Sample viewer

vx.netlux.org/Worm.DOS.Info.2191

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:35:13.858153077Z 9 PC: 12a47 | Display string (String= ' InfoSystem version1.01 Reading System Information... Computer type: IBM PC ')
2018-12-17T22:35:13.871843122Z 9 PC: 12a80 | Display string (String= '1[^_]VS@`؉ u#@ 0    Ɓ1 tƁ@j@@=Z[^ú1 t@<u1o1UWVSÉ %')
2018-12-17T22:35:13.875109739Z 9 PC: 12a85 | Display string (String= ' u#@ 0    Ɓ1 tƁ@j@@=Z[^ú1 t@<u1o1UWVSÉ %')
2018-12-17T22:35:13.882341171Z 42 PC: 12b68 | Get date 0x12b68: mov ah, dl
0x12b6a: sub ax, 0xd05
0x12b6d: jne 0x12b98
0x12b6f: push ax
0x12b70: dec ax
0x12b71: xchg ax, bp
0x12b72: xor bh, bh
0x12b74: mov ax, 0x1130
0x12b77: int 0x10
0x12b79: pop es
0x12b7a: inc bp
0x12b7b: jne 0x12b8e
0x12b7d: mov al, byte ptr es:[0x465]
0x12b81: and al, 0xf7
0x12b83: mov dx, word ptr es:[0x463]
0x12b88: add dl, 4
0x12b8b: out dx, al
0x12b8c: jmp 0x12b98
0x12b8e: mov dx, 0x3c4
0x12b91: mov al, 1
2018-12-17T22:35:13.884818337Z 53 PC: 12b9d | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:35:13.887434493Z 107 PC: 12baa | Reserved
2018-12-17T22:35:13.888924247Z 68 PC: 12bbb | I/O control for devices (Set for = '')
2018-12-17T22:35:13.890766753Z 82 PC: 12bc1 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:35:13.89392714Z 68 PC: 131b4 | I/O control for devices (Set for = 'C:\DOS\*.BAT')
2018-12-17T22:35:13.895744468Z 68 PC: 131c3 | I/O control for devices (Set for = 'GOGOߋ.& . 뻌')
2018-12-17T22:35:14.2256873Z 182 PC: 130d5 | UNKNOWN!
2018-12-17T22:35:14.236309812Z 88 PC: 12c01 | case 0xGet or set allocation strateg:
2018-12-17T22:35:14.239045403Z 88 PC: 12c0e | case 0xGet or set allocation strateg:
2018-12-17T22:35:14.240952199Z 88 PC: 12c34 | case 0xGet or set allocation strateg:
2018-12-17T22:35:14.24287772Z 37 PC: 12c91 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:35:14.246141641Z 73 PC: 12ca7 | Release memory
2018-12-17T22:35:14.248978993Z 9 PC: 12cb5 | Display string (String= '[tJD!rCu>')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6340,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:09.582341344Z 9 PC: 12a47 | Display string (String= ' InfoSystem version1.01 Reading System Information... Computer type: IBM PC ')
2018-12-25T11:59:09.591797628Z 9 PC: 12a80 | Display string (String= '1[^_]VS@`؉ u#@ 0    Ɓ1 tƁ@j@@=Z[^ú1 t@<u1o1UWVSÉ %')
2018-12-25T11:59:09.593856618Z 9 PC: 12a85 | Display string (String= ' u#@ 0    Ɓ1 tƁ@j@@=Z[^ú1 t@<u1o1UWVSÉ %')
2018-12-25T11:59:09.600826026Z 42 PC: 12b68 | Get date 0x12b68: mov ah, dl
0x12b6a: sub ax, 0xd05
0x12b6d: jne 0x12b98
0x12b6f: push ax
0x12b70: dec ax
0x12b71: xchg ax, bp
0x12b72: xor bh, bh
0x12b74: mov ax, 0x1130
0x12b77: int 0x10
0x12b79: pop es
0x12b7a: inc bp
0x12b7b: jne 0x12b8e
0x12b7d: mov al, byte ptr es:[0x465]
0x12b81: and al, 0xf7
0x12b83: mov dx, word ptr es:[0x463]
0x12b88: add dl, 4
0x12b8b: out dx, al
0x12b8c: jmp 0x12b98
0x12b8e: mov dx, 0x3c4
0x12b91: mov al, 1
2018-12-25T11:59:09.604175266Z 53 PC: 12b9d | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:09.60587287Z 107 PC: 12baa | Reserved
2018-12-25T11:59:09.607450142Z 68 PC: 12bbb | I/O control for devices (Set for = '')
2018-12-25T11:59:09.609766728Z 82 PC: 12bc1 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:59:09.611474883Z 68 PC: 131b4 | I/O control for devices (Set for = 'C:\DOS\*.BAT')
2018-12-25T11:59:09.612761081Z 68 PC: 131c3 | I/O control for devices (Set for = 'GOGOߋ.& . 뻌')
2018-12-25T11:59:10.289149855Z 182 PC: 130d5 | UNKNOWN!
2018-12-25T11:59:10.296682849Z 88 PC: 12c01 | case 0xGet or set allocation strateg:
2018-12-25T11:59:10.298077374Z 88 PC: 12c0e | case 0xGet or set allocation strateg:
2018-12-25T11:59:10.300150172Z 88 PC: 12c34 | case 0xGet or set allocation strateg:
2018-12-25T11:59:10.302270366Z 37 PC: 12c91 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:10.303820115Z 73 PC: 12ca7 | Release memory
2018-12-25T11:59:10.30568313Z 9 PC: 12cb5 | Display string (String= '[tJD!rCu>')

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6340,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:09.641561664Z 9 PC: 12a47 | Display string (String= ' InfoSystem version1.01 Reading System Information... Computer type: IBM PC ')
2018-12-25T11:59:09.651550037Z 9 PC: 12a80 | Display string (String= '1[^_]VS@`؉ u#@ 0    Ɓ1 tƁ@j@@=Z[^ú1 t@<u1o1UWVSÉ %')
2018-12-25T11:59:09.653987118Z 9 PC: 12a85 | Display string (String= ' u#@ 0    Ɓ1 tƁ@j@@=Z[^ú1 t@<u1o1UWVSÉ %')
2018-12-25T11:59:09.660858133Z 42 PC: 12b68 | Get date 0x12b68: mov ah, dl
0x12b6a: sub ax, 0xd05
0x12b6d: jne 0x12b98
0x12b6f: push ax
0x12b70: dec ax
0x12b71: xchg ax, bp
0x12b72: xor bh, bh
0x12b74: mov ax, 0x1130
0x12b77: int 0x10
0x12b79: pop es
0x12b7a: inc bp
0x12b7b: jne 0x12b8e
0x12b7d: mov al, byte ptr es:[0x465]
0x12b81: and al, 0xf7
0x12b83: mov dx, word ptr es:[0x463]
0x12b88: add dl, 4
0x12b8b: out dx, al
0x12b8c: jmp 0x12b98
0x12b8e: mov dx, 0x3c4
0x12b91: mov al, 1
2018-12-25T11:59:09.663796053Z 53 PC: 12b9d | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:09.665406667Z 107 PC: 12baa | Reserved
2018-12-25T11:59:09.666801776Z 68 PC: 12bbb | I/O control for devices (Set for = '')
2018-12-25T11:59:09.668438788Z 82 PC: 12bc1 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:59:09.670955375Z 68 PC: 131b4 | I/O control for devices (Set for = 'C:\DOS\*.BAT')
2018-12-25T11:59:09.672628917Z 68 PC: 131c3 | I/O control for devices (Set for = 'GOGOߋ.& . 뻌')
2018-12-25T11:59:10.286230058Z 182 PC: 130d5 | UNKNOWN!
2018-12-25T11:59:10.294801017Z 88 PC: 12c01 | case 0xGet or set allocation strateg:
2018-12-25T11:59:10.296211571Z 88 PC: 12c0e | case 0xGet or set allocation strateg:
2018-12-25T11:59:10.297707946Z 88 PC: 12c34 | case 0xGet or set allocation strateg:
2018-12-25T11:59:10.300983519Z 37 PC: 12c91 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:10.303592835Z 73 PC: 12ca7 | Release memory
2018-12-25T11:59:10.305369669Z 9 PC: 12cb5 | Display string (String= '[tJD!rCu>')