Sample viewer

vx.netlux.org/Virus.DOS.KWZ.797

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:53:42.864633494Z 240 PC: 13dd7 | UNKNOWN!
2018-12-17T21:53:42.86581603Z 42 PC: 13df8 | Get date 0x13df8: cmp dl, 0x19
0x13dfb: jb 0x13e03
0x13dfd: mov byte ptr cs:[bp + 0x2f7], 1
0x13e03: mov bl, byte ptr cs:[bp + 0x2eb]
0x13e08: mov al, 8
0x13e0a: mul bl
0x13e0c: mov cx, ax
0x13e0e: mov si, 0
0x13e11: xor byte ptr cs:[bp + si + 0x2cb], 0xaa
0x13e17: inc si
0x13e18: loop 0x13e11
0x13e1a: mov si, 0
0x13e1d: mov cx, 0xb
0x13e20: xor byte ptr cs:[bp + si + 0x2ec], 0xab
0x13e26: inc si
0x13e27: loop 0x13e20
0x13e29: mov ch, 0
0x13e2b: mov cl, byte ptr cs:[bp + 0x2eb]
0x13e30: mov bl, cl
0x13e32: mov ax, 0xf000
2018-12-17T21:53:42.868334438Z 82 PC: 13e67 | Get DOS internal pointers (SYSVARS)
2018-12-17T21:53:42.870434387Z 53 PC: 9f90b | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:53:42.87164635Z 37 PC: 9f91f | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:53:42.875052367Z 9 PC: 13dc6 | Display string (String= 'CDEFG-This is a 5000 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":393,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:52.132595288Z 240 PC: 13dd7 | UNKNOWN!
2018-12-25T11:40:52.141657953Z 42 PC: 13df8 | Get date 0x13df8: cmp dl, 0x19
0x13dfb: jb 0x13e03
0x13dfd: mov byte ptr cs:[bp + 0x2f7], 1
0x13e03: mov bl, byte ptr cs:[bp + 0x2eb]
0x13e08: mov al, 8
0x13e0a: mul bl
0x13e0c: mov cx, ax
0x13e0e: mov si, 0
0x13e11: xor byte ptr cs:[bp + si + 0x2cb], 0xaa
0x13e17: inc si
0x13e18: loop 0x13e11
0x13e1a: mov si, 0
0x13e1d: mov cx, 0xb
0x13e20: xor byte ptr cs:[bp + si + 0x2ec], 0xab
0x13e26: inc si
0x13e27: loop 0x13e20
0x13e29: mov ch, 0
0x13e2b: mov cl, byte ptr cs:[bp + 0x2eb]
0x13e30: mov bl, cl
0x13e32: mov ax, 0xf000
2018-12-25T11:40:52.14397095Z 82 PC: 13e67 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:40:52.145227287Z 53 PC: 9f90b | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:52.147025719Z 37 PC: 9f91f | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:52.149825557Z 9 PC: 13dc6 | Display string (String= 'CDEFG-This is a 5000 byte COM test, 1994 ')

{"DateBased":true,"Day":25,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":393,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:52.15464828Z 240 PC: 13dd7 | UNKNOWN!
2018-12-25T11:40:52.156553318Z 42 PC: 13df8 | Get date 0x13df8: cmp dl, 0x19
0x13dfb: jb 0x13e03
0x13dfd: mov byte ptr cs:[bp + 0x2f7], 1
0x13e03: mov bl, byte ptr cs:[bp + 0x2eb]
0x13e08: mov al, 8
0x13e0a: mul bl
0x13e0c: mov cx, ax
0x13e0e: mov si, 0
0x13e11: xor byte ptr cs:[bp + si + 0x2cb], 0xaa
0x13e17: inc si
0x13e18: loop 0x13e11
0x13e1a: mov si, 0
0x13e1d: mov cx, 0xb
0x13e20: xor byte ptr cs:[bp + si + 0x2ec], 0xab
0x13e26: inc si
0x13e27: loop 0x13e20
0x13e29: mov ch, 0
0x13e2b: mov cl, byte ptr cs:[bp + 0x2eb]
0x13e30: mov bl, cl
0x13e32: mov ax, 0xf000
2018-12-25T11:40:52.160045708Z 82 PC: 13e67 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:40:52.161817475Z 53 PC: 9f90b | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:52.169172558Z 37 PC: 9f91f | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:52.173368744Z 9 PC: 13dc6 | Display string (String= 'CDEFG-This is a 5000 byte COM test, 1994 ')