Sample viewer

vx.netlux.org/Virus.DOS.Remember.1283

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:38:29.268481965Z 42 PC: 13278 | Get date 0x13278: cmp dx, 0x418
0x1327c: jne 0x132aa
0x1327e: mov ax, 0x9100
0x13281: int 0x10
0x13283: cmp ax, 0x9100
0x13286: je 0x13298
0x13288: mov ax, 0x804e
0x1328b: int 0x10
0x1328d: mov ah, 9
0x1328f: mov dx, 0x262
0x13292: int 0x21
0x13294: jb 0x132a3
0x13296: jmp 0x132aa
0x13298: mov ah, 9
0x1329a: mov dx, 0x45f
0x1329d: int 0x21
0x1329f: jb 0x132a3
0x132a1: jmp 0x132aa
0x132a3: mov word ptr cs:[0x633], 0x4c00
0x132aa: mov word ptr ds:[bp + 0x602], ss
2018-12-17T22:38:29.271447343Z 53 PC: 132bd | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:38:29.279516747Z 37 PC: 132f0 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:38:29.281121819Z 26 PC: 13305 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6590,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:55.07973159Z 42 PC: 13278 | Get date 0x13278: cmp dx, 0x418
0x1327c: jne 0x132aa
0x1327e: mov ax, 0x9100
0x13281: int 0x10
0x13283: cmp ax, 0x9100
0x13286: je 0x13298
0x13288: mov ax, 0x804e
0x1328b: int 0x10
0x1328d: mov ah, 9
0x1328f: mov dx, 0x262
0x13292: int 0x21
0x13294: jb 0x132a3
0x13296: jmp 0x132aa
0x13298: mov ah, 9
0x1329a: mov dx, 0x45f
0x1329d: int 0x21
0x1329f: jb 0x132a3
0x132a1: jmp 0x132aa
0x132a3: mov word ptr cs:[0x633], 0x4c00
0x132aa: mov word ptr ds:[bp + 0x602], ss
2018-12-25T11:59:55.082933691Z 53 PC: 132bd | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:55.084545904Z 37 PC: 132f0 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:55.085886481Z 26 PC: 13305 | Set disk transfer address

{"DateBased":true,"Day":24,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6590,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:55.099349636Z 42 PC: 13278 | Get date 0x13278: cmp dx, 0x418
0x1327c: jne 0x132aa
0x1327e: mov ax, 0x9100
0x13281: int 0x10
0x13283: cmp ax, 0x9100
0x13286: je 0x13298
0x13288: mov ax, 0x804e
0x1328b: int 0x10
0x1328d: mov ah, 9
0x1328f: mov dx, 0x262
0x13292: int 0x21
0x13294: jb 0x132a3
0x13296: jmp 0x132aa
0x13298: mov ah, 9
0x1329a: mov dx, 0x45f
0x1329d: int 0x21
0x1329f: jb 0x132a3
0x132a1: jmp 0x132aa
0x132a3: mov word ptr cs:[0x633], 0x4c00
0x132aa: mov word ptr ds:[bp + 0x602], ss
2018-12-25T11:59:55.102082204Z 9 PC: 1329f | Display string (Could not find end pointer)
2018-12-25T11:59:55.121374873Z 53 PC: 132bd | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:55.122657683Z 37 PC: 132f0 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:55.124365511Z 26 PC: 13305 | Set disk transfer address