Sample viewer

vx.netlux.org/Virus.DOS.Nuker.Entity.1986

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:11:39.24575909Z	53	PC: 12a6b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:11:39.250853519Z	53	PC: 12a7a \| Get interrupt vector (Interrupt = '17' AKA 'Find first file')
2018-12-17T23:11:39.252721944Z	74	PC: 12aa3 \| Reallocate memory
2018-12-17T23:11:39.254389981Z	72	PC: 12aac \| Allocate memory
2018-12-17T23:11:39.257321769Z	37	PC: 12adb \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:11:39.258849376Z	37	PC: 12ae3 \| Set interrupt vector (Interrupt = '17' AKA 'Find first file')
2018-12-17T23:11:39.260326192Z	42	PC: 12b58 \| Get date 0x12b58: cmp al, 1 0x12b5a: jne 0x12bb1 0x12b5c: mov ah, 0x2c 0x12b5e: int 0x21 0x12b60: cmp dl, 0 0x12b63: jne 0x12bb1 0x12b65: push ax 0x12b66: push ds 0x12b67: xor ax, ax 0x12b69: mov ds, ax 0x12b6b: cmp word ptr [0x234], 0x4556 0x12b71: je 0x12bb2 0x12b73: mov word ptr [0x234], 0x4556 0x12b79: pop ds 0x12b7a: pop ax 0x12b7b: call 0x12bb5 0x12b7e: lea si, word ptr [bp + 0x414] 0x12b82: mov cx, 0x2ac 0x12b85: mov ah, 0xe 0x12b87: lodsb al, byte ptr [si]
2018-12-17T23:11:39.263769766Z	44	PC: 12b60 \| Get time 0x12b60: cmp dl, 0 0x12b63: jne 0x12bb1 0x12b65: push ax 0x12b66: push ds 0x12b67: xor ax, ax 0x12b69: mov ds, ax 0x12b6b: cmp word ptr [0x234], 0x4556 0x12b71: je 0x12bb2 0x12b73: mov word ptr [0x234], 0x4556 0x12b79: pop ds 0x12b7a: pop ax 0x12b7b: call 0x12bb5 0x12b7e: lea si, word ptr [bp + 0x414] 0x12b82: mov cx, 0x2ac 0x12b85: mov ah, 0xe 0x12b87: lodsb al, byte ptr [si] 0x12b88: cmp al, 0x20 0x12b8a: je 0x12b9c 0x12b8c: cmp al, 0xa 0x12b8e: je 0x12b9c

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17262,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:17.32313264Z	53	PC: 12a6b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:17.324867172Z	53	PC: 12a7a \| Get interrupt vector (Interrupt = '17' AKA 'Find first file')
2018-12-25T12:55:17.326139387Z	74	PC: 12aa3 \| Reallocate memory
2018-12-25T12:55:17.327492262Z	72	PC: 12aac \| Allocate memory
2018-12-25T12:55:17.32935062Z	37	PC: 12adb \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:17.330729149Z	37	PC: 12ae3 \| Set interrupt vector (Interrupt = '17' AKA 'Find first file')
2018-12-25T12:55:17.331923642Z	42	PC: 12b58 \| Get date 0x12b58: cmp al, 1 0x12b5a: jne 0x12bb1 0x12b5c: mov ah, 0x2c 0x12b5e: int 0x21 0x12b60: cmp dl, 0 0x12b63: jne 0x12bb1 0x12b65: push ax 0x12b66: push ds 0x12b67: xor ax, ax 0x12b69: mov ds, ax 0x12b6b: cmp word ptr [0x234], 0x4556 0x12b71: je 0x12bb2 0x12b73: mov word ptr [0x234], 0x4556 0x12b79: pop ds 0x12b7a: pop ax 0x12b7b: call 0x12bb5 0x12b7e: lea si, word ptr [bp + 0x414] 0x12b82: mov cx, 0x2ac 0x12b85: mov ah, 0xe 0x12b87: lodsb al, byte ptr [si]

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17262,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:17.721730426Z	53	PC: 12a6b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:17.723130477Z	53	PC: 12a7a \| Get interrupt vector (Interrupt = '17' AKA 'Find first file')
2018-12-25T12:55:17.72463547Z	74	PC: 12aa3 \| Reallocate memory
2018-12-25T12:55:17.726170624Z	72	PC: 12aac \| Allocate memory
2018-12-25T12:55:17.727902091Z	37	PC: 12adb \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:17.729377117Z	37	PC: 12ae3 \| Set interrupt vector (Interrupt = '17' AKA 'Find first file')
2018-12-25T12:55:17.730608274Z	42	PC: 12b58 \| Get date 0x12b58: cmp al, 1 0x12b5a: jne 0x12bb1 0x12b5c: mov ah, 0x2c 0x12b5e: int 0x21 0x12b60: cmp dl, 0 0x12b63: jne 0x12bb1 0x12b65: push ax 0x12b66: push ds 0x12b67: xor ax, ax 0x12b69: mov ds, ax 0x12b6b: cmp word ptr [0x234], 0x4556 0x12b71: je 0x12bb2 0x12b73: mov word ptr [0x234], 0x4556 0x12b79: pop ds 0x12b7a: pop ax 0x12b7b: call 0x12bb5 0x12b7e: lea si, word ptr [bp + 0x414] 0x12b82: mov cx, 0x2ac 0x12b85: mov ah, 0xe 0x12b87: lodsb al, byte ptr [si]
2018-12-25T12:55:17.732930078Z	44	PC: 12b60 \| Get time 0x12b60: cmp dl, 0 0x12b63: jne 0x12bb1 0x12b65: push ax 0x12b66: push ds 0x12b67: xor ax, ax 0x12b69: mov ds, ax 0x12b6b: cmp word ptr [0x234], 0x4556 0x12b71: je 0x12bb2 0x12b73: mov word ptr [0x234], 0x4556 0x12b79: pop ds 0x12b7a: pop ax 0x12b7b: call 0x12bb5 0x12b7e: lea si, word ptr [bp + 0x414] 0x12b82: mov cx, 0x2ac 0x12b85: mov ah, 0xe 0x12b87: lodsb al, byte ptr [si] 0x12b88: cmp al, 0x20 0x12b8a: je 0x12b9c 0x12b8c: cmp al, 0xa 0x12b8e: je 0x12b9c