Sample viewer

vx.netlux.org/Virus.DOS.Remember.811

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:11:18.080212505Z 42 PC: 12e42 | Get date 0x12e42: cmp dx, 0x418
0x12e46: jne 0x12e6a
0x12e48: mov ax, 0x9100
0x12e4b: int 0x10
0x12e4d: cmp ax, 0x9100
0x12e50: je 0x12e6a
0x12e52: mov ax, 0x804e
0x12e55: int 0x10
0x12e57: mov ah, 9
0x12e59: mov dx, 0x1c9
0x12e5c: int 0x21
0x12e5e: jb 0x12e63
0x12e60: jmp 0x12e6a
0x12e63: mov word ptr cs:[0x45b], 0x4c00
0x12e6a: mov word ptr [bp + 0x42a], ss
0x12e6e: xor ax, ax
0x12e70: mov ss, ax
0x12e72: mov ss, word ptr ds:[bp + 0x42a]
0x12e77: mov ax, 0x3521
0x12e7a: int 0x21
2018-12-17T23:11:18.08421869Z 53 PC: 12e7c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:11:18.085942351Z 37 PC: 12ead | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:11:18.087404541Z 26 PC: 12ec2 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17143,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:00.081062446Z 42 PC: 12e42 | Get date 0x12e42: cmp dx, 0x418
0x12e46: jne 0x12e6a
0x12e48: mov ax, 0x9100
0x12e4b: int 0x10
0x12e4d: cmp ax, 0x9100
0x12e50: je 0x12e6a
0x12e52: mov ax, 0x804e
0x12e55: int 0x10
0x12e57: mov ah, 9
0x12e59: mov dx, 0x1c9
0x12e5c: int 0x21
0x12e5e: jb 0x12e63
0x12e60: jmp 0x12e6a
0x12e63: mov word ptr cs:[0x45b], 0x4c00
0x12e6a: mov word ptr [bp + 0x42a], ss
0x12e6e: xor ax, ax
0x12e70: mov ss, ax
0x12e72: mov ss, word ptr ds:[bp + 0x42a]
0x12e77: mov ax, 0x3521
0x12e7a: int 0x21
2018-12-25T12:55:00.083668949Z 53 PC: 12e7c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:00.086703141Z 37 PC: 12ead | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:00.089426795Z 26 PC: 12ec2 | Set disk transfer address

{"DateBased":true,"Day":24,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17143,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:01.403795112Z 42 PC: 12e42 | Get date 0x12e42: cmp dx, 0x418
0x12e46: jne 0x12e6a
0x12e48: mov ax, 0x9100
0x12e4b: int 0x10
0x12e4d: cmp ax, 0x9100
0x12e50: je 0x12e6a
0x12e52: mov ax, 0x804e
0x12e55: int 0x10
0x12e57: mov ah, 9
0x12e59: mov dx, 0x1c9
0x12e5c: int 0x21
0x12e5e: jb 0x12e63
0x12e60: jmp 0x12e6a
0x12e63: mov word ptr cs:[0x45b], 0x4c00
0x12e6a: mov word ptr [bp + 0x42a], ss
0x12e6e: xor ax, ax
0x12e70: mov ss, ax
0x12e72: mov ss, word ptr ds:[bp + 0x42a]
0x12e77: mov ax, 0x3521
0x12e7a: int 0x21
2018-12-25T12:55:01.408128089Z 53 PC: 12e7c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:01.410122257Z 37 PC: 12ead | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:01.411855697Z 26 PC: 12ec2 | Set disk transfer address