Sample viewer

vx.netlux.org/Virus.DOS.Knorkator.1004

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:17:42.28124508Z 42 PC: 12a73 | Get date 0x12a73: cmp al, 5
0x12a75: jne 0x12a9c
0x12a77: mov ah, 0x2a
0x12a79: int 0x21
0x12a7b: cmp dl, 0x15
0x12a7e: jne 0x12a9c
0x12a80: mov ah, 9
0x12a82: mov dx, 0x443
0x12a85: int 0x21
0x12a87: mov ah, 0x39
0x12a89: mov dx, 0x4d1
0x12a8c: int 0x21
0x12a8e: mov ah, 0x39
0x12a90: mov dx, 0x4da
0x12a93: int 0x21
0x12a95: mov ah, 0x39
0x12a97: mov dx, 0x4e3
0x12a9a: int 0x21
0x12a9c: pushaw
0x12a9d: push ds
2018-12-17T22:17:42.284489027Z 48 PC: 12aa8 | Get DOS version
2018-12-17T22:17:42.285900666Z 82 PC: 12ab7 | Get DOS internal pointers (SYSVARS)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3079,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:11.446536211Z 42 PC: 12a73 | Get date 0x12a73: cmp al, 5
0x12a75: jne 0x12a9c
0x12a77: mov ah, 0x2a
0x12a79: int 0x21
0x12a7b: cmp dl, 0x15
0x12a7e: jne 0x12a9c
0x12a80: mov ah, 9
0x12a82: mov dx, 0x443
0x12a85: int 0x21
0x12a87: mov ah, 0x39
0x12a89: mov dx, 0x4d1
0x12a8c: int 0x21
0x12a8e: mov ah, 0x39
0x12a90: mov dx, 0x4da
0x12a93: int 0x21
0x12a95: mov ah, 0x39
0x12a97: mov dx, 0x4e3
0x12a9a: int 0x21
0x12a9c: pushaw
0x12a9d: push ds
2018-12-25T11:48:11.448944644Z 48 PC: 12aa8 | Get DOS version
2018-12-25T11:48:11.449937761Z 82 PC: 12ab7 | Get DOS internal pointers (SYSVARS)

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3079,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:11.497499244Z 42 PC: 12a73 | Get date 0x12a73: cmp al, 5
0x12a75: jne 0x12a9c
0x12a77: mov ah, 0x2a
0x12a79: int 0x21
0x12a7b: cmp dl, 0x15
0x12a7e: jne 0x12a9c
0x12a80: mov ah, 9
0x12a82: mov dx, 0x443
0x12a85: int 0x21
0x12a87: mov ah, 0x39
0x12a89: mov dx, 0x4d1
0x12a8c: int 0x21
0x12a8e: mov ah, 0x39
0x12a90: mov dx, 0x4da
0x12a93: int 0x21
0x12a95: mov ah, 0x39
0x12a97: mov dx, 0x4e3
0x12a9a: int 0x21
0x12a9c: pushaw
0x12a9d: push ds
2018-12-25T11:48:11.49991628Z 42 PC: 12a7b | Get date 0x12a7b: cmp dl, 0x15
0x12a7e: jne 0x12a9c
0x12a80: mov ah, 9
0x12a82: mov dx, 0x443
0x12a85: int 0x21
0x12a87: mov ah, 0x39
0x12a89: mov dx, 0x4d1
0x12a8c: int 0x21
0x12a8e: mov ah, 0x39
0x12a90: mov dx, 0x4da
0x12a93: int 0x21
0x12a95: mov ah, 0x39
0x12a97: mov dx, 0x4e3
0x12a9a: int 0x21
0x12a9c: pushaw
0x12a9d: push ds
0x12a9e: push es
0x12a9f: push cs
0x12aa0: push cs
0x12aa1: pop ds
2018-12-25T11:48:11.501856375Z 48 PC: 12aa8 | Get DOS version
2018-12-25T11:48:11.502964083Z 82 PC: 12ab7 | Get DOS internal pointers (SYSVARS)