Sample viewer

vx.netlux.org/Virus.DOS.Remember.1091

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:09:44.526254454Z 42 PC: 12aae | Get date 0x12aae: cmp dx, 0x418
0x12ab2: jne 0x12ae2
0x12ab4: mov ax, 0x9100
0x12ab7: int 0x10
0x12ab9: cmp ax, 0x9100
0x12abc: je 0x12acf
0x12abe: mov ax, 0x804e
0x12ac1: int 0x10
0x12ac3: mov ah, 9
0x12ac5: mov dx, 0x265
0x12ac8: int 0x21
0x12aca: jb 0x12adb
0x12acc: jmp 0x12ae2
0x12ace: nop
0x12acf: mov ah, 9
0x12ad1: mov dx, 0x3ae
0x12ad4: int 0x21
0x12ad6: jb 0x12adb
0x12ad8: jmp 0x12ae2
0x12ada: nop
2018-12-17T23:09:44.529045884Z 53 PC: 12af5 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:09:44.530699908Z 37 PC: 12b28 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:09:44.531984053Z 26 PC: 12b3d | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16628,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:34.01837034Z 42 PC: 12aae | Get date 0x12aae: cmp dx, 0x418
0x12ab2: jne 0x12ae2
0x12ab4: mov ax, 0x9100
0x12ab7: int 0x10
0x12ab9: cmp ax, 0x9100
0x12abc: je 0x12acf
0x12abe: mov ax, 0x804e
0x12ac1: int 0x10
0x12ac3: mov ah, 9
0x12ac5: mov dx, 0x265
0x12ac8: int 0x21
0x12aca: jb 0x12adb
0x12acc: jmp 0x12ae2
0x12ace: nop
0x12acf: mov ah, 9
0x12ad1: mov dx, 0x3ae
0x12ad4: int 0x21
0x12ad6: jb 0x12adb
0x12ad8: jmp 0x12ae2
0x12ada: nop
2018-12-25T12:53:34.028824261Z 53 PC: 12af5 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:34.03158557Z 37 PC: 12b28 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:34.032948576Z 26 PC: 12b3d | Set disk transfer address

{"DateBased":true,"Day":24,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16628,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:34.076053779Z 42 PC: 12aae | Get date 0x12aae: cmp dx, 0x418
0x12ab2: jne 0x12ae2
0x12ab4: mov ax, 0x9100
0x12ab7: int 0x10
0x12ab9: cmp ax, 0x9100
0x12abc: je 0x12acf
0x12abe: mov ax, 0x804e
0x12ac1: int 0x10
0x12ac3: mov ah, 9
0x12ac5: mov dx, 0x265
0x12ac8: int 0x21
0x12aca: jb 0x12adb
0x12acc: jmp 0x12ae2
0x12ace: nop
0x12acf: mov ah, 9
0x12ad1: mov dx, 0x3ae
0x12ad4: int 0x21
0x12ad6: jb 0x12adb
0x12ad8: jmp 0x12ae2
0x12ada: nop
2018-12-25T12:53:34.080267648Z 9 PC: 12ad6 | Display string (String= ' <<< Welcome >>> ================================= The OVEL bbs Tel is 02-927-7432 ================================= ')
2018-12-25T12:53:34.098133518Z 53 PC: 12af5 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:34.100005014Z 37 PC: 12b28 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:34.101501414Z 26 PC: 12b3d | Set disk transfer address