Sample viewer

vx.netlux.org/Worm.DOS.Info.2142.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:09:29.085838245Z 9 PC: 12a47 | Display string (String= ' -*- INFOSYSTEM -*- version 1.04 (C) 1995 by Ziff Co. Reading System Information... Computer type: IBM PC ')
2018-12-17T23:09:29.100076124Z 9 PC: 12a80 | Display string (String= 'Unknown')
2018-12-17T23:09:29.10315433Z 9 PC: 12a85 | Display string (String= ' Checking HDD controller... Controller type: ')
2018-12-17T23:09:29.109219398Z 42 PC: 12b85 | Get date 0x12b85: mov ah, dl
0x12b87: sub ax, 0xd05
0x12b8a: jne 0x12bb5
0x12b8c: push ax
0x12b8d: dec ax
0x12b8e: xchg ax, bp
0x12b8f: xor bh, bh
0x12b91: mov ax, 0x1130
0x12b94: int 0x10
0x12b96: pop es
0x12b97: inc bp
0x12b98: jne 0x12bab
0x12b9a: mov al, byte ptr es:[0x465]
0x12b9e: and al, 0xf7
0x12ba0: mov dx, word ptr es:[0x463]
0x12ba5: add dl, 4
0x12ba8: out dx, al
0x12ba9: jmp 0x12bb5
0x12bab: mov dx, 0x3c4
0x12bae: mov al, 1
2018-12-17T23:09:29.111938609Z 53 PC: 12bba | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:09:29.114293214Z 107 PC: 12bc7 | Reserved
2018-12-17T23:09:29.115731097Z 68 PC: 12bd8 | I/O control for devices (Set for = '')
2018-12-17T23:09:29.117447974Z 82 PC: 12bde | Get DOS internal pointers (SYSVARS)
2018-12-17T23:09:29.121137928Z 68 PC: 1317b | I/O control for devices (Set for = 'C:\DOS\*.BAT')
2018-12-17T23:09:29.123188332Z 68 PC: 1318a | I/O control for devices (Set for = '��GG��G���Unknown (Error14). $COMMAND')
2018-12-17T23:09:29.484696556Z 182 PC: 13082 | UNKNOWN!
2018-12-17T23:09:29.494288303Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-17T23:09:29.502145901Z 37 PC: 12c37 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:09:29.504199029Z 73 PC: 12c4d | Release memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16544,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:22.366635613Z 9 PC: 12a47 | Display string (String= ' -*- INFOSYSTEM -*- version 1.04 (C) 1995 by Ziff Co. Reading System Information... Computer type: IBM PC ')
2018-12-25T12:53:22.37838519Z 9 PC: 12a80 | Display string (String= 'Unknown')
2018-12-25T12:53:22.380418537Z 9 PC: 12a85 | Display string (String= ' Checking HDD controller... Controller type: ')
2018-12-25T12:53:22.387089245Z 42 PC: 12b85 | Get date 0x12b85: mov ah, dl
0x12b87: sub ax, 0xd05
0x12b8a: jne 0x12bb5
0x12b8c: push ax
0x12b8d: dec ax
0x12b8e: xchg ax, bp
0x12b8f: xor bh, bh
0x12b91: mov ax, 0x1130
0x12b94: int 0x10
0x12b96: pop es
0x12b97: inc bp
0x12b98: jne 0x12bab
0x12b9a: mov al, byte ptr es:[0x465]
0x12b9e: and al, 0xf7
0x12ba0: mov dx, word ptr es:[0x463]
0x12ba5: add dl, 4
0x12ba8: out dx, al
0x12ba9: jmp 0x12bb5
0x12bab: mov dx, 0x3c4
0x12bae: mov al, 1
2018-12-25T12:53:22.389378385Z 53 PC: 12bba | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:22.390370422Z 107 PC: 12bc7 | Reserved
2018-12-25T12:53:22.391203Z 68 PC: 12bd8 | I/O control for devices (Set for = '�')
2018-12-25T12:53:22.392818419Z 82 PC: 12bde | Get DOS internal pointers (SYSVARS)
2018-12-25T12:53:22.394455702Z 68 PC: 1317b | I/O control for devices (Set for = 'C:\DOS\*.BAT')
2018-12-25T12:53:22.395683631Z 68 PC: 1318a | I/O control for devices (Set for = '��GG��G���Unknown (Error14). $COMMAND')
2018-12-25T12:53:23.385262717Z 182 PC: 13082 | UNKNOWN!
2018-12-25T12:53:23.392890968Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-25T12:53:23.39665145Z 37 PC: 12c37 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:23.39784437Z 73 PC: 12c4d | Release memory

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16544,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:23.457949533Z 9 PC: 12a47 | Display string (String= ' -*- INFOSYSTEM -*- version 1.04 (C) 1995 by Ziff Co. Reading System Information... Computer type: IBM PC ')
2018-12-25T12:53:23.471585078Z 9 PC: 12a80 | Display string (String= 'Unknown')
2018-12-25T12:53:23.474006961Z 9 PC: 12a85 | Display string (String= ' Checking HDD controller... Controller type: ')
2018-12-25T12:53:23.481884237Z 42 PC: 12b85 | Get date 0x12b85: mov ah, dl
0x12b87: sub ax, 0xd05
0x12b8a: jne 0x12bb5
0x12b8c: push ax
0x12b8d: dec ax
0x12b8e: xchg ax, bp
0x12b8f: xor bh, bh
0x12b91: mov ax, 0x1130
0x12b94: int 0x10
0x12b96: pop es
0x12b97: inc bp
0x12b98: jne 0x12bab
0x12b9a: mov al, byte ptr es:[0x465]
0x12b9e: and al, 0xf7
0x12ba0: mov dx, word ptr es:[0x463]
0x12ba5: add dl, 4
0x12ba8: out dx, al
0x12ba9: jmp 0x12bb5
0x12bab: mov dx, 0x3c4
0x12bae: mov al, 1
2018-12-25T12:53:23.484863794Z 53 PC: 12bba | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:23.486345556Z 107 PC: 12bc7 | Reserved
2018-12-25T12:53:23.487486036Z 68 PC: 12bd8 | I/O control for devices (Set for = '')
2018-12-25T12:53:23.488768272Z 82 PC: 12bde | Get DOS internal pointers (SYSVARS)
2018-12-25T12:53:23.490949199Z 68 PC: 1317b | I/O control for devices (Set for = 'C:\DOS\*.BAT')
2018-12-25T12:53:23.492421629Z 68 PC: 1318a | I/O control for devices (Set for = '��GG��G���Unknown (Error14). $COMMAND')
2018-12-25T12:53:25.306380483Z 182 PC: 13082 | UNKNOWN!
2018-12-25T12:53:25.315241159Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-25T12:53:25.319659005Z 37 PC: 12c37 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:25.321246382Z 73 PC: 12c4d | Release memory