Sample viewer

vx.netlux.org/Virus.DOS.Nucleii.1200

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:45:32.206202056Z	26	PC: 12a59 \| Set disk transfer address
2018-12-17T22:45:32.207943299Z	25	PC: 12a5d \| Get default drive
2018-12-17T22:45:32.20896938Z	71	PC: 12a68 \| Get current directory
2018-12-17T22:45:32.211691618Z	59	PC: 12a6f \| Change current directory
2018-12-17T22:45:32.216348894Z	78	PC: 12a79 \| Find first file
2018-12-17T22:45:32.222371525Z	87	PC: 12b5d \| Get or set file date and time
2018-12-17T22:45:32.224094088Z	67	PC: 12b69 \| Get or set file attributes
2018-12-17T22:45:32.228460959Z	59	PC: 12b70 \| Change current directory
2018-12-17T22:45:32.232287566Z	59	PC: 12b77 \| Change current directory
2018-12-17T22:45:32.233927592Z	42	PC: 12b7b \| Get date 0x12b7b: cmp cx, 0x7ce 0x12b7f: jb 0x12b9f 0x12b81: cmp dl, 0xf 0x12b84: jne 0x12ba2 0x12b86: cmp dl, 0x13 0x12b89: je 0x12bdf 0x12b8b: cmp dl, 0x1d 0x12b8e: je 0x12bbd 0x12b90: mov dx, 0x362 0x12b93: mov ah, 0x1a 0x12b95: int 0x21 0x12b97: mov ah, 0x4e 0x12b99: mov cx, 7 0x12b9c: mov dx, 0x31c 0x12b9f: call 0x12c37 0x12ba2: call 0x12c37 0x12ba5: int 0x21 0x12ba7: jb 0x12ba2 0x12ba9: mov ax, 0x4301 0x12bac: xor cx, cx
2018-12-17T22:45:32.237051648Z	76	PC: 12c3c \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1998,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8580,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:33.614636787Z	26	PC: 12a59 \| Set disk transfer address
2018-12-25T12:21:33.616084292Z	25	PC: 12a5d \| Get default drive
2018-12-25T12:21:33.617221775Z	71	PC: 12a68 \| Get current directory
2018-12-25T12:21:33.619870406Z	59	PC: 12a6f \| Change current directory
2018-12-25T12:21:33.635044584Z	78	PC: 12a79 \| Find first file
2018-12-25T12:21:33.6431451Z	87	PC: 12b5d \| Get or set file date and time
2018-12-25T12:21:33.644784589Z	67	PC: 12b69 \| Get or set file attributes
2018-12-25T12:21:33.647177218Z	59	PC: 12b70 \| Change current directory
2018-12-25T12:21:33.656024226Z	59	PC: 12b77 \| Change current directory
2018-12-25T12:21:33.658967333Z	42	PC: 12b7b \| Get date 0x12b7b: cmp cx, 0x7ce 0x12b7f: jb 0x12b9f 0x12b81: cmp dl, 0xf 0x12b84: jne 0x12ba2 0x12b86: cmp dl, 0x13 0x12b89: je 0x12bdf 0x12b8b: cmp dl, 0x1d 0x12b8e: je 0x12bbd 0x12b90: mov dx, 0x362 0x12b93: mov ah, 0x1a 0x12b95: int 0x21 0x12b97: mov ah, 0x4e 0x12b99: mov cx, 7 0x12b9c: mov dx, 0x31c 0x12b9f: call 0x12c37 0x12ba2: call 0x12c37 0x12ba5: int 0x21 0x12ba7: jb 0x12ba2 0x12ba9: mov ax, 0x4301 0x12bac: xor cx, cx
2018-12-25T12:21:33.661206523Z	76	PC: 12c3c \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":15,"Month":1,"Year":1998,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8580,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:33.856920026Z	26	PC: 12a59 \| Set disk transfer address
2018-12-25T12:21:33.858939602Z	25	PC: 12a5d \| Get default drive
2018-12-25T12:21:33.859975052Z	71	PC: 12a68 \| Get current directory
2018-12-25T12:21:33.862670504Z	59	PC: 12a6f \| Change current directory
2018-12-25T12:21:33.866560815Z	78	PC: 12a79 \| Find first file
2018-12-25T12:21:33.878653715Z	87	PC: 12b5d \| Get or set file date and time
2018-12-25T12:21:33.880266631Z	67	PC: 12b69 \| Get or set file attributes
2018-12-25T12:21:33.882737989Z	59	PC: 12b70 \| Change current directory
2018-12-25T12:21:33.887364332Z	59	PC: 12b77 \| Change current directory
2018-12-25T12:21:33.889471067Z	42	PC: 12b7b \| Get date 0x12b7b: cmp cx, 0x7ce 0x12b7f: jb 0x12b9f 0x12b81: cmp dl, 0xf 0x12b84: jne 0x12ba2 0x12b86: cmp dl, 0x13 0x12b89: je 0x12bdf 0x12b8b: cmp dl, 0x1d 0x12b8e: je 0x12bbd 0x12b90: mov dx, 0x362 0x12b93: mov ah, 0x1a 0x12b95: int 0x21 0x12b97: mov ah, 0x4e 0x12b99: mov cx, 7 0x12b9c: mov dx, 0x31c 0x12b9f: call 0x12c37 0x12ba2: call 0x12c37 0x12ba5: int 0x21 0x12ba7: jb 0x12ba2 0x12ba9: mov ax, 0x4301 0x12bac: xor cx, cx
2018-12-25T12:21:33.891651572Z	26	PC: 12b97 \| Set disk transfer address
2018-12-25T12:21:33.893195934Z	76	PC: 12c3c \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8580,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:34.103307988Z	26	PC: 12a59 \| Set disk transfer address
2018-12-25T12:21:34.104978406Z	25	PC: 12a5d \| Get default drive
2018-12-25T12:21:34.1060787Z	71	PC: 12a68 \| Get current directory
2018-12-25T12:21:34.108923707Z	59	PC: 12a6f \| Change current directory
2018-12-25T12:21:34.113404269Z	78	PC: 12a79 \| Find first file
2018-12-25T12:21:34.124164994Z	87	PC: 12b5d \| Get or set file date and time
2018-12-25T12:21:34.125481152Z	67	PC: 12b69 \| Get or set file attributes
2018-12-25T12:21:34.12750213Z	59	PC: 12b70 \| Change current directory
2018-12-25T12:21:34.131762421Z	59	PC: 12b77 \| Change current directory
2018-12-25T12:21:34.13376332Z	42	PC: 12b7b \| Get date 0x12b7b: cmp cx, 0x7ce 0x12b7f: jb 0x12b9f 0x12b81: cmp dl, 0xf 0x12b84: jne 0x12ba2 0x12b86: cmp dl, 0x13 0x12b89: je 0x12bdf 0x12b8b: cmp dl, 0x1d 0x12b8e: je 0x12bbd 0x12b90: mov dx, 0x362 0x12b93: mov ah, 0x1a 0x12b95: int 0x21 0x12b97: mov ah, 0x4e 0x12b99: mov cx, 7 0x12b9c: mov dx, 0x31c 0x12b9f: call 0x12c37 0x12ba2: call 0x12c37 0x12ba5: int 0x21 0x12ba7: jb 0x12ba2 0x12ba9: mov ax, 0x4301 0x12bac: xor cx, cx
2018-12-25T12:21:34.136307515Z	76	PC: 12c3c \| Terminate with return code (Return code = '0')