Sample viewer

vx.netlux.org/Virus.DOS.DarkMatter.3032

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:47:19.0044782Z	213	PC: 145d7 \| UNKNOWN!
2018-12-17T22:47:19.005916928Z	42	PC: 148e7 \| Get date 0x148e7: cmp al, 5 0x148e9: jne 0x148fd 0x148eb: cmp dl, 0xd 0x148ee: jne 0x148fd 0x148f0: mov di, bp 0x148f2: lea si, word ptr [di + 0x523] 0x148f6: mov cx, 0x1022 0x148f9: push di 0x148fa: jmp 0x14900 0x148fc: nop 0x148fd: jmp 0x14971 0x148ff: nop 0x14900: push es 0x14901: jcxz 0x1496c 0x14903: mov ah, 0xf 0x14905: int 0x10 0x14907: xor ah, ah 0x14909: int 0x10 0x1490b: xor di, di 0x1490d: mov ax, 0xb800
2018-12-17T22:47:19.007490354Z	76	PC: 14595 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9174,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:38.216501407Z	213	PC: 145d7 \| UNKNOWN!
2018-12-25T12:22:38.218001272Z	42	PC: 148e7 \| Get date 0x148e7: cmp al, 5 0x148e9: jne 0x148fd 0x148eb: cmp dl, 0xd 0x148ee: jne 0x148fd 0x148f0: mov di, bp 0x148f2: lea si, word ptr [di + 0x523] 0x148f6: mov cx, 0x1022 0x148f9: push di 0x148fa: jmp 0x14900 0x148fc: nop 0x148fd: jmp 0x14971 0x148ff: nop 0x14900: push es 0x14901: jcxz 0x1496c 0x14903: mov ah, 0xf 0x14905: int 0x10 0x14907: xor ah, ah 0x14909: int 0x10 0x1490b: xor di, di 0x1490d: mov ax, 0xb800
2018-12-25T12:22:38.220371665Z	76	PC: 14595 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9174,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:38.53867216Z	213	PC: 145d7 \| UNKNOWN!
2018-12-25T12:22:38.540096892Z	42	PC: 148e7 \| Get date 0x148e7: cmp al, 5 0x148e9: jne 0x148fd 0x148eb: cmp dl, 0xd 0x148ee: jne 0x148fd 0x148f0: mov di, bp 0x148f2: lea si, word ptr [di + 0x523] 0x148f6: mov cx, 0x1022 0x148f9: push di 0x148fa: jmp 0x14900 0x148fc: nop 0x148fd: jmp 0x14971 0x148ff: nop 0x14900: push es 0x14901: jcxz 0x1496c 0x14903: mov ah, 0xf 0x14905: int 0x10 0x14907: xor ah, ah 0x14909: int 0x10 0x1490b: xor di, di 0x1490d: mov ax, 0xb800
2018-12-25T12:22:38.542201697Z	76	PC: 14595 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9174,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:39.191666073Z	213	PC: 145d7 \| UNKNOWN!
2018-12-25T12:22:39.193227408Z	42	PC: 148e7 \| Get date 0x148e7: cmp al, 5 0x148e9: jne 0x148fd 0x148eb: cmp dl, 0xd 0x148ee: jne 0x148fd 0x148f0: mov di, bp 0x148f2: lea si, word ptr [di + 0x523] 0x148f6: mov cx, 0x1022 0x148f9: push di 0x148fa: jmp 0x14900 0x148fc: nop 0x148fd: jmp 0x14971 0x148ff: nop 0x14900: push es 0x14901: jcxz 0x1496c 0x14903: mov ah, 0xf 0x14905: int 0x10 0x14907: xor ah, ah 0x14909: int 0x10 0x1490b: xor di, di 0x1490d: mov ax, 0xb800

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9174,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:39.257625244Z	213	PC: 145d7 \| UNKNOWN!
2018-12-25T12:22:39.25921691Z	42	PC: 148e7 \| Get date 0x148e7: cmp al, 5 0x148e9: jne 0x148fd 0x148eb: cmp dl, 0xd 0x148ee: jne 0x148fd 0x148f0: mov di, bp 0x148f2: lea si, word ptr [di + 0x523] 0x148f6: mov cx, 0x1022 0x148f9: push di 0x148fa: jmp 0x14900 0x148fc: nop 0x148fd: jmp 0x14971 0x148ff: nop 0x14900: push es 0x14901: jcxz 0x1496c 0x14903: mov ah, 0xf 0x14905: int 0x10 0x14907: xor ah, ah 0x14909: int 0x10 0x1490b: xor di, di 0x1490d: mov ax, 0xb800
2018-12-25T12:22:39.261618699Z	76	PC: 14595 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9174,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:39.62927535Z	213	PC: 145d7 \| UNKNOWN!
2018-12-25T12:22:39.632221498Z	42	PC: 148e7 \| Get date 0x148e7: cmp al, 5 0x148e9: jne 0x148fd 0x148eb: cmp dl, 0xd 0x148ee: jne 0x148fd 0x148f0: mov di, bp 0x148f2: lea si, word ptr [di + 0x523] 0x148f6: mov cx, 0x1022 0x148f9: push di 0x148fa: jmp 0x14900 0x148fc: nop 0x148fd: jmp 0x14971 0x148ff: nop 0x14900: push es 0x14901: jcxz 0x1496c 0x14903: mov ah, 0xf 0x14905: int 0x10 0x14907: xor ah, ah 0x14909: int 0x10 0x1490b: xor di, di 0x1490d: mov ax, 0xb800
2018-12-25T12:22:39.635478653Z	76	PC: 14595 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9174,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:39.697248036Z	213	PC: 145d7 \| UNKNOWN!
2018-12-25T12:22:39.698772834Z	42	PC: 148e7 \| Get date 0x148e7: cmp al, 5 0x148e9: jne 0x148fd 0x148eb: cmp dl, 0xd 0x148ee: jne 0x148fd 0x148f0: mov di, bp 0x148f2: lea si, word ptr [di + 0x523] 0x148f6: mov cx, 0x1022 0x148f9: push di 0x148fa: jmp 0x14900 0x148fc: nop 0x148fd: jmp 0x14971 0x148ff: nop 0x14900: push es 0x14901: jcxz 0x1496c 0x14903: mov ah, 0xf 0x14905: int 0x10 0x14907: xor ah, ah 0x14909: int 0x10 0x1490b: xor di, di 0x1490d: mov ax, 0xb800