Sample viewer

vx.netlux.org/Virus.DOS.Remember.1087

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:10:56.957651317Z 42 PC: 12aad | Get date 0x12aad: cmp dx, 0x418
0x12ab1: jne 0x12adf
0x12ab3: mov ax, 0x9100
0x12ab6: int 0x10
0x12ab8: cmp ax, 0x9100
0x12abb: je 0x12acd
0x12abd: mov ax, 0x804e
0x12ac0: int 0x10
0x12ac2: mov ah, 9
0x12ac4: mov dx, 0x262
0x12ac7: int 0x21
0x12ac9: jb 0x12ad8
0x12acb: jmp 0x12adf
0x12acd: mov ah, 9
0x12acf: mov dx, 0x3ab
0x12ad2: int 0x21
0x12ad4: jb 0x12ad8
0x12ad6: jmp 0x12adf
0x12ad8: mov word ptr cs:[0x56f], 0x4c00
0x12adf: mov word ptr ds:[bp + 0x53e], ss
2018-12-17T22:10:56.960214943Z 53 PC: 12af2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:10:56.962005256Z 37 PC: 12b25 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:10:56.963153007Z 26 PC: 12b3a | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2342,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:33.040097614Z 42 PC: 12aad | Get date 0x12aad: cmp dx, 0x418
0x12ab1: jne 0x12adf
0x12ab3: mov ax, 0x9100
0x12ab6: int 0x10
0x12ab8: cmp ax, 0x9100
0x12abb: je 0x12acd
0x12abd: mov ax, 0x804e
0x12ac0: int 0x10
0x12ac2: mov ah, 9
0x12ac4: mov dx, 0x262
0x12ac7: int 0x21
0x12ac9: jb 0x12ad8
0x12acb: jmp 0x12adf
0x12acd: mov ah, 9
0x12acf: mov dx, 0x3ab
0x12ad2: int 0x21
0x12ad4: jb 0x12ad8
0x12ad6: jmp 0x12adf
0x12ad8: mov word ptr cs:[0x56f], 0x4c00
0x12adf: mov word ptr ds:[bp + 0x53e], ss
2018-12-25T11:45:33.043312416Z 53 PC: 12af2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:33.04534315Z 37 PC: 12b25 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:33.04677553Z 26 PC: 12b3a | Set disk transfer address

{"DateBased":true,"Day":24,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2342,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:33.119347369Z 42 PC: 12aad | Get date 0x12aad: cmp dx, 0x418
0x12ab1: jne 0x12adf
0x12ab3: mov ax, 0x9100
0x12ab6: int 0x10
0x12ab8: cmp ax, 0x9100
0x12abb: je 0x12acd
0x12abd: mov ax, 0x804e
0x12ac0: int 0x10
0x12ac2: mov ah, 9
0x12ac4: mov dx, 0x262
0x12ac7: int 0x21
0x12ac9: jb 0x12ad8
0x12acb: jmp 0x12adf
0x12acd: mov ah, 9
0x12acf: mov dx, 0x3ab
0x12ad2: int 0x21
0x12ad4: jb 0x12ad8
0x12ad6: jmp 0x12adf
0x12ad8: mov word ptr cs:[0x56f], 0x4c00
0x12adf: mov word ptr ds:[bp + 0x53e], ss
2018-12-25T11:45:33.123789213Z 9 PC: 12ad4 | Display string (String= ' <<< Welcome >>> ================================= The OVEL bbs Tel is 02-927-7432 ================================= ')
2018-12-25T11:45:33.136701149Z 53 PC: 12af2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:33.138719266Z 37 PC: 12b25 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:33.140574047Z 26 PC: 12b3a | Set disk transfer address