Sample viewer

vx.netlux.org/Trojan.DOS.NiceDay

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:19:52.425826597Z	42	PC: 2ed59 \| Get date 0x2ed59: cmp cx, 0x7c6 0x2ed5d: jl 0x2eddb 0x2ed5f: jg 0x2ed6d 0x2ed61: cmp dh, 5 0x2ed64: jl 0x2eddb 0x2ed66: jg 0x2ed6d 0x2ed68: cmp dl, 0x1f 0x2ed6b: jl 0x2eddb 0x2ed6d: mov al, 2 0x2ed6f: mov bx, 0xf000 0x2ed72: mov ds, bx 0x2ed74: mov bx, 0 0x2ed77: mov dx, 0 0x2ed7a: mov cx, 0x52 0x2ed7d: int 0x26 0x2ed7f: pop ax 0x2ed80: mov al, 3 0x2ed82: mov bx, 0xf000 0x2ed85: mov ds, bx 0x2ed87: mov bx, 0
2018-12-17T22:19:52.765183704Z	9	PC: 2edc0 \| Display string (String= '��\|')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3433,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:49:12.820976506Z	42	PC: 2ed59 \| Get date 0x2ed59: cmp cx, 0x7c6 0x2ed5d: jl 0x2eddb 0x2ed5f: jg 0x2ed6d 0x2ed61: cmp dh, 5 0x2ed64: jl 0x2eddb 0x2ed66: jg 0x2ed6d 0x2ed68: cmp dl, 0x1f 0x2ed6b: jl 0x2eddb 0x2ed6d: mov al, 2 0x2ed6f: mov bx, 0xf000 0x2ed72: mov ds, bx 0x2ed74: mov bx, 0 0x2ed77: mov dx, 0 0x2ed7a: mov cx, 0x52 0x2ed7d: int 0x26 0x2ed7f: pop ax 0x2ed80: mov al, 3 0x2ed82: mov bx, 0xf000 0x2ed85: mov ds, bx 0x2ed87: mov bx, 0
2018-12-25T11:49:12.826571208Z	48	PC: 23612 \| Get DOS version
2018-12-25T11:49:12.827977134Z	25	PC: 23624 \| Get default drive
2018-12-25T11:49:12.830300068Z	71	PC: 23635 \| Get current directory
2018-12-25T11:49:12.833440255Z	14	PC: 23669 \| Set default drive (Drive = 'A')
2018-12-25T11:49:12.835037081Z	59	PC: 2368a \| Change current directory
2018-12-25T11:49:12.83759199Z	25	PC: 23c22 \| Get default drive
2018-12-25T11:49:12.838592195Z	71	PC: 23c15 \| Get current directory
2018-12-25T11:49:12.841336492Z	53	PC: 23d7e \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:12.84308441Z	37	PC: 23d92 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:12.844171689Z	61	PC: 344a6 \| Open file (Filename = 'Ye��')
2018-12-25T11:49:12.851564328Z	53	PC: 2a178 \| Get interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break')
2018-12-25T11:49:12.855207961Z	61	PC: 2330e \| Open file (Filename = '')
2018-12-25T11:49:12.862108968Z	14	PC: 236bf \| Set default drive (Drive = 'A')
2018-12-25T11:49:12.863438162Z	59	PC: 236c6 \| Change current directory
2018-12-25T11:49:12.865698398Z	37	PC: 23dab \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:12.872614688Z	9	PC: 2a2d2 \| Display string (Could not find end pointer)
2018-12-25T11:49:12.875327745Z	76	PC: 2a2c5 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3433,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:49:13.055033878Z	42	PC: 2ed59 \| Get date 0x2ed59: cmp cx, 0x7c6 0x2ed5d: jl 0x2eddb 0x2ed5f: jg 0x2ed6d 0x2ed61: cmp dh, 5 0x2ed64: jl 0x2eddb 0x2ed66: jg 0x2ed6d 0x2ed68: cmp dl, 0x1f 0x2ed6b: jl 0x2eddb 0x2ed6d: mov al, 2 0x2ed6f: mov bx, 0xf000 0x2ed72: mov ds, bx 0x2ed74: mov bx, 0 0x2ed77: mov dx, 0 0x2ed7a: mov cx, 0x52 0x2ed7d: int 0x26 0x2ed7f: pop ax 0x2ed80: mov al, 3 0x2ed82: mov bx, 0xf000 0x2ed85: mov ds, bx 0x2ed87: mov bx, 0
2018-12-25T11:49:13.060259571Z	48	PC: 23612 \| Get DOS version
2018-12-25T11:49:13.061306489Z	25	PC: 23624 \| Get default drive
2018-12-25T11:49:13.062930946Z	71	PC: 23635 \| Get current directory
2018-12-25T11:49:13.065603381Z	14	PC: 23669 \| Set default drive (Drive = 'A')
2018-12-25T11:49:13.066727896Z	59	PC: 2368a \| Change current directory
2018-12-25T11:49:13.069254941Z	25	PC: 23c22 \| Get default drive
2018-12-25T11:49:13.070281203Z	71	PC: 23c15 \| Get current directory
2018-12-25T11:49:13.072960806Z	53	PC: 23d7e \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:13.074960462Z	37	PC: 23d92 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:13.075943987Z	61	PC: 344a6 \| Open file (Filename = 'Ye��')
2018-12-25T11:49:13.082747274Z	53	PC: 2a178 \| Get interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break')
2018-12-25T11:49:13.085914994Z	61	PC: 2330e \| Open file (Filename = '')
2018-12-25T11:49:13.09212462Z	14	PC: 236bf \| Set default drive (Drive = 'A')
2018-12-25T11:49:13.093286899Z	59	PC: 236c6 \| Change current directory
2018-12-25T11:49:13.095274038Z	37	PC: 23dab \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:13.103067647Z	9	PC: 2a2d2 \| Display string (Could not find end pointer)
2018-12-25T11:49:13.106524684Z	76	PC: 2a2c5 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":5,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3433,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:49:13.170660707Z	42	PC: 2ed59 \| Get date 0x2ed59: cmp cx, 0x7c6 0x2ed5d: jl 0x2eddb 0x2ed5f: jg 0x2ed6d 0x2ed61: cmp dh, 5 0x2ed64: jl 0x2eddb 0x2ed66: jg 0x2ed6d 0x2ed68: cmp dl, 0x1f 0x2ed6b: jl 0x2eddb 0x2ed6d: mov al, 2 0x2ed6f: mov bx, 0xf000 0x2ed72: mov ds, bx 0x2ed74: mov bx, 0 0x2ed77: mov dx, 0 0x2ed7a: mov cx, 0x52 0x2ed7d: int 0x26 0x2ed7f: pop ax 0x2ed80: mov al, 3 0x2ed82: mov bx, 0xf000 0x2ed85: mov ds, bx 0x2ed87: mov bx, 0
2018-12-25T11:49:13.176920128Z	48	PC: 23612 \| Get DOS version
2018-12-25T11:49:13.178082579Z	25	PC: 23624 \| Get default drive
2018-12-25T11:49:13.179683846Z	71	PC: 23635 \| Get current directory
2018-12-25T11:49:13.182913438Z	14	PC: 23669 \| Set default drive (Drive = 'A')
2018-12-25T11:49:13.184499768Z	59	PC: 2368a \| Change current directory
2018-12-25T11:49:13.187077069Z	25	PC: 23c22 \| Get default drive
2018-12-25T11:49:13.189059058Z	71	PC: 23c15 \| Get current directory
2018-12-25T11:49:13.192169642Z	53	PC: 23d7e \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:13.19420935Z	37	PC: 23d92 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:13.195951169Z	61	PC: 344a6 \| Open file (Filename = 'Ye��')
2018-12-25T11:49:13.204275469Z	53	PC: 2a178 \| Get interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break')
2018-12-25T11:49:13.208653163Z	61	PC: 2330e \| Open file (Filename = '')
2018-12-25T11:49:13.21601704Z	14	PC: 236bf \| Set default drive (Drive = 'A')
2018-12-25T11:49:13.217278999Z	59	PC: 236c6 \| Change current directory
2018-12-25T11:49:13.219349988Z	37	PC: 23dab \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:13.228156037Z	9	PC: 2a2d2 \| Display string (Could not find end pointer)
2018-12-25T11:49:13.230708554Z	76	PC: 2a2c5 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":31,"Month":5,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3433,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:49:13.305022215Z	42	PC: 2ed59 \| Get date 0x2ed59: cmp cx, 0x7c6 0x2ed5d: jl 0x2eddb 0x2ed5f: jg 0x2ed6d 0x2ed61: cmp dh, 5 0x2ed64: jl 0x2eddb 0x2ed66: jg 0x2ed6d 0x2ed68: cmp dl, 0x1f 0x2ed6b: jl 0x2eddb 0x2ed6d: mov al, 2 0x2ed6f: mov bx, 0xf000 0x2ed72: mov ds, bx 0x2ed74: mov bx, 0 0x2ed77: mov dx, 0 0x2ed7a: mov cx, 0x52 0x2ed7d: int 0x26 0x2ed7f: pop ax 0x2ed80: mov al, 3 0x2ed82: mov bx, 0xf000 0x2ed85: mov ds, bx 0x2ed87: mov bx, 0
2018-12-25T11:49:13.655210207Z	9	PC: 2edc0 \| Display string (String= '��\|')

{"DateBased":true,"Day":1,"Month":6,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3433,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:49:13.572937754Z	42	PC: 2ed59 \| Get date 0x2ed59: cmp cx, 0x7c6 0x2ed5d: jl 0x2eddb 0x2ed5f: jg 0x2ed6d 0x2ed61: cmp dh, 5 0x2ed64: jl 0x2eddb 0x2ed66: jg 0x2ed6d 0x2ed68: cmp dl, 0x1f 0x2ed6b: jl 0x2eddb 0x2ed6d: mov al, 2 0x2ed6f: mov bx, 0xf000 0x2ed72: mov ds, bx 0x2ed74: mov bx, 0 0x2ed77: mov dx, 0 0x2ed7a: mov cx, 0x52 0x2ed7d: int 0x26 0x2ed7f: pop ax 0x2ed80: mov al, 3 0x2ed82: mov bx, 0xf000 0x2ed85: mov ds, bx 0x2ed87: mov bx, 0
2018-12-25T11:49:14.276811933Z	9	PC: 2edc0 \| Display string (String= '��\|')

{"DateBased":true,"Day":1,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3433,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:49:13.844695312Z	42	PC: 2ed59 \| Get date 0x2ed59: cmp cx, 0x7c6 0x2ed5d: jl 0x2eddb 0x2ed5f: jg 0x2ed6d 0x2ed61: cmp dh, 5 0x2ed64: jl 0x2eddb 0x2ed66: jg 0x2ed6d 0x2ed68: cmp dl, 0x1f 0x2ed6b: jl 0x2eddb 0x2ed6d: mov al, 2 0x2ed6f: mov bx, 0xf000 0x2ed72: mov ds, bx 0x2ed74: mov bx, 0 0x2ed77: mov dx, 0 0x2ed7a: mov cx, 0x52 0x2ed7d: int 0x26 0x2ed7f: pop ax 0x2ed80: mov al, 3 0x2ed82: mov bx, 0xf000 0x2ed85: mov ds, bx 0x2ed87: mov bx, 0
2018-12-25T11:49:14.277597889Z	9	PC: 2edc0 \| Display string (String= '��\|')