Sample viewer

vx.netlux.org/Virus.DOS.HarmWare.3716

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:46:05.580191949Z	74	PC: 12ad0 \| Reallocate memory
2018-12-17T22:46:05.582027617Z	88	PC: 12ad5 \| case 0xGet or set allocation strateg:
2018-12-17T22:46:05.583272725Z	88	PC: 12adb \| case 0xGet or set allocation strateg:
2018-12-17T22:46:05.584473424Z	88	PC: 12ae6 \| case 0xGet or set allocation strateg:
2018-12-17T22:46:05.587213951Z	88	PC: 12aee \| case 0xGet or set allocation strateg:
2018-12-17T22:46:05.588487174Z	72	PC: 12af9 \| Allocate memory
2018-12-17T22:46:05.590035239Z	88	PC: 12b02 \| case 0xGet or set allocation strateg:
2018-12-17T22:46:05.592407055Z	88	PC: 12b09 \| case 0xGet or set allocation strateg:
2018-12-17T22:46:05.594265848Z	30	PC: 9eb89 \| Reserved
2018-12-17T22:46:05.5959669Z	42	PC: 9ec03 \| Get date 0x9ec03: cmp cx, 0x7cd 0x9ec07: jae 0x9ec0f 0x9ec09: cmp dx, 0x703 0x9ec0d: jb 0x9ec1c 0x9ec0f: mov byte ptr cs:[0x2a0], 0x75 0x9ec15: mov word ptr cs:[0xe94], 0x2aa8 0x9ec1c: mov byte ptr cs:[0xe96], 0 0x9ec22: mov dx, 8 0x9ec25: mov bx, 0x4353 0x9ec28: ret 0x9ec29: xor dx, dx 0x9ec2b: ret 0x9ec2c: or ax, 0xd0a 0x9ec2f: or cl, byte ptr [bx + di] 0x9ec31: or word ptr [bx + si], sp 0x9ec33: and byte ptr [bx + si], ah 0x9ec35: sub ax, 0x4820 0x9ec38: popaw 0x9ec39: jb 0x9eca8 0x9ec3b: push di

{"DateBased":true,"Day":1,"Month":1,"Year":1998,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8765,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:50.064130777Z	74	PC: 12ad0 \| Reallocate memory
2018-12-25T12:21:50.065852154Z	88	PC: 12ad5 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:50.066893834Z	88	PC: 12adb \| case 0xGet or set allocation strateg:
2018-12-25T12:21:50.067898176Z	88	PC: 12ae6 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:50.069627071Z	88	PC: 12aee \| case 0xGet or set allocation strateg:
2018-12-25T12:21:50.070637262Z	72	PC: 12af9 \| Allocate memory
2018-12-25T12:21:50.071941551Z	88	PC: 12b02 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:50.073536349Z	88	PC: 12b09 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:50.075175567Z	30	PC: 9eb89 \| Reserved
2018-12-25T12:21:50.076805532Z	42	PC: 9ec03 \| Get date 0x9ec03: cmp cx, 0x7cd 0x9ec07: jae 0x9ec0f 0x9ec09: cmp dx, 0x703 0x9ec0d: jb 0x9ec1c 0x9ec0f: mov byte ptr cs:[0x2a0], 0x75 0x9ec15: mov word ptr cs:[0xe94], 0x2aa8 0x9ec1c: mov byte ptr cs:[0xe96], 0 0x9ec22: mov dx, 8 0x9ec25: mov bx, 0x4353 0x9ec28: ret 0x9ec29: xor dx, dx 0x9ec2b: ret 0x9ec2c: or ax, 0xd0a 0x9ec2f: or cl, byte ptr [bx + di] 0x9ec31: or word ptr [bx + si], sp 0x9ec33: and byte ptr [bx + si], ah 0x9ec35: sub ax, 0x4820 0x9ec38: popaw 0x9ec39: jb 0x9eca8 0x9ec3b: push di

{"DateBased":true,"Day":3,"Month":7,"Year":1998,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8765,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:49.94428473Z	74	PC: 12ad0 \| Reallocate memory
2018-12-25T12:21:49.948278918Z	88	PC: 12ad5 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:49.94993319Z	88	PC: 12adb \| case 0xGet or set allocation strateg:
2018-12-25T12:21:49.951574813Z	88	PC: 12ae6 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:49.954441215Z	88	PC: 12aee \| case 0xGet or set allocation strateg:
2018-12-25T12:21:49.955845277Z	72	PC: 12af9 \| Allocate memory
2018-12-25T12:21:49.957534477Z	88	PC: 12b02 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:49.96128394Z	88	PC: 12b09 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:49.963404504Z	30	PC: 9eb89 \| Reserved
2018-12-25T12:21:49.96562235Z	42	PC: 9ec03 \| Get date 0x9ec03: cmp cx, 0x7cd 0x9ec07: jae 0x9ec0f 0x9ec09: cmp dx, 0x703 0x9ec0d: jb 0x9ec1c 0x9ec0f: mov byte ptr cs:[0x2a0], 0x75 0x9ec15: mov word ptr cs:[0xe94], 0x2aa8 0x9ec1c: mov byte ptr cs:[0xe96], 0 0x9ec22: mov dx, 8 0x9ec25: mov bx, 0x4353 0x9ec28: ret 0x9ec29: xor dx, dx 0x9ec2b: ret 0x9ec2c: or ax, 0xd0a 0x9ec2f: or cl, byte ptr [bx + di] 0x9ec31: or word ptr [bx + si], sp 0x9ec33: and byte ptr [bx + si], ah 0x9ec35: sub ax, 0x4820 0x9ec38: popaw 0x9ec39: jb 0x9eca8 0x9ec3b: push di

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8765,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:50.217919882Z	74	PC: 12ad0 \| Reallocate memory
2018-12-25T12:21:50.221363784Z	88	PC: 12ad5 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:50.223122214Z	88	PC: 12adb \| case 0xGet or set allocation strateg:
2018-12-25T12:21:50.224949013Z	88	PC: 12ae6 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:50.227474109Z	88	PC: 12aee \| case 0xGet or set allocation strateg:
2018-12-25T12:21:50.229318826Z	72	PC: 12af9 \| Allocate memory
2018-12-25T12:21:50.231350929Z	88	PC: 12b02 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:50.233465076Z	88	PC: 12b09 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:50.236699643Z	30	PC: 9eb89 \| Reserved
2018-12-25T12:21:50.239702367Z	42	PC: 9ec03 \| Get date 0x9ec03: cmp cx, 0x7cd 0x9ec07: jae 0x9ec0f 0x9ec09: cmp dx, 0x703 0x9ec0d: jb 0x9ec1c 0x9ec0f: mov byte ptr cs:[0x2a0], 0x75 0x9ec15: mov word ptr cs:[0xe94], 0x2aa8 0x9ec1c: mov byte ptr cs:[0xe96], 0 0x9ec22: mov dx, 8 0x9ec25: mov bx, 0x4353 0x9ec28: ret 0x9ec29: xor dx, dx 0x9ec2b: ret 0x9ec2c: or ax, 0xd0a 0x9ec2f: or cl, byte ptr [bx + di] 0x9ec31: or word ptr [bx + si], sp 0x9ec33: and byte ptr [bx + si], ah 0x9ec35: sub ax, 0x4820 0x9ec38: popaw 0x9ec39: jb 0x9eca8 0x9ec3b: push di