Sample viewer

vx.netlux.org/Worm.DOS.Info.2259.a

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:06:02.923003594Z	9	PC: 12a47 \| Display string (String= ' Reading System Information... Computer type: IBM PC ')
2018-12-17T23:06:02.928360474Z	9	PC: 12a80 \| Display string (String= '(‰èègîÿÿ…ÀtºX^¸ èløÿÿ¸ë èÌòÿÿëÐ1À[^_]ÃVS‹@`‹¶Ø‰ÙÁá ŠÔþ¨ u#Æ@Ôþ Æ0Ôþ Æ Ôþ ÆÔþ ÆÔþ ÆÔþ¶±Ôþ1Àƒæ tÆÔþ@j@¹@‰Øè=ÿÿÿZ[^ÃºÔþ1ÀŠ €á t¶ÀÃ@Â<uê1Àèoÿÿÿ1ÀÃUWVS‰Ã‰ÖèÌÿÿÿÁà %ðˆ')
2018-12-17T23:06:02.932057979Z	9	PC: 12a85 \| Display string (String= 'ÌòÿÿëÐ1À[^_]ÃVS‹@`‹¶Ø‰ÙÁá ŠÔþ¨ u#Æ@Ôþ Æ0Ôþ Æ Ôþ ÆÔþ ÆÔþ ÆÔþ¶±Ôþ1Àƒæ tÆÔþ@j@¹@‰Øè=ÿÿÿZ[^ÃºÔþ1ÀŠ €á t¶ÀÃ@Â<uê1Àèoÿÿÿ1ÀÃUWVS‰Ã‰ÖèÌÿÿÿÁà %ðˆ')
2018-12-17T23:06:02.937627944Z	42	PC: 12b46 \| Get date 0x12b46: mov ah, dl 0x12b48: sub ax, 0xd05 0x12b4b: jne 0x12b76 0x12b4d: push ax 0x12b4e: dec ax 0x12b4f: xchg ax, bp 0x12b50: xor bh, bh 0x12b52: mov ax, 0x1130 0x12b55: int 0x10 0x12b57: pop es 0x12b58: inc bp 0x12b59: jne 0x12b6c 0x12b5b: mov al, byte ptr es:[0x465] 0x12b5f: and al, 0xf7 0x12b61: mov dx, word ptr es:[0x463] 0x12b66: add dl, 4 0x12b69: out dx, al 0x12b6a: jmp 0x12b76 0x12b6c: mov dx, 0x3c4 0x12b6f: mov al, 1
2018-12-17T23:06:02.939211273Z	53	PC: 12b7b \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:06:02.940624676Z	53	PC: 12b88 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:06:02.941702686Z	107	PC: 12b95 \| Reserved
2018-12-17T23:06:02.942684504Z	68	PC: 12ba6 \| I/O control for devices (Set for = '')
2018-12-17T23:06:02.944648769Z	82	PC: 12bac \| Get DOS internal pointers (SYSVARS)
2018-12-17T23:06:02.946239934Z	68	PC: 13195 \| I/O control for devices (Set for = 'C:\DOS\*.BAT')
2018-12-17T23:06:02.947635068Z	68	PC: 131a4 \| I/O control for devices (Set for = '‹ë»Œ')
2018-12-17T23:06:03.309229546Z	182	PC: 130b6 \| UNKNOWN!
2018-12-17T23:06:03.316056236Z	88	PC: 12bec \| case 0xGet or set allocation strateg:
2018-12-17T23:06:03.317599506Z	88	PC: 12bf9 \| case 0xGet or set allocation strateg:
2018-12-17T23:06:03.319802102Z	88	PC: 12c1f \| case 0xGet or set allocation strateg:
2018-12-17T23:06:03.321722391Z	37	PC: 12c7c \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:06:03.323154029Z	37	PC: 12c84 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:06:03.325825726Z	73	PC: 12c9a \| Release memory
2018-12-17T23:06:03.327568439Z	9	PC: 12ca8 \| Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15403,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:19.757753644Z	9	PC: 12a47 \| Display string (String= ' Reading System Information... Computer type: IBM PC ')
2018-12-25T12:43:19.765321308Z	9	PC: 12a80 \| Display string (String= '(‰èègîÿÿ…ÀtºX^¸ èløÿÿ¸ë èÌòÿÿëÐ1À[^_]ÃVS‹@`‹¶Ø‰ÙÁá ŠÔþ¨ u#Æ@Ôþ Æ0Ôþ Æ Ôþ ÆÔþ ÆÔþ ÆÔþ¶±Ôþ1Àƒæ tÆÔþ@j@¹@‰Øè=ÿÿÿZ[^ÃºÔþ1ÀŠ €á t¶ÀÃ@Â<uê1Àèoÿÿÿ1ÀÃUWVS‰Ã‰ÖèÌÿÿÿÁà %ðˆ')
2018-12-25T12:43:19.76774828Z	9	PC: 12a85 \| Display string (String= 'ÌòÿÿëÐ1À[^_]ÃVS‹@`‹¶Ø‰ÙÁá ŠÔþ¨ u#Æ@Ôþ Æ0Ôþ Æ Ôþ ÆÔþ ÆÔþ ÆÔþ¶±Ôþ1Àƒæ tÆÔþ@j@¹@‰Øè=ÿÿÿZ[^ÃºÔþ1ÀŠ €á t¶ÀÃ@Â<uê1Àèoÿÿÿ1ÀÃUWVS‰Ã‰ÖèÌÿÿÿÁà %ðˆ')
2018-12-25T12:43:19.775671555Z	42	PC: 12b46 \| Get date 0x12b46: mov ah, dl 0x12b48: sub ax, 0xd05 0x12b4b: jne 0x12b76 0x12b4d: push ax 0x12b4e: dec ax 0x12b4f: xchg ax, bp 0x12b50: xor bh, bh 0x12b52: mov ax, 0x1130 0x12b55: int 0x10 0x12b57: pop es 0x12b58: inc bp 0x12b59: jne 0x12b6c 0x12b5b: mov al, byte ptr es:[0x465] 0x12b5f: and al, 0xf7 0x12b61: mov dx, word ptr es:[0x463] 0x12b66: add dl, 4 0x12b69: out dx, al 0x12b6a: jmp 0x12b76 0x12b6c: mov dx, 0x3c4 0x12b6f: mov al, 1
2018-12-25T12:43:19.777948324Z	53	PC: 12b7b \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:43:19.779845303Z	53	PC: 12b88 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:19.781080801Z	107	PC: 12b95 \| Reserved
2018-12-25T12:43:19.782218397Z	68	PC: 12ba6 \| I/O control for devices (Set for = 'ÿ')
2018-12-25T12:43:19.784566407Z	82	PC: 12bac \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:43:19.787208758Z	68	PC: 13195 \| I/O control for devices (Set for = 'C:\DOS\*.BAT')
2018-12-25T12:43:19.788867749Z	68	PC: 131a4 \| I/O control for devices (Set for = '‹ë»Œ')
2018-12-25T12:43:20.146902783Z	182	PC: 130b6 \| UNKNOWN!
2018-12-25T12:43:20.155451741Z	88	PC: 12bec \| case 0xGet or set allocation strateg:
2018-12-25T12:43:20.157306151Z	88	PC: 12bf9 \| case 0xGet or set allocation strateg:
2018-12-25T12:43:20.159363635Z	88	PC: 12c1f \| case 0xGet or set allocation strateg:
2018-12-25T12:43:20.162454196Z	37	PC: 12c7c \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:43:20.163698252Z	37	PC: 12c84 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:20.165156138Z	73	PC: 12c9a \| Release memory
2018-12-25T12:43:20.167521239Z	9	PC: 12ca8 \| Display string (Could not find end pointer)

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15403,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:20.017683649Z	9	PC: 12a47 \| Display string (String= ' Reading System Information... Computer type: IBM PC ')
2018-12-25T12:43:20.030076311Z	9	PC: 12a80 \| Display string (String= '(‰èègîÿÿ…ÀtºX^¸ èløÿÿ¸ë èÌòÿÿëÐ1À[^_]ÃVS‹@`‹¶Ø‰ÙÁá ŠÔþ¨ u#Æ@Ôþ Æ0Ôþ Æ Ôþ ÆÔþ ÆÔþ ÆÔþ¶±Ôþ1Àƒæ tÆÔþ@j@¹@‰Øè=ÿÿÿZ[^ÃºÔþ1ÀŠ €á t¶ÀÃ@Â<uê1Àèoÿÿÿ1ÀÃUWVS‰Ã‰ÖèÌÿÿÿÁà %ðˆ')
2018-12-25T12:43:20.032064653Z	9	PC: 12a85 \| Display string (String= 'ÌòÿÿëÐ1À[^_]ÃVS‹@`‹¶Ø‰ÙÁá ŠÔþ¨ u#Æ@Ôþ Æ0Ôþ Æ Ôþ ÆÔþ ÆÔþ ÆÔþ¶±Ôþ1Àƒæ tÆÔþ@j@¹@‰Øè=ÿÿÿZ[^ÃºÔþ1ÀŠ €á t¶ÀÃ@Â<uê1Àèoÿÿÿ1ÀÃUWVS‰Ã‰ÖèÌÿÿÿÁà %ðˆ')
2018-12-25T12:43:20.038745064Z	42	PC: 12b46 \| Get date 0x12b46: mov ah, dl 0x12b48: sub ax, 0xd05 0x12b4b: jne 0x12b76 0x12b4d: push ax 0x12b4e: dec ax 0x12b4f: xchg ax, bp 0x12b50: xor bh, bh 0x12b52: mov ax, 0x1130 0x12b55: int 0x10 0x12b57: pop es 0x12b58: inc bp 0x12b59: jne 0x12b6c 0x12b5b: mov al, byte ptr es:[0x465] 0x12b5f: and al, 0xf7 0x12b61: mov dx, word ptr es:[0x463] 0x12b66: add dl, 4 0x12b69: out dx, al 0x12b6a: jmp 0x12b76 0x12b6c: mov dx, 0x3c4 0x12b6f: mov al, 1
2018-12-25T12:43:20.042160277Z	53	PC: 12b7b \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:43:20.044139714Z	53	PC: 12b88 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:20.045260895Z	107	PC: 12b95 \| Reserved
2018-12-25T12:43:20.047721093Z	68	PC: 12ba6 \| I/O control for devices (Set for = '')
2018-12-25T12:43:20.049177087Z	82	PC: 12bac \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:43:20.051023421Z	68	PC: 13195 \| I/O control for devices (Set for = 'C:\DOS\*.BAT')
2018-12-25T12:43:20.053563137Z	68	PC: 131a4 \| I/O control for devices (Set for = '‹ë»Œ')
2018-12-25T12:43:20.564973297Z	182	PC: 130b6 \| UNKNOWN!
2018-12-25T12:43:20.571891296Z	88	PC: 12bec \| case 0xGet or set allocation strateg:
2018-12-25T12:43:20.57368662Z	88	PC: 12bf9 \| case 0xGet or set allocation strateg:
2018-12-25T12:43:20.575998543Z	88	PC: 12c1f \| case 0xGet or set allocation strateg:
2018-12-25T12:43:20.577960954Z	37	PC: 12c7c \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:43:20.579399103Z	37	PC: 12c84 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:20.582602435Z	73	PC: 12c9a \| Release memory
2018-12-25T12:43:20.584344966Z	9	PC: 12ca8 \| Display string (Could not find end pointer)