | Reallocate memory
2018-12-25T12:04:29.745664925Z 75 PC: 12c35 | Execute program
2018-12-25T12:04:29.751341335Z 76 PC: 12c39 | Terminate with return code (Return code = '5')