Sample viewer

vx.netlux.org/Virus.DOS.Storm.1163

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:02:17.966526467Z	48	PC: 12ac1 \| Get DOS version
2018-12-17T23:02:17.968448528Z	53	PC: 12aca \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:02:17.969948344Z	53	PC: 12aeb \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:02:17.971404093Z	75	PC: 12b08 \| Execute program
2018-12-17T23:02:17.973829025Z	80	PC: 9f87d \| Set current PSP
2018-12-17T23:02:17.974828095Z	26	PC: 9f889 \| Set disk transfer address
2018-12-17T23:02:17.976111716Z	37	PC: 9f8d4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:02:17.977951438Z	42	PC: 9f8d8 \| Get date 0x9f8d8: cmp dh, 3 0x9f8db: jne 0x9f905 0x9f8dd: cmp dh, dl 0x9f8df: jne 0x9f905 0x9f8e1: mov si, 0x18c 0x9f8e4: mov cx, 0x4d 0x9f8e7: mov es, word ptr [0x562] 0x9f8eb: sub di, di 0x9f8ed: mov ah, 4 0x9f8ef: nop 0x9f8f0: nop 0x9f8f1: lodsb al, byte ptr [si] 0x9f8f2: xor al, 0xff 0x9f8f4: stosw word ptr es:[di], ax 0x9f8f5: loop 0x9f8f1 0x9f8f7: mov word ptr [0x556], 0xfd20 0x9f8fd: mov dx, 0x3f6 0x9f900: mov ax, 0x2508 0x9f903: int 0x21 0x9f905: mov bx, ss
2018-12-17T23:02:17.980664637Z	9	PC: 13042 \| Display string (String= 'Hello - This is a 100 COM test file, 1993 ')

{"DateBased":true,"Day":3,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14157,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:58.269825427Z	48	PC: 12ac1 \| Get DOS version
2018-12-25T12:39:58.271474942Z	53	PC: 12aca \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:39:58.273901781Z	53	PC: 12aeb \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:58.275350472Z	75	PC: 12b08 \| Execute program
2018-12-25T12:39:58.277266391Z	80	PC: 9f87d \| Set current PSP
2018-12-25T12:39:58.279224564Z	26	PC: 9f889 \| Set disk transfer address
2018-12-25T12:39:58.280558053Z	37	PC: 9f8d4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:58.281858254Z	42	PC: 9f8d8 \| Get date 0x9f8d8: cmp dh, 3 0x9f8db: jne 0x9f905 0x9f8dd: cmp dh, dl 0x9f8df: jne 0x9f905 0x9f8e1: mov si, 0x18c 0x9f8e4: mov cx, 0x4d 0x9f8e7: mov es, word ptr [0x562] 0x9f8eb: sub di, di 0x9f8ed: mov ah, 4 0x9f8ef: nop 0x9f8f0: nop 0x9f8f1: lodsb al, byte ptr [si] 0x9f8f2: xor al, 0xff 0x9f8f4: stosw word ptr es:[di], ax 0x9f8f5: loop 0x9f8f1 0x9f8f7: mov word ptr [0x556], 0xfd20 0x9f8fd: mov dx, 0x3f6 0x9f900: mov ax, 0x2508 0x9f903: int 0x21 0x9f905: mov bx, ss
2018-12-25T12:39:58.285418512Z	37	PC: 9f905 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:39:58.286798746Z	9	PC: 13042 \| Display string (String= 'Hello - This is a 100 COM test file, 1993 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14157,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:58.271383482Z	48	PC: 12ac1 \| Get DOS version
2018-12-25T12:39:58.272942098Z	53	PC: 12aca \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:39:58.274575938Z	53	PC: 12aeb \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:58.27618692Z	75	PC: 12b08 \| Execute program
2018-12-25T12:39:58.278138436Z	80	PC: 9f87d \| Set current PSP
2018-12-25T12:39:58.279630211Z	26	PC: 9f889 \| Set disk transfer address
2018-12-25T12:39:58.281013903Z	37	PC: 9f8d4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:58.28242986Z	42	PC: 9f8d8 \| Get date 0x9f8d8: cmp dh, 3 0x9f8db: jne 0x9f905 0x9f8dd: cmp dh, dl 0x9f8df: jne 0x9f905 0x9f8e1: mov si, 0x18c 0x9f8e4: mov cx, 0x4d 0x9f8e7: mov es, word ptr [0x562] 0x9f8eb: sub di, di 0x9f8ed: mov ah, 4 0x9f8ef: nop 0x9f8f0: nop 0x9f8f1: lodsb al, byte ptr [si] 0x9f8f2: xor al, 0xff 0x9f8f4: stosw word ptr es:[di], ax 0x9f8f5: loop 0x9f8f1 0x9f8f7: mov word ptr [0x556], 0xfd20 0x9f8fd: mov dx, 0x3f6 0x9f900: mov ax, 0x2508 0x9f903: int 0x21 0x9f905: mov bx, ss
2018-12-25T12:39:58.292000735Z	9	PC: 13042 \| Display string (String= 'Hello - This is a 100 COM test file, 1993 ')

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14157,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:58.467459603Z	48	PC: 12ac1 \| Get DOS version
2018-12-25T12:39:58.472838548Z	53	PC: 12aca \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:39:58.474471351Z	53	PC: 12aeb \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:58.475954239Z	75	PC: 12b08 \| Execute program
2018-12-25T12:39:58.479349616Z	80	PC: 9f87d \| Set current PSP
2018-12-25T12:39:58.480398158Z	26	PC: 9f889 \| Set disk transfer address
2018-12-25T12:39:58.481764112Z	37	PC: 9f8d4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:58.484863516Z	42	PC: 9f8d8 \| Get date 0x9f8d8: cmp dh, 3 0x9f8db: jne 0x9f905 0x9f8dd: cmp dh, dl 0x9f8df: jne 0x9f905 0x9f8e1: mov si, 0x18c 0x9f8e4: mov cx, 0x4d 0x9f8e7: mov es, word ptr [0x562] 0x9f8eb: sub di, di 0x9f8ed: mov ah, 4 0x9f8ef: nop 0x9f8f0: nop 0x9f8f1: lodsb al, byte ptr [si] 0x9f8f2: xor al, 0xff 0x9f8f4: stosw word ptr es:[di], ax 0x9f8f5: loop 0x9f8f1 0x9f8f7: mov word ptr [0x556], 0xfd20 0x9f8fd: mov dx, 0x3f6 0x9f900: mov ax, 0x2508 0x9f903: int 0x21 0x9f905: mov bx, ss
2018-12-25T12:39:58.48718701Z	9	PC: 13042 \| Display string (String= 'Hello - This is a 100 COM test file, 1993 ')