Sample viewer

vx.netlux.org/Virus.DOS.Magda.512

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:45:04.949449133Z 53 PC: 224 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:45:04.951607446Z 37 PC: 23e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:45:04.953534365Z 44 PC: 242 | Get time 0x242: cmp dh, 1
0x245: ja 0x24f
0x247: mov ah, 9
0x249: lea dx, word ptr [0x37b]
0x24d: int 0xff
0x24f: pop es
0x250: mov ax, es
0x252: mov ds, ax
0x254: add ax, 0x10
0x257: add word ptr cs:[0x379], ax
0x25c: ljmp ptr cs:[0x377]
0x261: pushaw
0x262: push es
0x263: push ds
0x264: cmp ah, 0x4b
0x267: je 0x271
0x269: cmp ah, 0x3d
0x26c: je 0x271
0x26e: jmp 0x36f
0x271: mov ax, 0x4300
2018-12-17T22:45:04.970606389Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-17T22:45:04.975416844Z 76 PC: 12c28 | Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8426,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:04:38.670606324Z 53 PC: 224 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:04:38.672493172Z 37 PC: 23e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:04:38.6735248Z 44 PC: 242 | Get time 0x242: cmp dh, 1
0x245: ja 0x24f
0x247: mov ah, 9
0x249: lea dx, word ptr [0x37b]
0x24d: int 0xff
0x24f: pop es
0x250: mov ax, es
0x252: mov ds, ax
0x254: add ax, 0x10
0x257: add word ptr cs:[0x379], ax
0x25c: ljmp ptr cs:[0x377]
0x261: pushaw
0x262: push es
0x263: push ds
0x264: cmp ah, 0x4b
0x267: je 0x271
0x269: cmp ah, 0x3d
0x26c: je 0x271
0x26e: jmp 0x36f
0x271: mov ax, 0x4300
2018-12-25T12:04:38.675628255Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-25T12:04:38.681656291Z 76 PC: 12c28 | Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":2,"TimeBased":true,"OriginalID":8426,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:04:40.196380815Z 53 PC: 224 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:04:40.20451794Z 37 PC: 23e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:04:40.205921695Z 44 PC: 242 | Get time 0x242: cmp dh, 1
0x245: ja 0x24f
0x247: mov ah, 9
0x249: lea dx, word ptr [0x37b]
0x24d: int 0xff
0x24f: pop es
0x250: mov ax, es
0x252: mov ds, ax
0x254: add ax, 0x10
0x257: add word ptr cs:[0x379], ax
0x25c: ljmp ptr cs:[0x377]
0x261: pushaw
0x262: push es
0x263: push ds
0x264: cmp ah, 0x4b
0x267: je 0x271
0x269: cmp ah, 0x3d
0x26c: je 0x271
0x26e: jmp 0x36f
0x271: mov ax, 0x4300
2018-12-25T12:04:40.208361768Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-25T12:04:40.213734119Z 76 PC: 12c28 | Terminate with return code (Return code = '0')