Sample viewer

vx.netlux.org/Virus.DOS.Nuker.Entity.1997

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:59:25.457576703Z	53	PC: 12acf \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:59:25.459118071Z	53	PC: 12ade \| Get interrupt vector (Interrupt = '17' AKA 'Find first file')
2018-12-17T22:59:25.460795489Z	74	PC: 12b07 \| Reallocate memory
2018-12-17T22:59:25.46259122Z	72	PC: 12b10 \| Allocate memory
2018-12-17T22:59:25.464605394Z	37	PC: 12b40 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:59:25.467966439Z	37	PC: 12b49 \| Set interrupt vector (Interrupt = '17' AKA 'Find first file')
2018-12-17T22:59:25.4696129Z	42	PC: 12bbe \| Get date 0x12bbe: cmp al, 1 0x12bc0: jne 0x12c17 0x12bc2: mov ah, 0x2c 0x12bc4: int 0x21 0x12bc6: cmp dl, 0 0x12bc9: jne 0x12c17 0x12bcb: push ax 0x12bcc: push ds 0x12bcd: xor ax, ax 0x12bcf: mov ds, ax 0x12bd1: cmp word ptr [0x234], 0x4556 0x12bd7: je 0x12c18 0x12bd9: mov word ptr [0x234], 0x4556 0x12bdf: pop ds 0x12be0: pop ax 0x12be1: call 0x12c1b 0x12be4: lea si, word ptr [bp + 0x41d] 0x12be8: mov cx, 0x2ac 0x12beb: mov ah, 0xe 0x12bed: lodsb al, byte ptr [si]
2018-12-17T22:59:25.472312704Z	44	PC: 12bc6 \| Get time 0x12bc6: cmp dl, 0 0x12bc9: jne 0x12c17 0x12bcb: push ax 0x12bcc: push ds 0x12bcd: xor ax, ax 0x12bcf: mov ds, ax 0x12bd1: cmp word ptr [0x234], 0x4556 0x12bd7: je 0x12c18 0x12bd9: mov word ptr [0x234], 0x4556 0x12bdf: pop ds 0x12be0: pop ax 0x12be1: call 0x12c1b 0x12be4: lea si, word ptr [bp + 0x41d] 0x12be8: mov cx, 0x2ac 0x12beb: mov ah, 0xe 0x12bed: lodsb al, byte ptr [si] 0x12bee: cmp al, 0x20 0x12bf0: je 0x12c02 0x12bf2: cmp al, 0xa 0x12bf4: je 0x12c02

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13211,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:41.059850072Z	53	PC: 12acf \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:41.067380442Z	53	PC: 12ade \| Get interrupt vector (Interrupt = '17' AKA 'Find first file')
2018-12-25T12:37:41.069351759Z	74	PC: 12b07 \| Reallocate memory
2018-12-25T12:37:41.070723018Z	72	PC: 12b10 \| Allocate memory
2018-12-25T12:37:41.073892624Z	37	PC: 12b40 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:41.075642883Z	37	PC: 12b49 \| Set interrupt vector (Interrupt = '17' AKA 'Find first file')
2018-12-25T12:37:41.077676473Z	42	PC: 12bbe \| Get date 0x12bbe: cmp al, 1 0x12bc0: jne 0x12c17 0x12bc2: mov ah, 0x2c 0x12bc4: int 0x21 0x12bc6: cmp dl, 0 0x12bc9: jne 0x12c17 0x12bcb: push ax 0x12bcc: push ds 0x12bcd: xor ax, ax 0x12bcf: mov ds, ax 0x12bd1: cmp word ptr [0x234], 0x4556 0x12bd7: je 0x12c18 0x12bd9: mov word ptr [0x234], 0x4556 0x12bdf: pop ds 0x12be0: pop ax 0x12be1: call 0x12c1b 0x12be4: lea si, word ptr [bp + 0x41d] 0x12be8: mov cx, 0x2ac 0x12beb: mov ah, 0xe 0x12bed: lodsb al, byte ptr [si]

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13211,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:41.064410204Z	53	PC: 12acf \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:41.067273768Z	53	PC: 12ade \| Get interrupt vector (Interrupt = '17' AKA 'Find first file')
2018-12-25T12:37:41.06868025Z	74	PC: 12b07 \| Reallocate memory
2018-12-25T12:37:41.070462543Z	72	PC: 12b10 \| Allocate memory
2018-12-25T12:37:41.072724118Z	37	PC: 12b40 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:41.075838015Z	37	PC: 12b49 \| Set interrupt vector (Interrupt = '17' AKA 'Find first file')
2018-12-25T12:37:41.077200624Z	42	PC: 12bbe \| Get date 0x12bbe: cmp al, 1 0x12bc0: jne 0x12c17 0x12bc2: mov ah, 0x2c 0x12bc4: int 0x21 0x12bc6: cmp dl, 0 0x12bc9: jne 0x12c17 0x12bcb: push ax 0x12bcc: push ds 0x12bcd: xor ax, ax 0x12bcf: mov ds, ax 0x12bd1: cmp word ptr [0x234], 0x4556 0x12bd7: je 0x12c18 0x12bd9: mov word ptr [0x234], 0x4556 0x12bdf: pop ds 0x12be0: pop ax 0x12be1: call 0x12c1b 0x12be4: lea si, word ptr [bp + 0x41d] 0x12be8: mov cx, 0x2ac 0x12beb: mov ah, 0xe 0x12bed: lodsb al, byte ptr [si]
2018-12-25T12:37:41.079072261Z	44	PC: 12bc6 \| Get time 0x12bc6: cmp dl, 0 0x12bc9: jne 0x12c17 0x12bcb: push ax 0x12bcc: push ds 0x12bcd: xor ax, ax 0x12bcf: mov ds, ax 0x12bd1: cmp word ptr [0x234], 0x4556 0x12bd7: je 0x12c18 0x12bd9: mov word ptr [0x234], 0x4556 0x12bdf: pop ds 0x12be0: pop ax 0x12be1: call 0x12c1b 0x12be4: lea si, word ptr [bp + 0x41d] 0x12be8: mov cx, 0x2ac 0x12beb: mov ah, 0xe 0x12bed: lodsb al, byte ptr [si] 0x12bee: cmp al, 0x20 0x12bf0: je 0x12c02 0x12bf2: cmp al, 0xa 0x12bf4: je 0x12c02