Sample viewer

vx.netlux.org/Virus.DOS.NightKnight

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:54:45.260118285Z	53	PC: 13cef \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:45.262553947Z	53	PC: 13cfb \| Get interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-17T22:54:45.264270326Z	44	PC: 13c4e \| Get time 0x13c4e: cmp ax, 0x6666 0x13c51: je 0x13cbe 0x13c53: mov bx, 0xa0 0x13c56: mov ax, ds 0x13c58: dec ax 0x13c59: mov es, ax 0x13c5b: cmp byte ptr es:[0], 0x5a 0x13c61: je 0x13c95 0x13c63: push bx 0x13c64: mov bx, 0xffff 0x13c67: mov ah, 0x48 0x13c69: int 0x21 0x13c6b: cmp bx, 0xa0 0x13c6f: jb 0x13c75 0x13c71: mov ah, 0x48 0x13c73: int 0x21 0x13c75: pop bx 0x13c76: jb 0x13cbf 0x13c78: dec ax 0x13c79: mov es, ax
2018-12-17T22:54:45.266827427Z	51	PC: 9f378 \| Get or set Ctrl-Break
2018-12-17T22:54:45.269125099Z	42	PC: 9f492 \| Get date 0x9f492: cmp dl, 0xd 0x9f495: je 0x9f4a5 0x9f497: cmp dl, 7 0x9f49a: je 0x9f4a5 0x9f49c: cmp dl, dh 0x9f49e: jne 0x9f4ab 0x9f4a0: cmp dl, 1 0x9f4a3: jbe 0x9f4ab 0x9f4a5: mov byte ptr cs:[0x803], 0xff 0x9f4ab: pop es 0x9f4ac: pop ds 0x9f4ad: mov si, 0x796 0x9f4b0: cmp word ptr cs:[si], 0x4d5a 0x9f4b5: je 0x9f4bf 0x9f4b7: cmp word ptr cs:[si], 0x5a4d 0x9f4bc: je 0x9f4bf 0x9f4be: retf 0x9f4bf: jmp 0x9f51d 0x9f4c1: nop 0x9f4c2: nop
2018-12-17T22:54:45.272298589Z	9	PC: 13bc2 \| Display string (Could not find end pointer)
2018-12-17T22:54:45.277367394Z	76	PC: 13bc8 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11661,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:04.089307492Z	53	PC: 13cef \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:04.090943376Z	53	PC: 13cfb \| Get interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-25T12:31:04.092086423Z	44	PC: 13c4e \| Get time 0x13c4e: cmp ax, 0x6666 0x13c51: je 0x13cbe 0x13c53: mov bx, 0xa0 0x13c56: mov ax, ds 0x13c58: dec ax 0x13c59: mov es, ax 0x13c5b: cmp byte ptr es:[0], 0x5a 0x13c61: je 0x13c95 0x13c63: push bx 0x13c64: mov bx, 0xffff 0x13c67: mov ah, 0x48 0x13c69: int 0x21 0x13c6b: cmp bx, 0xa0 0x13c6f: jb 0x13c75 0x13c71: mov ah, 0x48 0x13c73: int 0x21 0x13c75: pop bx 0x13c76: jb 0x13cbf 0x13c78: dec ax 0x13c79: mov es, ax
2018-12-25T12:31:04.094401258Z	51	PC: 9f378 \| Get or set Ctrl-Break
2018-12-25T12:31:04.096127118Z	42	PC: 9f492 \| Get date 0x9f492: cmp dl, 0xd 0x9f495: je 0x9f4a5 0x9f497: cmp dl, 7 0x9f49a: je 0x9f4a5 0x9f49c: cmp dl, dh 0x9f49e: jne 0x9f4ab 0x9f4a0: cmp dl, 1 0x9f4a3: jbe 0x9f4ab 0x9f4a5: mov byte ptr cs:[0x803], 0xff 0x9f4ab: pop es 0x9f4ac: pop ds 0x9f4ad: mov si, 0x796 0x9f4b0: cmp word ptr cs:[si], 0x4d5a 0x9f4b5: je 0x9f4bf 0x9f4b7: cmp word ptr cs:[si], 0x5a4d 0x9f4bc: je 0x9f4bf 0x9f4be: retf 0x9f4bf: jmp 0x9f51d 0x9f4c1: nop 0x9f4c2: nop
2018-12-25T12:31:04.098482335Z	9	PC: 13bc2 \| Display string (Could not find end pointer)
2018-12-25T12:31:04.103750715Z	76	PC: 13bc8 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11661,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:04.829276354Z	53	PC: 13cef \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:04.831023325Z	53	PC: 13cfb \| Get interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-25T12:31:04.83197397Z	44	PC: 13c4e \| Get time 0x13c4e: cmp ax, 0x6666 0x13c51: je 0x13cbe 0x13c53: mov bx, 0xa0 0x13c56: mov ax, ds 0x13c58: dec ax 0x13c59: mov es, ax 0x13c5b: cmp byte ptr es:[0], 0x5a 0x13c61: je 0x13c95 0x13c63: push bx 0x13c64: mov bx, 0xffff 0x13c67: mov ah, 0x48 0x13c69: int 0x21 0x13c6b: cmp bx, 0xa0 0x13c6f: jb 0x13c75 0x13c71: mov ah, 0x48 0x13c73: int 0x21 0x13c75: pop bx 0x13c76: jb 0x13cbf 0x13c78: dec ax 0x13c79: mov es, ax
2018-12-25T12:31:04.834098913Z	51	PC: 9f378 \| Get or set Ctrl-Break
2018-12-25T12:31:04.847500696Z	42	PC: 9f492 \| Get date 0x9f492: cmp dl, 0xd 0x9f495: je 0x9f4a5 0x9f497: cmp dl, 7 0x9f49a: je 0x9f4a5 0x9f49c: cmp dl, dh 0x9f49e: jne 0x9f4ab 0x9f4a0: cmp dl, 1 0x9f4a3: jbe 0x9f4ab 0x9f4a5: mov byte ptr cs:[0x803], 0xff 0x9f4ab: pop es 0x9f4ac: pop ds 0x9f4ad: mov si, 0x796 0x9f4b0: cmp word ptr cs:[si], 0x4d5a 0x9f4b5: je 0x9f4bf 0x9f4b7: cmp word ptr cs:[si], 0x5a4d 0x9f4bc: je 0x9f4bf 0x9f4be: retf 0x9f4bf: jmp 0x9f51d 0x9f4c1: nop 0x9f4c2: nop
2018-12-25T12:31:04.849798025Z	9	PC: 13bc2 \| Display string (Could not find end pointer)
2018-12-25T12:31:04.855110596Z	76	PC: 13bc8 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11661,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:04.942493503Z	53	PC: 13cef \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:04.944661623Z	53	PC: 13cfb \| Get interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-25T12:31:04.946301533Z	44	PC: 13c4e \| Get time 0x13c4e: cmp ax, 0x6666 0x13c51: je 0x13cbe 0x13c53: mov bx, 0xa0 0x13c56: mov ax, ds 0x13c58: dec ax 0x13c59: mov es, ax 0x13c5b: cmp byte ptr es:[0], 0x5a 0x13c61: je 0x13c95 0x13c63: push bx 0x13c64: mov bx, 0xffff 0x13c67: mov ah, 0x48 0x13c69: int 0x21 0x13c6b: cmp bx, 0xa0 0x13c6f: jb 0x13c75 0x13c71: mov ah, 0x48 0x13c73: int 0x21 0x13c75: pop bx 0x13c76: jb 0x13cbf 0x13c78: dec ax 0x13c79: mov es, ax
2018-12-25T12:31:04.948884764Z	51	PC: 9f378 \| Get or set Ctrl-Break
2018-12-25T12:31:04.958633005Z	42	PC: 9f492 \| Get date 0x9f492: cmp dl, 0xd 0x9f495: je 0x9f4a5 0x9f497: cmp dl, 7 0x9f49a: je 0x9f4a5 0x9f49c: cmp dl, dh 0x9f49e: jne 0x9f4ab 0x9f4a0: cmp dl, 1 0x9f4a3: jbe 0x9f4ab 0x9f4a5: mov byte ptr cs:[0x803], 0xff 0x9f4ab: pop es 0x9f4ac: pop ds 0x9f4ad: mov si, 0x796 0x9f4b0: cmp word ptr cs:[si], 0x4d5a 0x9f4b5: je 0x9f4bf 0x9f4b7: cmp word ptr cs:[si], 0x5a4d 0x9f4bc: je 0x9f4bf 0x9f4be: retf 0x9f4bf: jmp 0x9f51d 0x9f4c1: nop 0x9f4c2: nop
2018-12-25T12:31:04.961262858Z	9	PC: 13bc2 \| Display string (Could not find end pointer)
2018-12-25T12:31:04.967060522Z	76	PC: 13bc8 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11661,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:05.165523743Z	53	PC: 13cef \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:05.17259981Z	53	PC: 13cfb \| Get interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-25T12:31:05.17425574Z	44	PC: 13c4e \| Get time 0x13c4e: cmp ax, 0x6666 0x13c51: je 0x13cbe 0x13c53: mov bx, 0xa0 0x13c56: mov ax, ds 0x13c58: dec ax 0x13c59: mov es, ax 0x13c5b: cmp byte ptr es:[0], 0x5a 0x13c61: je 0x13c95 0x13c63: push bx 0x13c64: mov bx, 0xffff 0x13c67: mov ah, 0x48 0x13c69: int 0x21 0x13c6b: cmp bx, 0xa0 0x13c6f: jb 0x13c75 0x13c71: mov ah, 0x48 0x13c73: int 0x21 0x13c75: pop bx 0x13c76: jb 0x13cbf 0x13c78: dec ax 0x13c79: mov es, ax
2018-12-25T12:31:05.176708739Z	51	PC: 9f378 \| Get or set Ctrl-Break
2018-12-25T12:31:05.179114658Z	42	PC: 9f492 \| Get date 0x9f492: cmp dl, 0xd 0x9f495: je 0x9f4a5 0x9f497: cmp dl, 7 0x9f49a: je 0x9f4a5 0x9f49c: cmp dl, dh 0x9f49e: jne 0x9f4ab 0x9f4a0: cmp dl, 1 0x9f4a3: jbe 0x9f4ab 0x9f4a5: mov byte ptr cs:[0x803], 0xff 0x9f4ab: pop es 0x9f4ac: pop ds 0x9f4ad: mov si, 0x796 0x9f4b0: cmp word ptr cs:[si], 0x4d5a 0x9f4b5: je 0x9f4bf 0x9f4b7: cmp word ptr cs:[si], 0x5a4d 0x9f4bc: je 0x9f4bf 0x9f4be: retf 0x9f4bf: jmp 0x9f51d 0x9f4c1: nop 0x9f4c2: nop
2018-12-25T12:31:05.181840625Z	9	PC: 13bc2 \| Display string (Could not find end pointer)
2018-12-25T12:31:05.187426539Z	76	PC: 13bc8 \| Terminate with return code (Return code = '0')