Sample viewer

vx.netlux.org/Virus.DOS.Knorkator.1000

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:39:02.64834266Z 42 PC: 12a71 | Get date 0x12a71: cmp al, 5
0x12a73: jne 0x12a9a
0x12a75: mov ah, 0x2a
0x12a77: int 0x21
0x12a79: cmp dl, 0x15
0x12a7c: jne 0x12a9a
0x12a7e: mov ah, 9
0x12a80: mov dx, 0x43f
0x12a83: int 0x21
0x12a85: mov ah, 0x39
0x12a87: mov dx, 0x4cd
0x12a8a: int 0x21
0x12a8c: mov ah, 0x39
0x12a8e: mov dx, 0x4d6
0x12a91: int 0x21
0x12a93: mov ah, 0x39
0x12a95: mov dx, 0x4df
0x12a98: int 0x21
0x12a9a: pushaw
0x12a9b: push ds
2018-12-17T22:39:02.651337801Z 48 PC: 12aa6 | Get DOS version
2018-12-17T22:39:02.653237837Z 82 PC: 12ab5 | Get DOS internal pointers (SYSVARS)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6708,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:11.352673381Z 42 PC: 12a71 | Get date 0x12a71: cmp al, 5
0x12a73: jne 0x12a9a
0x12a75: mov ah, 0x2a
0x12a77: int 0x21
0x12a79: cmp dl, 0x15
0x12a7c: jne 0x12a9a
0x12a7e: mov ah, 9
0x12a80: mov dx, 0x43f
0x12a83: int 0x21
0x12a85: mov ah, 0x39
0x12a87: mov dx, 0x4cd
0x12a8a: int 0x21
0x12a8c: mov ah, 0x39
0x12a8e: mov dx, 0x4d6
0x12a91: int 0x21
0x12a93: mov ah, 0x39
0x12a95: mov dx, 0x4df
0x12a98: int 0x21
0x12a9a: pushaw
0x12a9b: push ds
2018-12-25T12:00:11.355435806Z 48 PC: 12aa6 | Get DOS version
2018-12-25T12:00:11.358711808Z 82 PC: 12ab5 | Get DOS internal pointers (SYSVARS)

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6708,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:13.57560301Z 42 PC: 12a71 | Get date 0x12a71: cmp al, 5
0x12a73: jne 0x12a9a
0x12a75: mov ah, 0x2a
0x12a77: int 0x21
0x12a79: cmp dl, 0x15
0x12a7c: jne 0x12a9a
0x12a7e: mov ah, 9
0x12a80: mov dx, 0x43f
0x12a83: int 0x21
0x12a85: mov ah, 0x39
0x12a87: mov dx, 0x4cd
0x12a8a: int 0x21
0x12a8c: mov ah, 0x39
0x12a8e: mov dx, 0x4d6
0x12a91: int 0x21
0x12a93: mov ah, 0x39
0x12a95: mov dx, 0x4df
0x12a98: int 0x21
0x12a9a: pushaw
0x12a9b: push ds
2018-12-25T12:00:13.5779065Z 42 PC: 12a79 | Get date 0x12a79: cmp dl, 0x15
0x12a7c: jne 0x12a9a
0x12a7e: mov ah, 9
0x12a80: mov dx, 0x43f
0x12a83: int 0x21
0x12a85: mov ah, 0x39
0x12a87: mov dx, 0x4cd
0x12a8a: int 0x21
0x12a8c: mov ah, 0x39
0x12a8e: mov dx, 0x4d6
0x12a91: int 0x21
0x12a93: mov ah, 0x39
0x12a95: mov dx, 0x4df
0x12a98: int 0x21
0x12a9a: pushaw
0x12a9b: push ds
0x12a9c: push es
0x12a9d: push cs
0x12a9e: push cs
0x12a9f: pop ds
2018-12-25T12:00:13.579375342Z 48 PC: 12aa6 | Get DOS version
2018-12-25T12:00:13.580203053Z 82 PC: 12ab5 | Get DOS internal pointers (SYSVARS)