Sample viewer

vx.netlux.org/Worm.DOS.Info.2133.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:49:17.435094531Z	9	PC: 12a47 \| Display string (String= ' InfoSystem version1.02 Reading System Information... Computer type: IBM PC ')
2018-12-17T22:49:17.45021214Z	9	PC: 12a80 \| Display string (String= 'Unknown')
2018-12-17T22:49:17.453607113Z	9	PC: 12a85 \| Display string (String= ' Checking HDD controller... SCSI controller type: ')
2018-12-17T22:49:17.461974942Z	42	PC: 12b5d \| Get date 0x12b5d: mov ah, dl 0x12b5f: sub ax, 0xd05 0x12b62: jne 0x12b8d 0x12b64: push ax 0x12b65: dec ax 0x12b66: xchg ax, bp 0x12b67: xor bh, bh 0x12b69: mov ax, 0x1130 0x12b6c: int 0x10 0x12b6e: pop es 0x12b6f: inc bp 0x12b70: jne 0x12b83 0x12b72: mov al, byte ptr es:[0x465] 0x12b76: and al, 0xf7 0x12b78: mov dx, word ptr es:[0x463] 0x12b7d: add dl, 4 0x12b80: out dx, al 0x12b81: jmp 0x12b8d 0x12b83: mov dx, 0x3c4 0x12b86: mov al, 1
2018-12-17T22:49:17.465236636Z	53	PC: 12b92 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:17.467030435Z	107	PC: 12b9f \| Reserved
2018-12-17T22:49:17.468718856Z	68	PC: 12bb0 \| I/O control for devices (Set for = '')
2018-12-17T22:49:17.471282774Z	82	PC: 12bb6 \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:49:17.473421294Z	68	PC: 1317a \| I/O control for devices (Set for = 'C:\DOS\*.BAT')
2018-12-17T22:49:17.475093131Z	68	PC: 13189 \| I/O control for devices (Set for = '�GG��G��Unknown (Error14). $COMMAND')
2018-12-17T22:49:18.111541118Z	182	PC: 1309b \| UNKNOWN!
2018-12-17T22:49:18.121946646Z	9	PC: 12bfa \| Display string (Could not find end pointer)
2018-12-17T22:49:18.127262798Z	37	PC: 12c0f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:18.131972377Z	73	PC: 12c25 \| Release memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9843,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:54.10136755Z	9	PC: 12a47 \| Display string (String= ' InfoSystem version1.02 Reading System Information... Computer type: IBM PC ')
2018-12-25T12:23:54.112802311Z	9	PC: 12a80 \| Display string (String= 'Unknown')
2018-12-25T12:23:54.115673061Z	9	PC: 12a85 \| Display string (String= ' Checking HDD controller... SCSI controller type: ')
2018-12-25T12:23:54.124182452Z	42	PC: 12b5d \| Get date 0x12b5d: mov ah, dl 0x12b5f: sub ax, 0xd05 0x12b62: jne 0x12b8d 0x12b64: push ax 0x12b65: dec ax 0x12b66: xchg ax, bp 0x12b67: xor bh, bh 0x12b69: mov ax, 0x1130 0x12b6c: int 0x10 0x12b6e: pop es 0x12b6f: inc bp 0x12b70: jne 0x12b83 0x12b72: mov al, byte ptr es:[0x465] 0x12b76: and al, 0xf7 0x12b78: mov dx, word ptr es:[0x463] 0x12b7d: add dl, 4 0x12b80: out dx, al 0x12b81: jmp 0x12b8d 0x12b83: mov dx, 0x3c4 0x12b86: mov al, 1
2018-12-25T12:23:54.126871866Z	53	PC: 12b92 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:54.131637478Z	107	PC: 12b9f \| Reserved
2018-12-25T12:23:54.13314455Z	68	PC: 12bb0 \| I/O control for devices (Set for = '�')
2018-12-25T12:23:54.13535807Z	82	PC: 12bb6 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:23:54.138346892Z	68	PC: 1317a \| I/O control for devices (Set for = 'C:\DOS\*.BAT')
2018-12-25T12:23:54.14013297Z	68	PC: 13189 \| I/O control for devices (Set for = '�GG��G��Unknown (Error14). $COMMAND')
2018-12-25T12:23:55.179231277Z	182	PC: 1309b \| UNKNOWN!
2018-12-25T12:23:55.190193776Z	9	PC: 12bfa \| Display string (Could not find end pointer)
2018-12-25T12:23:55.20447113Z	37	PC: 12c0f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:55.205964689Z	73	PC: 12c25 \| Release memory

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9843,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:54.356993514Z	9	PC: 12a47 \| Display string (String= ' InfoSystem version1.02 Reading System Information... Computer type: IBM PC ')
2018-12-25T12:23:54.36876183Z	9	PC: 12a80 \| Display string (String= 'Unknown')
2018-12-25T12:23:54.372085948Z	9	PC: 12a85 \| Display string (String= ' Checking HDD controller... SCSI controller type: ')
2018-12-25T12:23:54.379868733Z	42	PC: 12b5d \| Get date 0x12b5d: mov ah, dl 0x12b5f: sub ax, 0xd05 0x12b62: jne 0x12b8d 0x12b64: push ax 0x12b65: dec ax 0x12b66: xchg ax, bp 0x12b67: xor bh, bh 0x12b69: mov ax, 0x1130 0x12b6c: int 0x10 0x12b6e: pop es 0x12b6f: inc bp 0x12b70: jne 0x12b83 0x12b72: mov al, byte ptr es:[0x465] 0x12b76: and al, 0xf7 0x12b78: mov dx, word ptr es:[0x463] 0x12b7d: add dl, 4 0x12b80: out dx, al 0x12b81: jmp 0x12b8d 0x12b83: mov dx, 0x3c4 0x12b86: mov al, 1
2018-12-25T12:23:54.382801658Z	53	PC: 12b92 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:54.384301312Z	107	PC: 12b9f \| Reserved
2018-12-25T12:23:54.385502086Z	68	PC: 12bb0 \| I/O control for devices (Set for = '')
2018-12-25T12:23:54.38737105Z	82	PC: 12bb6 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:23:54.389490679Z	68	PC: 1317a \| I/O control for devices (Set for = 'C:\DOS\*.BAT')
2018-12-25T12:23:54.391947815Z	68	PC: 13189 \| I/O control for devices (Set for = '�GG��G��Unknown (Error14). $COMMAND')
2018-12-25T12:23:55.178373305Z	182	PC: 1309b \| UNKNOWN!
2018-12-25T12:23:55.186699038Z	9	PC: 12bfa \| Display string (Could not find end pointer)
2018-12-25T12:23:55.191444012Z	37	PC: 12c0f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:55.193064967Z	73	PC: 12c25 \| Release memory