Sample viewer

vx.netlux.org/Virus.DOS.Nuker.Entity.1980

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:42:08.039063318Z	53	PC: 12a6b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:42:08.040913792Z	53	PC: 12a7a \| Get interrupt vector (Interrupt = '17' AKA 'Find first file')
2018-12-17T22:42:08.043514942Z	74	PC: 12aa3 \| Reallocate memory
2018-12-17T22:42:08.045342025Z	72	PC: 12aac \| Allocate memory
2018-12-17T22:42:08.047445287Z	37	PC: 12adb \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:42:08.067290145Z	37	PC: 12ae3 \| Set interrupt vector (Interrupt = '17' AKA 'Find first file')
2018-12-17T22:42:08.069210635Z	42	PC: 12b58 \| Get date 0x12b58: cmp al, 1 0x12b5a: jne 0x12bb0 0x12b5c: mov ah, 0x2c 0x12b5e: int 0x21 0x12b60: cmp dl, 0 0x12b63: jne 0x12bb0 0x12b65: push ax 0x12b66: push ds 0x12b67: xor ax, ax 0x12b69: mov ds, ax 0x12b6b: cmp word ptr [0x234], 0x4556 0x12b71: je 0x12bb1 0x12b73: mov word ptr [0x234], 0x4556 0x12b79: pop ds 0x12b7a: pop ax 0x12b7b: call 0x12bb4 0x12b7e: lea si, word ptr [bp + 0x40e] 0x12b82: mov cx, 0x2ac 0x12b85: mov ah, 0xe 0x12b87: lodsb al, byte ptr [si]
2018-12-17T22:42:08.071993766Z	44	PC: 12b60 \| Get time 0x12b60: cmp dl, 0 0x12b63: jne 0x12bb0 0x12b65: push ax 0x12b66: push ds 0x12b67: xor ax, ax 0x12b69: mov ds, ax 0x12b6b: cmp word ptr [0x234], 0x4556 0x12b71: je 0x12bb1 0x12b73: mov word ptr [0x234], 0x4556 0x12b79: pop ds 0x12b7a: pop ax 0x12b7b: call 0x12bb4 0x12b7e: lea si, word ptr [bp + 0x40e] 0x12b82: mov cx, 0x2ac 0x12b85: mov ah, 0xe 0x12b87: lodsb al, byte ptr [si] 0x12b88: cmp al, 0x20 0x12b8a: je 0x12b9b 0x12b8c: cmp al, 0xa 0x12b8e: je 0x12b9b

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7451,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:45.020792293Z	53	PC: 12a6b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:45.022237582Z	53	PC: 12a7a \| Get interrupt vector (Interrupt = '17' AKA 'Find first file')
2018-12-25T12:01:45.024301927Z	74	PC: 12aa3 \| Reallocate memory
2018-12-25T12:01:45.026701354Z	72	PC: 12aac \| Allocate memory
2018-12-25T12:01:45.028456219Z	37	PC: 12adb \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:45.030688039Z	37	PC: 12ae3 \| Set interrupt vector (Interrupt = '17' AKA 'Find first file')
2018-12-25T12:01:45.032054361Z	42	PC: 12b58 \| Get date 0x12b58: cmp al, 1 0x12b5a: jne 0x12bb0 0x12b5c: mov ah, 0x2c 0x12b5e: int 0x21 0x12b60: cmp dl, 0 0x12b63: jne 0x12bb0 0x12b65: push ax 0x12b66: push ds 0x12b67: xor ax, ax 0x12b69: mov ds, ax 0x12b6b: cmp word ptr [0x234], 0x4556 0x12b71: je 0x12bb1 0x12b73: mov word ptr [0x234], 0x4556 0x12b79: pop ds 0x12b7a: pop ax 0x12b7b: call 0x12bb4 0x12b7e: lea si, word ptr [bp + 0x40e] 0x12b82: mov cx, 0x2ac 0x12b85: mov ah, 0xe 0x12b87: lodsb al, byte ptr [si]

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7451,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:45.151490087Z	53	PC: 12a6b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:45.153168233Z	53	PC: 12a7a \| Get interrupt vector (Interrupt = '17' AKA 'Find first file')
2018-12-25T12:01:45.154323871Z	74	PC: 12aa3 \| Reallocate memory
2018-12-25T12:01:45.155592163Z	72	PC: 12aac \| Allocate memory
2018-12-25T12:01:45.15805044Z	37	PC: 12adb \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:45.159198805Z	37	PC: 12ae3 \| Set interrupt vector (Interrupt = '17' AKA 'Find first file')
2018-12-25T12:01:45.160297485Z	42	PC: 12b58 \| Get date 0x12b58: cmp al, 1 0x12b5a: jne 0x12bb0 0x12b5c: mov ah, 0x2c 0x12b5e: int 0x21 0x12b60: cmp dl, 0 0x12b63: jne 0x12bb0 0x12b65: push ax 0x12b66: push ds 0x12b67: xor ax, ax 0x12b69: mov ds, ax 0x12b6b: cmp word ptr [0x234], 0x4556 0x12b71: je 0x12bb1 0x12b73: mov word ptr [0x234], 0x4556 0x12b79: pop ds 0x12b7a: pop ax 0x12b7b: call 0x12bb4 0x12b7e: lea si, word ptr [bp + 0x40e] 0x12b82: mov cx, 0x2ac 0x12b85: mov ah, 0xe 0x12b87: lodsb al, byte ptr [si]
2018-12-25T12:01:45.162602615Z	44	PC: 12b60 \| Get time 0x12b60: cmp dl, 0 0x12b63: jne 0x12bb0 0x12b65: push ax 0x12b66: push ds 0x12b67: xor ax, ax 0x12b69: mov ds, ax 0x12b6b: cmp word ptr [0x234], 0x4556 0x12b71: je 0x12bb1 0x12b73: mov word ptr [0x234], 0x4556 0x12b79: pop ds 0x12b7a: pop ax 0x12b7b: call 0x12bb4 0x12b7e: lea si, word ptr [bp + 0x40e] 0x12b82: mov cx, 0x2ac 0x12b85: mov ah, 0xe 0x12b87: lodsb al, byte ptr [si] 0x12b88: cmp al, 0x20 0x12b8a: je 0x12b9b 0x12b8c: cmp al, 0xa 0x12b8e: je 0x12b9b