Sample viewer

vx.netlux.org/Virus.DOS.DAN.AntiEnter.1092

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:46:55.509745906Z	204	PC: 12aba \| UNKNOWN!
2018-12-17T22:46:55.511155023Z	53	PC: 12ac7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:46:55.513110505Z	53	PC: 12ad8 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:46:55.514836236Z	74	PC: 12afd \| Reallocate memory
2018-12-17T22:46:55.516630212Z	72	PC: 12b03 \| Allocate memory
2018-12-17T22:46:55.526945635Z	37	PC: 12b32 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:46:55.528480679Z	37	PC: 12b3a \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:46:55.530083814Z	42	PC: 12b52 \| Get date 0x12b52: cmp dh, 3 0x12b55: jne 0x12b74 0x12b57: cmp al, 2 0x12b59: je 0x12b63 0x12b5b: cmp al, 4 0x12b5d: je 0x12b63 0x12b5f: cmp al, 6 0x12b61: jne 0x12b74 0x12b63: mov ah, 0x2c 0x12b65: int 0x21 0x12b67: cmp cl, 0x32 0x12b6a: jb 0x12b74 0x12b6c: mov ah, 9 0x12b6e: lea dx, word ptr [bp + 0x30] 0x12b72: int 0x21 0x12b74: xor ax, ax 0x12b76: push 0x100 0x12b79: ret 0x12b7a: pushf 0x12b7b: push ax

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9048,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:21.968912241Z	204	PC: 12aba \| UNKNOWN!
2018-12-25T12:22:21.970606797Z	53	PC: 12ac7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:21.972010819Z	53	PC: 12ad8 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:22:21.973419265Z	74	PC: 12afd \| Reallocate memory
2018-12-25T12:22:21.975323023Z	72	PC: 12b03 \| Allocate memory
2018-12-25T12:22:21.977678251Z	37	PC: 12b32 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:21.979118088Z	37	PC: 12b3a \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:22:21.980666908Z	42	PC: 12b52 \| Get date 0x12b52: cmp dh, 3 0x12b55: jne 0x12b74 0x12b57: cmp al, 2 0x12b59: je 0x12b63 0x12b5b: cmp al, 4 0x12b5d: je 0x12b63 0x12b5f: cmp al, 6 0x12b61: jne 0x12b74 0x12b63: mov ah, 0x2c 0x12b65: int 0x21 0x12b67: cmp cl, 0x32 0x12b6a: jb 0x12b74 0x12b6c: mov ah, 9 0x12b6e: lea dx, word ptr [bp + 0x30] 0x12b72: int 0x21 0x12b74: xor ax, ax 0x12b76: push 0x100 0x12b79: ret 0x12b7a: pushf 0x12b7b: push ax

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9048,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:22.497337603Z	204	PC: 12aba \| UNKNOWN!
2018-12-25T12:22:22.498959781Z	53	PC: 12ac7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:22.499946783Z	53	PC: 12ad8 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:22:22.500899268Z	74	PC: 12afd \| Reallocate memory
2018-12-25T12:22:22.501837517Z	72	PC: 12b03 \| Allocate memory
2018-12-25T12:22:22.503648535Z	37	PC: 12b32 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:22.504986783Z	37	PC: 12b3a \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:22:22.506145367Z	42	PC: 12b52 \| Get date 0x12b52: cmp dh, 3 0x12b55: jne 0x12b74 0x12b57: cmp al, 2 0x12b59: je 0x12b63 0x12b5b: cmp al, 4 0x12b5d: je 0x12b63 0x12b5f: cmp al, 6 0x12b61: jne 0x12b74 0x12b63: mov ah, 0x2c 0x12b65: int 0x21 0x12b67: cmp cl, 0x32 0x12b6a: jb 0x12b74 0x12b6c: mov ah, 9 0x12b6e: lea dx, word ptr [bp + 0x30] 0x12b72: int 0x21 0x12b74: xor ax, ax 0x12b76: push 0x100 0x12b79: ret 0x12b7a: pushf 0x12b7b: push ax
2018-12-25T12:22:22.50866475Z	44	PC: 12b67 \| Get time 0x12b67: cmp cl, 0x32 0x12b6a: jb 0x12b74 0x12b6c: mov ah, 9 0x12b6e: lea dx, word ptr [bp + 0x30] 0x12b72: int 0x21 0x12b74: xor ax, ax 0x12b76: push 0x100 0x12b79: ret 0x12b7a: pushf 0x12b7b: push ax 0x12b7c: push cx 0x12b7d: push dx 0x12b7e: push ds 0x12b7f: push es 0x12b80: push si 0x12b81: push di 0x12b82: push cs 0x12b83: pop ds 0x12b84: in al, 0x60 0x12b86: cmp al, 0x1c

{"DateBased":true,"Day":2,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9048,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:22.551632785Z	204	PC: 12aba \| UNKNOWN!
2018-12-25T12:22:22.552940399Z	53	PC: 12ac7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:22.554000243Z	53	PC: 12ad8 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:22:22.555089826Z	74	PC: 12afd \| Reallocate memory
2018-12-25T12:22:22.556769574Z	72	PC: 12b03 \| Allocate memory
2018-12-25T12:22:22.558254794Z	37	PC: 12b32 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:22.559481451Z	37	PC: 12b3a \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:22:22.561387397Z	42	PC: 12b52 \| Get date 0x12b52: cmp dh, 3 0x12b55: jne 0x12b74 0x12b57: cmp al, 2 0x12b59: je 0x12b63 0x12b5b: cmp al, 4 0x12b5d: je 0x12b63 0x12b5f: cmp al, 6 0x12b61: jne 0x12b74 0x12b63: mov ah, 0x2c 0x12b65: int 0x21 0x12b67: cmp cl, 0x32 0x12b6a: jb 0x12b74 0x12b6c: mov ah, 9 0x12b6e: lea dx, word ptr [bp + 0x30] 0x12b72: int 0x21 0x12b74: xor ax, ax 0x12b76: push 0x100 0x12b79: ret 0x12b7a: pushf 0x12b7b: push ax

{"DateBased":true,"Day":4,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9048,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:22.95987895Z	204	PC: 12aba \| UNKNOWN!
2018-12-25T12:22:22.964070193Z	53	PC: 12ac7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:22.966204257Z	53	PC: 12ad8 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:22:22.970398292Z	74	PC: 12afd \| Reallocate memory
2018-12-25T12:22:22.972916415Z	72	PC: 12b03 \| Allocate memory
2018-12-25T12:22:22.975731441Z	37	PC: 12b32 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:22.97754014Z	37	PC: 12b3a \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:22:22.979381536Z	42	PC: 12b52 \| Get date 0x12b52: cmp dh, 3 0x12b55: jne 0x12b74 0x12b57: cmp al, 2 0x12b59: je 0x12b63 0x12b5b: cmp al, 4 0x12b5d: je 0x12b63 0x12b5f: cmp al, 6 0x12b61: jne 0x12b74 0x12b63: mov ah, 0x2c 0x12b65: int 0x21 0x12b67: cmp cl, 0x32 0x12b6a: jb 0x12b74 0x12b6c: mov ah, 9 0x12b6e: lea dx, word ptr [bp + 0x30] 0x12b72: int 0x21 0x12b74: xor ax, ax 0x12b76: push 0x100 0x12b79: ret 0x12b7a: pushf 0x12b7b: push ax
2018-12-25T12:22:22.983466743Z	44	PC: 12b67 \| Get time 0x12b67: cmp cl, 0x32 0x12b6a: jb 0x12b74 0x12b6c: mov ah, 9 0x12b6e: lea dx, word ptr [bp + 0x30] 0x12b72: int 0x21 0x12b74: xor ax, ax 0x12b76: push 0x100 0x12b79: ret 0x12b7a: pushf 0x12b7b: push ax 0x12b7c: push cx 0x12b7d: push dx 0x12b7e: push ds 0x12b7f: push es 0x12b80: push si 0x12b81: push di 0x12b82: push cs 0x12b83: pop ds 0x12b84: in al, 0x60 0x12b86: cmp al, 0x1c

{"DateBased":true,"Day":6,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9048,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:22.939019462Z	204	PC: 12aba \| UNKNOWN!
2018-12-25T12:22:22.940550785Z	53	PC: 12ac7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:22.941860391Z	53	PC: 12ad8 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:22:22.943119493Z	74	PC: 12afd \| Reallocate memory
2018-12-25T12:22:22.944918888Z	72	PC: 12b03 \| Allocate memory
2018-12-25T12:22:22.946009065Z	37	PC: 12b32 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:22.946953646Z	37	PC: 12b3a \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:22:22.94820624Z	42	PC: 12b52 \| Get date 0x12b52: cmp dh, 3 0x12b55: jne 0x12b74 0x12b57: cmp al, 2 0x12b59: je 0x12b63 0x12b5b: cmp al, 4 0x12b5d: je 0x12b63 0x12b5f: cmp al, 6 0x12b61: jne 0x12b74 0x12b63: mov ah, 0x2c 0x12b65: int 0x21 0x12b67: cmp cl, 0x32 0x12b6a: jb 0x12b74 0x12b6c: mov ah, 9 0x12b6e: lea dx, word ptr [bp + 0x30] 0x12b72: int 0x21 0x12b74: xor ax, ax 0x12b76: push 0x100 0x12b79: ret 0x12b7a: pushf 0x12b7b: push ax
2018-12-25T12:22:22.950337302Z	44	PC: 12b67 \| Get time 0x12b67: cmp cl, 0x32 0x12b6a: jb 0x12b74 0x12b6c: mov ah, 9 0x12b6e: lea dx, word ptr [bp + 0x30] 0x12b72: int 0x21 0x12b74: xor ax, ax 0x12b76: push 0x100 0x12b79: ret 0x12b7a: pushf 0x12b7b: push ax 0x12b7c: push cx 0x12b7d: push dx 0x12b7e: push ds 0x12b7f: push es 0x12b80: push si 0x12b81: push di 0x12b82: push cs 0x12b83: pop ds 0x12b84: in al, 0x60 0x12b86: cmp al, 0x1c