Sample viewer

vx.netlux.org/Virus.DOS.Nuker.Trance.1677

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:41:43.132931414Z	48	PC: 12a5b \| Get DOS version
2018-12-17T22:41:43.135244795Z	42	PC: 12ade \| Get date 0x12ade: cmp al, 1 0x12ae0: jne 0x12af6 0x12ae2: cmp dl, 1 0x12ae5: jne 0x12af6 0x12ae7: mov bx, 0x6e1 0x12aea: sub ax, ax 0x12aec: mov ds, ax 0x12aee: mov di, 0x70 0x12af1: mov word ptr [di + 2], es 0x12af4: mov word ptr [di], bx 0x12af6: sub byte ptr [0x413], 4 0x12afb: push cs 0x12afc: pop ds 0x12afd: push ds 0x12afe: pop es 0x12aff: cld 0x12b00: lea si, word ptr [bp + 0x1e4] 0x12b04: mov di, 0x100 0x12b07: movsw word ptr es:[di], word ptr [si] 0x12b08: movsb byte ptr es:[di], byte ptr [si]

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7310,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:21.175808753Z	48	PC: 12a5b \| Get DOS version
2018-12-25T12:01:21.178742417Z	42	PC: 12ade \| Get date 0x12ade: cmp al, 1 0x12ae0: jne 0x12af6 0x12ae2: cmp dl, 1 0x12ae5: jne 0x12af6 0x12ae7: mov bx, 0x6e1 0x12aea: sub ax, ax 0x12aec: mov ds, ax 0x12aee: mov di, 0x70 0x12af1: mov word ptr [di + 2], es 0x12af4: mov word ptr [di], bx 0x12af6: sub byte ptr [0x413], 4 0x12afb: push cs 0x12afc: pop ds 0x12afd: push ds 0x12afe: pop es 0x12aff: cld 0x12b00: lea si, word ptr [bp + 0x1e4] 0x12b04: mov di, 0x100 0x12b07: movsw word ptr es:[di], word ptr [si] 0x12b08: movsb byte ptr es:[di], byte ptr [si]

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7310,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:21.197557989Z	48	PC: 12a5b \| Get DOS version
2018-12-25T12:01:21.199936885Z	42	PC: 12ade \| Get date 0x12ade: cmp al, 1 0x12ae0: jne 0x12af6 0x12ae2: cmp dl, 1 0x12ae5: jne 0x12af6 0x12ae7: mov bx, 0x6e1 0x12aea: sub ax, ax 0x12aec: mov ds, ax 0x12aee: mov di, 0x70 0x12af1: mov word ptr [di + 2], es 0x12af4: mov word ptr [di], bx 0x12af6: sub byte ptr [0x413], 4 0x12afb: push cs 0x12afc: pop ds 0x12afd: push ds 0x12afe: pop es 0x12aff: cld 0x12b00: lea si, word ptr [bp + 0x1e4] 0x12b04: mov di, 0x100 0x12b07: movsw word ptr es:[di], word ptr [si] 0x12b08: movsb byte ptr es:[di], byte ptr [si]

{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7310,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:22.024199515Z	48	PC: 12a5b \| Get DOS version
2018-12-25T12:01:22.025823337Z	42	PC: 12ade \| Get date 0x12ade: cmp al, 1 0x12ae0: jne 0x12af6 0x12ae2: cmp dl, 1 0x12ae5: jne 0x12af6 0x12ae7: mov bx, 0x6e1 0x12aea: sub ax, ax 0x12aec: mov ds, ax 0x12aee: mov di, 0x70 0x12af1: mov word ptr [di + 2], es 0x12af4: mov word ptr [di], bx 0x12af6: sub byte ptr [0x413], 4 0x12afb: push cs 0x12afc: pop ds 0x12afd: push ds 0x12afe: pop es 0x12aff: cld 0x12b00: lea si, word ptr [bp + 0x1e4] 0x12b04: mov di, 0x100 0x12b07: movsw word ptr es:[di], word ptr [si] 0x12b08: movsb byte ptr es:[di], byte ptr [si]