Sample viewer

vx.netlux.org/Virus.DOS.Remember.1287

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:34:45.769919122Z 42 PC: 12b29 | Get date 0x12b29: cmp dx, 0x418
0x12b2d: jne 0x12b5d
0x12b2f: mov ax, 0x9100
0x12b32: int 0x10
0x12b34: cmp ax, 0x9100
0x12b37: je 0x12b4a
0x12b39: mov ax, 0x804e
0x12b3c: int 0x10
0x12b3e: mov ah, 9
0x12b40: mov dx, 0x265
0x12b43: int 0x21
0x12b45: jb 0x12b56
0x12b47: jmp 0x12b5d
0x12b49: nop
0x12b4a: mov ah, 9
0x12b4c: mov dx, 0x462
0x12b4f: int 0x21
0x12b51: jb 0x12b56
0x12b53: jmp 0x12b5d
0x12b55: nop
2018-12-17T22:34:45.773602554Z 53 PC: 12b70 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:34:45.776162605Z 37 PC: 12ba3 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:34:45.777862467Z 26 PC: 12bb8 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6226,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:49.806939136Z 42 PC: 12b29 | Get date 0x12b29: cmp dx, 0x418
0x12b2d: jne 0x12b5d
0x12b2f: mov ax, 0x9100
0x12b32: int 0x10
0x12b34: cmp ax, 0x9100
0x12b37: je 0x12b4a
0x12b39: mov ax, 0x804e
0x12b3c: int 0x10
0x12b3e: mov ah, 9
0x12b40: mov dx, 0x265
0x12b43: int 0x21
0x12b45: jb 0x12b56
0x12b47: jmp 0x12b5d
0x12b49: nop
0x12b4a: mov ah, 9
0x12b4c: mov dx, 0x462
0x12b4f: int 0x21
0x12b51: jb 0x12b56
0x12b53: jmp 0x12b5d
0x12b55: nop
2018-12-25T11:58:49.810779674Z 53 PC: 12b70 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:49.812962166Z 37 PC: 12ba3 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:49.814656231Z 26 PC: 12bb8 | Set disk transfer address

{"DateBased":true,"Day":24,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6226,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:49.806524674Z 42 PC: 12b29 | Get date 0x12b29: cmp dx, 0x418
0x12b2d: jne 0x12b5d
0x12b2f: mov ax, 0x9100
0x12b32: int 0x10
0x12b34: cmp ax, 0x9100
0x12b37: je 0x12b4a
0x12b39: mov ax, 0x804e
0x12b3c: int 0x10
0x12b3e: mov ah, 9
0x12b40: mov dx, 0x265
0x12b43: int 0x21
0x12b45: jb 0x12b56
0x12b47: jmp 0x12b5d
0x12b49: nop
0x12b4a: mov ah, 9
0x12b4c: mov dx, 0x462
0x12b4f: int 0x21
0x12b51: jb 0x12b56
0x12b53: jmp 0x12b5d
0x12b55: nop
2018-12-25T11:58:49.810583044Z 9 PC: 12b51 | Display string (String= ' �x �u------------------------------�t �x- Written by Jean at O.V.E.L -�x �|�w�w�w�w�w�w�w�w�w�w�w�w�w�w�w�} ')
2018-12-25T11:58:49.816424406Z 53 PC: 12b70 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:49.817998714Z 37 PC: 12ba3 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:49.818990414Z 26 PC: 12bb8 | Set disk transfer address