Sample viewer

vx.netlux.org/Virus.DOS.Remember.818

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:54:10.488672449Z	42	PC: 12b5f \| Get date 0x12b5f: cmp dx, 0x418 0x12b63: jne 0x12b87 0x12b65: mov ax, 0x9100 0x12b68: int 0x10 0x12b6a: cmp ax, 0x9100 0x12b6d: je 0x12b87 0x12b6f: mov ax, 0x804e 0x12b72: int 0x10 0x12b74: mov ah, 9 0x12b76: mov dx, 0x1cd 0x12b79: int 0x21 0x12b7b: jb 0x12b80 0x12b7d: jmp 0x12b87 0x12b7f: nop 0x12b80: mov word ptr cs:[0x462], 0x4c00 0x12b87: mov word ptr ds:[bp + 0x431], ss 0x12b8c: xor ax, ax 0x12b8e: mov ss, ax 0x12b90: mov ss, word ptr ds:[bp + 0x431] 0x12b95: mov ax, 0x3521
2018-12-17T22:54:10.492379712Z	53	PC: 12b9a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:10.494399074Z	37	PC: 12bcd \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:10.495977451Z	26	PC: 12be2 \| Set disk transfer address
2018-12-17T22:54:10.501056305Z	42	PC: 1641 \| Get date 0x1641: cmp dx, 0x418 0x1645: jne 0x1669 0x1647: mov ax, 0x9100 0x164a: int 0x10 0x164c: cmp ax, 0x9100 0x164f: je 0x1669 0x1651: mov ax, 0x804e 0x1654: int 0x10 0x1656: mov ah, 9 0x1658: mov dx, 0x1cd 0x165b: int 0x21 0x165d: jb 0x1662 0x165f: jmp 0x1669 0x1661: nop 0x1662: mov word ptr cs:[0x462], 0x4c00 0x1669: mov word ptr ds:[bp + 0x431], ss 0x166e: xor ax, ax 0x1670: mov ss, ax 0x1672: mov ss, word ptr ds:[bp + 0x431] 0x1677: mov ax, 0x3521

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11464,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:47.874655514Z	42	PC: 12b5f \| Get date 0x12b5f: cmp dx, 0x418 0x12b63: jne 0x12b87 0x12b65: mov ax, 0x9100 0x12b68: int 0x10 0x12b6a: cmp ax, 0x9100 0x12b6d: je 0x12b87 0x12b6f: mov ax, 0x804e 0x12b72: int 0x10 0x12b74: mov ah, 9 0x12b76: mov dx, 0x1cd 0x12b79: int 0x21 0x12b7b: jb 0x12b80 0x12b7d: jmp 0x12b87 0x12b7f: nop 0x12b80: mov word ptr cs:[0x462], 0x4c00 0x12b87: mov word ptr ds:[bp + 0x431], ss 0x12b8c: xor ax, ax 0x12b8e: mov ss, ax 0x12b90: mov ss, word ptr ds:[bp + 0x431] 0x12b95: mov ax, 0x3521
2018-12-25T12:30:47.878903592Z	53	PC: 12b9a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:47.881225814Z	37	PC: 12bcd \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:47.882906311Z	26	PC: 12be2 \| Set disk transfer address
2018-12-25T12:30:47.88775933Z	42	PC: 1641 \| Get date 0x1641: cmp dx, 0x418 0x1645: jne 0x1669 0x1647: mov ax, 0x9100 0x164a: int 0x10 0x164c: cmp ax, 0x9100 0x164f: je 0x1669 0x1651: mov ax, 0x804e 0x1654: int 0x10 0x1656: mov ah, 9 0x1658: mov dx, 0x1cd 0x165b: int 0x21 0x165d: jb 0x1662 0x165f: jmp 0x1669 0x1661: nop 0x1662: mov word ptr cs:[0x462], 0x4c00 0x1669: mov word ptr ds:[bp + 0x431], ss 0x166e: xor ax, ax 0x1670: mov ss, ax 0x1672: mov ss, word ptr ds:[bp + 0x431] 0x1677: mov ax, 0x3521

{"DateBased":true,"Day":24,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11464,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:48.045773859Z	42	PC: 12b5f \| Get date 0x12b5f: cmp dx, 0x418 0x12b63: jne 0x12b87 0x12b65: mov ax, 0x9100 0x12b68: int 0x10 0x12b6a: cmp ax, 0x9100 0x12b6d: je 0x12b87 0x12b6f: mov ax, 0x804e 0x12b72: int 0x10 0x12b74: mov ah, 9 0x12b76: mov dx, 0x1cd 0x12b79: int 0x21 0x12b7b: jb 0x12b80 0x12b7d: jmp 0x12b87 0x12b7f: nop 0x12b80: mov word ptr cs:[0x462], 0x4c00 0x12b87: mov word ptr ds:[bp + 0x431], ss 0x12b8c: xor ax, ax 0x12b8e: mov ss, ax 0x12b90: mov ss, word ptr ds:[bp + 0x431] 0x12b95: mov ax, 0x3521
2018-12-25T12:30:48.051002734Z	53	PC: 12b9a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:48.05333803Z	37	PC: 12bcd \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:48.05468851Z	26	PC: 12be2 \| Set disk transfer address
2018-12-25T12:30:48.05995242Z	42	PC: 1641 \| Get date 0x1641: cmp dx, 0x418 0x1645: jne 0x1669 0x1647: mov ax, 0x9100 0x164a: int 0x10 0x164c: cmp ax, 0x9100 0x164f: je 0x1669 0x1651: mov ax, 0x804e 0x1654: int 0x10 0x1656: mov ah, 9 0x1658: mov dx, 0x1cd 0x165b: int 0x21 0x165d: jb 0x1662 0x165f: jmp 0x1669 0x1661: nop 0x1662: mov word ptr cs:[0x462], 0x4c00 0x1669: mov word ptr ds:[bp + 0x431], ss 0x166e: xor ax, ax 0x1670: mov ss, ax 0x1672: mov ss, word ptr ds:[bp + 0x431] 0x1677: mov ax, 0x3521

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11464,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:48.042035801Z	42	PC: 12b5f \| Get date 0x12b5f: cmp dx, 0x418 0x12b63: jne 0x12b87 0x12b65: mov ax, 0x9100 0x12b68: int 0x10 0x12b6a: cmp ax, 0x9100 0x12b6d: je 0x12b87 0x12b6f: mov ax, 0x804e 0x12b72: int 0x10 0x12b74: mov ah, 9 0x12b76: mov dx, 0x1cd 0x12b79: int 0x21 0x12b7b: jb 0x12b80 0x12b7d: jmp 0x12b87 0x12b7f: nop 0x12b80: mov word ptr cs:[0x462], 0x4c00 0x12b87: mov word ptr ds:[bp + 0x431], ss 0x12b8c: xor ax, ax 0x12b8e: mov ss, ax 0x12b90: mov ss, word ptr ds:[bp + 0x431] 0x12b95: mov ax, 0x3521
2018-12-25T12:30:48.047791239Z	53	PC: 12b9a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:48.050127402Z	37	PC: 12bcd \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:48.051843083Z	26	PC: 12be2 \| Set disk transfer address
2018-12-25T12:30:48.056651677Z	42	PC: 1641 \| Get date 0x1641: cmp dx, 0x418 0x1645: jne 0x1669 0x1647: mov ax, 0x9100 0x164a: int 0x10 0x164c: cmp ax, 0x9100 0x164f: je 0x1669 0x1651: mov ax, 0x804e 0x1654: int 0x10 0x1656: mov ah, 9 0x1658: mov dx, 0x1cd 0x165b: int 0x21 0x165d: jb 0x1662 0x165f: jmp 0x1669 0x1661: nop 0x1662: mov word ptr cs:[0x462], 0x4c00 0x1669: mov word ptr ds:[bp + 0x431], ss 0x166e: xor ax, ax 0x1670: mov ss, ax 0x1672: mov ss, word ptr ds:[bp + 0x431] 0x1677: mov ax, 0x3521

{"DateBased":true,"Day":24,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11464,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:48.304711584Z	42	PC: 12b5f \| Get date 0x12b5f: cmp dx, 0x418 0x12b63: jne 0x12b87 0x12b65: mov ax, 0x9100 0x12b68: int 0x10 0x12b6a: cmp ax, 0x9100 0x12b6d: je 0x12b87 0x12b6f: mov ax, 0x804e 0x12b72: int 0x10 0x12b74: mov ah, 9 0x12b76: mov dx, 0x1cd 0x12b79: int 0x21 0x12b7b: jb 0x12b80 0x12b7d: jmp 0x12b87 0x12b7f: nop 0x12b80: mov word ptr cs:[0x462], 0x4c00 0x12b87: mov word ptr ds:[bp + 0x431], ss 0x12b8c: xor ax, ax 0x12b8e: mov ss, ax 0x12b90: mov ss, word ptr ds:[bp + 0x431] 0x12b95: mov ax, 0x3521
2018-12-25T12:30:48.309896759Z	53	PC: 12b9a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:48.312692217Z	37	PC: 12bcd \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:48.314444139Z	26	PC: 12be2 \| Set disk transfer address
2018-12-25T12:30:48.320567903Z	42	PC: 1641 \| Get date 0x1641: cmp dx, 0x418 0x1645: jne 0x1669 0x1647: mov ax, 0x9100 0x164a: int 0x10 0x164c: cmp ax, 0x9100 0x164f: je 0x1669 0x1651: mov ax, 0x804e 0x1654: int 0x10 0x1656: mov ah, 9 0x1658: mov dx, 0x1cd 0x165b: int 0x21 0x165d: jb 0x1662 0x165f: jmp 0x1669 0x1661: nop 0x1662: mov word ptr cs:[0x462], 0x4c00 0x1669: mov word ptr ds:[bp + 0x431], ss 0x166e: xor ax, ax 0x1670: mov ss, ax 0x1672: mov ss, word ptr ds:[bp + 0x431] 0x1677: mov ax, 0x3521