Sample viewer

vx.netlux.org/Worm.DOS.Info.2259.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:58:07.333002415Z	9	PC: 12a47 \| Display string (String= ' Reading System Information... Computer type: IBM PC ')
2018-12-17T22:58:07.339835947Z	9	PC: 12a80 \| Display string (String= 'Unknown')
2018-12-17T22:58:07.344193246Z	9	PC: 12a85 \| Display string (String= ' Checking HDD controller... SCSI controller type: ')
2018-12-17T22:58:07.350638247Z	42	PC: 12b46 \| Get date 0x12b46: mov ah, dl 0x12b48: sub ax, 0xd05 0x12b4b: jne 0x12b76 0x12b4d: push ax 0x12b4e: dec ax 0x12b4f: xchg ax, bp 0x12b50: xor bh, bh 0x12b52: mov ax, 0x1130 0x12b55: int 0x10 0x12b57: pop es 0x12b58: inc bp 0x12b59: jne 0x12b6c 0x12b5b: mov al, byte ptr es:[0x465] 0x12b5f: and al, 0xf7 0x12b61: mov dx, word ptr es:[0x463] 0x12b66: add dl, 4 0x12b69: out dx, al 0x12b6a: jmp 0x12b76 0x12b6c: mov dx, 0x3c4 0x12b6f: mov al, 1
2018-12-17T22:58:07.352881335Z	53	PC: 12b7b \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:58:07.354655862Z	53	PC: 12b88 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:07.355622353Z	107	PC: 12b95 \| Reserved
2018-12-17T22:58:07.356648835Z	68	PC: 12ba6 \| I/O control for devices (Set for = '')
2018-12-17T22:58:07.358402526Z	82	PC: 12bac \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:58:07.359910976Z	68	PC: 13195 \| I/O control for devices (Set for = 'C:\DOS\*.BAT')
2018-12-17T22:58:07.361048378Z	68	PC: 131a4 \| I/O control for devices (Set for = '�뻌')
2018-12-17T22:58:07.713869248Z	182	PC: 130b6 \| UNKNOWN!
2018-12-17T22:58:07.72247887Z	88	PC: 12bec \| case 0xGet or set allocation strateg:
2018-12-17T22:58:07.724572783Z	88	PC: 12bf9 \| case 0xGet or set allocation strateg:
2018-12-17T22:58:07.727684603Z	88	PC: 12c1f \| case 0xGet or set allocation strateg:
2018-12-17T22:58:07.729576537Z	37	PC: 12c7c \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:58:07.730771502Z	37	PC: 12c84 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:07.732579118Z	73	PC: 12c9a \| Release memory
2018-12-17T22:58:07.736083078Z	9	PC: 12ca8 \| Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12766,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:12.39663799Z	9	PC: 12a47 \| Display string (String= ' Reading System Information... Computer type: IBM PC ')
2018-12-25T12:36:12.405668362Z	9	PC: 12a80 \| Display string (String= 'Unknown')
2018-12-25T12:36:12.408309278Z	9	PC: 12a85 \| Display string (String= ' Checking HDD controller... SCSI controller type: ')
2018-12-25T12:36:12.416441435Z	42	PC: 12b46 \| Get date 0x12b46: mov ah, dl 0x12b48: sub ax, 0xd05 0x12b4b: jne 0x12b76 0x12b4d: push ax 0x12b4e: dec ax 0x12b4f: xchg ax, bp 0x12b50: xor bh, bh 0x12b52: mov ax, 0x1130 0x12b55: int 0x10 0x12b57: pop es 0x12b58: inc bp 0x12b59: jne 0x12b6c 0x12b5b: mov al, byte ptr es:[0x465] 0x12b5f: and al, 0xf7 0x12b61: mov dx, word ptr es:[0x463] 0x12b66: add dl, 4 0x12b69: out dx, al 0x12b6a: jmp 0x12b76 0x12b6c: mov dx, 0x3c4 0x12b6f: mov al, 1
2018-12-25T12:36:12.418731023Z	53	PC: 12b7b \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:36:12.420477203Z	53	PC: 12b88 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:12.421986503Z	107	PC: 12b95 \| Reserved
2018-12-25T12:36:12.423470591Z	68	PC: 12ba6 \| I/O control for devices (Set for = '�')
2018-12-25T12:36:12.426151721Z	82	PC: 12bac \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:36:12.42827353Z	68	PC: 13195 \| I/O control for devices (Set for = 'C:\DOS\*.BAT')
2018-12-25T12:36:12.430263793Z	68	PC: 131a4 \| I/O control for devices (Set for = '�뻌')
2018-12-25T12:36:13.125398484Z	182	PC: 130b6 \| UNKNOWN!
2018-12-25T12:36:13.132698731Z	88	PC: 12bec \| case 0xGet or set allocation strateg:
2018-12-25T12:36:13.1341632Z	88	PC: 12bf9 \| case 0xGet or set allocation strateg:
2018-12-25T12:36:13.136339098Z	88	PC: 12c1f \| case 0xGet or set allocation strateg:
2018-12-25T12:36:13.138398642Z	37	PC: 12c7c \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:36:13.140082708Z	37	PC: 12c84 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:13.143065346Z	73	PC: 12c9a \| Release memory
2018-12-25T12:36:13.145300317Z	9	PC: 12ca8 \| Display string (Could not find end pointer)

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12766,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:12.429397783Z	9	PC: 12a47 \| Display string (String= ' Reading System Information... Computer type: IBM PC ')
2018-12-25T12:36:12.43769592Z	9	PC: 12a80 \| Display string (String= 'Unknown')
2018-12-25T12:36:12.441579207Z	9	PC: 12a85 \| Display string (String= ' Checking HDD controller... SCSI controller type: ')
2018-12-25T12:36:12.449795669Z	42	PC: 12b46 \| Get date 0x12b46: mov ah, dl 0x12b48: sub ax, 0xd05 0x12b4b: jne 0x12b76 0x12b4d: push ax 0x12b4e: dec ax 0x12b4f: xchg ax, bp 0x12b50: xor bh, bh 0x12b52: mov ax, 0x1130 0x12b55: int 0x10 0x12b57: pop es 0x12b58: inc bp 0x12b59: jne 0x12b6c 0x12b5b: mov al, byte ptr es:[0x465] 0x12b5f: and al, 0xf7 0x12b61: mov dx, word ptr es:[0x463] 0x12b66: add dl, 4 0x12b69: out dx, al 0x12b6a: jmp 0x12b76 0x12b6c: mov dx, 0x3c4 0x12b6f: mov al, 1
2018-12-25T12:36:12.452608249Z	53	PC: 12b7b \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:36:12.454591837Z	53	PC: 12b88 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:12.455923355Z	107	PC: 12b95 \| Reserved
2018-12-25T12:36:12.457180116Z	68	PC: 12ba6 \| I/O control for devices (Set for = '')
2018-12-25T12:36:12.459614805Z	82	PC: 12bac \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:36:12.461645614Z	68	PC: 13195 \| I/O control for devices (Set for = 'C:\DOS\*.BAT')
2018-12-25T12:36:12.463267027Z	68	PC: 131a4 \| I/O control for devices (Set for = '�뻌')
2018-12-25T12:36:13.126267077Z	182	PC: 130b6 \| UNKNOWN!
2018-12-25T12:36:13.133756239Z	88	PC: 12bec \| case 0xGet or set allocation strateg:
2018-12-25T12:36:13.135107849Z	88	PC: 12bf9 \| case 0xGet or set allocation strateg:
2018-12-25T12:36:13.136845429Z	88	PC: 12c1f \| case 0xGet or set allocation strateg:
2018-12-25T12:36:13.139164767Z	37	PC: 12c7c \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:36:13.140891982Z	37	PC: 12c84 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:13.143877073Z	73	PC: 12c9a \| Release memory
2018-12-25T12:36:13.14699156Z	9	PC: 12ca8 \| Display string (Could not find end pointer)