Sample viewer

vx.netlux.org/Virus.DOS.Nucleii.606.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:05:06.084428975Z	26	PC: 12a59 \| Set disk transfer address
2018-12-17T23:05:06.085869908Z	25	PC: 12a5d \| Get default drive
2018-12-17T23:05:06.091506418Z	71	PC: 12a68 \| Get current directory
2018-12-17T23:05:06.094431993Z	59	PC: 12a6f \| Change current directory
2018-12-17T23:05:06.099112669Z	78	PC: 12a79 \| Find first file
2018-12-17T23:05:06.105208758Z	87	PC: 12b5c \| Get or set file date and time
2018-12-17T23:05:06.106760995Z	67	PC: 12b68 \| Get or set file attributes
2018-12-17T23:05:06.108445597Z	59	PC: 12b6f \| Change current directory
2018-12-17T23:05:06.117558921Z	59	PC: 12b76 \| Change current directory
2018-12-17T23:05:06.119292704Z	42	PC: 12b7a \| Get date 0x12b7a: cmp cx, 0x7ce 0x12b7e: jb 0x12bac 0x12b80: cmp dl, 0xf 0x12b83: jne 0x12bac 0x12b85: mov dx, 0x2ed 0x12b88: mov ah, 0x1a 0x12b8a: int 0x21 0x12b8c: mov ah, 0x4e 0x12b8e: mov cx, 7 0x12b91: mov dx, 0x2a7 0x12b94: int 0x21 0x12b96: jb 0x12bac 0x12b98: mov ax, 0x4301 0x12b9b: xor cx, cx 0x12b9d: int 0x21 0x12b9f: mov dx, 0x30b 0x12ba2: mov ah, 0x3c 0x12ba4: int 0x21 0x12ba6: jb 0x12bac 0x12ba8: mov ah, 0x4f
2018-12-17T23:05:06.121372861Z	76	PC: 12bb1 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15100,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:38.657425475Z	26	PC: 12a59 \| Set disk transfer address
2018-12-25T12:42:38.659141408Z	25	PC: 12a5d \| Get default drive
2018-12-25T12:42:38.660766312Z	71	PC: 12a68 \| Get current directory
2018-12-25T12:42:38.664094544Z	59	PC: 12a6f \| Change current directory
2018-12-25T12:42:38.671772952Z	78	PC: 12a79 \| Find first file
2018-12-25T12:42:38.683384643Z	87	PC: 12b5c \| Get or set file date and time
2018-12-25T12:42:38.685620332Z	67	PC: 12b68 \| Get or set file attributes
2018-12-25T12:42:38.68804032Z	59	PC: 12b6f \| Change current directory
2018-12-25T12:42:38.697749474Z	59	PC: 12b76 \| Change current directory
2018-12-25T12:42:38.699813305Z	42	PC: 12b7a \| Get date 0x12b7a: cmp cx, 0x7ce 0x12b7e: jb 0x12bac 0x12b80: cmp dl, 0xf 0x12b83: jne 0x12bac 0x12b85: mov dx, 0x2ed 0x12b88: mov ah, 0x1a 0x12b8a: int 0x21 0x12b8c: mov ah, 0x4e 0x12b8e: mov cx, 7 0x12b91: mov dx, 0x2a7 0x12b94: int 0x21 0x12b96: jb 0x12bac 0x12b98: mov ax, 0x4301 0x12b9b: xor cx, cx 0x12b9d: int 0x21 0x12b9f: mov dx, 0x30b 0x12ba2: mov ah, 0x3c 0x12ba4: int 0x21 0x12ba6: jb 0x12bac 0x12ba8: mov ah, 0x4f
2018-12-25T12:42:38.702456321Z	76	PC: 12bb1 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1998,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15100,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:38.831388287Z	26	PC: 12a59 \| Set disk transfer address
2018-12-25T12:42:38.833473457Z	25	PC: 12a5d \| Get default drive
2018-12-25T12:42:38.839216292Z	71	PC: 12a68 \| Get current directory
2018-12-25T12:42:38.842013634Z	59	PC: 12a6f \| Change current directory
2018-12-25T12:42:38.846229766Z	78	PC: 12a79 \| Find first file
2018-12-25T12:42:38.852980865Z	87	PC: 12b5c \| Get or set file date and time
2018-12-25T12:42:38.854748107Z	67	PC: 12b68 \| Get or set file attributes
2018-12-25T12:42:38.856752662Z	59	PC: 12b6f \| Change current directory
2018-12-25T12:42:38.861671032Z	59	PC: 12b76 \| Change current directory
2018-12-25T12:42:38.863342761Z	42	PC: 12b7a \| Get date 0x12b7a: cmp cx, 0x7ce 0x12b7e: jb 0x12bac 0x12b80: cmp dl, 0xf 0x12b83: jne 0x12bac 0x12b85: mov dx, 0x2ed 0x12b88: mov ah, 0x1a 0x12b8a: int 0x21 0x12b8c: mov ah, 0x4e 0x12b8e: mov cx, 7 0x12b91: mov dx, 0x2a7 0x12b94: int 0x21 0x12b96: jb 0x12bac 0x12b98: mov ax, 0x4301 0x12b9b: xor cx, cx 0x12b9d: int 0x21 0x12b9f: mov dx, 0x30b 0x12ba2: mov ah, 0x3c 0x12ba4: int 0x21 0x12ba6: jb 0x12bac 0x12ba8: mov ah, 0x4f
2018-12-25T12:42:38.865386611Z	76	PC: 12bb1 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":15,"Month":1,"Year":1998,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15100,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:38.828463285Z	26	PC: 12a59 \| Set disk transfer address
2018-12-25T12:42:38.830326974Z	25	PC: 12a5d \| Get default drive
2018-12-25T12:42:38.831703874Z	71	PC: 12a68 \| Get current directory
2018-12-25T12:42:38.834769309Z	59	PC: 12a6f \| Change current directory
2018-12-25T12:42:38.838987852Z	78	PC: 12a79 \| Find first file
2018-12-25T12:42:38.851207477Z	87	PC: 12b5c \| Get or set file date and time
2018-12-25T12:42:38.852785736Z	67	PC: 12b68 \| Get or set file attributes
2018-12-25T12:42:38.854438453Z	59	PC: 12b6f \| Change current directory
2018-12-25T12:42:38.860348795Z	59	PC: 12b76 \| Change current directory
2018-12-25T12:42:38.862259212Z	42	PC: 12b7a \| Get date 0x12b7a: cmp cx, 0x7ce 0x12b7e: jb 0x12bac 0x12b80: cmp dl, 0xf 0x12b83: jne 0x12bac 0x12b85: mov dx, 0x2ed 0x12b88: mov ah, 0x1a 0x12b8a: int 0x21 0x12b8c: mov ah, 0x4e 0x12b8e: mov cx, 7 0x12b91: mov dx, 0x2a7 0x12b94: int 0x21 0x12b96: jb 0x12bac 0x12b98: mov ax, 0x4301 0x12b9b: xor cx, cx 0x12b9d: int 0x21 0x12b9f: mov dx, 0x30b 0x12ba2: mov ah, 0x3c 0x12ba4: int 0x21 0x12ba6: jb 0x12bac 0x12ba8: mov ah, 0x4f
2018-12-25T12:42:38.8643668Z	26	PC: 12b8c \| Set disk transfer address
2018-12-25T12:42:38.866190318Z	78	PC: 12b96 \| Find first file
2018-12-25T12:42:38.872918283Z	67	PC: 12b9f \| Get or set file attributes
2018-12-25T12:42:38.878219746Z	60	PC: 12ba6 \| Create or truncate file
2018-12-25T12:42:38.898312756Z	79	PC: 12b96 \| Find next file (See above)
2018-12-25T12:42:38.901300815Z	67	PC: 12b9f \| Get or set file attributes (See above)
2018-12-25T12:42:38.912064102Z	60	PC: 12ba6 \| Create or truncate file (See above)
2018-12-25T12:42:38.925884303Z	79	PC: 12b96 \| Find next file (See above)
2018-12-25T12:42:38.929749925Z	67	PC: 12b9f \| Get or set file attributes (See above)
2018-12-25T12:42:38.941003946Z	60	PC: 12ba6 \| Create or truncate file (See above)
2018-12-25T12:42:38.955908615Z	79	PC: 12b96 \| Find next file (See above)
2018-12-25T12:42:38.959559735Z	67	PC: 12b9f \| Get or set file attributes (See above)
2018-12-25T12:42:38.970497524Z	60	PC: 12ba6 \| Create or truncate file (See above)
2018-12-25T12:42:38.984331155Z	79	PC: 12b96 \| Find next file (See above)
2018-12-25T12:42:38.989073404Z	67	PC: 12b9f \| Get or set file attributes (See above)
2018-12-25T12:42:39.000623333Z	60	PC: 12ba6 \| Create or truncate file (See above)
2018-12-25T12:42:39.014360356Z	79	PC: 12b96 \| Find next file (See above)
2018-12-25T12:42:39.017440592Z	67	PC: 12b9f \| Get or set file attributes (See above)
2018-12-25T12:42:39.028644767Z	60	PC: 12ba6 \| Create or truncate file (See above)
2018-12-25T12:42:39.042608401Z	79	PC: 12b96 \| Find next file (See above)
2018-12-25T12:42:39.045560937Z	67	PC: 12b9f \| Get or set file attributes (See above)
2018-12-25T12:42:39.057921089Z	60	PC: 12ba6 \| Create or truncate file (See above)
2018-12-25T12:42:39.071417871Z	79	PC: 12b96 \| Find next file (See above)
2018-12-25T12:42:39.074844636Z	67	PC: 12b9f \| Get or set file attributes (See above)
2018-12-25T12:42:39.081929056Z	60	PC: 12ba6 \| Create or truncate file (See above)
2018-12-25T12:42:39.090447126Z	79	PC: 12b96 \| Find next file (See above)
2018-12-25T12:42:39.09243571Z	67	PC: 12b9f \| Get or set file attributes (See above)
2018-12-25T12:42:39.100051264Z	60	PC: 12ba6 \| Create or truncate file (See above)
2018-12-25T12:42:39.11672255Z	79	PC: 12b96 \| Find next file (See above)
2018-12-25T12:42:39.124551547Z	76	PC: 12bb1 \| Terminate with return code (Return code = '0')