Sample viewer

vx.netlux.org/Virus.DOS.Spooky.440

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:50:11.773918169Z	78	PC: 12a79 \| Find first file
2018-12-17T22:50:11.780490445Z	61	PC: 12ab3 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:50:11.787002229Z	87	PC: 12aba \| Get or set file date and time
2018-12-17T22:50:11.788549488Z	64	PC: 12ad7 \| Write file or device (Write 47 bytes on handle 5)
2018-12-17T22:50:11.795922225Z	64	PC: 12ae1 \| Write file or device (Write 393 bytes on handle 5)
2018-12-17T22:50:11.798659323Z	87	PC: 12ae8 \| Get or set file date and time
2018-12-17T22:50:11.800450119Z	62	PC: 12aec \| Close file
2018-12-17T22:50:12.498517337Z	79	PC: 12a79 \| Find next file
2018-12-17T22:50:12.506519395Z	61	PC: 12ab3 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:50:12.513357125Z	87	PC: 12aba \| Get or set file date and time
2018-12-17T22:50:12.515306927Z	64	PC: 12ad7 \| Write file or device (Write 47 bytes on handle 5)
2018-12-17T22:50:12.524677449Z	64	PC: 12ae1 \| Write file or device (Write 393 bytes on handle 5)
2018-12-17T22:50:12.528075324Z	87	PC: 12ae8 \| Get or set file date and time
2018-12-17T22:50:12.529854631Z	62	PC: 12aec \| Close file
2018-12-17T22:50:12.539378125Z	79	PC: 12a79 \| Find next file
2018-12-17T22:50:12.542055002Z	61	PC: 12ab3 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:50:12.548480054Z	87	PC: 12aba \| Get or set file date and time
2018-12-17T22:50:12.551281467Z	64	PC: 12ad7 \| Write file or device (Write 47 bytes on handle 5)
2018-12-17T22:50:12.558019687Z	64	PC: 12ae1 \| Write file or device (Write 393 bytes on handle 5)
2018-12-17T22:50:12.560715994Z	87	PC: 12ae8 \| Get or set file date and time
2018-12-17T22:50:12.563201396Z	62	PC: 12aec \| Close file
2018-12-17T22:50:12.568033892Z	79	PC: 12a79 \| Find next file
2018-12-17T22:50:12.57005795Z	61	PC: 12ab3 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:50:12.57486815Z	87	PC: 12aba \| Get or set file date and time
2018-12-17T22:50:12.576082537Z	64	PC: 12ad7 \| Write file or device (Write 47 bytes on handle 5)
2018-12-17T22:50:12.580823972Z	64	PC: 12ae1 \| Write file or device (Write 393 bytes on handle 5)
2018-12-17T22:50:12.585255316Z	87	PC: 12ae8 \| Get or set file date and time
2018-12-17T22:50:12.586707889Z	62	PC: 12aec \| Close file
2018-12-17T22:50:12.59347613Z	42	PC: 12b00 \| Get date 0x12b00: cmp dl, 4 0x12b03: jne 0x12b24 0x12b05: mov ah, 9 0x12b07: mov dx, 0x217 0x12b0a: int 0x21 0x12b0c: mov ah, 0x2c 0x12b0e: int 0x21 0x12b10: cmp dh, 4 0x12b13: nop 0x12b14: jne 0x12b24 0x12b16: mov ah, 0x3b 0x12b18: mov dx, 0x1fd 0x12b1b: int 0x21 0x12b1d: mov ah, 0x41 0x12b1f: mov dx, 0x213 0x12b22: int 0x21 0x12b24: ret 0x12b25: sub ch, byte ptr [0x2a63] 0x12b29: add byte ptr [bp + di + 0x3a], al 0x12b2c: pop sp

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10144,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:17.672263154Z	78	PC: 12a79 \| Find first file
2018-12-25T12:27:17.679517025Z	61	PC: 12ab3 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:17.687599235Z	87	PC: 12aba \| Get or set file date and time
2018-12-25T12:27:17.689742906Z	64	PC: 12ad7 \| Write file or device (Write 47 bytes on handle 5)
2018-12-25T12:27:17.697208911Z	64	PC: 12ae1 \| Write file or device (Write 393 bytes on handle 5)
2018-12-25T12:27:17.701284685Z	87	PC: 12ae8 \| Get or set file date and time
2018-12-25T12:27:17.703278164Z	62	PC: 12aec \| Close file
2018-12-25T12:27:17.932576371Z	79	PC: 12a79 \| Find next file (See above)
2018-12-25T12:27:17.937640789Z	61	PC: 12ab3 \| Open file (See above)
2018-12-25T12:27:17.945245118Z	87	PC: 12aba \| Get or set file date and time (See above)
2018-12-25T12:27:17.947411548Z	64	PC: 12ad7 \| Write file or device (See above)
2018-12-25T12:27:17.956408453Z	64	PC: 12ae1 \| Write file or device (See above)
2018-12-25T12:27:17.96791118Z	87	PC: 12ae8 \| Get or set file date and time (See above)
2018-12-25T12:27:17.969590465Z	62	PC: 12aec \| Close file (See above)
2018-12-25T12:27:17.97943413Z	79	PC: 12a79 \| Find next file (See above)
2018-12-25T12:27:17.985063047Z	61	PC: 12ab3 \| Open file (See above)
2018-12-25T12:27:17.993078798Z	87	PC: 12aba \| Get or set file date and time (See above)
2018-12-25T12:27:17.99557162Z	64	PC: 12ad7 \| Write file or device (See above)
2018-12-25T12:27:18.004033965Z	64	PC: 12ae1 \| Write file or device (See above)
2018-12-25T12:27:18.007068181Z	87	PC: 12ae8 \| Get or set file date and time (See above)
2018-12-25T12:27:18.008802428Z	62	PC: 12aec \| Close file (See above)
2018-12-25T12:27:18.017931272Z	79	PC: 12a79 \| Find next file (See above)
2018-12-25T12:27:18.020969288Z	61	PC: 12ab3 \| Open file (See above)
2018-12-25T12:27:18.029113298Z	87	PC: 12aba \| Get or set file date and time (See above)
2018-12-25T12:27:18.031926527Z	64	PC: 12ad7 \| Write file or device (See above)
2018-12-25T12:27:18.039789523Z	64	PC: 12ae1 \| Write file or device (See above)
2018-12-25T12:27:18.043200064Z	87	PC: 12ae8 \| Get or set file date and time (See above)
2018-12-25T12:27:18.046341125Z	62	PC: 12aec \| Close file (See above)
2018-12-25T12:27:18.054836513Z	42	PC: 12b00 \| Get date 0x12b00: cmp dl, 4 0x12b03: jne 0x12b24 0x12b05: mov ah, 9 0x12b07: mov dx, 0x217 0x12b0a: int 0x21 0x12b0c: mov ah, 0x2c 0x12b0e: int 0x21 0x12b10: cmp dh, 4 0x12b13: nop 0x12b14: jne 0x12b24 0x12b16: mov ah, 0x3b 0x12b18: mov dx, 0x1fd 0x12b1b: int 0x21 0x12b1d: mov ah, 0x41 0x12b1f: mov dx, 0x213 0x12b22: int 0x21 0x12b24: ret 0x12b25: sub ch, byte ptr [0x2a63] 0x12b29: add byte ptr [bp + di + 0x3a], al 0x12b2c: pop sp

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10144,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:17.99501827Z	78	PC: 12a79 \| Find first file
2018-12-25T12:27:18.001549657Z	61	PC: 12ab3 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:18.007806256Z	87	PC: 12aba \| Get or set file date and time
2018-12-25T12:27:18.009024374Z	64	PC: 12ad7 \| Write file or device (Write 47 bytes on handle 5)
2018-12-25T12:27:18.023974721Z	64	PC: 12ae1 \| Write file or device (Write 393 bytes on handle 5)
2018-12-25T12:27:18.026748471Z	87	PC: 12ae8 \| Get or set file date and time
2018-12-25T12:27:18.028008679Z	62	PC: 12aec \| Close file
2018-12-25T12:27:18.04155263Z	79	PC: 12a79 \| Find next file (See above)
2018-12-25T12:27:18.045040408Z	61	PC: 12ab3 \| Open file (See above)
2018-12-25T12:27:18.051739983Z	87	PC: 12aba \| Get or set file date and time (See above)
2018-12-25T12:27:18.053804058Z	64	PC: 12ad7 \| Write file or device (See above)
2018-12-25T12:27:18.061245049Z	64	PC: 12ae1 \| Write file or device (See above)
2018-12-25T12:27:18.064060127Z	87	PC: 12ae8 \| Get or set file date and time (See above)
2018-12-25T12:27:18.065680057Z	62	PC: 12aec \| Close file (See above)
2018-12-25T12:27:18.073662372Z	79	PC: 12a79 \| Find next file (See above)
2018-12-25T12:27:18.076432915Z	61	PC: 12ab3 \| Open file (See above)
2018-12-25T12:27:18.083394732Z	87	PC: 12aba \| Get or set file date and time (See above)
2018-12-25T12:27:18.08690621Z	64	PC: 12ad7 \| Write file or device (See above)
2018-12-25T12:27:18.093846839Z	64	PC: 12ae1 \| Write file or device (See above)
2018-12-25T12:27:18.096584069Z	87	PC: 12ae8 \| Get or set file date and time (See above)
2018-12-25T12:27:18.099094389Z	62	PC: 12aec \| Close file (See above)
2018-12-25T12:27:18.106625865Z	79	PC: 12a79 \| Find next file (See above)
2018-12-25T12:27:18.109532403Z	61	PC: 12ab3 \| Open file (See above)
2018-12-25T12:27:18.117246221Z	87	PC: 12aba \| Get or set file date and time (See above)
2018-12-25T12:27:18.119135385Z	64	PC: 12ad7 \| Write file or device (See above)
2018-12-25T12:27:18.125731736Z	64	PC: 12ae1 \| Write file or device (See above)
2018-12-25T12:27:18.128959222Z	87	PC: 12ae8 \| Get or set file date and time (See above)
2018-12-25T12:27:18.130553703Z	62	PC: 12aec \| Close file (See above)
2018-12-25T12:27:18.137709008Z	42	PC: 12b00 \| Get date 0x12b00: cmp dl, 4 0x12b03: jne 0x12b24 0x12b05: mov ah, 9 0x12b07: mov dx, 0x217 0x12b0a: int 0x21 0x12b0c: mov ah, 0x2c 0x12b0e: int 0x21 0x12b10: cmp dh, 4 0x12b13: nop 0x12b14: jne 0x12b24 0x12b16: mov ah, 0x3b 0x12b18: mov dx, 0x1fd 0x12b1b: int 0x21 0x12b1d: mov ah, 0x41 0x12b1f: mov dx, 0x213 0x12b22: int 0x21 0x12b24: ret 0x12b25: sub ch, byte ptr [0x2a63] 0x12b29: add byte ptr [bp + di + 0x3a], al 0x12b2c: pop sp
2018-12-25T12:27:18.14074602Z	9	PC: 12b0c \| Display string (String= 'Which is stronger Man or Chu locked in endless warfare fighting over empty names using up peoples strength Stella, coded by Opic [codebreakers],1998 ')
2018-12-25T12:27:18.152423834Z	44	PC: 12b10 \| Get time 0x12b10: cmp dh, 4 0x12b13: nop 0x12b14: jne 0x12b24 0x12b16: mov ah, 0x3b 0x12b18: mov dx, 0x1fd 0x12b1b: int 0x21 0x12b1d: mov ah, 0x41 0x12b1f: mov dx, 0x213 0x12b22: int 0x21 0x12b24: ret 0x12b25: sub ch, byte ptr [0x2a63] 0x12b29: add byte ptr [bp + di + 0x3a], al 0x12b2c: pop sp 0x12b2d: ja 0x12b98 0x12b2f: outsb dx, byte ptr [si] 0x12b30: outsw dx, word ptr fs:[si] 0x12b32: ja 0x12ba7 0x12b34: pop sp 0x12b35: arpl word ptr [bx + 0x6d], bp 0x12b38: insw word ptr es:[di], dx