Sample viewer

vx.netlux.org/Virus.DOS.Storm.1153.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:21:41.852591228Z	48	PC: 12baa \| Get DOS version
2018-12-17T22:21:41.854790133Z	53	PC: 12bb3 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:21:41.856226196Z	53	PC: 12bd4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:21:41.857511405Z	75	PC: 12bf1 \| Execute program
2018-12-17T22:21:41.859807746Z	80	PC: 9f873 \| Set current PSP
2018-12-17T22:21:41.861130089Z	26	PC: 9f87f \| Set disk transfer address
2018-12-17T22:21:41.862675943Z	37	PC: 9f8ca \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:21:41.864564901Z	42	PC: 9f8ce \| Get date 0x9f8ce: cmp dh, 6 0x9f8d1: jne 0x9f8fb 0x9f8d3: cmp dh, dl 0x9f8d5: jne 0x9f8fb 0x9f8d7: mov si, 0x18c 0x9f8da: mov cx, 0x43 0x9f8dd: mov es, word ptr [0x558] 0x9f8e1: sub di, di 0x9f8e3: mov ah, 4 0x9f8e5: nop 0x9f8e6: nop 0x9f8e7: lodsb al, byte ptr [si] 0x9f8e8: xor al, 0xff 0x9f8ea: stosw word ptr es:[di], ax 0x9f8eb: loop 0x9f8e7 0x9f8ed: mov word ptr [0x54c], 0xfd20 0x9f8f3: mov dx, 0x3ec 0x9f8f6: mov ax, 0x2508 0x9f8f9: int 0x21 0x9f8fb: mov bx, ss
2018-12-17T22:21:41.867241928Z	9	PC: 13022 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:21:41.871708137Z	76	PC: 13026 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":6,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3781,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:14.408332467Z	48	PC: 12baa \| Get DOS version
2018-12-25T11:50:14.410089374Z	53	PC: 12bb3 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:50:14.411683608Z	53	PC: 12bd4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:50:14.41295078Z	75	PC: 12bf1 \| Execute program
2018-12-25T11:50:14.41486706Z	80	PC: 9f873 \| Set current PSP
2018-12-25T11:50:14.416480469Z	26	PC: 9f87f \| Set disk transfer address
2018-12-25T11:50:14.417631704Z	37	PC: 9f8ca \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:50:14.419170155Z	42	PC: 9f8ce \| Get date 0x9f8ce: cmp dh, 6 0x9f8d1: jne 0x9f8fb 0x9f8d3: cmp dh, dl 0x9f8d5: jne 0x9f8fb 0x9f8d7: mov si, 0x18c 0x9f8da: mov cx, 0x43 0x9f8dd: mov es, word ptr [0x558] 0x9f8e1: sub di, di 0x9f8e3: mov ah, 4 0x9f8e5: nop 0x9f8e6: nop 0x9f8e7: lodsb al, byte ptr [si] 0x9f8e8: xor al, 0xff 0x9f8ea: stosw word ptr es:[di], ax 0x9f8eb: loop 0x9f8e7 0x9f8ed: mov word ptr [0x54c], 0xfd20 0x9f8f3: mov dx, 0x3ec 0x9f8f6: mov ax, 0x2508 0x9f8f9: int 0x21 0x9f8fb: mov bx, ss
2018-12-25T11:50:14.421684338Z	37	PC: 9f8fb \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:50:14.42266669Z	9	PC: 13022 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:50:14.428085913Z	76	PC: 13026 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3781,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:14.317420158Z	64	PC: 0 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T11:50:14.325416089Z	41	PC: 94fae \| Parse filename
2018-12-25T11:50:14.328812638Z	41	PC: 9502f \| Parse filename
2018-12-25T11:50:14.33047306Z	41	PC: 9504c \| Parse filename
2018-12-25T11:50:14.332844411Z	26	PC: 984f7 \| Set disk transfer address
2018-12-25T11:50:14.334966893Z	71	PC: 986f3 \| Get current directory
2018-12-25T11:50:14.339833968Z	78	PC: 986fe \| Find first file
2018-12-25T11:50:14.354223209Z	71	PC: 986f3 \| Get current directory (See above)
2018-12-25T11:50:14.357312053Z	78	PC: 986fe \| Find first file (See above)
2018-12-25T11:50:14.371711341Z	64	PC: 9a848 \| Write file or device (Write 26 bytes on handle 2)
2018-12-25T11:50:14.377469268Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:50:14.379732413Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:50:14.381098893Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:14.383440699Z	62	PC: 122ab \| Close file
2018-12-25T11:50:14.38577414Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.388541047Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.390525399Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.392540955Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.395836125Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.397646604Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.398855438Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.401032624Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.402561206Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.404378689Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.406792211Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.408228643Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.409830847Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.412067587Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.414411885Z	99	PC: 9a5d7 \| Get DBCS lead byte table pointer
2018-12-25T11:50:14.416225245Z	56	PC: 94df9 \| Get or set country info
2018-12-25T11:50:14.418419051Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T11:50:14.423771716Z	25	PC: 94e62 \| Get default drive
2018-12-25T11:50:14.426318479Z	71	PC: 970dd \| Get current directory
2018-12-25T11:50:14.430987321Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T11:50:14.435633115Z	2	PC: 970b2 \| Character output (Char = '3e')
2018-12-25T11:50:14.438194063Z	93	PC: 94f20 \| File sharing functions
2018-12-25T11:50:14.439917351Z	93	PC: 94f27 \| File sharing functions
2018-12-25T11:50:14.442224576Z	10	PC: 94f39 \| Buffered keyboard input
2018-12-25T11:50:29.36395377Z	0	PC: 0 \| Program terminate (See above)
2018-12-25T11:50:30.718330966Z	0	PC: 0 \| Program terminate (See above)
2018-12-25T11:50:30.821081426Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T11:50:30.828707774Z	41	PC: 94fae \| Parse filename (See above)
2018-12-25T11:50:30.833688116Z	41	PC: 9502f \| Parse filename (See above)
2018-12-25T11:50:30.836299595Z	41	PC: 9504c \| Parse filename (See above)
2018-12-25T11:50:30.839536869Z	26	PC: 984f7 \| Set disk transfer address (See above)
2018-12-25T11:50:30.842956304Z	71	PC: 986f3 \| Get current directory (See above)
2018-12-25T11:50:30.851832677Z	78	PC: 986fe \| Find first file (See above)
2018-12-25T11:50:30.862218265Z	71	PC: 9856c \| Get current directory
2018-12-25T11:50:30.866589948Z	73	PC: 97c09 \| Release memory
2018-12-25T11:50:30.868927586Z	75	PC: 11821 \| Execute program
2018-12-25T11:50:30.885383295Z	9	PC: 12a47 \| Display string (String= 'Hello, World! ')
2018-12-25T11:50:30.8901479Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3781,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:14.318275805Z	64	PC: 0 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T11:50:14.326339079Z	41	PC: 94fae \| Parse filename
2018-12-25T11:50:14.337891769Z	41	PC: 9502f \| Parse filename
2018-12-25T11:50:14.339861217Z	41	PC: 9504c \| Parse filename
2018-12-25T11:50:14.342115817Z	26	PC: 984f7 \| Set disk transfer address
2018-12-25T11:50:14.345219867Z	71	PC: 986f3 \| Get current directory
2018-12-25T11:50:14.348906092Z	78	PC: 986fe \| Find first file
2018-12-25T11:50:14.364409151Z	71	PC: 986f3 \| Get current directory (See above)
2018-12-25T11:50:14.369906252Z	78	PC: 986fe \| Find first file (See above)
2018-12-25T11:50:14.381723527Z	64	PC: 9a848 \| Write file or device (Write 26 bytes on handle 2)
2018-12-25T11:50:14.387481949Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:50:14.395000912Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:50:14.397780566Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:14.399432939Z	62	PC: 122ab \| Close file
2018-12-25T11:50:14.401512239Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.404607203Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.406649177Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.408686751Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.411878459Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.41394184Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.415979619Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.418338177Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.420254764Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.422915638Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.426287447Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.42938433Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.431307128Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.433252014Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:14.444952471Z	99	PC: 9a5d7 \| Get DBCS lead byte table pointer
2018-12-25T11:50:14.446361458Z	56	PC: 94df9 \| Get or set country info
2018-12-25T11:50:14.448387951Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T11:50:14.454659529Z	25	PC: 94e62 \| Get default drive
2018-12-25T11:50:14.456520728Z	71	PC: 970dd \| Get current directory
2018-12-25T11:50:14.46106658Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T11:50:14.466028219Z	2	PC: 970b2 \| Character output (Char = '3e')
2018-12-25T11:50:14.468826009Z	93	PC: 94f20 \| File sharing functions
2018-12-25T11:50:14.471046173Z	93	PC: 94f27 \| File sharing functions
2018-12-25T11:50:14.474550965Z	10	PC: 94f39 \| Buffered keyboard input
2018-12-25T11:50:29.364310639Z	0	PC: 0 \| Program terminate (See above)
2018-12-25T11:50:30.719244903Z	0	PC: 0 \| Program terminate (See above)
2018-12-25T11:50:30.821980876Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T11:50:30.829298166Z	41	PC: 94fae \| Parse filename (See above)
2018-12-25T11:50:30.83273069Z	41	PC: 9502f \| Parse filename (See above)
2018-12-25T11:50:30.836009628Z	41	PC: 9504c \| Parse filename (See above)
2018-12-25T11:50:30.838616498Z	26	PC: 984f7 \| Set disk transfer address (See above)
2018-12-25T11:50:30.840818064Z	71	PC: 986f3 \| Get current directory (See above)
2018-12-25T11:50:30.849869534Z	78	PC: 986fe \| Find first file (See above)
2018-12-25T11:50:30.86005672Z	71	PC: 9856c \| Get current directory
2018-12-25T11:50:30.863501849Z	73	PC: 97c09 \| Release memory
2018-12-25T11:50:30.866217593Z	75	PC: 11821 \| Execute program
2018-12-25T11:50:30.884140128Z	9	PC: 12a47 \| Display string (String= 'Hello, World! ')
2018-12-25T11:50:30.888989047Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')