Sample viewer

vx.netlux.org/Virus.DOS.Storm.1219

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:41:32.271594129Z	48	PC: 12ac1 \| Get DOS version
2018-12-17T22:41:32.272887744Z	53	PC: 12aca \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:41:32.274926966Z	53	PC: 12aeb \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:32.277200591Z	75	PC: 12b08 \| Execute program
2018-12-17T22:41:32.278835227Z	80	PC: 9f83b \| Set current PSP
2018-12-17T22:41:32.279665784Z	26	PC: 9f847 \| Set disk transfer address
2018-12-17T22:41:32.284237442Z	37	PC: 9f892 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:32.285826821Z	42	PC: 9f896 \| Get date 0x9f896: cmp dh, 0xc 0x9f899: jne 0x9f8c5 0x9f89b: cmp dl, 0x18 0x9f89e: jne 0x9f8c5 0x9f8a0: mov si, 0x18c 0x9f8a3: mov cx, 0x4b 0x9f8a6: mov es, word ptr [0x599] 0x9f8aa: mov di, 0x640 0x9f8ad: mov ah, 4 0x9f8af: nop 0x9f8b0: nop 0x9f8b1: lodsb al, byte ptr [si] 0x9f8b2: xor al, 0xff 0x9f8b4: stosw word ptr es:[di], ax 0x9f8b5: loop 0x9f8b1 0x9f8b7: mov word ptr [0x58d], 0x3f48 0x9f8bd: mov dx, 0x42d 0x9f8c0: mov ax, 0x2508 0x9f8c3: int 0x21 0x9f8c5: mov bx, ss
2018-12-17T22:41:32.288309538Z	9	PC: 13082 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":24,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7252,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:13.881062823Z	48	PC: 12ac1 \| Get DOS version
2018-12-25T12:01:13.883548645Z	53	PC: 12aca \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:01:13.885291021Z	53	PC: 12aeb \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:13.886757Z	75	PC: 12b08 \| Execute program
2018-12-25T12:01:13.889669042Z	80	PC: 9f83b \| Set current PSP
2018-12-25T12:01:13.890768884Z	26	PC: 9f847 \| Set disk transfer address
2018-12-25T12:01:13.892217594Z	37	PC: 9f892 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:13.893645931Z	42	PC: 9f896 \| Get date 0x9f896: cmp dh, 0xc 0x9f899: jne 0x9f8c5 0x9f89b: cmp dl, 0x18 0x9f89e: jne 0x9f8c5 0x9f8a0: mov si, 0x18c 0x9f8a3: mov cx, 0x4b 0x9f8a6: mov es, word ptr [0x599] 0x9f8aa: mov di, 0x640 0x9f8ad: mov ah, 4 0x9f8af: nop 0x9f8b0: nop 0x9f8b1: lodsb al, byte ptr [si] 0x9f8b2: xor al, 0xff 0x9f8b4: stosw word ptr es:[di], ax 0x9f8b5: loop 0x9f8b1 0x9f8b7: mov word ptr [0x58d], 0x3f48 0x9f8bd: mov dx, 0x42d 0x9f8c0: mov ax, 0x2508 0x9f8c3: int 0x21 0x9f8c5: mov bx, ss
2018-12-25T12:01:13.897026202Z	37	PC: 9f8c5 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:01:13.898617391Z	9	PC: 13082 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7252,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:14.213373118Z	48	PC: 12ac1 \| Get DOS version
2018-12-25T12:01:14.214557472Z	53	PC: 12aca \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:01:14.21596275Z	53	PC: 12aeb \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:14.218130521Z	75	PC: 12b08 \| Execute program
2018-12-25T12:01:14.219865048Z	80	PC: 9f83b \| Set current PSP
2018-12-25T12:01:14.221062413Z	26	PC: 9f847 \| Set disk transfer address
2018-12-25T12:01:14.222736711Z	37	PC: 9f892 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:14.235569023Z	42	PC: 9f896 \| Get date 0x9f896: cmp dh, 0xc 0x9f899: jne 0x9f8c5 0x9f89b: cmp dl, 0x18 0x9f89e: jne 0x9f8c5 0x9f8a0: mov si, 0x18c 0x9f8a3: mov cx, 0x4b 0x9f8a6: mov es, word ptr [0x599] 0x9f8aa: mov di, 0x640 0x9f8ad: mov ah, 4 0x9f8af: nop 0x9f8b0: nop 0x9f8b1: lodsb al, byte ptr [si] 0x9f8b2: xor al, 0xff 0x9f8b4: stosw word ptr es:[di], ax 0x9f8b5: loop 0x9f8b1 0x9f8b7: mov word ptr [0x58d], 0x3f48 0x9f8bd: mov dx, 0x42d 0x9f8c0: mov ax, 0x2508 0x9f8c3: int 0x21 0x9f8c5: mov bx, ss
2018-12-25T12:01:14.237923769Z	9	PC: 13082 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7252,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:14.237633249Z	48	PC: 12ac1 \| Get DOS version
2018-12-25T12:01:14.239315387Z	53	PC: 12aca \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:01:14.240922557Z	53	PC: 12aeb \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:14.242612466Z	75	PC: 12b08 \| Execute program
2018-12-25T12:01:14.244680036Z	80	PC: 9f83b \| Set current PSP
2018-12-25T12:01:14.246780095Z	26	PC: 9f847 \| Set disk transfer address
2018-12-25T12:01:14.248518301Z	37	PC: 9f892 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:14.250292369Z	42	PC: 9f896 \| Get date 0x9f896: cmp dh, 0xc 0x9f899: jne 0x9f8c5 0x9f89b: cmp dl, 0x18 0x9f89e: jne 0x9f8c5 0x9f8a0: mov si, 0x18c 0x9f8a3: mov cx, 0x4b 0x9f8a6: mov es, word ptr [0x599] 0x9f8aa: mov di, 0x640 0x9f8ad: mov ah, 4 0x9f8af: nop 0x9f8b0: nop 0x9f8b1: lodsb al, byte ptr [si] 0x9f8b2: xor al, 0xff 0x9f8b4: stosw word ptr es:[di], ax 0x9f8b5: loop 0x9f8b1 0x9f8b7: mov word ptr [0x58d], 0x3f48 0x9f8bd: mov dx, 0x42d 0x9f8c0: mov ax, 0x2508 0x9f8c3: int 0x21 0x9f8c5: mov bx, ss
2018-12-25T12:01:14.254084673Z	9	PC: 13082 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')