Sample viewer

vx.netlux.org/Virus.DOS.Isei.4322

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:52:15.825800191Z	105	PC: 14991 \| Get or set media id
2018-12-17T22:52:15.831954359Z	42	PC: 1499b \| Get date 0x1499b: cmp dh, 7 0x1499e: jne 0x149fa 0x149a0: cmp dl, 0x1d 0x149a3: jne 0x149fa 0x149a5: mov ax, 0x12 0x149a8: int 0x10 0x149aa: mov cx, 0xffff 0x149ad: push cx 0x149ae: mov cx, 0xfff 0x149b1: loop 0x149b1 0x149b3: pop cx 0x149b4: loop 0x149ad 0x149b6: mov al, 7 0x149b8: int 0x29 0x149ba: lea bx, word ptr [si + 0x62] 0x149be: push si 0x149bf: xor si, si 0x149c1: jmp 0x149de 0x149c3: add si, word ptr cs:[bx] 0x149c6: add bx, 2
2018-12-17T22:52:15.834406509Z	75	PC: 14a04 \| Execute program
2018-12-17T22:52:15.835921561Z	74	PC: 14a10 \| Reallocate memory
2018-12-17T22:52:15.838418171Z	74	PC: 14a18 \| Reallocate memory
2018-12-17T22:52:15.840150579Z	61	PC: 9e9ee \| Open file
2018-12-17T22:52:15.849640817Z	37	PC: 9e9ee \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:15.851095066Z	87	PC: 9e9ee \| Get or set file date and time
2018-12-17T22:52:15.852856944Z	63	PC: 9e9ee \| Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:52:15.858597264Z	66	PC: 9e9ee \| Move file pointer
2018-12-17T22:52:15.861738895Z	64	PC: 9e9ee \| Write file or device (Write 4322 bytes on handle 5)
2018-12-17T22:52:16.334490001Z	66	PC: 9e9ee \| Move file pointer
2018-12-17T22:52:16.336613088Z	64	PC: 9e9ee \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:52:16.3407838Z	87	PC: 9e9ee \| Get or set file date and time
2018-12-17T22:52:16.342512502Z	62	PC: 9e9ee \| Close file
2018-12-17T22:52:16.350287657Z	75	PC: 14a5a \| Execute program
2018-12-17T22:52:16.359965007Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T22:52:16.366132579Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10828,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:20.386701385Z	105	PC: 14991 \| Get or set media id
2018-12-25T12:29:20.393096799Z	42	PC: 1499b \| Get date 0x1499b: cmp dh, 7 0x1499e: jne 0x149fa 0x149a0: cmp dl, 0x1d 0x149a3: jne 0x149fa 0x149a5: mov ax, 0x12 0x149a8: int 0x10 0x149aa: mov cx, 0xffff 0x149ad: push cx 0x149ae: mov cx, 0xfff 0x149b1: loop 0x149b1 0x149b3: pop cx 0x149b4: loop 0x149ad 0x149b6: mov al, 7 0x149b8: int 0x29 0x149ba: lea bx, word ptr [si + 0x62] 0x149be: push si 0x149bf: xor si, si 0x149c1: jmp 0x149de 0x149c3: add si, word ptr cs:[bx] 0x149c6: add bx, 2
2018-12-25T12:29:20.396080528Z	75	PC: 14a04 \| Execute program
2018-12-25T12:29:20.398471833Z	74	PC: 14a10 \| Reallocate memory
2018-12-25T12:29:20.400784359Z	74	PC: 14a18 \| Reallocate memory
2018-12-25T12:29:20.403799279Z	61	PC: 9e9ee \| Open file
2018-12-25T12:29:20.413482854Z	37	PC: 9e9ee \| Set interrupt vector (See above)
2018-12-25T12:29:20.414678602Z	87	PC: 9e9ee \| Get or set file date and time (See above)
2018-12-25T12:29:20.4169294Z	63	PC: 9e9ee \| Read file or device (See above)
2018-12-25T12:29:20.422623489Z	66	PC: 9e9ee \| Move file pointer (See above)
2018-12-25T12:29:20.424806324Z	64	PC: 9e9ee \| Write file or device (See above)
2018-12-25T12:29:20.774386224Z	66	PC: 9e9ee \| Move file pointer (See above)
2018-12-25T12:29:20.776142517Z	64	PC: 9e9ee \| Write file or device (See above)
2018-12-25T12:29:20.779063547Z	87	PC: 9e9ee \| Get or set file date and time (See above)
2018-12-25T12:29:20.781545181Z	62	PC: 9e9ee \| Close file (See above)
2018-12-25T12:29:21.081315408Z	75	PC: 14a5a \| Execute program
2018-12-25T12:29:21.090490308Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:29:21.096191776Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10828,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:20.706962121Z	105	PC: 14991 \| Get or set media id
2018-12-25T12:29:20.713332316Z	42	PC: 1499b \| Get date 0x1499b: cmp dh, 7 0x1499e: jne 0x149fa 0x149a0: cmp dl, 0x1d 0x149a3: jne 0x149fa 0x149a5: mov ax, 0x12 0x149a8: int 0x10 0x149aa: mov cx, 0xffff 0x149ad: push cx 0x149ae: mov cx, 0xfff 0x149b1: loop 0x149b1 0x149b3: pop cx 0x149b4: loop 0x149ad 0x149b6: mov al, 7 0x149b8: int 0x29 0x149ba: lea bx, word ptr [si + 0x62] 0x149be: push si 0x149bf: xor si, si 0x149c1: jmp 0x149de 0x149c3: add si, word ptr cs:[bx] 0x149c6: add bx, 2
2018-12-25T12:29:20.71549284Z	75	PC: 14a04 \| Execute program
2018-12-25T12:29:20.716977915Z	74	PC: 14a10 \| Reallocate memory
2018-12-25T12:29:20.719454458Z	74	PC: 14a18 \| Reallocate memory
2018-12-25T12:29:20.721520171Z	61	PC: 9e9ee \| Open file
2018-12-25T12:29:20.737881981Z	37	PC: 9e9ee \| Set interrupt vector (See above)
2018-12-25T12:29:20.739059204Z	87	PC: 9e9ee \| Get or set file date and time (See above)
2018-12-25T12:29:20.740933774Z	63	PC: 9e9ee \| Read file or device (See above)
2018-12-25T12:29:20.746297746Z	66	PC: 9e9ee \| Move file pointer (See above)
2018-12-25T12:29:20.748484426Z	64	PC: 9e9ee \| Write file or device (See above)
2018-12-25T12:29:21.081613837Z	66	PC: 9e9ee \| Move file pointer (See above)
2018-12-25T12:29:21.083322891Z	64	PC: 9e9ee \| Write file or device (See above)
2018-12-25T12:29:21.086283127Z	87	PC: 9e9ee \| Get or set file date and time (See above)
2018-12-25T12:29:21.08910978Z	62	PC: 9e9ee \| Close file (See above)
2018-12-25T12:29:21.097246553Z	75	PC: 14a5a \| Execute program
2018-12-25T12:29:21.108966179Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:29:21.124160812Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":29,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10828,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:21.029809352Z	105	PC: 14991 \| Get or set media id
2018-12-25T12:29:21.035421166Z	42	PC: 1499b \| Get date 0x1499b: cmp dh, 7 0x1499e: jne 0x149fa 0x149a0: cmp dl, 0x1d 0x149a3: jne 0x149fa 0x149a5: mov ax, 0x12 0x149a8: int 0x10 0x149aa: mov cx, 0xffff 0x149ad: push cx 0x149ae: mov cx, 0xfff 0x149b1: loop 0x149b1 0x149b3: pop cx 0x149b4: loop 0x149ad 0x149b6: mov al, 7 0x149b8: int 0x29 0x149ba: lea bx, word ptr [si + 0x62] 0x149be: push si 0x149bf: xor si, si 0x149c1: jmp 0x149de 0x149c3: add si, word ptr cs:[bx] 0x149c6: add bx, 2