Sample viewer

vx.netlux.org/Virus.DOS.Nucleii.1203.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:03:05.872837635Z	26	PC: 12a59 \| Set disk transfer address
2018-12-17T23:03:05.875026918Z	25	PC: 12a5d \| Get default drive
2018-12-17T23:03:05.879133284Z	71	PC: 12a68 \| Get current directory
2018-12-17T23:03:05.886780001Z	59	PC: 12a6f \| Change current directory
2018-12-17T23:03:05.89249057Z	78	PC: 12a79 \| Find first file
2018-12-17T23:03:05.900854014Z	87	PC: 12b5c \| Get or set file date and time
2018-12-17T23:03:05.905206542Z	67	PC: 12b68 \| Get or set file attributes
2018-12-17T23:03:05.907831123Z	59	PC: 12b6f \| Change current directory
2018-12-17T23:03:05.913805618Z	59	PC: 12b76 \| Change current directory
2018-12-17T23:03:05.916393139Z	42	PC: 12b7a \| Get date 0x12b7a: cmp cx, 0x7ce 0x12b7e: jb 0x12ba0 0x12b80: cmp dl, 0xf 0x12b83: jne 0x12ba3 0x12b85: cmp dl, 0x13 0x12b88: je 0x12be0 0x12b8a: cmp dl, 0x1d 0x12b8d: je 0x12bbe 0x12b8f: mov dx, 0x359 0x12b92: mov ah, 0x1a 0x12b94: int 0x21 0x12b96: mov ah, 0x4e 0x12b98: mov cx, 7 0x12b9b: mov dx, 0x313 0x12b9e: jmp 0x12ba6 0x12ba0: call 0x12c2e 0x12ba3: call 0x12c2e 0x12ba6: int 0x21 0x12ba8: jb 0x12ba3 0x12baa: mov ax, 0x4301
2018-12-17T23:03:05.919355726Z	76	PC: 12c33 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14436,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:42.51601443Z	26	PC: 12a59 \| Set disk transfer address
2018-12-25T12:40:42.518461801Z	25	PC: 12a5d \| Get default drive
2018-12-25T12:40:42.519592389Z	71	PC: 12a68 \| Get current directory
2018-12-25T12:40:42.522530391Z	59	PC: 12a6f \| Change current directory
2018-12-25T12:40:42.527513668Z	78	PC: 12a79 \| Find first file
2018-12-25T12:40:42.538006283Z	87	PC: 12b5c \| Get or set file date and time
2018-12-25T12:40:42.539575405Z	67	PC: 12b68 \| Get or set file attributes
2018-12-25T12:40:42.542349964Z	59	PC: 12b6f \| Change current directory
2018-12-25T12:40:42.550980678Z	59	PC: 12b76 \| Change current directory
2018-12-25T12:40:42.553580033Z	42	PC: 12b7a \| Get date 0x12b7a: cmp cx, 0x7ce 0x12b7e: jb 0x12ba0 0x12b80: cmp dl, 0xf 0x12b83: jne 0x12ba3 0x12b85: cmp dl, 0x13 0x12b88: je 0x12be0 0x12b8a: cmp dl, 0x1d 0x12b8d: je 0x12bbe 0x12b8f: mov dx, 0x359 0x12b92: mov ah, 0x1a 0x12b94: int 0x21 0x12b96: mov ah, 0x4e 0x12b98: mov cx, 7 0x12b9b: mov dx, 0x313 0x12b9e: jmp 0x12ba6 0x12ba0: call 0x12c2e 0x12ba3: call 0x12c2e 0x12ba6: int 0x21 0x12ba8: jb 0x12ba3 0x12baa: mov ax, 0x4301
2018-12-25T12:40:42.555838697Z	76	PC: 12c33 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1998,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14436,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:42.870377051Z	26	PC: 12a59 \| Set disk transfer address
2018-12-25T12:40:42.871495244Z	25	PC: 12a5d \| Get default drive
2018-12-25T12:40:42.872754546Z	71	PC: 12a68 \| Get current directory
2018-12-25T12:40:42.875842042Z	59	PC: 12a6f \| Change current directory
2018-12-25T12:40:42.880166188Z	78	PC: 12a79 \| Find first file
2018-12-25T12:40:42.893824549Z	87	PC: 12b5c \| Get or set file date and time
2018-12-25T12:40:42.895625078Z	67	PC: 12b68 \| Get or set file attributes
2018-12-25T12:40:42.898107669Z	59	PC: 12b6f \| Change current directory
2018-12-25T12:40:42.90830206Z	59	PC: 12b76 \| Change current directory
2018-12-25T12:40:42.910558637Z	42	PC: 12b7a \| Get date 0x12b7a: cmp cx, 0x7ce 0x12b7e: jb 0x12ba0 0x12b80: cmp dl, 0xf 0x12b83: jne 0x12ba3 0x12b85: cmp dl, 0x13 0x12b88: je 0x12be0 0x12b8a: cmp dl, 0x1d 0x12b8d: je 0x12bbe 0x12b8f: mov dx, 0x359 0x12b92: mov ah, 0x1a 0x12b94: int 0x21 0x12b96: mov ah, 0x4e 0x12b98: mov cx, 7 0x12b9b: mov dx, 0x313 0x12b9e: jmp 0x12ba6 0x12ba0: call 0x12c2e 0x12ba3: call 0x12c2e 0x12ba6: int 0x21 0x12ba8: jb 0x12ba3 0x12baa: mov ax, 0x4301
2018-12-25T12:40:42.913329675Z	76	PC: 12c33 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":15,"Month":1,"Year":1998,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14436,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:43.086869984Z	26	PC: 12a59 \| Set disk transfer address
2018-12-25T12:40:43.088500878Z	25	PC: 12a5d \| Get default drive
2018-12-25T12:40:43.089812546Z	71	PC: 12a68 \| Get current directory
2018-12-25T12:40:43.092829389Z	59	PC: 12a6f \| Change current directory
2018-12-25T12:40:43.098948729Z	78	PC: 12a79 \| Find first file
2018-12-25T12:40:43.1048748Z	87	PC: 12b5c \| Get or set file date and time
2018-12-25T12:40:43.106588563Z	67	PC: 12b68 \| Get or set file attributes
2018-12-25T12:40:43.109168794Z	59	PC: 12b6f \| Change current directory
2018-12-25T12:40:43.113348893Z	59	PC: 12b76 \| Change current directory
2018-12-25T12:40:43.114987376Z	42	PC: 12b7a \| Get date 0x12b7a: cmp cx, 0x7ce 0x12b7e: jb 0x12ba0 0x12b80: cmp dl, 0xf 0x12b83: jne 0x12ba3 0x12b85: cmp dl, 0x13 0x12b88: je 0x12be0 0x12b8a: cmp dl, 0x1d 0x12b8d: je 0x12bbe 0x12b8f: mov dx, 0x359 0x12b92: mov ah, 0x1a 0x12b94: int 0x21 0x12b96: mov ah, 0x4e 0x12b98: mov cx, 7 0x12b9b: mov dx, 0x313 0x12b9e: jmp 0x12ba6 0x12ba0: call 0x12c2e 0x12ba3: call 0x12c2e 0x12ba6: int 0x21 0x12ba8: jb 0x12ba3 0x12baa: mov ax, 0x4301
2018-12-25T12:40:43.11726171Z	26	PC: 12b96 \| Set disk transfer address
2018-12-25T12:40:43.119085951Z	78	PC: 12ba8 \| Find first file
2018-12-25T12:40:43.124972009Z	67	PC: 12bb1 \| Get or set file attributes
2018-12-25T12:40:43.129353703Z	60	PC: 12bb8 \| Create or truncate file
2018-12-25T12:40:43.158684151Z	79	PC: 12ba8 \| Find next file (See above)
2018-12-25T12:40:43.161367975Z	67	PC: 12bb1 \| Get or set file attributes (See above)
2018-12-25T12:40:43.170920935Z	60	PC: 12bb8 \| Create or truncate file (See above)
2018-12-25T12:40:43.184334212Z	79	PC: 12ba8 \| Find next file (See above)
2018-12-25T12:40:43.187228185Z	67	PC: 12bb1 \| Get or set file attributes (See above)
2018-12-25T12:40:43.197006355Z	60	PC: 12bb8 \| Create or truncate file (See above)
2018-12-25T12:40:43.210358517Z	79	PC: 12ba8 \| Find next file (See above)
2018-12-25T12:40:43.213116533Z	67	PC: 12bb1 \| Get or set file attributes (See above)
2018-12-25T12:40:43.225696416Z	60	PC: 12bb8 \| Create or truncate file (See above)
2018-12-25T12:40:43.241436708Z	79	PC: 12ba8 \| Find next file (See above)
2018-12-25T12:40:43.244046996Z	67	PC: 12bb1 \| Get or set file attributes (See above)
2018-12-25T12:40:43.253624617Z	60	PC: 12bb8 \| Create or truncate file (See above)
2018-12-25T12:40:43.266604992Z	79	PC: 12ba8 \| Find next file (See above)
2018-12-25T12:40:43.269431009Z	67	PC: 12bb1 \| Get or set file attributes (See above)
2018-12-25T12:40:43.279484209Z	60	PC: 12bb8 \| Create or truncate file (See above)
2018-12-25T12:40:43.292179479Z	79	PC: 12ba8 \| Find next file (See above)
2018-12-25T12:40:43.295915594Z	67	PC: 12bb1 \| Get or set file attributes (See above)
2018-12-25T12:40:43.318938997Z	60	PC: 12bb8 \| Create or truncate file (See above)
2018-12-25T12:40:43.331241486Z	79	PC: 12ba8 \| Find next file (See above)
2018-12-25T12:40:43.33543351Z	67	PC: 12bb1 \| Get or set file attributes (See above)
2018-12-25T12:40:43.345725186Z	60	PC: 12bb8 \| Create or truncate file (See above)
2018-12-25T12:40:43.357768377Z	79	PC: 12ba8 \| Find next file (See above)
2018-12-25T12:40:43.361618311Z	67	PC: 12bb1 \| Get or set file attributes (See above)
2018-12-25T12:40:43.370872435Z	60	PC: 12bb8 \| Create or truncate file (See above)
2018-12-25T12:40:43.383295654Z	79	PC: 12ba8 \| Find next file (See above)
2018-12-25T12:40:43.386667937Z	76	PC: 12c33 \| Terminate with return code (Return code = '0')