Sample viewer

vx.netlux.org/Virus.DOS.Remember.1277

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:35:56.92667613Z 42 PC: 12adb | Get date 0x12adb: cmp dx, 0x418
0x12adf: jne 0x12b0f
0x12ae1: mov ax, 0x9100
0x12ae4: int 0x10
0x12ae6: cmp ax, 0x9100
0x12ae9: je 0x12afc
0x12aeb: mov ax, 0x804e
0x12aee: int 0x10
0x12af0: mov ah, 9
0x12af2: mov dx, 0x261
0x12af5: int 0x21
0x12af7: jb 0x12b08
0x12af9: jmp 0x12b0f
0x12afc: mov ah, 9
0x12afe: mov dx, 0x45e
0x12b01: int 0x21
0x12b03: jb 0x12b08
0x12b05: jmp 0x12b0f
0x12b08: mov word ptr cs:[0x62d], 0x4c00
0x12b0f: mov word ptr [bp + 0x5fc], ss
2018-12-17T22:35:56.931315565Z 53 PC: 12b21 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:35:56.933174307Z 37 PC: 12b52 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:35:56.934389235Z 26 PC: 12b67 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6487,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:30.055006198Z 42 PC: 12adb | Get date 0x12adb: cmp dx, 0x418
0x12adf: jne 0x12b0f
0x12ae1: mov ax, 0x9100
0x12ae4: int 0x10
0x12ae6: cmp ax, 0x9100
0x12ae9: je 0x12afc
0x12aeb: mov ax, 0x804e
0x12aee: int 0x10
0x12af0: mov ah, 9
0x12af2: mov dx, 0x261
0x12af5: int 0x21
0x12af7: jb 0x12b08
0x12af9: jmp 0x12b0f
0x12afc: mov ah, 9
0x12afe: mov dx, 0x45e
0x12b01: int 0x21
0x12b03: jb 0x12b08
0x12b05: jmp 0x12b0f
0x12b08: mov word ptr cs:[0x62d], 0x4c00
0x12b0f: mov word ptr [bp + 0x5fc], ss
2018-12-25T11:59:30.057631279Z 53 PC: 12b21 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:30.05907616Z 37 PC: 12b52 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:30.060029303Z 26 PC: 12b67 | Set disk transfer address

{"DateBased":true,"Day":24,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6487,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:30.204056187Z 42 PC: 12adb | Get date 0x12adb: cmp dx, 0x418
0x12adf: jne 0x12b0f
0x12ae1: mov ax, 0x9100
0x12ae4: int 0x10
0x12ae6: cmp ax, 0x9100
0x12ae9: je 0x12afc
0x12aeb: mov ax, 0x804e
0x12aee: int 0x10
0x12af0: mov ah, 9
0x12af2: mov dx, 0x261
0x12af5: int 0x21
0x12af7: jb 0x12b08
0x12af9: jmp 0x12b0f
0x12afc: mov ah, 9
0x12afe: mov dx, 0x45e
0x12b01: int 0x21
0x12b03: jb 0x12b08
0x12b05: jmp 0x12b0f
0x12b08: mov word ptr cs:[0x62d], 0x4c00
0x12b0f: mov word ptr [bp + 0x5fc], ss
2018-12-25T11:59:30.207762903Z 9 PC: 12b03 | Display string (String= 'L -�x �|�w�w�w�w�w�w�w�w�w�w�w�w�w�w�w�} ')
2018-12-25T11:59:30.214109158Z 53 PC: 12b21 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:30.216123942Z 37 PC: 12b52 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:30.217719108Z 26 PC: 12b67 | Set disk transfer address