Sample viewer

vx.netlux.org/Worm.DOS.Info.2133.c

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:02:06.403416122Z	9	PC: 12a47 \| Display string (String= ' InfoSystem version1.02 Reading System Information... Computer type: IBM PC ')
2018-12-17T22:02:06.413390853Z	9	PC: 12a80 \| Display string (String= 'Unknown')
2018-12-17T22:02:06.416004494Z	9	PC: 12a85 \| Display string (String= ' Checking HDD controller... SCSI controller type: ')
2018-12-17T22:02:06.42276281Z	42	PC: 12b5d \| Get date 0x12b5d: mov ah, dl 0x12b5f: sub ax, 0xd05 0x12b62: jne 0x12b8d 0x12b64: push ax 0x12b65: dec ax 0x12b66: xchg ax, bp 0x12b67: xor bh, bh 0x12b69: mov ax, 0x1130 0x12b6c: int 0x10 0x12b6e: pop es 0x12b6f: inc bp 0x12b70: jne 0x12b83 0x12b72: mov al, byte ptr es:[0x465] 0x12b76: and al, 0xf7 0x12b78: mov dx, word ptr es:[0x463] 0x12b7d: add dl, 4 0x12b80: out dx, al 0x12b81: jmp 0x12b8d 0x12b83: mov dx, 0x3c4 0x12b86: mov al, 1
2018-12-17T22:02:06.426310207Z	53	PC: 12b92 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:02:06.434151654Z	107	PC: 12b9f \| Reserved
2018-12-17T22:02:06.435171679Z	68	PC: 12bb0 \| I/O control for devices (Set for = '')
2018-12-17T22:02:06.436384522Z	82	PC: 12bb6 \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:02:06.438493868Z	68	PC: 1317a \| I/O control for devices (Set for = 'C:\DOS\*.BAT')
2018-12-17T22:02:06.439757702Z	68	PC: 13189 \| I/O control for devices (Set for = '�GG��G��Unknown (Error14). $COMMAND')
2018-12-17T22:02:06.794677443Z	182	PC: 1309b \| UNKNOWN!
2018-12-17T22:02:06.804437422Z	9	PC: 12bfa \| Display string (Could not find end pointer)
2018-12-17T22:02:06.806934107Z	37	PC: 12c0f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:02:06.807855521Z	73	PC: 12c25 \| Release memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1351,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:26.206903597Z	9	PC: 12a47 \| Display string (String= ' InfoSystem version1.02 Reading System Information... Computer type: IBM PC ')
2018-12-25T11:43:26.217685924Z	9	PC: 12a80 \| Display string (String= 'Unknown')
2018-12-25T11:43:26.220088603Z	9	PC: 12a85 \| Display string (String= ' Checking HDD controller... SCSI controller type: ')
2018-12-25T11:43:26.227963613Z	42	PC: 12b5d \| Get date 0x12b5d: mov ah, dl 0x12b5f: sub ax, 0xd05 0x12b62: jne 0x12b8d 0x12b64: push ax 0x12b65: dec ax 0x12b66: xchg ax, bp 0x12b67: xor bh, bh 0x12b69: mov ax, 0x1130 0x12b6c: int 0x10 0x12b6e: pop es 0x12b6f: inc bp 0x12b70: jne 0x12b83 0x12b72: mov al, byte ptr es:[0x465] 0x12b76: and al, 0xf7 0x12b78: mov dx, word ptr es:[0x463] 0x12b7d: add dl, 4 0x12b80: out dx, al 0x12b81: jmp 0x12b8d 0x12b83: mov dx, 0x3c4 0x12b86: mov al, 1
2018-12-25T11:43:26.230249744Z	53	PC: 12b92 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:26.23167474Z	107	PC: 12b9f \| Reserved
2018-12-25T11:43:26.232900675Z	68	PC: 12bb0 \| I/O control for devices (Set for = '�')
2018-12-25T11:43:26.234865208Z	82	PC: 12bb6 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:43:26.240356082Z	68	PC: 1317a \| I/O control for devices (Set for = 'C:\DOS\*.BAT')
2018-12-25T11:43:26.242216427Z	68	PC: 13189 \| I/O control for devices (Set for = '�GG��G��Unknown (Error14). $COMMAND')
2018-12-25T11:43:27.001650769Z	182	PC: 1309b \| UNKNOWN!
2018-12-25T11:43:27.010692365Z	9	PC: 12bfa \| Display string (Could not find end pointer)
2018-12-25T11:43:27.015847858Z	37	PC: 12c0f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:27.017793988Z	73	PC: 12c25 \| Release memory

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1351,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:26.603635953Z	9	PC: 12a47 \| Display string (String= ' InfoSystem version1.02 Reading System Information... Computer type: IBM PC ')
2018-12-25T11:43:26.613652664Z	9	PC: 12a80 \| Display string (String= 'Unknown')
2018-12-25T11:43:26.615949357Z	9	PC: 12a85 \| Display string (String= ' Checking HDD controller... SCSI controller type: ')
2018-12-25T11:43:26.622982777Z	42	PC: 12b5d \| Get date 0x12b5d: mov ah, dl 0x12b5f: sub ax, 0xd05 0x12b62: jne 0x12b8d 0x12b64: push ax 0x12b65: dec ax 0x12b66: xchg ax, bp 0x12b67: xor bh, bh 0x12b69: mov ax, 0x1130 0x12b6c: int 0x10 0x12b6e: pop es 0x12b6f: inc bp 0x12b70: jne 0x12b83 0x12b72: mov al, byte ptr es:[0x465] 0x12b76: and al, 0xf7 0x12b78: mov dx, word ptr es:[0x463] 0x12b7d: add dl, 4 0x12b80: out dx, al 0x12b81: jmp 0x12b8d 0x12b83: mov dx, 0x3c4 0x12b86: mov al, 1
2018-12-25T11:43:26.625882674Z	53	PC: 12b92 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:26.627396175Z	107	PC: 12b9f \| Reserved
2018-12-25T11:43:26.62845446Z	68	PC: 12bb0 \| I/O control for devices (Set for = '')
2018-12-25T11:43:26.629769429Z	82	PC: 12bb6 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:43:26.631853546Z	68	PC: 1317a \| I/O control for devices (Set for = 'C:\DOS\*.BAT')
2018-12-25T11:43:26.63319591Z	68	PC: 13189 \| I/O control for devices (Set for = '�GG��G��Unknown (Error14). $COMMAND')
2018-12-25T11:43:27.027505771Z	182	PC: 1309b \| UNKNOWN!
2018-12-25T11:43:27.035438456Z	9	PC: 12bfa \| Display string (Could not find end pointer)
2018-12-25T11:43:27.040025087Z	37	PC: 12c0f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:27.041606568Z	73	PC: 12c25 \| Release memory