Sample viewer

vx.netlux.org/Virus.DOS.KOV.Eddy.1534

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:45:30.269992413Z	42	PC: 12f73 \| Get date 0x12f73: cmp cx, 0x7cb 0x12f77: jne 0x12f83 0x12f79: cmp dh, 4 0x12f7c: ja 0x12f83 0x12f7e: cmp dl, 0xf 0x12f81: jb 0x12fcc 0x12f83: mov al, 0xff 0x12f85: mov ah, 0xf 0x12f87: xchg al, ah 0x12f89: nop 0x12f8a: int 0x21 0x12f8c: cmp ax, 0x101 0x12f8f: jne 0x12f95 0x12f91: call 0x12fd0 0x12f94: nop 0x12f95: mov ax, 0x3521 0x12f98: nop 0x12f99: int 0x21 0x12f9b: cmp word ptr es:[0xa], 0x4254 0x12fa2: jne 0x12fb0
2018-12-17T22:45:30.272808468Z	255	PC: 12f8c \| UNKNOWN!
2018-12-17T22:45:30.275234521Z	53	PC: 12f9b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:45:30.277080192Z	240	PC: 12fca \| UNKNOWN!
2018-12-17T22:45:30.278870726Z	67	PC: 9f5af \| Get or set file attributes
2018-12-17T22:45:30.286808985Z	67	PC: 9f5af \| Get or set file attributes
2018-12-17T22:45:30.29367077Z	67	PC: 9f5af \| Get or set file attributes
2018-12-17T22:45:30.300181518Z	67	PC: 9f5af \| Get or set file attributes
2018-12-17T22:45:30.30598858Z	67	PC: 9f5af \| Get or set file attributes
2018-12-17T22:45:30.311223316Z	67	PC: 9f5af \| Get or set file attributes

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8565,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:22.71362631Z	42	PC: 12f73 \| Get date 0x12f73: cmp cx, 0x7cb 0x12f77: jne 0x12f83 0x12f79: cmp dh, 4 0x12f7c: ja 0x12f83 0x12f7e: cmp dl, 0xf 0x12f81: jb 0x12fcc 0x12f83: mov al, 0xff 0x12f85: mov ah, 0xf 0x12f87: xchg al, ah 0x12f89: nop 0x12f8a: int 0x21 0x12f8c: cmp ax, 0x101 0x12f8f: jne 0x12f95 0x12f91: call 0x12fd0 0x12f94: nop 0x12f95: mov ax, 0x3521 0x12f98: nop 0x12f99: int 0x21 0x12f9b: cmp word ptr es:[0xa], 0x4254 0x12fa2: jne 0x12fb0
2018-12-25T12:21:22.716001009Z	255	PC: 12f8c \| UNKNOWN!
2018-12-25T12:21:22.7164331Z	53	PC: 12f9b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:22.717371612Z	240	PC: 12fca \| UNKNOWN!
2018-12-25T12:21:22.718696589Z	67	PC: 9f5af \| Get or set file attributes
2018-12-25T12:21:22.724179933Z	67	PC: 9f5af \| Get or set file attributes (See above)
2018-12-25T12:21:22.729328563Z	67	PC: 9f5af \| Get or set file attributes (See above)
2018-12-25T12:21:22.739241956Z	67	PC: 9f5af \| Get or set file attributes (See above)
2018-12-25T12:21:22.743294901Z	67	PC: 9f5af \| Get or set file attributes (See above)
2018-12-25T12:21:22.747262949Z	67	PC: 9f5af \| Get or set file attributes (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8565,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:23.007309159Z	42	PC: 12f73 \| Get date 0x12f73: cmp cx, 0x7cb 0x12f77: jne 0x12f83 0x12f79: cmp dh, 4 0x12f7c: ja 0x12f83 0x12f7e: cmp dl, 0xf 0x12f81: jb 0x12fcc 0x12f83: mov al, 0xff 0x12f85: mov ah, 0xf 0x12f87: xchg al, ah 0x12f89: nop 0x12f8a: int 0x21 0x12f8c: cmp ax, 0x101 0x12f8f: jne 0x12f95 0x12f91: call 0x12fd0 0x12f94: nop 0x12f95: mov ax, 0x3521 0x12f98: nop 0x12f99: int 0x21 0x12f9b: cmp word ptr es:[0xa], 0x4254 0x12fa2: jne 0x12fb0
2018-12-25T12:21:23.010127559Z	61	PC: 131b2 \| Open file (Filename = '&')

{"DateBased":true,"Day":15,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8565,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:23.206214169Z	42	PC: 12f73 \| Get date 0x12f73: cmp cx, 0x7cb 0x12f77: jne 0x12f83 0x12f79: cmp dh, 4 0x12f7c: ja 0x12f83 0x12f7e: cmp dl, 0xf 0x12f81: jb 0x12fcc 0x12f83: mov al, 0xff 0x12f85: mov ah, 0xf 0x12f87: xchg al, ah 0x12f89: nop 0x12f8a: int 0x21 0x12f8c: cmp ax, 0x101 0x12f8f: jne 0x12f95 0x12f91: call 0x12fd0 0x12f94: nop 0x12f95: mov ax, 0x3521 0x12f98: nop 0x12f99: int 0x21 0x12f9b: cmp word ptr es:[0xa], 0x4254 0x12fa2: jne 0x12fb0
2018-12-25T12:21:23.208591122Z	255	PC: 12f8c \| UNKNOWN!
2018-12-25T12:21:23.209221752Z	53	PC: 12f9b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:23.210206846Z	240	PC: 12fca \| UNKNOWN!
2018-12-25T12:21:23.211605516Z	67	PC: 9f5af \| Get or set file attributes
2018-12-25T12:21:23.217571541Z	67	PC: 9f5af \| Get or set file attributes (See above)
2018-12-25T12:21:23.222884159Z	67	PC: 9f5af \| Get or set file attributes (See above)
2018-12-25T12:21:23.233061623Z	67	PC: 9f5af \| Get or set file attributes (See above)
2018-12-25T12:21:23.237157429Z	67	PC: 9f5af \| Get or set file attributes (See above)
2018-12-25T12:21:23.241221036Z	67	PC: 9f5af \| Get or set file attributes (See above)

{"DateBased":true,"Day":1,"Month":5,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8565,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:23.465146955Z	42	PC: 12f73 \| Get date 0x12f73: cmp cx, 0x7cb 0x12f77: jne 0x12f83 0x12f79: cmp dh, 4 0x12f7c: ja 0x12f83 0x12f7e: cmp dl, 0xf 0x12f81: jb 0x12fcc 0x12f83: mov al, 0xff 0x12f85: mov ah, 0xf 0x12f87: xchg al, ah 0x12f89: nop 0x12f8a: int 0x21 0x12f8c: cmp ax, 0x101 0x12f8f: jne 0x12f95 0x12f91: call 0x12fd0 0x12f94: nop 0x12f95: mov ax, 0x3521 0x12f98: nop 0x12f99: int 0x21 0x12f9b: cmp word ptr es:[0xa], 0x4254 0x12fa2: jne 0x12fb0
2018-12-25T12:21:23.467487475Z	255	PC: 12f8c \| UNKNOWN!
2018-12-25T12:21:23.468119502Z	53	PC: 12f9b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:23.469054454Z	240	PC: 12fca \| UNKNOWN!
2018-12-25T12:21:23.470440591Z	67	PC: 9f5af \| Get or set file attributes
2018-12-25T12:21:23.475849434Z	67	PC: 9f5af \| Get or set file attributes (See above)
2018-12-25T12:21:23.481035279Z	67	PC: 9f5af \| Get or set file attributes (See above)
2018-12-25T12:21:23.491149497Z	67	PC: 9f5af \| Get or set file attributes (See above)
2018-12-25T12:21:23.495430162Z	67	PC: 9f5af \| Get or set file attributes (See above)
2018-12-25T12:21:23.499533472Z	67	PC: 9f5af \| Get or set file attributes (See above)