Sample viewer

vx.netlux.org/Virus.DOS.Nuke.Pox.630

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:52:26.089888186Z 171 PC: 135d6 | UNKNOWN!
2018-12-17T21:52:26.091450368Z 44 PC: 135e5 | Get time 0x135e5: cmp dh, 0
0x135e8: je 0x135e1
0x135ea: mov byte ptr ds:[bp + 0x2b3], dh
0x135ef: call 0x13771
0x135f2: mov cx, es
0x135f4: mov ax, 0x3521
0x135f7: int 0x21
0x135f9: mov word ptr cs:[bp + 0x1de], es
0x135fe: mov word ptr cs:[bp + 0x1dc], bx
0x13603: dec cx
0x13604: mov es, cx
0x13606: mov bx, word ptr es:[3]
0x1360b: mov dx, 0x276
0x1360e: mov cl, 4
0x13610: shr dx, cl
0x13612: add dx, 4
0x13615: mov cx, es
0x13617: sub bx, dx
0x13619: inc cx
0x1361a: mov es, cx
2018-12-17T21:52:26.093735816Z 53 PC: 135f9 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:52:26.094780371Z 74 PC: 13620 | Reallocate memory
2018-12-17T21:52:26.096409108Z 72 PC: 13629 | Allocate memory
2018-12-17T21:52:26.097964338Z 37 PC: 13654 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:52:26.099021496Z 44 PC: 1365a | Get time 0x1365a: cmp ch, 0x15
0x1365d: jb 0x1366f
0x1365f: call 0x13771
0x13662: mov ah, 9
0x13664: lea dx, word ptr [bp + 0x2ca]
0x13668: int 0x21
0x1366a: call 0x13771
0x1366d: jmp 0x1366d
0x1366f: cmp ch, 0
0x13672: jne 0x13682
0x13674: call 0x13771
0x13677: mov ah, 9
0x13679: lea dx, word ptr [bp + 0x35f]
0x1367d: int 0x21
0x1367f: call 0x13771
0x13682: lea si, word ptr [bp + 0x2b0]
0x13686: mov di, 0x100
0x13689: movsw word ptr es:[di], word ptr [si]
0x1368a: movsb byte ptr es:[di], byte ptr [si]
0x1368b: pop ds
2018-12-17T21:52:26.101626969Z 9 PC: 1367f | Display string (Could not find end pointer)
2018-12-17T21:52:26.12515226Z 171 PC: 135d6 | UNKNOWN!
2018-12-17T21:52:26.126805367Z 44 PC: 1365a | Get time 0x1365a: cmp ch, 0x15
0x1365d: jb 0x1366f
0x1365f: call 0x13771
0x13662: mov ah, 9
0x13664: lea dx, word ptr [bp + 0x2ca]
0x13668: int 0x21
0x1366a: call 0x13771
0x1366d: jmp 0x1366d
0x1366f: cmp ch, 0
0x13672: jne 0x13682
0x13674: call 0x13771
0x13677: mov ah, 9
0x13679: lea dx, word ptr [bp + 0x35f]
0x1367d: int 0x21
0x1367f: call 0x13771
0x13682: lea si, word ptr [bp + 0x2b0]
0x13686: mov di, 0x100
0x13689: movsw word ptr es:[di], word ptr [si]
0x1368a: movsb byte ptr es:[di], byte ptr [si]
0x1368b: pop ds
2018-12-17T21:52:26.130326007Z 9 PC: 1367f | Display string (String= ' Admiral bailey [YAM] ')
2018-12-17T21:52:26.148201257Z 74 PC: 12da1 | Reallocate memory
2018-12-17T21:52:26.155590598Z 9 PC: 1342f | Display string (String= 'F1 Del row F2 Ins row F3 Dup row F4 Save ')
2018-12-17T21:52:26.159587397Z 9 PC: 1342f | Display string (String= 'F5 Copy template char. Tab = select edit/char box Use: arrow keys or mouse Hold Shift key or mouse button to drag. Esc to exit Rows displayed = Left button = pixel on Right button = pixel off Space bar = toggle pixel')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":244,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:23.849362669Z 171 PC: 135d6 | UNKNOWN!
2018-12-25T11:40:23.850656705Z 44 PC: 135e5 | Get time 0x135e5: cmp dh, 0
0x135e8: je 0x135e1
0x135ea: mov byte ptr ds:[bp + 0x2b3], dh
0x135ef: call 0x13771
0x135f2: mov cx, es
0x135f4: mov ax, 0x3521
0x135f7: int 0x21
0x135f9: mov word ptr cs:[bp + 0x1de], es
0x135fe: mov word ptr cs:[bp + 0x1dc], bx
0x13603: dec cx
0x13604: mov es, cx
0x13606: mov bx, word ptr es:[3]
0x1360b: mov dx, 0x276
0x1360e: mov cl, 4
0x13610: shr dx, cl
0x13612: add dx, 4
0x13615: mov cx, es
0x13617: sub bx, dx
0x13619: inc cx
0x1361a: mov es, cx
2018-12-25T11:40:23.852260261Z 53 PC: 135f9 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:23.853133437Z 74 PC: 13620 | Reallocate memory
2018-12-25T11:40:23.854460293Z 72 PC: 13629 | Allocate memory
2018-12-25T11:40:23.855695859Z 37 PC: 13654 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:23.856661737Z 44 PC: 1365a | Get time 0x1365a: cmp ch, 0x15
0x1365d: jb 0x1366f
0x1365f: call 0x13771
0x13662: mov ah, 9
0x13664: lea dx, word ptr [bp + 0x2ca]
0x13668: int 0x21
0x1366a: call 0x13771
0x1366d: jmp 0x1366d
0x1366f: cmp ch, 0
0x13672: jne 0x13682
0x13674: call 0x13771
0x13677: mov ah, 9
0x13679: lea dx, word ptr [bp + 0x35f]
0x1367d: int 0x21
0x1367f: call 0x13771
0x13682: lea si, word ptr [bp + 0x2b0]
0x13686: mov di, 0x100
0x13689: movsw word ptr es:[di], word ptr [si]
0x1368a: movsb byte ptr es:[di], byte ptr [si]
0x1368b: pop ds
2018-12-25T11:40:23.859118134Z 9 PC: 1367f | Display string (Could not find end pointer)
2018-12-25T11:40:23.864515921Z 171 PC: 135d6 | UNKNOWN! (See above)
2018-12-25T11:40:23.865127639Z 44 PC: 1365a | Get time (See above)
2018-12-25T11:40:23.867575528Z 9 PC: 1367f | Display string (See above)
2018-12-25T11:40:23.87396669Z 74 PC: 12da1 | Reallocate memory
2018-12-25T11:40:23.879734958Z 9 PC: 1342f | Display string (String= 'F1 Del row F2 Ins row F3 Dup row F4 Save ')
2018-12-25T11:40:23.882197546Z 9 PC: 1342f | Display string (See above)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":244,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:23.958974929Z 171 PC: 135d6 | UNKNOWN!
2018-12-25T11:40:23.960691558Z 44 PC: 135e5 | Get time 0x135e5: cmp dh, 0
0x135e8: je 0x135e1
0x135ea: mov byte ptr ds:[bp + 0x2b3], dh
0x135ef: call 0x13771
0x135f2: mov cx, es
0x135f4: mov ax, 0x3521
0x135f7: int 0x21
0x135f9: mov word ptr cs:[bp + 0x1de], es
0x135fe: mov word ptr cs:[bp + 0x1dc], bx
0x13603: dec cx
0x13604: mov es, cx
0x13606: mov bx, word ptr es:[3]
0x1360b: mov dx, 0x276
0x1360e: mov cl, 4
0x13610: shr dx, cl
0x13612: add dx, 4
0x13615: mov cx, es
0x13617: sub bx, dx
0x13619: inc cx
0x1361a: mov es, cx
2018-12-25T11:40:23.963206888Z 53 PC: 135f9 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:23.964298578Z 74 PC: 13620 | Reallocate memory
2018-12-25T11:40:23.966361493Z 72 PC: 13629 | Allocate memory
2018-12-25T11:40:23.968240159Z 37 PC: 13654 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:23.969766247Z 44 PC: 1365a | Get time 0x1365a: cmp ch, 0x15
0x1365d: jb 0x1366f
0x1365f: call 0x13771
0x13662: mov ah, 9
0x13664: lea dx, word ptr [bp + 0x2ca]
0x13668: int 0x21
0x1366a: call 0x13771
0x1366d: jmp 0x1366d
0x1366f: cmp ch, 0
0x13672: jne 0x13682
0x13674: call 0x13771
0x13677: mov ah, 9
0x13679: lea dx, word ptr [bp + 0x35f]
0x1367d: int 0x21
0x1367f: call 0x13771
0x13682: lea si, word ptr [bp + 0x2b0]
0x13686: mov di, 0x100
0x13689: movsw word ptr es:[di], word ptr [si]
0x1368a: movsb byte ptr es:[di], byte ptr [si]
0x1368b: pop ds
2018-12-25T11:40:23.972558281Z 9 PC: 1367f | Display string (Could not find end pointer)
2018-12-25T11:40:23.97895075Z 171 PC: 135d6 | UNKNOWN! (See above)
2018-12-25T11:40:23.980051008Z 44 PC: 1365a | Get time (See above)
2018-12-25T11:40:23.982411582Z 9 PC: 1367f | Display string (See above)
2018-12-25T11:40:23.990797844Z 74 PC: 12da1 | Reallocate memory
2018-12-25T11:40:23.997357097Z 9 PC: 1342f | Display string (String= 'F1 Del row F2 Ins row F3 Dup row F4 Save ')
2018-12-25T11:40:23.999898866Z 9 PC: 1342f | Display string (See above)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":244,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:24.10475516Z 171 PC: 135d6 | UNKNOWN!
2018-12-25T11:40:24.106008228Z 44 PC: 135e5 | Get time 0x135e5: cmp dh, 0
0x135e8: je 0x135e1
0x135ea: mov byte ptr ds:[bp + 0x2b3], dh
0x135ef: call 0x13771
0x135f2: mov cx, es
0x135f4: mov ax, 0x3521
0x135f7: int 0x21
0x135f9: mov word ptr cs:[bp + 0x1de], es
0x135fe: mov word ptr cs:[bp + 0x1dc], bx
0x13603: dec cx
0x13604: mov es, cx
0x13606: mov bx, word ptr es:[3]
0x1360b: mov dx, 0x276
0x1360e: mov cl, 4
0x13610: shr dx, cl
0x13612: add dx, 4
0x13615: mov cx, es
0x13617: sub bx, dx
0x13619: inc cx
0x1361a: mov es, cx
2018-12-25T11:40:24.108054905Z 53 PC: 135f9 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:24.109052206Z 74 PC: 13620 | Reallocate memory
2018-12-25T11:40:24.110666928Z 72 PC: 13629 | Allocate memory
2018-12-25T11:40:24.112011374Z 37 PC: 13654 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:24.112966932Z 44 PC: 1365a | Get time 0x1365a: cmp ch, 0x15
0x1365d: jb 0x1366f
0x1365f: call 0x13771
0x13662: mov ah, 9
0x13664: lea dx, word ptr [bp + 0x2ca]
0x13668: int 0x21
0x1366a: call 0x13771
0x1366d: jmp 0x1366d
0x1366f: cmp ch, 0
0x13672: jne 0x13682
0x13674: call 0x13771
0x13677: mov ah, 9
0x13679: lea dx, word ptr [bp + 0x35f]
0x1367d: int 0x21
0x1367f: call 0x13771
0x13682: lea si, word ptr [bp + 0x2b0]
0x13686: mov di, 0x100
0x13689: movsw word ptr es:[di], word ptr [si]
0x1368a: movsb byte ptr es:[di], byte ptr [si]
0x1368b: pop ds
2018-12-25T11:40:24.115446212Z 9 PC: 1367f | Display string (Could not find end pointer)
2018-12-25T11:40:24.120465041Z 171 PC: 135d6 | UNKNOWN! (See above)
2018-12-25T11:40:24.120903791Z 44 PC: 1365a | Get time (See above)
2018-12-25T11:40:24.12326324Z 9 PC: 1367f | Display string (See above)
2018-12-25T11:40:24.130196401Z 74 PC: 12da1 | Reallocate memory
2018-12-25T11:40:24.135877762Z 9 PC: 1342f | Display string (String= 'F1 Del row F2 Ins row F3 Dup row F4 Save ')
2018-12-25T11:40:24.138410746Z 9 PC: 1342f | Display string (See above)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":244,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:24.164963854Z 171 PC: 135d6 | UNKNOWN!
2018-12-25T11:40:24.165991183Z 44 PC: 135e5 | Get time 0x135e5: cmp dh, 0
0x135e8: je 0x135e1
0x135ea: mov byte ptr ds:[bp + 0x2b3], dh
0x135ef: call 0x13771
0x135f2: mov cx, es
0x135f4: mov ax, 0x3521
0x135f7: int 0x21
0x135f9: mov word ptr cs:[bp + 0x1de], es
0x135fe: mov word ptr cs:[bp + 0x1dc], bx
0x13603: dec cx
0x13604: mov es, cx
0x13606: mov bx, word ptr es:[3]
0x1360b: mov dx, 0x276
0x1360e: mov cl, 4
0x13610: shr dx, cl
0x13612: add dx, 4
0x13615: mov cx, es
0x13617: sub bx, dx
0x13619: inc cx
0x1361a: mov es, cx
2018-12-25T11:40:24.167822006Z 53 PC: 135f9 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:24.16890151Z 74 PC: 13620 | Reallocate memory
2018-12-25T11:40:24.170830421Z 72 PC: 13629 | Allocate memory
2018-12-25T11:40:24.171910846Z 37 PC: 13654 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:24.172794151Z 44 PC: 1365a | Get time 0x1365a: cmp ch, 0x15
0x1365d: jb 0x1366f
0x1365f: call 0x13771
0x13662: mov ah, 9
0x13664: lea dx, word ptr [bp + 0x2ca]
0x13668: int 0x21
0x1366a: call 0x13771
0x1366d: jmp 0x1366d
0x1366f: cmp ch, 0
0x13672: jne 0x13682
0x13674: call 0x13771
0x13677: mov ah, 9
0x13679: lea dx, word ptr [bp + 0x35f]
0x1367d: int 0x21
0x1367f: call 0x13771
0x13682: lea si, word ptr [bp + 0x2b0]
0x13686: mov di, 0x100
0x13689: movsw word ptr es:[di], word ptr [si]
0x1368a: movsb byte ptr es:[di], byte ptr [si]
0x1368b: pop ds
2018-12-25T11:40:24.174510945Z 171 PC: 135d6 | UNKNOWN! (See above)
2018-12-25T11:40:24.17528902Z 44 PC: 1365a | Get time (See above)
2018-12-25T11:40:24.176909531Z 74 PC: 12da1 | Reallocate memory
2018-12-25T11:40:24.180657357Z 9 PC: 1342f | Display string (String= 'F1 Del row F2 Ins row F3 Dup row F4 Save ')
2018-12-25T11:40:24.183320518Z 9 PC: 1342f | Display string (See above)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":21,"Min":0,"Second":0,"TimeBased":true,"OriginalID":244,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:24.289177492Z 171 PC: 135d6 | UNKNOWN!
2018-12-25T11:40:24.291066612Z 44 PC: 135e5 | Get time 0x135e5: cmp dh, 0
0x135e8: je 0x135e1
0x135ea: mov byte ptr ds:[bp + 0x2b3], dh
0x135ef: call 0x13771
0x135f2: mov cx, es
0x135f4: mov ax, 0x3521
0x135f7: int 0x21
0x135f9: mov word ptr cs:[bp + 0x1de], es
0x135fe: mov word ptr cs:[bp + 0x1dc], bx
0x13603: dec cx
0x13604: mov es, cx
0x13606: mov bx, word ptr es:[3]
0x1360b: mov dx, 0x276
0x1360e: mov cl, 4
0x13610: shr dx, cl
0x13612: add dx, 4
0x13615: mov cx, es
0x13617: sub bx, dx
0x13619: inc cx
0x1361a: mov es, cx
2018-12-25T11:40:24.293235004Z 53 PC: 135f9 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:24.294266843Z 74 PC: 13620 | Reallocate memory
2018-12-25T11:40:24.296040771Z 72 PC: 13629 | Allocate memory
2018-12-25T11:40:24.297458047Z 37 PC: 13654 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:24.298517161Z 44 PC: 1365a | Get time 0x1365a: cmp ch, 0x15
0x1365d: jb 0x1366f
0x1365f: call 0x13771
0x13662: mov ah, 9
0x13664: lea dx, word ptr [bp + 0x2ca]
0x13668: int 0x21
0x1366a: call 0x13771
0x1366d: jmp 0x1366d
0x1366f: cmp ch, 0
0x13672: jne 0x13682
0x13674: call 0x13771
0x13677: mov ah, 9
0x13679: lea dx, word ptr [bp + 0x35f]
0x1367d: int 0x21
0x1367f: call 0x13771
0x13682: lea si, word ptr [bp + 0x2b0]
0x13686: mov di, 0x100
0x13689: movsw word ptr es:[di], word ptr [si]
0x1368a: movsb byte ptr es:[di], byte ptr [si]
0x1368b: pop ds
2018-12-25T11:40:24.30111384Z 9 PC: 1366a | Display string (Could not find end pointer)