Sample viewer

vx.netlux.org/Virus.DOS.Timi.2147

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:46:55.628533281Z 73 PC: 13c58 | Release memory
2018-12-17T22:46:55.630854081Z 72 PC: 13c5f | Allocate memory
2018-12-17T22:46:55.633231609Z 74 PC: 13c6c | Reallocate memory
2018-12-17T22:46:55.635101301Z 74 PC: 13c7a | Reallocate memory
2018-12-17T22:46:55.637792958Z 204 PC: 9f411 | UNKNOWN!
2018-12-17T22:46:55.647084255Z 42 PC: 9f455 | Get date 0x9f455: cmp dl, 3
0x9f458: jne 0x9f462
0x9f45a: mov byte ptr cs:[0x79a], 1
0x9f460: jmp 0x9f468
0x9f462: mov byte ptr cs:[0x79a], 0
0x9f468: mov word ptr cs:[0x79b], 0
0x9f46f: mov word ptr cs:[0x786], 0
0x9f476: mov word ptr [0x20], 0x6a5
0x9f47c: mov word ptr [0x22], cs
0x9f480: cmp al, 5
0x9f482: jne 0x9f48e
0x9f484: mov word ptr [0x24], 0x60a
0x9f48a: mov word ptr [0x26], cs
0x9f48e: mov ds, word ptr cs:[0x7ad]
0x9f493: push ds
0x9f494: pop es
0x9f495: cmp byte ptr cs:[0x7ca], 0
0x9f49b: jne 0x9f4bd
0x9f49d: mov ds, word ptr cs:[0x7af]
0x9f4a2: push ds
2018-12-17T22:46:55.649967271Z 9 PC: 12a5c | Display string (Could not find end pointer)
2018-12-17T22:46:55.655995276Z 76 PC: 12a61 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9051,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:23.028055407Z 73 PC: 13c58 | Release memory
2018-12-25T12:22:23.03028923Z 72 PC: 13c5f | Allocate memory
2018-12-25T12:22:23.032107853Z 74 PC: 13c6c | Reallocate memory
2018-12-25T12:22:23.033632094Z 74 PC: 13c7a | Reallocate memory
2018-12-25T12:22:23.036431235Z 204 PC: 9f411 | UNKNOWN!
2018-12-25T12:22:23.037393864Z 42 PC: 9f455 | Get date 0x9f455: cmp dl, 3
0x9f458: jne 0x9f462
0x9f45a: mov byte ptr cs:[0x79a], 1
0x9f460: jmp 0x9f468
0x9f462: mov byte ptr cs:[0x79a], 0
0x9f468: mov word ptr cs:[0x79b], 0
0x9f46f: mov word ptr cs:[0x786], 0
0x9f476: mov word ptr [0x20], 0x6a5
0x9f47c: mov word ptr [0x22], cs
0x9f480: cmp al, 5
0x9f482: jne 0x9f48e
0x9f484: mov word ptr [0x24], 0x60a
0x9f48a: mov word ptr [0x26], cs
0x9f48e: mov ds, word ptr cs:[0x7ad]
0x9f493: push ds
0x9f494: pop es
0x9f495: cmp byte ptr cs:[0x7ca], 0
0x9f49b: jne 0x9f4bd
0x9f49d: mov ds, word ptr cs:[0x7af]
0x9f4a2: push ds
2018-12-25T12:22:23.03959905Z 9 PC: 12a5c | Display string (Could not find end pointer)
2018-12-25T12:22:23.046158011Z 76 PC: 12a61 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9051,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:23.069398339Z 73 PC: 13c58 | Release memory
2018-12-25T12:22:23.071050896Z 72 PC: 13c5f | Allocate memory
2018-12-25T12:22:23.073942148Z 74 PC: 13c6c | Reallocate memory
2018-12-25T12:22:23.075591109Z 74 PC: 13c7a | Reallocate memory
2018-12-25T12:22:23.077924148Z 204 PC: 9f411 | UNKNOWN!
2018-12-25T12:22:23.080152935Z 42 PC: 9f455 | Get date 0x9f455: cmp dl, 3
0x9f458: jne 0x9f462
0x9f45a: mov byte ptr cs:[0x79a], 1
0x9f460: jmp 0x9f468
0x9f462: mov byte ptr cs:[0x79a], 0
0x9f468: mov word ptr cs:[0x79b], 0
0x9f46f: mov word ptr cs:[0x786], 0
0x9f476: mov word ptr [0x20], 0x6a5
0x9f47c: mov word ptr [0x22], cs
0x9f480: cmp al, 5
0x9f482: jne 0x9f48e
0x9f484: mov word ptr [0x24], 0x60a
0x9f48a: mov word ptr [0x26], cs
0x9f48e: mov ds, word ptr cs:[0x7ad]
0x9f493: push ds
0x9f494: pop es
0x9f495: cmp byte ptr cs:[0x7ca], 0
0x9f49b: jne 0x9f4bd
0x9f49d: mov ds, word ptr cs:[0x7af]
0x9f4a2: push ds
2018-12-25T12:22:23.083207484Z 9 PC: 12a5c | Display string (Could not find end pointer)
2018-12-25T12:22:23.089631297Z 76 PC: 12a61 | Terminate with return code (Return code = '0')