Sample viewer

vx.netlux.org/Worm.DOS.Info.2133.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:11:55.248901972Z 9 PC: 12a47 | Display string (String= ' InfoSystem version1.02 Reading System Information... Computer type: IBM PC ')
2018-12-17T23:11:55.258824319Z 9 PC: 12a80 | Display string (String= ' 1[^_]VS@`؉ u#@ 0    Ɓ1 tƁ@j@@=Z[^ú1 t@<u1o1UWVSÉ %')
2018-12-17T23:11:55.264733609Z 9 PC: 12a85 | Display string (String= ' u#@ 0    Ɓ1 tƁ@j@@=Z[^ú1 t@<u1o1UWVSÉ %')
2018-12-17T23:11:55.271739569Z 42 PC: 12b5d | Get date 0x12b5d: mov ah, dl
0x12b5f: sub ax, 0xd05
0x12b62: jne 0x12b8d
0x12b64: push ax
0x12b65: dec ax
0x12b66: xchg ax, bp
0x12b67: xor bh, bh
0x12b69: mov ax, 0x1130
0x12b6c: int 0x10
0x12b6e: pop es
0x12b6f: inc bp
0x12b70: jne 0x12b83
0x12b72: mov al, byte ptr es:[0x465]
0x12b76: and al, 0xf7
0x12b78: mov dx, word ptr es:[0x463]
0x12b7d: add dl, 4
0x12b80: out dx, al
0x12b81: jmp 0x12b8d
0x12b83: mov dx, 0x3c4
0x12b86: mov al, 1
2018-12-17T23:11:55.274130593Z 53 PC: 12b92 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:11:55.275628838Z 107 PC: 12b9f | Reserved
2018-12-17T23:11:55.276788942Z 68 PC: 12bb0 | I/O control for devices (Set for = '')
2018-12-17T23:11:55.278162765Z 82 PC: 12bb6 | Get DOS internal pointers (SYSVARS)
2018-12-17T23:11:55.280799571Z 68 PC: 1317a | I/O control for devices (Set for = 'C:\DOS\*.BAT')
2018-12-17T23:11:55.282251564Z 68 PC: 13189 | I/O control for devices (Set for = 'GGGUnknown (Error14). $COMMAND')
2018-12-17T23:11:55.644113706Z 182 PC: 1309b | UNKNOWN!
2018-12-17T23:11:55.651727047Z 9 PC: 12bfa | Display string (Could not find end pointer)
2018-12-17T23:11:55.656088555Z 37 PC: 12c0f | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:11:55.657444042Z 73 PC: 12c25 | Release memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17349,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:36.667115524Z 9 PC: 12a47 | Display string (String= ' InfoSystem version1.02 Reading System Information... Computer type: IBM PC ')
2018-12-25T12:55:36.678851171Z 9 PC: 12a80 | Display string (String= ' 1[^_]VS@`؉ u#@ 0    Ɓ1 tƁ@j@@=Z[^ú1 t@<u1o1UWVSÉ %')
2018-12-25T12:55:36.682664531Z 9 PC: 12a85 | Display string (String= ' u#@ 0    Ɓ1 tƁ@j@@=Z[^ú1 t@<u1o1UWVSÉ %')
2018-12-25T12:55:36.692712411Z 42 PC: 12b5d | Get date 0x12b5d: mov ah, dl
0x12b5f: sub ax, 0xd05
0x12b62: jne 0x12b8d
0x12b64: push ax
0x12b65: dec ax
0x12b66: xchg ax, bp
0x12b67: xor bh, bh
0x12b69: mov ax, 0x1130
0x12b6c: int 0x10
0x12b6e: pop es
0x12b6f: inc bp
0x12b70: jne 0x12b83
0x12b72: mov al, byte ptr es:[0x465]
0x12b76: and al, 0xf7
0x12b78: mov dx, word ptr es:[0x463]
0x12b7d: add dl, 4
0x12b80: out dx, al
0x12b81: jmp 0x12b8d
0x12b83: mov dx, 0x3c4
0x12b86: mov al, 1
2018-12-25T12:55:36.696384724Z 53 PC: 12b92 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:36.698804324Z 107 PC: 12b9f | Reserved
2018-12-25T12:55:36.701417032Z 68 PC: 12bb0 | I/O control for devices (Set for = '')
2018-12-25T12:55:36.703685156Z 82 PC: 12bb6 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:55:36.708453004Z 68 PC: 1317a | I/O control for devices (Set for = 'C:\DOS\*.BAT')
2018-12-25T12:55:36.710158795Z 68 PC: 13189 | I/O control for devices (Set for = 'GGGUnknown (Error14). $COMMAND')
2018-12-25T12:55:37.480416527Z 182 PC: 1309b | UNKNOWN!
2018-12-25T12:55:37.489634773Z 9 PC: 12bfa | Display string (Could not find end pointer)
2018-12-25T12:55:37.495161993Z 37 PC: 12c0f | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:37.497267849Z 73 PC: 12c25 | Release memory

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17349,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:36.709596781Z 9 PC: 12a47 | Display string (String= ' InfoSystem version1.02 Reading System Information... Computer type: IBM PC ')
2018-12-25T12:55:36.720140139Z 9 PC: 12a80 | Display string (String= ' 1[^_]VS@`؉ u#@ 0    Ɓ1 tƁ@j@@=Z[^ú1 t@<u1o1UWVSÉ %')
2018-12-25T12:55:36.723737813Z 9 PC: 12a85 | Display string (String= ' u#@ 0    Ɓ1 tƁ@j@@=Z[^ú1 t@<u1o1UWVSÉ %')
2018-12-25T12:55:36.73204849Z 42 PC: 12b5d | Get date 0x12b5d: mov ah, dl
0x12b5f: sub ax, 0xd05
0x12b62: jne 0x12b8d
0x12b64: push ax
0x12b65: dec ax
0x12b66: xchg ax, bp
0x12b67: xor bh, bh
0x12b69: mov ax, 0x1130
0x12b6c: int 0x10
0x12b6e: pop es
0x12b6f: inc bp
0x12b70: jne 0x12b83
0x12b72: mov al, byte ptr es:[0x465]
0x12b76: and al, 0xf7
0x12b78: mov dx, word ptr es:[0x463]
0x12b7d: add dl, 4
0x12b80: out dx, al
0x12b81: jmp 0x12b8d
0x12b83: mov dx, 0x3c4
0x12b86: mov al, 1
2018-12-25T12:55:36.734920473Z 53 PC: 12b92 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:36.736837661Z 107 PC: 12b9f | Reserved
2018-12-25T12:55:36.73842682Z 68 PC: 12bb0 | I/O control for devices (Set for = '')
2018-12-25T12:55:36.740004991Z 82 PC: 12bb6 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:55:36.743080642Z 68 PC: 1317a | I/O control for devices (Set for = 'C:\DOS\*.BAT')
2018-12-25T12:55:36.745066818Z 68 PC: 13189 | I/O control for devices (Set for = 'GGGUnknown (Error14). $COMMAND')
2018-12-25T12:55:37.484253565Z 182 PC: 1309b | UNKNOWN!
2018-12-25T12:55:37.492175345Z 9 PC: 12bfa | Display string (Could not find end pointer)
2018-12-25T12:55:37.497669124Z 37 PC: 12c0f | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:37.499436573Z 73 PC: 12c25 | Release memory