Sample viewer

vx.netlux.org/Virus.DOS.Storm.1217

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:59:25.709015231Z 48 PC: 1655d | Get DOS version
2018-12-17T22:59:25.725121154Z 53 PC: 16566 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:59:25.735077131Z 53 PC: 16587 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:59:25.73705055Z 75 PC: 165a4 | Execute program
2018-12-17T22:59:25.740701774Z 80 PC: 9f83b | Set current PSP
2018-12-17T22:59:25.742109242Z 26 PC: 9f847 | Set disk transfer address
2018-12-17T22:59:25.743843429Z 37 PC: 9f892 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:59:25.745867095Z 42 PC: 9f896 | Get date 0x9f896: cmp dh, 3
0x9f899: jne 0x9f8c4
0x9f89b: cmp dh, dl
0x9f89d: jne 0x9f8c4
0x9f89f: mov si, 0x18c
0x9f8a2: mov cx, 0x4b
0x9f8a5: mov es, word ptr [0x597]
0x9f8a9: mov di, 0x640
0x9f8ac: mov ah, 4
0x9f8ae: nop
0x9f8af: nop
0x9f8b0: lodsb al, byte ptr [si]
0x9f8b1: xor al, 0xff
0x9f8b3: stosw word ptr es:[di], ax
0x9f8b4: loop 0x9f8b0
0x9f8b6: mov word ptr [0x58b], 0x3f48
0x9f8bc: mov dx, 0x42b
0x9f8bf: mov ax, 0x2508
0x9f8c2: int 0x21
0x9f8c4: mov bx, ss
2018-12-17T22:59:25.765436671Z 99 PC: 15e44 | Get DBCS lead byte table pointer
2018-12-17T22:59:25.767314705Z 68 PC: 15e5e | I/O control for devices (Set for = '')
2018-12-17T22:59:25.769298645Z 68 PC: 15e69 | I/O control for devices (Set for = '')
2018-12-17T22:59:25.771625555Z 68 PC: 15e74 | I/O control for devices (Set for = '')
2018-12-17T22:59:25.773238485Z 68 PC: 15e7c | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-17T22:59:25.77565963Z 48 PC: 15e81 | Get DOS version
2018-12-17T22:59:25.779381024Z 64 PC: 15fb6 | Write file or device (Write 21 bytes on handle 2)
2018-12-17T22:59:25.785153342Z 76 PC: 159a3 | Terminate with return code (Return code = '7')

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13212,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:41.220697588Z 48 PC: 1655d | Get DOS version
2018-12-25T12:37:41.222401502Z 53 PC: 16566 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:37:41.224057021Z 53 PC: 16587 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:41.225593608Z 75 PC: 165a4 | Execute program
2018-12-25T12:37:41.228403248Z 80 PC: 9f83b | Set current PSP
2018-12-25T12:37:41.229331183Z 26 PC: 9f847 | Set disk transfer address
2018-12-25T12:37:41.230337713Z 37 PC: 9f892 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:41.232444305Z 42 PC: 9f896 | Get date 0x9f896: cmp dh, 3
0x9f899: jne 0x9f8c4
0x9f89b: cmp dh, dl
0x9f89d: jne 0x9f8c4
0x9f89f: mov si, 0x18c
0x9f8a2: mov cx, 0x4b
0x9f8a5: mov es, word ptr [0x597]
0x9f8a9: mov di, 0x640
0x9f8ac: mov ah, 4
0x9f8ae: nop
0x9f8af: nop
0x9f8b0: lodsb al, byte ptr [si]
0x9f8b1: xor al, 0xff
0x9f8b3: stosw word ptr es:[di], ax
0x9f8b4: loop 0x9f8b0
0x9f8b6: mov word ptr [0x58b], 0x3f48
0x9f8bc: mov dx, 0x42b
0x9f8bf: mov ax, 0x2508
0x9f8c2: int 0x21
0x9f8c4: mov bx, ss
2018-12-25T12:37:41.235120186Z 99 PC: 15e44 | Get DBCS lead byte table pointer
2018-12-25T12:37:41.236572574Z 68 PC: 15e5e | I/O control for devices (Set for = '')
2018-12-25T12:37:41.239128301Z 68 PC: 15e69 | I/O control for devices (Set for = '')
2018-12-25T12:37:41.24050234Z 68 PC: 15e74 | I/O control for devices (Set for = '')
2018-12-25T12:37:41.241809272Z 68 PC: 15e7c | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T12:37:41.243805505Z 48 PC: 15e81 | Get DOS version
2018-12-25T12:37:41.24548865Z 64 PC: 15fb6 | Write file or device (Write 21 bytes on handle 2)
2018-12-25T12:37:41.250103308Z 76 PC: 159a3 | Terminate with return code (Return code = '7')

{"DateBased":true,"Day":3,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13212,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:41.2158905Z 48 PC: 1655d | Get DOS version
2018-12-25T12:37:41.219313171Z 53 PC: 16566 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:37:41.222602812Z 53 PC: 16587 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:41.223787444Z 75 PC: 165a4 | Execute program
2018-12-25T12:37:41.226713352Z 80 PC: 9f83b | Set current PSP
2018-12-25T12:37:41.227572632Z 26 PC: 9f847 | Set disk transfer address
2018-12-25T12:37:41.22865416Z 37 PC: 9f892 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:41.229710066Z 42 PC: 9f896 | Get date 0x9f896: cmp dh, 3
0x9f899: jne 0x9f8c4
0x9f89b: cmp dh, dl
0x9f89d: jne 0x9f8c4
0x9f89f: mov si, 0x18c
0x9f8a2: mov cx, 0x4b
0x9f8a5: mov es, word ptr [0x597]
0x9f8a9: mov di, 0x640
0x9f8ac: mov ah, 4
0x9f8ae: nop
0x9f8af: nop
0x9f8b0: lodsb al, byte ptr [si]
0x9f8b1: xor al, 0xff
0x9f8b3: stosw word ptr es:[di], ax
0x9f8b4: loop 0x9f8b0
0x9f8b6: mov word ptr [0x58b], 0x3f48
0x9f8bc: mov dx, 0x42b
0x9f8bf: mov ax, 0x2508
0x9f8c2: int 0x21
0x9f8c4: mov bx, ss
2018-12-25T12:37:41.239497878Z 37 PC: 9f8c4 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:37:41.241246347Z 99 PC: 15e44 | Get DBCS lead byte table pointer
2018-12-25T12:37:41.242755675Z 68 PC: 15e5e | I/O control for devices (Set for = '')
2018-12-25T12:37:41.245724448Z 68 PC: 15e69 | I/O control for devices (Set for = '')
2018-12-25T12:37:41.247590296Z 68 PC: 15e74 | I/O control for devices (Set for = '')
2018-12-25T12:37:41.24921098Z 68 PC: 15e7c | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T12:37:41.251703161Z 48 PC: 15e81 | Get DOS version
2018-12-25T12:37:41.253614191Z 64 PC: 15fb6 | Write file or device (Write 21 bytes on handle 2)
2018-12-25T12:37:41.258077943Z 76 PC: 159a3 | Terminate with return code (Return code = '7')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13212,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:41.96457061Z 48 PC: 1655d | Get DOS version
2018-12-25T12:37:41.969040185Z 53 PC: 16566 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:37:41.970258543Z 53 PC: 16587 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:41.971406658Z 75 PC: 165a4 | Execute program
2018-12-25T12:37:41.974410482Z 80 PC: 9f83b | Set current PSP
2018-12-25T12:37:41.975230145Z 26 PC: 9f847 | Set disk transfer address
2018-12-25T12:37:41.976996871Z 37 PC: 9f892 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:41.978336713Z 42 PC: 9f896 | Get date 0x9f896: cmp dh, 3
0x9f899: jne 0x9f8c4
0x9f89b: cmp dh, dl
0x9f89d: jne 0x9f8c4
0x9f89f: mov si, 0x18c
0x9f8a2: mov cx, 0x4b
0x9f8a5: mov es, word ptr [0x597]
0x9f8a9: mov di, 0x640
0x9f8ac: mov ah, 4
0x9f8ae: nop
0x9f8af: nop
0x9f8b0: lodsb al, byte ptr [si]
0x9f8b1: xor al, 0xff
0x9f8b3: stosw word ptr es:[di], ax
0x9f8b4: loop 0x9f8b0
0x9f8b6: mov word ptr [0x58b], 0x3f48
0x9f8bc: mov dx, 0x42b
0x9f8bf: mov ax, 0x2508
0x9f8c2: int 0x21
0x9f8c4: mov bx, ss
2018-12-25T12:37:41.989502643Z 99 PC: 15e44 | Get DBCS lead byte table pointer
2018-12-25T12:37:41.992571055Z 68 PC: 15e5e | I/O control for devices (Set for = '')
2018-12-25T12:37:41.995417401Z 68 PC: 15e69 | I/O control for devices (Set for = '')
2018-12-25T12:37:41.999231942Z 68 PC: 15e74 | I/O control for devices (Set for = '')
2018-12-25T12:37:42.002910648Z 68 PC: 15e7c | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T12:37:42.005846052Z 48 PC: 15e81 | Get DOS version
2018-12-25T12:37:42.009233907Z 64 PC: 15fb6 | Write file or device (Write 21 bytes on handle 2)
2018-12-25T12:37:42.014644984Z 76 PC: 159a3 | Terminate with return code (Return code = '7')