Sample viewer

vx.netlux.org/Virus.DOS.Knorkator.1001

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:03:17.288999716Z 42 PC: 12a71 | Get date 0x12a71: cmp al, 5
0x12a73: jne 0x12a9a
0x12a75: mov ah, 0x2a
0x12a77: int 0x21
0x12a79: cmp dl, 0x15
0x12a7c: jne 0x12a9a
0x12a7e: mov ah, 9
0x12a80: mov dx, 0x440
0x12a83: int 0x21
0x12a85: mov ah, 0x39
0x12a87: mov dx, 0x4ce
0x12a8a: int 0x21
0x12a8c: mov ah, 0x39
0x12a8e: mov dx, 0x4d7
0x12a91: int 0x21
0x12a93: mov ah, 0x39
0x12a95: mov dx, 0x4e0
0x12a98: int 0x21
0x12a9a: pushaw
0x12a9b: push ds
2018-12-17T22:03:17.297510325Z 48 PC: 12aa6 | Get DOS version
2018-12-17T22:03:17.299074097Z 82 PC: 12ab5 | Get DOS internal pointers (SYSVARS)

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1479,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:46.409063954Z 42 PC: 12a71 | Get date 0x12a71: cmp al, 5
0x12a73: jne 0x12a9a
0x12a75: mov ah, 0x2a
0x12a77: int 0x21
0x12a79: cmp dl, 0x15
0x12a7c: jne 0x12a9a
0x12a7e: mov ah, 9
0x12a80: mov dx, 0x440
0x12a83: int 0x21
0x12a85: mov ah, 0x39
0x12a87: mov dx, 0x4ce
0x12a8a: int 0x21
0x12a8c: mov ah, 0x39
0x12a8e: mov dx, 0x4d7
0x12a91: int 0x21
0x12a93: mov ah, 0x39
0x12a95: mov dx, 0x4e0
0x12a98: int 0x21
0x12a9a: pushaw
0x12a9b: push ds
2018-12-25T11:43:46.412464327Z 42 PC: 12a79 | Get date 0x12a79: cmp dl, 0x15
0x12a7c: jne 0x12a9a
0x12a7e: mov ah, 9
0x12a80: mov dx, 0x440
0x12a83: int 0x21
0x12a85: mov ah, 0x39
0x12a87: mov dx, 0x4ce
0x12a8a: int 0x21
0x12a8c: mov ah, 0x39
0x12a8e: mov dx, 0x4d7
0x12a91: int 0x21
0x12a93: mov ah, 0x39
0x12a95: mov dx, 0x4e0
0x12a98: int 0x21
0x12a9a: pushaw
0x12a9b: push ds
0x12a9c: push es
0x12a9d: push cs
0x12a9e: push cs
0x12a9f: pop ds
2018-12-25T11:43:46.420899951Z 48 PC: 12aa6 | Get DOS version
2018-12-25T11:43:46.422184868Z 82 PC: 12ab5 | Get DOS internal pointers (SYSVARS)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1479,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:47.478748861Z 42 PC: 12a71 | Get date 0x12a71: cmp al, 5
0x12a73: jne 0x12a9a
0x12a75: mov ah, 0x2a
0x12a77: int 0x21
0x12a79: cmp dl, 0x15
0x12a7c: jne 0x12a9a
0x12a7e: mov ah, 9
0x12a80: mov dx, 0x440
0x12a83: int 0x21
0x12a85: mov ah, 0x39
0x12a87: mov dx, 0x4ce
0x12a8a: int 0x21
0x12a8c: mov ah, 0x39
0x12a8e: mov dx, 0x4d7
0x12a91: int 0x21
0x12a93: mov ah, 0x39
0x12a95: mov dx, 0x4e0
0x12a98: int 0x21
0x12a9a: pushaw
0x12a9b: push ds
2018-12-25T11:43:47.483575129Z 48 PC: 12aa6 | Get DOS version
2018-12-25T11:43:47.485982679Z 82 PC: 12ab5 | Get DOS internal pointers (SYSVARS)