Sample viewer

vx.netlux.org/Virus.DOS.SanLorenzo.1025

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:45:47.963582887Z	75	PC: 132a2 \| Execute program
2018-12-17T22:45:47.965979229Z	74	PC: 132be \| Reallocate memory
2018-12-17T22:45:47.968623785Z	72	PC: 132c4 \| Allocate memory
2018-12-17T22:45:47.970741172Z	53	PC: 132df \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:45:47.972512175Z	37	PC: 13302 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:45:47.97838017Z	42	PC: 1330a \| Get date 0x1330a: cmp dl, 0xf 0x1330d: jb 0x13349 0x1330f: mov ah, 0x2c 0x13311: int 0x21 0x13313: push dx 0x13314: pop ax 0x13315: and ah, 3 0x13318: lea dx, word ptr [bp + 0x243] 0x1331c: cmp ah, 1 0x1331f: jne 0x13325 0x13321: lea dx, word ptr [bp + 0x277] 0x13325: cmp ah, 2 0x13328: jne 0x1332e 0x1332a: lea dx, word ptr [bp + 0x29a] 0x1332e: cmp ah, 3 0x13331: jne 0x13337 0x13333: lea dx, word ptr [bp + 0x2ae] 0x13337: mov ah, 9 0x13339: int 0x21 0x1333b: lea dx, word ptr [bp + 0x213]
2018-12-17T22:45:47.981429222Z	44	PC: 13313 \| Get time 0x13313: push dx 0x13314: pop ax 0x13315: and ah, 3 0x13318: lea dx, word ptr [bp + 0x243] 0x1331c: cmp ah, 1 0x1331f: jne 0x13325 0x13321: lea dx, word ptr [bp + 0x277] 0x13325: cmp ah, 2 0x13328: jne 0x1332e 0x1332a: lea dx, word ptr [bp + 0x29a] 0x1332e: cmp ah, 3 0x13331: jne 0x13337 0x13333: lea dx, word ptr [bp + 0x2ae] 0x13337: mov ah, 9 0x13339: int 0x21 0x1333b: lea dx, word ptr [bp + 0x213] 0x1333f: int 0x21 0x13341: mov ah, 7 0x13343: int 0x21 0x13345: cmp al, 0x20
2018-12-17T22:45:47.984401851Z	9	PC: 1333b \| Display string (String= ' Globo no existis. En el Bajo Flores vas a morir, sucio !')
2018-12-17T22:45:47.989997946Z	9	PC: 13341 \| Display string (String= ' SAN LORENZO CAMPEON 1995 by Mantis King')
2018-12-17T22:45:47.999775853Z	7	PC: 13345 \| Direct console input without echo

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8662,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:39.77592044Z	75	PC: 132a2 \| Execute program
2018-12-25T12:21:39.777821614Z	74	PC: 132be \| Reallocate memory
2018-12-25T12:21:39.779641535Z	72	PC: 132c4 \| Allocate memory
2018-12-25T12:21:39.7813276Z	53	PC: 132df \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:39.782721104Z	37	PC: 13302 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:39.785386082Z	42	PC: 1330a \| Get date 0x1330a: cmp dl, 0xf 0x1330d: jb 0x13349 0x1330f: mov ah, 0x2c 0x13311: int 0x21 0x13313: push dx 0x13314: pop ax 0x13315: and ah, 3 0x13318: lea dx, word ptr [bp + 0x243] 0x1331c: cmp ah, 1 0x1331f: jne 0x13325 0x13321: lea dx, word ptr [bp + 0x277] 0x13325: cmp ah, 2 0x13328: jne 0x1332e 0x1332a: lea dx, word ptr [bp + 0x29a] 0x1332e: cmp ah, 3 0x13331: jne 0x13337 0x13333: lea dx, word ptr [bp + 0x2ae] 0x13337: mov ah, 9 0x13339: int 0x21 0x1333b: lea dx, word ptr [bp + 0x213]
2018-12-25T12:21:39.788051442Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:21:39.795278443Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:21:39.797359436Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:21:39.805852768Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:21:39.807881812Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:21:39.812908767Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":15,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8662,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:39.88864853Z	75	PC: 132a2 \| Execute program
2018-12-25T12:21:39.890560581Z	74	PC: 132be \| Reallocate memory
2018-12-25T12:21:39.891937723Z	72	PC: 132c4 \| Allocate memory
2018-12-25T12:21:39.893361357Z	53	PC: 132df \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:39.895020288Z	37	PC: 13302 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:39.896379654Z	42	PC: 1330a \| Get date 0x1330a: cmp dl, 0xf 0x1330d: jb 0x13349 0x1330f: mov ah, 0x2c 0x13311: int 0x21 0x13313: push dx 0x13314: pop ax 0x13315: and ah, 3 0x13318: lea dx, word ptr [bp + 0x243] 0x1331c: cmp ah, 1 0x1331f: jne 0x13325 0x13321: lea dx, word ptr [bp + 0x277] 0x13325: cmp ah, 2 0x13328: jne 0x1332e 0x1332a: lea dx, word ptr [bp + 0x29a] 0x1332e: cmp ah, 3 0x13331: jne 0x13337 0x13333: lea dx, word ptr [bp + 0x2ae] 0x13337: mov ah, 9 0x13339: int 0x21 0x1333b: lea dx, word ptr [bp + 0x213]
2018-12-25T12:21:39.898896536Z	44	PC: 13313 \| Get time 0x13313: push dx 0x13314: pop ax 0x13315: and ah, 3 0x13318: lea dx, word ptr [bp + 0x243] 0x1331c: cmp ah, 1 0x1331f: jne 0x13325 0x13321: lea dx, word ptr [bp + 0x277] 0x13325: cmp ah, 2 0x13328: jne 0x1332e 0x1332a: lea dx, word ptr [bp + 0x29a] 0x1332e: cmp ah, 3 0x13331: jne 0x13337 0x13333: lea dx, word ptr [bp + 0x2ae] 0x13337: mov ah, 9 0x13339: int 0x21 0x1333b: lea dx, word ptr [bp + 0x213] 0x1333f: int 0x21 0x13341: mov ah, 7 0x13343: int 0x21 0x13345: cmp al, 0x20
2018-12-25T12:21:39.901739086Z	9	PC: 1333b \| Display string (String= ' Abuelo Comisario')
2018-12-25T12:21:39.905446196Z	9	PC: 13341 \| Display string (String= ' SAN LORENZO CAMPEON 1995 by Mantis King')
2018-12-25T12:21:39.919863232Z	7	PC: 13345 \| Direct console input without echo