Sample viewer

vx.netlux.org/Virus.DOS.PowerOff.798

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:50:44.44844868Z	48	PC: 13289 \| Get DOS version
2018-12-17T22:50:44.450476742Z	26	PC: 1329b \| Set disk transfer address
2018-12-17T22:50:44.451845947Z	25	PC: 134be \| Get default drive
2018-12-17T22:50:44.453200965Z	71	PC: 134d0 \| Get current directory
2018-12-17T22:50:44.456490071Z	42	PC: 132a2 \| Get date 0x132a2: cmp dl, 0x1f 0x132a5: jne 0x132aa 0x132a7: jmp 0x1347a 0x132aa: cmp al, 3 0x132ac: jne 0x132b1 0x132ae: jmp 0x132b5 0x132b0: nop 0x132b1: cmp al, 5 0x132b3: jne 0x132b8 0x132b5: jmp 0x13448 0x132b8: mov ah, 0x2c 0x132ba: int 0x21 0x132bc: cmp ch, 0x17 0x132bf: jb 0x132c4 0x132c1: jmp 0x13416 0x132c4: mov dx, 0 0x132c7: cmp bp, 0x13 0x132ca: jne 0x132cf 0x132cc: mov dx, 0xa 0x132cf: add dx, di
2018-12-17T22:50:44.458879208Z	44	PC: 132bc \| Get time 0x132bc: cmp ch, 0x17 0x132bf: jb 0x132c4 0x132c1: jmp 0x13416 0x132c4: mov dx, 0 0x132c7: cmp bp, 0x13 0x132ca: jne 0x132cf 0x132cc: mov dx, 0xa 0x132cf: add dx, di 0x132d1: add dx, 6 0x132d4: push cs 0x132d5: pop ds 0x132d6: mov cx, 3 0x132d9: mov ah, 0x4e 0x132db: int 0x21 0x132dd: jmp 0x132e4 0x132df: nop 0x132e0: mov ah, 0x4f 0x132e2: int 0x21 0x132e4: jb 0x132e9 0x132e6: jmp 0x1334e
2018-12-17T22:50:44.460896494Z	78	PC: 132dd \| Find first file
2018-12-17T22:50:44.466705135Z	67	PC: 13397 \| Get or set file attributes
2018-12-17T22:50:44.483292654Z	61	PC: 133a2 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:50:44.48989666Z	63	PC: 133b2 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:44.496527026Z	66	PC: 133c4 \| Move file pointer
2018-12-17T22:50:44.498765672Z	64	PC: 133e4 \| Write file or device (Write 798 bytes on handle 5)
2018-12-17T22:50:44.50743582Z	66	PC: 133fa \| Move file pointer
2018-12-17T22:50:44.512786241Z	64	PC: 13408 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:50:44.5221473Z	87	PC: 134b5 \| Get or set file date and time
2018-12-17T22:50:44.524561017Z	62	PC: 134b9 \| Close file
2018-12-17T22:50:44.532296194Z	26	PC: 13412 \| Set disk transfer address
2018-12-17T22:50:44.541523783Z	14	PC: 134d9 \| Set default drive (Drive = 'A')
2018-12-17T22:50:44.543456649Z	59	PC: 134e3 \| Change current directory
2018-12-17T22:50:44.545397099Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-17T22:50:44.551324805Z	48	PC: 12a8f \| Get DOS version
2018-12-17T22:50:44.552990207Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-17T22:50:44.559840279Z	93	PC: 12afe \| File sharing functions
2018-12-17T22:50:44.562024768Z	9	PC: 12a86 \| Display string (String= 'Size change=031Eh/00798d. ')
2018-12-17T22:50:44.564836094Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10324,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:45.303211547Z	48	PC: 13289 \| Get DOS version
2018-12-25T12:27:45.305775314Z	26	PC: 1329b \| Set disk transfer address
2018-12-25T12:27:45.310865251Z	25	PC: 134be \| Get default drive
2018-12-25T12:27:45.312134305Z	71	PC: 134d0 \| Get current directory
2018-12-25T12:27:45.316656771Z	42	PC: 132a2 \| Get date 0x132a2: cmp dl, 0x1f 0x132a5: jne 0x132aa 0x132a7: jmp 0x1347a 0x132aa: cmp al, 3 0x132ac: jne 0x132b1 0x132ae: jmp 0x132b5 0x132b0: nop 0x132b1: cmp al, 5 0x132b3: jne 0x132b8 0x132b5: jmp 0x13448 0x132b8: mov ah, 0x2c 0x132ba: int 0x21 0x132bc: cmp ch, 0x17 0x132bf: jb 0x132c4 0x132c1: jmp 0x13416 0x132c4: mov dx, 0 0x132c7: cmp bp, 0x13 0x132ca: jne 0x132cf 0x132cc: mov dx, 0xa 0x132cf: add dx, di
2018-12-25T12:27:45.318718641Z	44	PC: 132bc \| Get time 0x132bc: cmp ch, 0x17 0x132bf: jb 0x132c4 0x132c1: jmp 0x13416 0x132c4: mov dx, 0 0x132c7: cmp bp, 0x13 0x132ca: jne 0x132cf 0x132cc: mov dx, 0xa 0x132cf: add dx, di 0x132d1: add dx, 6 0x132d4: push cs 0x132d5: pop ds 0x132d6: mov cx, 3 0x132d9: mov ah, 0x4e 0x132db: int 0x21 0x132dd: jmp 0x132e4 0x132df: nop 0x132e0: mov ah, 0x4f 0x132e2: int 0x21 0x132e4: jb 0x132e9 0x132e6: jmp 0x1334e
2018-12-25T12:27:45.320787833Z	78	PC: 132dd \| Find first file
2018-12-25T12:27:45.327607727Z	67	PC: 13397 \| Get or set file attributes
2018-12-25T12:27:45.344974213Z	61	PC: 133a2 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:45.351741089Z	63	PC: 133b2 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:45.358453404Z	66	PC: 133c4 \| Move file pointer
2018-12-25T12:27:45.360076917Z	64	PC: 133e4 \| Write file or device (Write 798 bytes on handle 5)
2018-12-25T12:27:45.368198975Z	66	PC: 133fa \| Move file pointer
2018-12-25T12:27:45.369423015Z	64	PC: 13408 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:45.376632948Z	87	PC: 134b5 \| Get or set file date and time
2018-12-25T12:27:45.378151829Z	62	PC: 134b9 \| Close file
2018-12-25T12:27:45.389878633Z	26	PC: 13412 \| Set disk transfer address
2018-12-25T12:27:45.392303104Z	14	PC: 134d9 \| Set default drive (Drive = 'A')
2018-12-25T12:27:45.393531462Z	59	PC: 134e3 \| Change current directory
2018-12-25T12:27:45.395280836Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:27:45.402730958Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:27:45.403947727Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:27:45.410454673Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:27:45.412689354Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:27:45.417633991Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10324,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:45.329427275Z	48	PC: 13289 \| Get DOS version
2018-12-25T12:27:45.346594084Z	26	PC: 1329b \| Set disk transfer address
2018-12-25T12:27:45.347857875Z	25	PC: 134be \| Get default drive
2018-12-25T12:27:45.350884326Z	71	PC: 134d0 \| Get current directory
2018-12-25T12:27:45.360505253Z	42	PC: 132a2 \| Get date 0x132a2: cmp dl, 0x1f 0x132a5: jne 0x132aa 0x132a7: jmp 0x1347a 0x132aa: cmp al, 3 0x132ac: jne 0x132b1 0x132ae: jmp 0x132b5 0x132b0: nop 0x132b1: cmp al, 5 0x132b3: jne 0x132b8 0x132b5: jmp 0x13448 0x132b8: mov ah, 0x2c 0x132ba: int 0x21 0x132bc: cmp ch, 0x17 0x132bf: jb 0x132c4 0x132c1: jmp 0x13416 0x132c4: mov dx, 0 0x132c7: cmp bp, 0x13 0x132ca: jne 0x132cf 0x132cc: mov dx, 0xa 0x132cf: add dx, di
2018-12-25T12:27:45.36377233Z	44	PC: 132bc \| Get time 0x132bc: cmp ch, 0x17 0x132bf: jb 0x132c4 0x132c1: jmp 0x13416 0x132c4: mov dx, 0 0x132c7: cmp bp, 0x13 0x132ca: jne 0x132cf 0x132cc: mov dx, 0xa 0x132cf: add dx, di 0x132d1: add dx, 6 0x132d4: push cs 0x132d5: pop ds 0x132d6: mov cx, 3 0x132d9: mov ah, 0x4e 0x132db: int 0x21 0x132dd: jmp 0x132e4 0x132df: nop 0x132e0: mov ah, 0x4f 0x132e2: int 0x21 0x132e4: jb 0x132e9 0x132e6: jmp 0x1334e
2018-12-25T12:27:45.366802993Z	78	PC: 132dd \| Find first file
2018-12-25T12:27:45.373214508Z	67	PC: 13397 \| Get or set file attributes
2018-12-25T12:27:45.390296724Z	61	PC: 133a2 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:45.396905924Z	63	PC: 133b2 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:45.403080096Z	66	PC: 133c4 \| Move file pointer
2018-12-25T12:27:45.405674706Z	64	PC: 133e4 \| Write file or device (Write 798 bytes on handle 5)
2018-12-25T12:27:45.41400873Z	66	PC: 133fa \| Move file pointer
2018-12-25T12:27:45.415623288Z	64	PC: 13408 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:45.422619091Z	87	PC: 134b5 \| Get or set file date and time
2018-12-25T12:27:45.424212661Z	62	PC: 134b9 \| Close file
2018-12-25T12:27:45.434809732Z	26	PC: 13412 \| Set disk transfer address
2018-12-25T12:27:45.43716813Z	14	PC: 134d9 \| Set default drive (Drive = 'A')
2018-12-25T12:27:45.439226051Z	59	PC: 134e3 \| Change current directory
2018-12-25T12:27:45.441491947Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:27:45.449238496Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:27:45.451286119Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:27:45.457983621Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:27:45.460789168Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:27:45.465199341Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":23,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10324,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:45.328730307Z	48	PC: 13289 \| Get DOS version
2018-12-25T12:27:45.346626974Z	26	PC: 1329b \| Set disk transfer address
2018-12-25T12:27:45.349016529Z	25	PC: 134be \| Get default drive
2018-12-25T12:27:45.350594855Z	71	PC: 134d0 \| Get current directory
2018-12-25T12:27:45.354149519Z	42	PC: 132a2 \| Get date 0x132a2: cmp dl, 0x1f 0x132a5: jne 0x132aa 0x132a7: jmp 0x1347a 0x132aa: cmp al, 3 0x132ac: jne 0x132b1 0x132ae: jmp 0x132b5 0x132b0: nop 0x132b1: cmp al, 5 0x132b3: jne 0x132b8 0x132b5: jmp 0x13448 0x132b8: mov ah, 0x2c 0x132ba: int 0x21 0x132bc: cmp ch, 0x17 0x132bf: jb 0x132c4 0x132c1: jmp 0x13416 0x132c4: mov dx, 0 0x132c7: cmp bp, 0x13 0x132ca: jne 0x132cf 0x132cc: mov dx, 0xa 0x132cf: add dx, di
2018-12-25T12:27:45.357328008Z	44	PC: 132bc \| Get time 0x132bc: cmp ch, 0x17 0x132bf: jb 0x132c4 0x132c1: jmp 0x13416 0x132c4: mov dx, 0 0x132c7: cmp bp, 0x13 0x132ca: jne 0x132cf 0x132cc: mov dx, 0xa 0x132cf: add dx, di 0x132d1: add dx, 6 0x132d4: push cs 0x132d5: pop ds 0x132d6: mov cx, 3 0x132d9: mov ah, 0x4e 0x132db: int 0x21 0x132dd: jmp 0x132e4 0x132df: nop 0x132e0: mov ah, 0x4f 0x132e2: int 0x21 0x132e4: jb 0x132e9 0x132e6: jmp 0x1334e
2018-12-25T12:27:45.359853743Z	78	PC: 132dd \| Find first file
2018-12-25T12:27:45.366590653Z	14	PC: 132f6 \| Set default drive (Drive = 'C')
2018-12-25T12:27:45.369485734Z	59	PC: 132ff \| Change current directory
2018-12-25T12:27:45.373781931Z	78	PC: 13312 \| Find first file
2018-12-25T12:27:45.380176497Z	59	PC: 13334 \| Change current directory
2018-12-25T12:27:45.387416935Z	78	PC: 132dd \| Find first file (See above)
2018-12-25T12:27:45.397986366Z	67	PC: 13397 \| Get or set file attributes
2018-12-25T12:27:46.098088604Z	61	PC: 133a2 \| Open file (Filename = 'EDIT.COM')
2018-12-25T12:27:46.10704967Z	63	PC: 133b2 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:46.114755594Z	66	PC: 133c4 \| Move file pointer
2018-12-25T12:27:46.116897278Z	64	PC: 133e4 \| Write file or device (Write 798 bytes on handle 5)
2018-12-25T12:27:46.132621856Z	66	PC: 133fa \| Move file pointer
2018-12-25T12:27:46.135280049Z	64	PC: 13408 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:46.150953997Z	87	PC: 134b5 \| Get or set file date and time
2018-12-25T12:27:46.153216194Z	62	PC: 134b9 \| Close file
2018-12-25T12:27:46.161441042Z	26	PC: 13412 \| Set disk transfer address
2018-12-25T12:27:46.162606925Z	14	PC: 134d9 \| Set default drive (Drive = 'A')
2018-12-25T12:27:46.163709638Z	59	PC: 134e3 \| Change current directory
2018-12-25T12:27:46.167743057Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:27:46.174135408Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:27:46.175847185Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:27:46.184623719Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:27:46.186658585Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:27:46.192265102Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":23,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10324,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:45.343629608Z	48	PC: 13289 \| Get DOS version
2018-12-25T12:27:45.344997536Z	26	PC: 1329b \| Set disk transfer address
2018-12-25T12:27:45.346578285Z	25	PC: 134be \| Get default drive
2018-12-25T12:27:45.360290281Z	71	PC: 134d0 \| Get current directory
2018-12-25T12:27:45.363723067Z	42	PC: 132a2 \| Get date 0x132a2: cmp dl, 0x1f 0x132a5: jne 0x132aa 0x132a7: jmp 0x1347a 0x132aa: cmp al, 3 0x132ac: jne 0x132b1 0x132ae: jmp 0x132b5 0x132b0: nop 0x132b1: cmp al, 5 0x132b3: jne 0x132b8 0x132b5: jmp 0x13448 0x132b8: mov ah, 0x2c 0x132ba: int 0x21 0x132bc: cmp ch, 0x17 0x132bf: jb 0x132c4 0x132c1: jmp 0x13416 0x132c4: mov dx, 0 0x132c7: cmp bp, 0x13 0x132ca: jne 0x132cf 0x132cc: mov dx, 0xa 0x132cf: add dx, di
2018-12-25T12:27:45.366324479Z	44	PC: 132bc \| Get time 0x132bc: cmp ch, 0x17 0x132bf: jb 0x132c4 0x132c1: jmp 0x13416 0x132c4: mov dx, 0 0x132c7: cmp bp, 0x13 0x132ca: jne 0x132cf 0x132cc: mov dx, 0xa 0x132cf: add dx, di 0x132d1: add dx, 6 0x132d4: push cs 0x132d5: pop ds 0x132d6: mov cx, 3 0x132d9: mov ah, 0x4e 0x132db: int 0x21 0x132dd: jmp 0x132e4 0x132df: nop 0x132e0: mov ah, 0x4f 0x132e2: int 0x21 0x132e4: jb 0x132e9 0x132e6: jmp 0x1334e
2018-12-25T12:27:45.369877355Z	78	PC: 132dd \| Find first file
2018-12-25T12:27:45.377505899Z	14	PC: 132f6 \| Set default drive (Drive = 'C')
2018-12-25T12:27:45.379432318Z	59	PC: 132ff \| Change current directory
2018-12-25T12:27:45.384080784Z	78	PC: 13312 \| Find first file
2018-12-25T12:27:45.390504509Z	59	PC: 13334 \| Change current directory
2018-12-25T12:27:45.397204904Z	78	PC: 132dd \| Find first file (See above)
2018-12-25T12:27:45.407205057Z	67	PC: 13397 \| Get or set file attributes
2018-12-25T12:27:46.096905457Z	61	PC: 133a2 \| Open file (Filename = 'EDIT.COM')
2018-12-25T12:27:46.10782964Z	63	PC: 133b2 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:46.114055732Z	66	PC: 133c4 \| Move file pointer
2018-12-25T12:27:46.116246469Z	64	PC: 133e4 \| Write file or device (Write 798 bytes on handle 5)
2018-12-25T12:27:46.121817696Z	66	PC: 133fa \| Move file pointer
2018-12-25T12:27:46.123660801Z	64	PC: 13408 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:46.132632583Z	87	PC: 134b5 \| Get or set file date and time
2018-12-25T12:27:46.137379978Z	62	PC: 134b9 \| Close file
2018-12-25T12:27:46.141910159Z	26	PC: 13412 \| Set disk transfer address
2018-12-25T12:27:46.142888437Z	14	PC: 134d9 \| Set default drive (Drive = 'A')
2018-12-25T12:27:46.148190347Z	59	PC: 134e3 \| Change current directory
2018-12-25T12:27:46.149605954Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:27:46.153544871Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:27:46.155285743Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:27:46.15960505Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:27:46.161024713Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:27:46.172823702Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')