Sample viewer

vx.netlux.org/Virus.DOS.Knorkator.1002

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:59:49.79124761Z 42 PC: 12a71 | Get date 0x12a71: cmp al, 5
0x12a73: jne 0x12a9a
0x12a75: mov ah, 0x2a
0x12a77: int 0x21
0x12a79: cmp dl, 0x15
0x12a7c: jne 0x12a9a
0x12a7e: mov ah, 9
0x12a80: mov dx, 0x441
0x12a83: int 0x21
0x12a85: mov ah, 0x39
0x12a87: mov dx, 0x4cf
0x12a8a: int 0x21
0x12a8c: mov ah, 0x39
0x12a8e: mov dx, 0x4d8
0x12a91: int 0x21
0x12a93: mov ah, 0x39
0x12a95: mov dx, 0x4e1
0x12a98: int 0x21
0x12a9a: pushaw
0x12a9b: push ds
2018-12-17T21:59:49.793849916Z 48 PC: 12aa6 | Get DOS version
2018-12-17T21:59:49.795004975Z 82 PC: 12ab5 | Get DOS internal pointers (SYSVARS)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1088,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:42:33.817779612Z 42 PC: 12a71 | Get date 0x12a71: cmp al, 5
0x12a73: jne 0x12a9a
0x12a75: mov ah, 0x2a
0x12a77: int 0x21
0x12a79: cmp dl, 0x15
0x12a7c: jne 0x12a9a
0x12a7e: mov ah, 9
0x12a80: mov dx, 0x441
0x12a83: int 0x21
0x12a85: mov ah, 0x39
0x12a87: mov dx, 0x4cf
0x12a8a: int 0x21
0x12a8c: mov ah, 0x39
0x12a8e: mov dx, 0x4d8
0x12a91: int 0x21
0x12a93: mov ah, 0x39
0x12a95: mov dx, 0x4e1
0x12a98: int 0x21
0x12a9a: pushaw
0x12a9b: push ds
2018-12-25T11:42:33.820157745Z 48 PC: 12aa6 | Get DOS version
2018-12-25T11:42:33.821221025Z 82 PC: 12ab5 | Get DOS internal pointers (SYSVARS)

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1088,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:42:34.295186353Z 42 PC: 12a71 | Get date 0x12a71: cmp al, 5
0x12a73: jne 0x12a9a
0x12a75: mov ah, 0x2a
0x12a77: int 0x21
0x12a79: cmp dl, 0x15
0x12a7c: jne 0x12a9a
0x12a7e: mov ah, 9
0x12a80: mov dx, 0x441
0x12a83: int 0x21
0x12a85: mov ah, 0x39
0x12a87: mov dx, 0x4cf
0x12a8a: int 0x21
0x12a8c: mov ah, 0x39
0x12a8e: mov dx, 0x4d8
0x12a91: int 0x21
0x12a93: mov ah, 0x39
0x12a95: mov dx, 0x4e1
0x12a98: int 0x21
0x12a9a: pushaw
0x12a9b: push ds
2018-12-25T11:42:34.297869605Z 42 PC: 12a79 | Get date 0x12a79: cmp dl, 0x15
0x12a7c: jne 0x12a9a
0x12a7e: mov ah, 9
0x12a80: mov dx, 0x441
0x12a83: int 0x21
0x12a85: mov ah, 0x39
0x12a87: mov dx, 0x4cf
0x12a8a: int 0x21
0x12a8c: mov ah, 0x39
0x12a8e: mov dx, 0x4d8
0x12a91: int 0x21
0x12a93: mov ah, 0x39
0x12a95: mov dx, 0x4e1
0x12a98: int 0x21
0x12a9a: pushaw
0x12a9b: push ds
0x12a9c: push es
0x12a9d: push cs
0x12a9e: push cs
0x12a9f: pop ds
2018-12-25T11:42:34.300177757Z 48 PC: 12aa6 | Get DOS version
2018-12-25T11:42:34.301356046Z 82 PC: 12ab5 | Get DOS internal pointers (SYSVARS)