Sample viewer

vx.netlux.org/Virus.DOS.NotStoned.1349

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:54:04.428269976Z	42	PC: 12ad0 \| Get date 0x12ad0: cmp cx, 0x7ca 0x12ad4: jne 0x12b09 0x12ad6: cmp dx, 0xc06 0x12ada: jne 0x12b09 0x12adc: inc word ptr [si + 0x2e] 0x12adf: lea bx, word ptr [si + 0x495] 0x12ae3: cmp byte ptr [bx], 0x24 0x12ae6: je 0x12aee 0x12ae8: sub byte ptr [bx], 0x30 0x12aeb: inc bx 0x12aec: jmp 0x12ae3 0x12aee: lea dx, word ptr [si + 0x495] 0x12af2: mov ah, 9 0x12af4: int 0x21 0x12af6: mov ah, 8 0x12af8: int 0x21 0x12afa: lea bx, word ptr [si + 0x495] 0x12afe: cmp byte ptr [bx], 0x24 0x12b01: je 0x12b09 0x12b03: add byte ptr [bx], 0x30
2018-12-17T21:54:04.430814499Z	48	PC: 12b7b \| Get DOS version
2018-12-17T21:54:04.433297113Z	52	PC: 12b8d \| Get InDOS flag pointer
2018-12-17T21:54:04.434743707Z	53	PC: 12c12 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T21:54:04.436174998Z	53	PC: 12c1f \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T21:54:04.438700507Z	53	PC: 12c2c \| Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T21:54:04.439973642Z	53	PC: 12c39 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:54:04.441219499Z	53	PC: 12c46 \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-17T21:54:04.446763521Z	37	PC: 12c5e \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T21:54:04.448330414Z	37	PC: 12c67 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T21:54:04.449644959Z	37	PC: 12c70 \| Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T21:54:04.451708497Z	37	PC: 12c79 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:54:04.452884524Z	37	PC: 12c82 \| Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-17T21:54:04.454024361Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":434,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:54.48691098Z	42	PC: 12ad0 \| Get date 0x12ad0: cmp cx, 0x7ca 0x12ad4: jne 0x12b09 0x12ad6: cmp dx, 0xc06 0x12ada: jne 0x12b09 0x12adc: inc word ptr [si + 0x2e] 0x12adf: lea bx, word ptr [si + 0x495] 0x12ae3: cmp byte ptr [bx], 0x24 0x12ae6: je 0x12aee 0x12ae8: sub byte ptr [bx], 0x30 0x12aeb: inc bx 0x12aec: jmp 0x12ae3 0x12aee: lea dx, word ptr [si + 0x495] 0x12af2: mov ah, 9 0x12af4: int 0x21 0x12af6: mov ah, 8 0x12af8: int 0x21 0x12afa: lea bx, word ptr [si + 0x495] 0x12afe: cmp byte ptr [bx], 0x24 0x12b01: je 0x12b09 0x12b03: add byte ptr [bx], 0x30
2018-12-25T11:40:54.490473735Z	48	PC: 12b7b \| Get DOS version
2018-12-25T11:40:54.494511961Z	52	PC: 12b8d \| Get InDOS flag pointer
2018-12-25T11:40:54.495917492Z	53	PC: 12c12 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:40:54.498825076Z	53	PC: 12c1f \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:40:54.500265267Z	53	PC: 12c2c \| Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T11:40:54.50199151Z	53	PC: 12c39 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:40:54.503292844Z	53	PC: 12c46 \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T11:40:54.508531152Z	37	PC: 12c5e \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:40:54.510138597Z	37	PC: 12c67 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:40:54.51182533Z	37	PC: 12c70 \| Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T11:40:54.514256165Z	37	PC: 12c79 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:40:54.518183661Z	37	PC: 12c82 \| Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T11:40:54.520497479Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":434,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:54.529125032Z	42	PC: 12ad0 \| Get date 0x12ad0: cmp cx, 0x7ca 0x12ad4: jne 0x12b09 0x12ad6: cmp dx, 0xc06 0x12ada: jne 0x12b09 0x12adc: inc word ptr [si + 0x2e] 0x12adf: lea bx, word ptr [si + 0x495] 0x12ae3: cmp byte ptr [bx], 0x24 0x12ae6: je 0x12aee 0x12ae8: sub byte ptr [bx], 0x30 0x12aeb: inc bx 0x12aec: jmp 0x12ae3 0x12aee: lea dx, word ptr [si + 0x495] 0x12af2: mov ah, 9 0x12af4: int 0x21 0x12af6: mov ah, 8 0x12af8: int 0x21 0x12afa: lea bx, word ptr [si + 0x495] 0x12afe: cmp byte ptr [bx], 0x24 0x12b01: je 0x12b09 0x12b03: add byte ptr [bx], 0x30
2018-12-25T11:40:54.531782275Z	48	PC: 12b7b \| Get DOS version
2018-12-25T11:40:54.538993681Z	52	PC: 12b8d \| Get InDOS flag pointer
2018-12-25T11:40:54.54013465Z	53	PC: 12c12 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:40:54.54189969Z	53	PC: 12c1f \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:40:54.543236986Z	53	PC: 12c2c \| Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T11:40:54.544275242Z	53	PC: 12c39 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:40:54.545587249Z	53	PC: 12c46 \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T11:40:54.547524914Z	37	PC: 12c5e \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:40:54.548497363Z	37	PC: 12c67 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:40:54.549449525Z	37	PC: 12c70 \| Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T11:40:54.55087196Z	37	PC: 12c79 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:40:54.552096793Z	37	PC: 12c82 \| Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T11:40:54.55332301Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":6,"Month":12,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":434,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:54.623471246Z	42	PC: 12ad0 \| Get date 0x12ad0: cmp cx, 0x7ca 0x12ad4: jne 0x12b09 0x12ad6: cmp dx, 0xc06 0x12ada: jne 0x12b09 0x12adc: inc word ptr [si + 0x2e] 0x12adf: lea bx, word ptr [si + 0x495] 0x12ae3: cmp byte ptr [bx], 0x24 0x12ae6: je 0x12aee 0x12ae8: sub byte ptr [bx], 0x30 0x12aeb: inc bx 0x12aec: jmp 0x12ae3 0x12aee: lea dx, word ptr [si + 0x495] 0x12af2: mov ah, 9 0x12af4: int 0x21 0x12af6: mov ah, 8 0x12af8: int 0x21 0x12afa: lea bx, word ptr [si + 0x495] 0x12afe: cmp byte ptr [bx], 0x24 0x12b01: je 0x12b09 0x12b03: add byte ptr [bx], 0x30
2018-12-25T11:40:54.626502774Z	9	PC: 12af6 \| Display string (String= 'Don't legalize Marijuana. Your computer is not stoned. ')
2018-12-25T11:40:54.631793766Z	8	PC: 12afa \| Console input without echo