Sample viewer

vx.netlux.org/Virus.DOS.Remember.816

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:33:16.067758264Z 42 PC: 12a5f | Get date 0x12a5f: cmp dx, 0x418
0x12a63: jne 0x12a86
0x12a65: mov ax, 0x9100
0x12a68: int 0x10
0x12a6a: cmp ax, 0x9100
0x12a6d: je 0x12a86
0x12a6f: mov ax, 0x804e
0x12a72: int 0x10
0x12a74: mov ah, 9
0x12a76: mov dx, 0x1cc
0x12a79: int 0x21
0x12a7b: jb 0x12a7f
0x12a7d: jmp 0x12a86
0x12a7f: mov word ptr cs:[0x460], 0x4c00
0x12a86: mov word ptr ds:[bp + 0x42f], ss
0x12a8b: xor ax, ax
0x12a8d: mov ss, ax
0x12a8f: mov ss, word ptr ds:[bp + 0x42f]
0x12a94: mov ax, 0x3521
0x12a97: int 0x21
2018-12-17T22:33:16.070496146Z 53 PC: 12a99 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:33:16.072245875Z 37 PC: 12acc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:33:16.073536319Z 26 PC: 12ae1 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5951,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:09.539573717Z 42 PC: 12a5f | Get date 0x12a5f: cmp dx, 0x418
0x12a63: jne 0x12a86
0x12a65: mov ax, 0x9100
0x12a68: int 0x10
0x12a6a: cmp ax, 0x9100
0x12a6d: je 0x12a86
0x12a6f: mov ax, 0x804e
0x12a72: int 0x10
0x12a74: mov ah, 9
0x12a76: mov dx, 0x1cc
0x12a79: int 0x21
0x12a7b: jb 0x12a7f
0x12a7d: jmp 0x12a86
0x12a7f: mov word ptr cs:[0x460], 0x4c00
0x12a86: mov word ptr ds:[bp + 0x42f], ss
0x12a8b: xor ax, ax
0x12a8d: mov ss, ax
0x12a8f: mov ss, word ptr ds:[bp + 0x42f]
0x12a94: mov ax, 0x3521
0x12a97: int 0x21
2018-12-25T11:58:09.542885702Z 53 PC: 12a99 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:09.545243302Z 37 PC: 12acc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:09.546951714Z 26 PC: 12ae1 | Set disk transfer address

{"DateBased":true,"Day":24,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5951,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:09.524523508Z 42 PC: 12a5f | Get date 0x12a5f: cmp dx, 0x418
0x12a63: jne 0x12a86
0x12a65: mov ax, 0x9100
0x12a68: int 0x10
0x12a6a: cmp ax, 0x9100
0x12a6d: je 0x12a86
0x12a6f: mov ax, 0x804e
0x12a72: int 0x10
0x12a74: mov ah, 9
0x12a76: mov dx, 0x1cc
0x12a79: int 0x21
0x12a7b: jb 0x12a7f
0x12a7d: jmp 0x12a86
0x12a7f: mov word ptr cs:[0x460], 0x4c00
0x12a86: mov word ptr ds:[bp + 0x42f], ss
0x12a8b: xor ax, ax
0x12a8d: mov ss, ax
0x12a8f: mov ss, word ptr ds:[bp + 0x42f]
0x12a94: mov ax, 0x3521
0x12a97: int 0x21
2018-12-25T11:58:09.534751124Z 53 PC: 12a99 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:09.536322565Z 37 PC: 12acc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:09.537336206Z 26 PC: 12ae1 | Set disk transfer address