Sample viewer

vx.netlux.org/Virus.DOS.BlackFlash.813

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:46:55.844356422Z 127 PC: 14985 | UNKNOWN!
2018-12-17T22:46:55.846030369Z 42 PC: 1499d | Get date 0x1499d: cmp dh, 5
0x149a0: jb 0x1498a
0x149a2: push es
0x149a3: mov ax, es
0x149a5: sub byte ptr es:[2], 0x7f
0x149ab: dec ax
0x149ac: mov es, ax
0x149ae: mov dx, word ptr es:[3]
0x149b3: sub dx, 0x7f
0x149b6: mov word ptr es:[3], dx
0x149bb: mov di, ax
0x149bd: add di, dx
0x149bf: inc di
0x149c0: pop es
0x149c1: mov ax, cs
0x149c3: sub ax, word ptr cs:[si + 0x10]
0x149c7: add ax, word ptr cs:[si + 2]
0x149cb: push ax
0x149cc: push word ptr cs:[si]
0x149cf: push ds
2018-12-17T22:46:55.849326188Z 76 PC: 12b89 | Terminate with return code (Return code = '255')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9054,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:23.49826787Z 127 PC: 14985 | UNKNOWN!
2018-12-25T12:22:23.500073009Z 42 PC: 1499d | Get date 0x1499d: cmp dh, 5
0x149a0: jb 0x1498a
0x149a2: push es
0x149a3: mov ax, es
0x149a5: sub byte ptr es:[2], 0x7f
0x149ab: dec ax
0x149ac: mov es, ax
0x149ae: mov dx, word ptr es:[3]
0x149b3: sub dx, 0x7f
0x149b6: mov word ptr es:[3], dx
0x149bb: mov di, ax
0x149bd: add di, dx
0x149bf: inc di
0x149c0: pop es
0x149c1: mov ax, cs
0x149c3: sub ax, word ptr cs:[si + 0x10]
0x149c7: add ax, word ptr cs:[si + 2]
0x149cb: push ax
0x149cc: push word ptr cs:[si]
0x149cf: push ds
2018-12-25T12:22:23.502862776Z 76 PC: 12b89 | Terminate with return code (Return code = '255')

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9054,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:23.887375743Z 127 PC: 14985 | UNKNOWN!
2018-12-25T12:22:23.889097967Z 42 PC: 1499d | Get date 0x1499d: cmp dh, 5
0x149a0: jb 0x1498a
0x149a2: push es
0x149a3: mov ax, es
0x149a5: sub byte ptr es:[2], 0x7f
0x149ab: dec ax
0x149ac: mov es, ax
0x149ae: mov dx, word ptr es:[3]
0x149b3: sub dx, 0x7f
0x149b6: mov word ptr es:[3], dx
0x149bb: mov di, ax
0x149bd: add di, dx
0x149bf: inc di
0x149c0: pop es
0x149c1: mov ax, cs
0x149c3: sub ax, word ptr cs:[si + 0x10]
0x149c7: add ax, word ptr cs:[si + 2]
0x149cb: push ax
0x149cc: push word ptr cs:[si]
0x149cf: push ds
2018-12-25T12:22:23.892119218Z 76 PC: 12b89 | Terminate with return code (Return code = '255')