Sample viewer

vx.netlux.org/Virus.DOS.Comzone.512

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:49:32.640797472Z	42	PC: 12a70 \| Get date 0x12a70: cmp dx, 0xc1e 0x12a74: jne 0x12a84 0x12a76: call 0x12a79 0x12a79: pop dx 0x12a7a: add dx, 0xbc 0x12a7e: mov ah, 9 0x12a80: int 0x21 0x12a82: jmp 0x12a82 0x12a84: mov ax, 0x1898 0x12a87: int 0x21 0x12a89: cmp ax, 0x9818 0x12a8c: je 0x12b10 0x12a90: mov di, 0x100 0x12a93: call 0x12a96 0x12a96: pop si 0x12a97: sub si, 0x56 0x12a9a: mov cx, 0x200 0x12a9d: rep movsb byte ptr es:[di], byte ptr [si] 0x12a9f: push 0x163 0x12aa2: ret
2018-12-17T22:49:32.644419157Z	24	PC: 12a89 \| Reserved
2018-12-17T22:49:32.646096047Z	53	PC: 12aa8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:32.6476463Z	37	PC: 12ab7 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:32.649235145Z	74	PC: 12ac0 \| Reallocate memory
2018-12-17T22:49:32.651843265Z	61	PC: 12bab \| Open file (Filename = '')
2018-12-17T22:49:32.666180913Z	87	PC: 12bb3 \| Get or set file date and time
2018-12-17T22:49:32.668210125Z	63	PC: 12bc1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:49:32.672689692Z	66	PC: 12bdb \| Move file pointer
2018-12-17T22:49:32.674786731Z	87	PC: 12c26 \| Get or set file date and time
2018-12-17T22:49:32.676946419Z	62	PC: 12c2a \| Close file
2018-12-17T22:49:32.693907876Z	75	PC: 12af1 \| Execute program
2018-12-17T22:49:32.712982945Z	42	PC: 12df0 \| Get date 0x12df0: cmp dx, 0xc1e 0x12df4: jne 0x12e04 0x12df6: call 0x12df9 0x12df9: pop dx 0x12dfa: add dx, 0xbc 0x12dfe: mov ah, 9 0x12e00: int 0x21 0x12e02: jmp 0x12e02 0x12e04: mov ax, 0x1898 0x12e07: int 0x21 0x12e09: cmp ax, 0x9818 0x12e0c: je 0x12e90 0x12e10: mov di, 0x100 0x12e13: call 0x12e16 0x12e16: pop si 0x12e17: sub si, 0x56 0x12e1a: mov cx, 0x200 0x12e1d: rep movsb byte ptr es:[di], byte ptr [si] 0x12e1f: push 0x163 0x12e22: ret
2018-12-17T22:49:32.717966387Z	73	PC: 12b00 \| Release memory
2018-12-17T22:49:32.720378479Z	49	PC: 12b10 \| Terminate and stay resident (Return code = '0' \| Memory size = '50')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9918,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:24:10.602137965Z	42	PC: 12a70 \| Get date 0x12a70: cmp dx, 0xc1e 0x12a74: jne 0x12a84 0x12a76: call 0x12a79 0x12a79: pop dx 0x12a7a: add dx, 0xbc 0x12a7e: mov ah, 9 0x12a80: int 0x21 0x12a82: jmp 0x12a82 0x12a84: mov ax, 0x1898 0x12a87: int 0x21 0x12a89: cmp ax, 0x9818 0x12a8c: je 0x12b10 0x12a90: mov di, 0x100 0x12a93: call 0x12a96 0x12a96: pop si 0x12a97: sub si, 0x56 0x12a9a: mov cx, 0x200 0x12a9d: rep movsb byte ptr es:[di], byte ptr [si] 0x12a9f: push 0x163 0x12aa2: ret
2018-12-25T12:24:10.604768724Z	24	PC: 12a89 \| Reserved
2018-12-25T12:24:10.605991651Z	53	PC: 12aa8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:24:10.607306696Z	37	PC: 12ab7 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:24:10.608792201Z	74	PC: 12ac0 \| Reallocate memory
2018-12-25T12:24:10.61458938Z	61	PC: 12bab \| Open file (Filename = '')
2018-12-25T12:24:10.621346178Z	87	PC: 12bb3 \| Get or set file date and time
2018-12-25T12:24:10.622573198Z	63	PC: 12bc1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:24:10.624645512Z	66	PC: 12bdb \| Move file pointer
2018-12-25T12:24:10.62580849Z	87	PC: 12c26 \| Get or set file date and time
2018-12-25T12:24:10.627076667Z	62	PC: 12c2a \| Close file
2018-12-25T12:24:10.638468258Z	75	PC: 12af1 \| Execute program
2018-12-25T12:24:10.648394845Z	42	PC: 12df0 \| Get date 0x12df0: cmp dx, 0xc1e 0x12df4: jne 0x12e04 0x12df6: call 0x12df9 0x12df9: pop dx 0x12dfa: add dx, 0xbc 0x12dfe: mov ah, 9 0x12e00: int 0x21 0x12e02: jmp 0x12e02 0x12e04: mov ax, 0x1898 0x12e07: int 0x21 0x12e09: cmp ax, 0x9818 0x12e0c: je 0x12e90 0x12e10: mov di, 0x100 0x12e13: call 0x12e16 0x12e16: pop si 0x12e17: sub si, 0x56 0x12e1a: mov cx, 0x200 0x12e1d: rep movsb byte ptr es:[di], byte ptr [si] 0x12e1f: push 0x163 0x12e22: ret
2018-12-25T12:24:10.651398699Z	73	PC: 12b00 \| Release memory
2018-12-25T12:24:10.653469169Z	49	PC: 12b10 \| Terminate and stay resident (Return code = '0' \| Memory size = '50')

{"DateBased":true,"Day":30,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9918,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:24:10.655243079Z	42	PC: 12a70 \| Get date 0x12a70: cmp dx, 0xc1e 0x12a74: jne 0x12a84 0x12a76: call 0x12a79 0x12a79: pop dx 0x12a7a: add dx, 0xbc 0x12a7e: mov ah, 9 0x12a80: int 0x21 0x12a82: jmp 0x12a82 0x12a84: mov ax, 0x1898 0x12a87: int 0x21 0x12a89: cmp ax, 0x9818 0x12a8c: je 0x12b10 0x12a90: mov di, 0x100 0x12a93: call 0x12a96 0x12a96: pop si 0x12a97: sub si, 0x56 0x12a9a: mov cx, 0x200 0x12a9d: rep movsb byte ptr es:[di], byte ptr [si] 0x12a9f: push 0x163 0x12aa2: ret
2018-12-25T12:24:10.658613986Z	9	PC: 12a82 \| Display string (String= 'ComZone Executer Copyright (c) 1999 by Deadman ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9918,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:24:10.871849031Z	42	PC: 12a70 \| Get date 0x12a70: cmp dx, 0xc1e 0x12a74: jne 0x12a84 0x12a76: call 0x12a79 0x12a79: pop dx 0x12a7a: add dx, 0xbc 0x12a7e: mov ah, 9 0x12a80: int 0x21 0x12a82: jmp 0x12a82 0x12a84: mov ax, 0x1898 0x12a87: int 0x21 0x12a89: cmp ax, 0x9818 0x12a8c: je 0x12b10 0x12a90: mov di, 0x100 0x12a93: call 0x12a96 0x12a96: pop si 0x12a97: sub si, 0x56 0x12a9a: mov cx, 0x200 0x12a9d: rep movsb byte ptr es:[di], byte ptr [si] 0x12a9f: push 0x163 0x12aa2: ret
2018-12-25T12:24:10.875686359Z	24	PC: 12a89 \| Reserved
2018-12-25T12:24:10.877516908Z	53	PC: 12aa8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:24:10.879025635Z	37	PC: 12ab7 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:24:10.881684126Z	74	PC: 12ac0 \| Reallocate memory
2018-12-25T12:24:10.883470263Z	61	PC: 12bab \| Open file (Filename = '')
2018-12-25T12:24:10.890262607Z	87	PC: 12bb3 \| Get or set file date and time
2018-12-25T12:24:10.892062475Z	63	PC: 12bc1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:24:10.895139269Z	66	PC: 12bdb \| Move file pointer
2018-12-25T12:24:10.896758888Z	87	PC: 12c26 \| Get or set file date and time
2018-12-25T12:24:10.898532979Z	62	PC: 12c2a \| Close file
2018-12-25T12:24:10.912553532Z	75	PC: 12af1 \| Execute program
2018-12-25T12:24:10.927066345Z	42	PC: 12df0 \| Get date 0x12df0: cmp dx, 0xc1e 0x12df4: jne 0x12e04 0x12df6: call 0x12df9 0x12df9: pop dx 0x12dfa: add dx, 0xbc 0x12dfe: mov ah, 9 0x12e00: int 0x21 0x12e02: jmp 0x12e02 0x12e04: mov ax, 0x1898 0x12e07: int 0x21 0x12e09: cmp ax, 0x9818 0x12e0c: je 0x12e90 0x12e10: mov di, 0x100 0x12e13: call 0x12e16 0x12e16: pop si 0x12e17: sub si, 0x56 0x12e1a: mov cx, 0x200 0x12e1d: rep movsb byte ptr es:[di], byte ptr [si] 0x12e1f: push 0x163 0x12e22: ret
2018-12-25T12:24:10.931287991Z	73	PC: 12b00 \| Release memory
2018-12-25T12:24:10.933752254Z	49	PC: 12b10 \| Terminate and stay resident (Return code = '0' \| Memory size = '50')

{"DateBased":true,"Day":30,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9918,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:24:11.083480333Z	42	PC: 12a70 \| Get date 0x12a70: cmp dx, 0xc1e 0x12a74: jne 0x12a84 0x12a76: call 0x12a79 0x12a79: pop dx 0x12a7a: add dx, 0xbc 0x12a7e: mov ah, 9 0x12a80: int 0x21 0x12a82: jmp 0x12a82 0x12a84: mov ax, 0x1898 0x12a87: int 0x21 0x12a89: cmp ax, 0x9818 0x12a8c: je 0x12b10 0x12a90: mov di, 0x100 0x12a93: call 0x12a96 0x12a96: pop si 0x12a97: sub si, 0x56 0x12a9a: mov cx, 0x200 0x12a9d: rep movsb byte ptr es:[di], byte ptr [si] 0x12a9f: push 0x163 0x12aa2: ret
2018-12-25T12:24:11.086077522Z	9	PC: 12a82 \| Display string (String= 'ComZone Executer Copyright (c) 1999 by Deadman ')