Sample viewer

vx.netlux.org/Virus.DOS.BlackJec.284

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:52:01.974421126Z	78	PC: 12a7c \| Find first file
2018-12-17T22:52:01.980659195Z	47	PC: 12a87 \| Get disk transfer address
2018-12-17T22:52:01.981611591Z	61	PC: 12aad \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:52:01.987861803Z	63	PC: 12abb \| Read file or device (Read 407 bytes on handle 5)
2018-12-17T22:52:01.994660074Z	60	PC: 12aed \| Create or truncate file
2018-12-17T22:52:02.012754315Z	64	PC: 12aff \| Write file or device (Write 691 bytes on handle 6)
2018-12-17T22:52:02.021269424Z	62	PC: 12b03 \| Close file
2018-12-17T22:52:02.030020843Z	79	PC: 12b08 \| Find next file
2018-12-17T22:52:02.031925816Z	47	PC: 12a87 \| Get disk transfer address
2018-12-17T22:52:02.032911638Z	61	PC: 12aad \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:52:02.042042726Z	63	PC: 12abb \| Read file or device (Read 27 bytes on handle 6)
2018-12-17T22:52:02.046342879Z	60	PC: 12aed \| Create or truncate file
2018-12-17T22:52:02.057537074Z	64	PC: 12aff \| Write file or device (Write 311 bytes on handle 7)
2018-12-17T22:52:02.065321883Z	62	PC: 12b03 \| Close file
2018-12-17T22:52:02.073926586Z	79	PC: 12b08 \| Find next file
2018-12-17T22:52:02.076549539Z	47	PC: 12a87 \| Get disk transfer address
2018-12-17T22:52:02.077732822Z	61	PC: 12aad \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:52:02.085910196Z	63	PC: 12abb \| Read file or device (Read 92 bytes on handle 7)
2018-12-17T22:52:02.092411194Z	60	PC: 12aed \| Create or truncate file
2018-12-17T22:52:02.101961501Z	64	PC: 12aff \| Write file or device (Write 376 bytes on handle 8)
2018-12-17T22:52:02.105755331Z	62	PC: 12b03 \| Close file
2018-12-17T22:52:02.111732546Z	79	PC: 12b08 \| Find next file
2018-12-17T22:52:02.113779285Z	47	PC: 12a87 \| Get disk transfer address
2018-12-17T22:52:02.115198813Z	61	PC: 12aad \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:52:02.122839282Z	63	PC: 12abb \| Read file or device (Read 29 bytes on handle 8)
2018-12-17T22:52:02.130129479Z	60	PC: 12aed \| Create or truncate file
2018-12-17T22:52:02.142514096Z	64	PC: 12aff \| Write file or device (Write 313 bytes on handle 9)
2018-12-17T22:52:02.146216451Z	62	PC: 12b03 \| Close file
2018-12-17T22:52:02.154797646Z	79	PC: 12b08 \| Find next file
2018-12-17T22:52:02.158015873Z	47	PC: 12a87 \| Get disk transfer address
2018-12-17T22:52:02.159217638Z	61	PC: 12aad \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:52:02.165548745Z	63	PC: 12abb \| Read file or device (Read 29 bytes on handle 9)
2018-12-17T22:52:02.172153706Z	60	PC: 12aed \| Create or truncate file
2018-12-17T22:52:02.184957312Z	64	PC: 12aff \| Write file or device (Write 313 bytes on handle 10)
2018-12-17T22:52:02.18893708Z	62	PC: 12b03 \| Close file
2018-12-17T22:52:02.197267778Z	79	PC: 12b08 \| Find next file
2018-12-17T22:52:02.200904046Z	47	PC: 12a87 \| Get disk transfer address
2018-12-17T22:52:02.202353718Z	61	PC: 12aad \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:52:02.209829341Z	63	PC: 12abb \| Read file or device (Read 501 bytes on handle 10)
2018-12-17T22:52:02.217452721Z	60	PC: 12aed \| Create or truncate file
2018-12-17T22:52:02.230140453Z	64	PC: 12aff \| Write file or device (Write 785 bytes on handle 11)
2018-12-17T22:52:02.238492224Z	62	PC: 12b03 \| Close file
2018-12-17T22:52:02.247588013Z	79	PC: 12b08 \| Find next file
2018-12-17T22:52:02.257545799Z	47	PC: 12a87 \| Get disk transfer address
2018-12-17T22:52:02.259102182Z	61	PC: 12aad \| Open file (Filename = 'PAH.COM')
2018-12-17T22:52:02.269776584Z	63	PC: 12abb \| Read file or device (Read 29 bytes on handle 11)
2018-12-17T22:52:02.277122025Z	60	PC: 12aed \| Create or truncate file
2018-12-17T22:52:02.290472813Z	64	PC: 12aff \| Write file or device (Write 313 bytes on handle 12)
2018-12-17T22:52:02.29523511Z	62	PC: 12b03 \| Close file
2018-12-17T22:52:02.303962193Z	79	PC: 12b08 \| Find next file
2018-12-17T22:52:02.306545596Z	47	PC: 12a87 \| Get disk transfer address
2018-12-17T22:52:02.308401913Z	61	PC: 12aad \| Open file (Filename = 'TEST.COM')
2018-12-17T22:52:02.31487905Z	63	PC: 12abb \| Read file or device (Read 5404 bytes on handle 12)
2018-12-17T22:52:02.323667118Z	79	PC: 12b08 \| Find next file
2018-12-17T22:52:02.326974356Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T22:52:02.334159509Z	0	PC: 12a89 \| Program terminate