Sample viewer

vx.netlux.org/Worm.DOS.Info.2142

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:50:09.869901789Z	9	PC: 12a47 \| Display string (String= ' -- INFOSYSTEM -- version 1.04 (C) 1995 by Ziff Co. Reading System Information... Computer type: IBM PC ')
2018-12-17T22:50:09.883730927Z	9	PC: 12a80 \| Display string (String= ' u#Ж@Фю Ж0Фю Ж Фю ЖФю ЖФю ЖЃФю¶±Фю1Аѓж tЖЃФю@j@№@‰Ши=яяяZ[^ГєФю1АЉ Ђб t¶АГ@ЃВ<uк1Аиoяяя1АГUWVS‰Г‰ЦиМяяяБа %рЌ€')
2018-12-17T22:50:09.886912964Z	9	PC: 12a85 \| Display string (String= 'Фю ЖЃФю¶±Фю1Аѓж tЖЃФю@j@№@‰Ши=яяяZ[^ГєФю1АЉ Ђб t¶АГ@ЃВ<uк1Аиoяяя1АГUWVS‰Г‰ЦиМяяяБа %рЌ€')
2018-12-17T22:50:09.893906863Z	42	PC: 12b85 \| Get date 0x12b85: mov ah, dl 0x12b87: sub ax, 0xd05 0x12b8a: jne 0x12bb5 0x12b8c: push ax 0x12b8d: dec ax 0x12b8e: xchg ax, bp 0x12b8f: xor bh, bh 0x12b91: mov ax, 0x1130 0x12b94: int 0x10 0x12b96: pop es 0x12b97: inc bp 0x12b98: jne 0x12bab 0x12b9a: mov al, byte ptr es:[0x465] 0x12b9e: and al, 0xf7 0x12ba0: mov dx, word ptr es:[0x463] 0x12ba5: add dl, 4 0x12ba8: out dx, al 0x12ba9: jmp 0x12bb5 0x12bab: mov dx, 0x3c4 0x12bae: mov al, 1
2018-12-17T22:50:09.896861767Z	53	PC: 12bba \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:50:09.900213624Z	107	PC: 12bc7 \| Reserved
2018-12-17T22:50:09.90220251Z	68	PC: 12bd8 \| I/O control for devices (Set for = '')
2018-12-17T22:50:09.904184742Z	82	PC: 12bde \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:50:09.907819782Z	68	PC: 1317b \| I/O control for devices (Set for = 'C:\DOS\*.BAT')
2018-12-17T22:50:09.909900198Z	68	PC: 1318a \| I/O control for devices (Set for = 'АЏGВЏGЂЏG‚лНUnknown (Error14). $COMMAND')
2018-12-17T22:50:10.316222898Z	182	PC: 13082 \| UNKNOWN!
2018-12-17T22:50:10.331834856Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-17T22:50:10.347132478Z	37	PC: 12c37 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:50:10.349265465Z	73	PC: 12c4d \| Release memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10133,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:16.391536281Z	9	PC: 12a47 \| Display string (String= ' -- INFOSYSTEM -- version 1.04 (C) 1995 by Ziff Co. Reading System Information... Computer type: IBM PC ')
2018-12-25T12:27:16.417977698Z	9	PC: 12a80 \| Display string (String= ' u#Ж@Фю Ж0Фю Ж Фю ЖФю ЖФю ЖЃФю¶±Фю1Аѓж tЖЃФю@j@№@‰Ши=яяяZ[^ГєФю1АЉ Ђб t¶АГ@ЃВ<uк1Аиoяяя1АГUWVS‰Г‰ЦиМяяяБа %рЌ€')
2018-12-25T12:27:16.421823635Z	9	PC: 12a85 \| Display string (String= 'Фю ЖЃФю¶±Фю1Аѓж tЖЃФю@j@№@‰Ши=яяяZ[^ГєФю1АЉ Ђб t¶АГ@ЃВ<uк1Аиoяяя1АГUWVS‰Г‰ЦиМяяяБа %рЌ€')
2018-12-25T12:27:16.43037267Z	42	PC: 12b85 \| Get date 0x12b85: mov ah, dl 0x12b87: sub ax, 0xd05 0x12b8a: jne 0x12bb5 0x12b8c: push ax 0x12b8d: dec ax 0x12b8e: xchg ax, bp 0x12b8f: xor bh, bh 0x12b91: mov ax, 0x1130 0x12b94: int 0x10 0x12b96: pop es 0x12b97: inc bp 0x12b98: jne 0x12bab 0x12b9a: mov al, byte ptr es:[0x465] 0x12b9e: and al, 0xf7 0x12ba0: mov dx, word ptr es:[0x463] 0x12ba5: add dl, 4 0x12ba8: out dx, al 0x12ba9: jmp 0x12bb5 0x12bab: mov dx, 0x3c4 0x12bae: mov al, 1
2018-12-25T12:27:16.4332894Z	53	PC: 12bba \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:16.436080258Z	107	PC: 12bc7 \| Reserved
2018-12-25T12:27:16.437796811Z	68	PC: 12bd8 \| I/O control for devices (Set for = 'я')
2018-12-25T12:27:16.439790932Z	82	PC: 12bde \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:27:16.442921516Z	68	PC: 1317b \| I/O control for devices (Set for = 'C:\DOS\*.BAT')
2018-12-25T12:27:16.444979443Z	68	PC: 1318a \| I/O control for devices (Set for = 'АЏGВЏGЂЏG‚лНUnknown (Error14). $COMMAND')
2018-12-25T12:27:17.107305788Z	182	PC: 13082 \| UNKNOWN!
2018-12-25T12:27:17.11599745Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-25T12:27:17.122737907Z	37	PC: 12c37 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:17.124736367Z	73	PC: 12c4d \| Release memory

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10133,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:16.404963165Z	9	PC: 12a47 \| Display string (String= ' -- INFOSYSTEM -- version 1.04 (C) 1995 by Ziff Co. Reading System Information... Computer type: IBM PC ')
2018-12-25T12:27:16.412223552Z	9	PC: 12a80 \| Display string (String= ' u#Ж@Фю Ж0Фю Ж Фю ЖФю ЖФю ЖЃФю¶±Фю1Аѓж tЖЃФю@j@№@‰Ши=яяяZ[^ГєФю1АЉ Ђб t¶АГ@ЃВ<uк1Аиoяяя1АГUWVS‰Г‰ЦиМяяяБа %рЌ€')
2018-12-25T12:27:16.415045714Z	9	PC: 12a85 \| Display string (String= 'Фю ЖЃФю¶±Фю1Аѓж tЖЃФю@j@№@‰Ши=яяяZ[^ГєФю1АЉ Ђб t¶АГ@ЃВ<uк1Аиoяяя1АГUWVS‰Г‰ЦиМяяяБа %рЌ€')
2018-12-25T12:27:16.420121235Z	42	PC: 12b85 \| Get date 0x12b85: mov ah, dl 0x12b87: sub ax, 0xd05 0x12b8a: jne 0x12bb5 0x12b8c: push ax 0x12b8d: dec ax 0x12b8e: xchg ax, bp 0x12b8f: xor bh, bh 0x12b91: mov ax, 0x1130 0x12b94: int 0x10 0x12b96: pop es 0x12b97: inc bp 0x12b98: jne 0x12bab 0x12b9a: mov al, byte ptr es:[0x465] 0x12b9e: and al, 0xf7 0x12ba0: mov dx, word ptr es:[0x463] 0x12ba5: add dl, 4 0x12ba8: out dx, al 0x12ba9: jmp 0x12bb5 0x12bab: mov dx, 0x3c4 0x12bae: mov al, 1
2018-12-25T12:27:16.42216773Z	53	PC: 12bba \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:16.423864907Z	107	PC: 12bc7 \| Reserved
2018-12-25T12:27:16.424978588Z	68	PC: 12bd8 \| I/O control for devices (Set for = '')
2018-12-25T12:27:16.426154078Z	82	PC: 12bde \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:27:16.428030039Z	68	PC: 1317b \| I/O control for devices (Set for = 'C:\DOS\*.BAT')
2018-12-25T12:27:16.429962047Z	68	PC: 1318a \| I/O control for devices (Set for = 'АЏGВЏGЂЏG‚лНUnknown (Error14). $COMMAND')
2018-12-25T12:27:17.107830436Z	182	PC: 13082 \| UNKNOWN!
2018-12-25T12:27:17.115612226Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-25T12:27:17.121013912Z	37	PC: 12c37 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:17.123013299Z	73	PC: 12c4d \| Release memory