Sample viewer

vx.netlux.org/Virus.DOS.Nucleii.1203.c

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:54:09.083795718Z	26	PC: 12a59 \| Set disk transfer address
2018-12-17T22:54:09.086548217Z	25	PC: 12a5d \| Get default drive
2018-12-17T22:54:09.088447504Z	71	PC: 12a68 \| Get current directory
2018-12-17T22:54:09.092009Z	59	PC: 12a6f \| Change current directory
2018-12-17T22:54:09.097662399Z	78	PC: 12a79 \| Find first file
2018-12-17T22:54:09.105185273Z	87	PC: 12b5c \| Get or set file date and time
2018-12-17T22:54:09.107250021Z	67	PC: 12b68 \| Get or set file attributes
2018-12-17T22:54:09.109569469Z	59	PC: 12b6f \| Change current directory
2018-12-17T22:54:09.11461444Z	59	PC: 12b76 \| Change current directory
2018-12-17T22:54:09.116631928Z	42	PC: 12b7a \| Get date 0x12b7a: cmp cx, 0x7ce 0x12b7e: jb 0x12ba0 0x12b80: cmp dl, 0xf 0x12b83: jne 0x12ba3 0x12b85: cmp dl, 0x13 0x12b88: je 0x12be0 0x12b8a: cmp dl, 0x1d 0x12b8d: je 0x12bbe 0x12b8f: mov dx, 0x362 0x12b92: mov ah, 0x1a 0x12b94: int 0x21 0x12b96: mov ah, 0x4e 0x12b98: mov cx, 7 0x12b9b: mov dx, 0x31c 0x12b9e: jmp 0x12ba6 0x12ba0: call 0x12c37 0x12ba3: call 0x12c37 0x12ba6: int 0x21 0x12ba8: jb 0x12ba3 0x12baa: mov ax, 0x4301
2018-12-17T22:54:09.119240561Z	76	PC: 12c3c \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11459,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:37.790464104Z	26	PC: 12a59 \| Set disk transfer address
2018-12-25T12:30:37.791964804Z	25	PC: 12a5d \| Get default drive
2018-12-25T12:30:37.793029186Z	71	PC: 12a68 \| Get current directory
2018-12-25T12:30:37.795717368Z	59	PC: 12a6f \| Change current directory
2018-12-25T12:30:37.800752926Z	78	PC: 12a79 \| Find first file
2018-12-25T12:30:37.806340515Z	87	PC: 12b5c \| Get or set file date and time
2018-12-25T12:30:37.808138347Z	67	PC: 12b68 \| Get or set file attributes
2018-12-25T12:30:37.80999163Z	59	PC: 12b6f \| Change current directory
2018-12-25T12:30:37.814440013Z	59	PC: 12b76 \| Change current directory
2018-12-25T12:30:37.824530076Z	42	PC: 12b7a \| Get date 0x12b7a: cmp cx, 0x7ce 0x12b7e: jb 0x12ba0 0x12b80: cmp dl, 0xf 0x12b83: jne 0x12ba3 0x12b85: cmp dl, 0x13 0x12b88: je 0x12be0 0x12b8a: cmp dl, 0x1d 0x12b8d: je 0x12bbe 0x12b8f: mov dx, 0x362 0x12b92: mov ah, 0x1a 0x12b94: int 0x21 0x12b96: mov ah, 0x4e 0x12b98: mov cx, 7 0x12b9b: mov dx, 0x31c 0x12b9e: jmp 0x12ba6 0x12ba0: call 0x12c37 0x12ba3: call 0x12c37 0x12ba6: int 0x21 0x12ba8: jb 0x12ba3 0x12baa: mov ax, 0x4301
2018-12-25T12:30:37.826494535Z	76	PC: 12c3c \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1998,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11459,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:37.857440429Z	26	PC: 12a59 \| Set disk transfer address
2018-12-25T12:30:37.858864745Z	25	PC: 12a5d \| Get default drive
2018-12-25T12:30:37.860128484Z	71	PC: 12a68 \| Get current directory
2018-12-25T12:30:37.863033279Z	59	PC: 12a6f \| Change current directory
2018-12-25T12:30:37.867088189Z	78	PC: 12a79 \| Find first file
2018-12-25T12:30:37.877908542Z	87	PC: 12b5c \| Get or set file date and time
2018-12-25T12:30:37.879227488Z	67	PC: 12b68 \| Get or set file attributes
2018-12-25T12:30:37.880765183Z	59	PC: 12b6f \| Change current directory
2018-12-25T12:30:37.889550104Z	59	PC: 12b76 \| Change current directory
2018-12-25T12:30:37.891514131Z	42	PC: 12b7a \| Get date 0x12b7a: cmp cx, 0x7ce 0x12b7e: jb 0x12ba0 0x12b80: cmp dl, 0xf 0x12b83: jne 0x12ba3 0x12b85: cmp dl, 0x13 0x12b88: je 0x12be0 0x12b8a: cmp dl, 0x1d 0x12b8d: je 0x12bbe 0x12b8f: mov dx, 0x362 0x12b92: mov ah, 0x1a 0x12b94: int 0x21 0x12b96: mov ah, 0x4e 0x12b98: mov cx, 7 0x12b9b: mov dx, 0x31c 0x12b9e: jmp 0x12ba6 0x12ba0: call 0x12c37 0x12ba3: call 0x12c37 0x12ba6: int 0x21 0x12ba8: jb 0x12ba3 0x12baa: mov ax, 0x4301
2018-12-25T12:30:37.893481026Z	76	PC: 12c3c \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":15,"Month":1,"Year":1998,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11459,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:37.911298746Z	26	PC: 12a59 \| Set disk transfer address
2018-12-25T12:30:37.912905101Z	25	PC: 12a5d \| Get default drive
2018-12-25T12:30:37.913875335Z	71	PC: 12a68 \| Get current directory
2018-12-25T12:30:37.915909432Z	59	PC: 12a6f \| Change current directory
2018-12-25T12:30:37.920084373Z	78	PC: 12a79 \| Find first file
2018-12-25T12:30:37.924336561Z	87	PC: 12b5c \| Get or set file date and time
2018-12-25T12:30:37.92626311Z	67	PC: 12b68 \| Get or set file attributes
2018-12-25T12:30:37.928670282Z	59	PC: 12b6f \| Change current directory
2018-12-25T12:30:37.932572279Z	59	PC: 12b76 \| Change current directory
2018-12-25T12:30:37.934141378Z	42	PC: 12b7a \| Get date 0x12b7a: cmp cx, 0x7ce 0x12b7e: jb 0x12ba0 0x12b80: cmp dl, 0xf 0x12b83: jne 0x12ba3 0x12b85: cmp dl, 0x13 0x12b88: je 0x12be0 0x12b8a: cmp dl, 0x1d 0x12b8d: je 0x12bbe 0x12b8f: mov dx, 0x362 0x12b92: mov ah, 0x1a 0x12b94: int 0x21 0x12b96: mov ah, 0x4e 0x12b98: mov cx, 7 0x12b9b: mov dx, 0x31c 0x12b9e: jmp 0x12ba6 0x12ba0: call 0x12c37 0x12ba3: call 0x12c37 0x12ba6: int 0x21 0x12ba8: jb 0x12ba3 0x12baa: mov ax, 0x4301
2018-12-25T12:30:37.936531024Z	26	PC: 12b96 \| Set disk transfer address
2018-12-25T12:30:37.937497043Z	78	PC: 12ba8 \| Find first file
2018-12-25T12:30:37.947919309Z	67	PC: 12bb1 \| Get or set file attributes
2018-12-25T12:30:37.95734304Z	60	PC: 12bb8 \| Create or truncate file
2018-12-25T12:30:39.946648321Z	79	PC: 12ba8 \| Find next file (See above)
2018-12-25T12:30:39.949385168Z	67	PC: 12bb1 \| Get or set file attributes (See above)
2018-12-25T12:30:40.024064687Z	60	PC: 12bb8 \| Create or truncate file (See above)
2018-12-25T12:30:40.099621674Z	79	PC: 12ba8 \| Find next file (See above)
2018-12-25T12:30:40.102359321Z	67	PC: 12bb1 \| Get or set file attributes (See above)
2018-12-25T12:30:40.211722092Z	60	PC: 12bb8 \| Create or truncate file (See above)
2018-12-25T12:30:40.25946098Z	79	PC: 12ba8 \| Find next file (See above)
2018-12-25T12:30:40.262366733Z	67	PC: 12bb1 \| Get or set file attributes (See above)
2018-12-25T12:30:40.338560608Z	60	PC: 12bb8 \| Create or truncate file (See above)
2018-12-25T12:30:40.392024667Z	79	PC: 12ba8 \| Find next file (See above)
2018-12-25T12:30:40.394961321Z	67	PC: 12bb1 \| Get or set file attributes (See above)
2018-12-25T12:30:40.506438085Z	60	PC: 12bb8 \| Create or truncate file (See above)
2018-12-25T12:30:40.620709161Z	79	PC: 12ba8 \| Find next file (See above)
2018-12-25T12:30:40.62336944Z	67	PC: 12bb1 \| Get or set file attributes (See above)
2018-12-25T12:30:40.743883108Z	60	PC: 12bb8 \| Create or truncate file (See above)
2018-12-25T12:30:40.81872179Z	79	PC: 12ba8 \| Find next file (See above)
2018-12-25T12:30:40.821587003Z	67	PC: 12bb1 \| Get or set file attributes (See above)
2018-12-25T12:30:40.831312562Z	60	PC: 12bb8 \| Create or truncate file (See above)
2018-12-25T12:30:40.844118063Z	79	PC: 12ba8 \| Find next file (See above)
2018-12-25T12:30:40.846832957Z	67	PC: 12bb1 \| Get or set file attributes (See above)
2018-12-25T12:30:40.856427752Z	60	PC: 12bb8 \| Create or truncate file (See above)
2018-12-25T12:30:40.870859918Z	79	PC: 12ba8 \| Find next file (See above)
2018-12-25T12:30:40.874144716Z	67	PC: 12bb1 \| Get or set file attributes (See above)
2018-12-25T12:30:40.883830894Z	60	PC: 12bb8 \| Create or truncate file (See above)
2018-12-25T12:30:40.8955199Z	79	PC: 12ba8 \| Find next file (See above)
2018-12-25T12:30:40.898579617Z	76	PC: 12c3c \| Terminate with return code (Return code = '0')