Sample viewer

vx.netlux.org/Virus.DOS.Bug.920

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:53:07.222686414Z	26	PC: 12bd5 \| Set disk transfer address
2018-12-17T22:53:07.234107791Z	78	PC: 12be1 \| Find first file
2018-12-17T22:53:07.240843494Z	78	PC: 12bf8 \| Find first file
2018-12-17T22:53:07.24739407Z	67	PC: 12c63 \| Get or set file attributes
2018-12-17T22:53:07.266064125Z	61	PC: 12c6e \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:53:07.273867602Z	87	PC: 12c77 \| Get or set file date and time
2018-12-17T22:53:07.275828953Z	66	PC: 12c90 \| Move file pointer
2018-12-17T22:53:07.277968966Z	63	PC: 12c9c \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:53:07.285713809Z	66	PC: 12cc0 \| Move file pointer
2018-12-17T22:53:07.2872718Z	63	PC: 12ccc \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:53:07.290065712Z	66	PC: 12cd8 \| Move file pointer
2018-12-17T22:53:07.29263928Z	64	PC: 12d1e \| Write file or device (Write 920 bytes on handle 5)
2018-12-17T22:53:07.302745566Z	66	PC: 12d2a \| Move file pointer
2018-12-17T22:53:07.304474445Z	64	PC: 12d41 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:53:07.312260446Z	62	PC: 12d45 \| Close file
2018-12-17T22:53:07.32179142Z	61	PC: 12d50 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:53:07.329663962Z	87	PC: 12d5f \| Get or set file date and time
2018-12-17T22:53:07.332365192Z	62	PC: 12d63 \| Close file
2018-12-17T22:53:07.339973776Z	78	PC: 12d6f \| Find first file
2018-12-17T22:53:07.346137869Z	78	PC: 12c0f \| Find first file
2018-12-17T22:53:07.35332964Z	67	PC: 12c63 \| Get or set file attributes
2018-12-17T22:53:07.692189638Z	61	PC: 12c6e \| Open file (Filename = 'c:\command.com')
2018-12-17T22:53:07.699869603Z	87	PC: 12c77 \| Get or set file date and time
2018-12-17T22:53:07.703148373Z	66	PC: 12c90 \| Move file pointer
2018-12-17T22:53:07.706527391Z	63	PC: 12c9c \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:53:07.710256626Z	66	PC: 12cc0 \| Move file pointer
2018-12-17T22:53:07.712164842Z	63	PC: 12ccc \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:53:07.718398446Z	66	PC: 12cd8 \| Move file pointer
2018-12-17T22:53:07.720662087Z	64	PC: 12d1e \| Write file or device (Write 920 bytes on handle 5)
2018-12-17T22:53:07.743927752Z	66	PC: 12d2a \| Move file pointer
2018-12-17T22:53:07.750698004Z	64	PC: 12d41 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:53:07.754212796Z	62	PC: 12d45 \| Close file
2018-12-17T22:53:07.763182095Z	61	PC: 12d50 \| Open file (Filename = 'c:\command.com')
2018-12-17T22:53:07.771767048Z	87	PC: 12d5f \| Get or set file date and time
2018-12-17T22:53:07.773341221Z	62	PC: 12d63 \| Close file
2018-12-17T22:53:07.779920582Z	78	PC: 12d6f \| Find first file
2018-12-17T22:53:07.78889316Z	78	PC: 12c0f \| Find first file
2018-12-17T22:53:07.796215151Z	67	PC: 12c63 \| Get or set file attributes
2018-12-17T22:53:07.806105679Z	61	PC: 12c6e \| Open file (Filename = 'c:\command.com')
2018-12-17T22:53:07.814258895Z	87	PC: 12c77 \| Get or set file date and time
2018-12-17T22:53:07.816236706Z	66	PC: 12c90 \| Move file pointer
2018-12-17T22:53:07.818182842Z	63	PC: 12c9c \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:53:07.822736946Z	62	PC: 12cb3 \| Close file
2018-12-17T22:53:07.825249724Z	78	PC: 12d8c \| Find first file
2018-12-17T22:53:07.831656113Z	42	PC: 12c2c \| Get date 0x12c2c: cmp dh, 5 0x12c2f: jl 0x12c50 0x12c31: cmp al, 1 0x12c33: jne 0x12c50 0x12c35: mov ah, 0x2c 0x12c37: int 0x21 0x12c39: mov ah, 0x11 0x12c3b: mov al, 0 0x12c3d: mov cx, 1 0x12c40: mov bp, 0x411 0x12c43: add bp, si 0x12c45: mov dh, 0 0x12c47: add dl, 0x41 0x12c4a: mov bh, 0x10 0x12c4c: mov bl, 0 0x12c4e: int 0x10 0x12c50: mov ax, 0x100 0x12c53: jmp ax 0x12c55: mov dx, 0x47e 0x12c58: add dx, si
2018-12-17T22:53:07.835113349Z	44	PC: 12c39 \| Get time 0x12c39: mov ah, 0x11 0x12c3b: mov al, 0 0x12c3d: mov cx, 1 0x12c40: mov bp, 0x411 0x12c43: add bp, si 0x12c45: mov dh, 0 0x12c47: add dl, 0x41 0x12c4a: mov bh, 0x10 0x12c4c: mov bl, 0 0x12c4e: int 0x10 0x12c50: mov ax, 0x100 0x12c53: jmp ax 0x12c55: mov dx, 0x47e 0x12c58: add dx, si 0x12c5a: mov ah, 0x43 0x12c5c: mov al, 1 0x12c5e: mov cx, 0 0x12c61: int 0x21 0x12c63: mov dx, 0x47e 0x12c66: add dx, si
2018-12-17T22:53:07.838987226Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:53:07.844019096Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11114,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:57.669008759Z	26	PC: 12bd5 \| Set disk transfer address
2018-12-25T12:29:57.67248071Z	78	PC: 12be1 \| Find first file
2018-12-25T12:29:57.679876569Z	78	PC: 12bf8 \| Find first file
2018-12-25T12:29:57.687524641Z	67	PC: 12c63 \| Get or set file attributes
2018-12-25T12:29:57.707874855Z	61	PC: 12c6e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:57.714262168Z	87	PC: 12c77 \| Get or set file date and time
2018-12-25T12:29:57.715483544Z	66	PC: 12c90 \| Move file pointer
2018-12-25T12:29:57.717206855Z	63	PC: 12c9c \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:57.721620674Z	66	PC: 12cc0 \| Move file pointer
2018-12-25T12:29:57.722947945Z	63	PC: 12ccc \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:57.726373026Z	66	PC: 12cd8 \| Move file pointer
2018-12-25T12:29:57.731325243Z	64	PC: 12d1e \| Write file or device (Write 920 bytes on handle 5)
2018-12-25T12:29:57.741962152Z	66	PC: 12d2a \| Move file pointer
2018-12-25T12:29:57.743876302Z	64	PC: 12d41 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:57.752961592Z	62	PC: 12d45 \| Close file
2018-12-25T12:29:57.763280811Z	61	PC: 12d50 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:57.770351312Z	87	PC: 12d5f \| Get or set file date and time
2018-12-25T12:29:57.773835925Z	62	PC: 12d63 \| Close file
2018-12-25T12:29:57.783219198Z	78	PC: 12d6f \| Find first file
2018-12-25T12:29:57.791757478Z	78	PC: 12c0f \| Find first file
2018-12-25T12:29:57.799727803Z	67	PC: 12c63 \| Get or set file attributes (See above)
2018-12-25T12:29:58.816187979Z	61	PC: 12c6e \| Open file (See above)
2018-12-25T12:29:58.823746457Z	87	PC: 12c77 \| Get or set file date and time (See above)
2018-12-25T12:29:58.826235303Z	66	PC: 12c90 \| Move file pointer (See above)
2018-12-25T12:29:58.829786921Z	63	PC: 12c9c \| Read file or device (See above)
2018-12-25T12:29:58.834498108Z	66	PC: 12cc0 \| Move file pointer (See above)
2018-12-25T12:29:58.837360335Z	63	PC: 12ccc \| Read file or device (See above)
2018-12-25T12:29:58.84111131Z	66	PC: 12cd8 \| Move file pointer (See above)
2018-12-25T12:29:58.843261037Z	64	PC: 12d1e \| Write file or device (See above)
2018-12-25T12:29:58.854391741Z	66	PC: 12d2a \| Move file pointer (See above)
2018-12-25T12:29:58.858976284Z	64	PC: 12d41 \| Write file or device (See above)
2018-12-25T12:29:58.862132791Z	62	PC: 12d45 \| Close file (See above)
2018-12-25T12:29:58.871181062Z	61	PC: 12d50 \| Open file (See above)
2018-12-25T12:29:58.879445187Z	87	PC: 12d5f \| Get or set file date and time (See above)
2018-12-25T12:29:58.881746902Z	62	PC: 12d63 \| Close file (See above)
2018-12-25T12:29:58.888752691Z	78	PC: 12d6f \| Find first file (See above)
2018-12-25T12:29:58.896301393Z	78	PC: 12c0f \| Find first file (See above)
2018-12-25T12:29:58.903897233Z	67	PC: 12c63 \| Get or set file attributes (See above)
2018-12-25T12:29:58.914380333Z	61	PC: 12c6e \| Open file (See above)
2018-12-25T12:29:58.922962774Z	87	PC: 12c77 \| Get or set file date and time (See above)
2018-12-25T12:29:58.925144107Z	66	PC: 12c90 \| Move file pointer (See above)
2018-12-25T12:29:58.927238839Z	63	PC: 12c9c \| Read file or device (See above)
2018-12-25T12:29:58.931357489Z	62	PC: 12cb3 \| Close file
2018-12-25T12:29:58.934778759Z	78	PC: 12d8c \| Find first file
2018-12-25T12:29:58.941509779Z	42	PC: 12c2c \| Get date 0x12c2c: cmp dh, 5 0x12c2f: jl 0x12c50 0x12c31: cmp al, 1 0x12c33: jne 0x12c50 0x12c35: mov ah, 0x2c 0x12c37: int 0x21 0x12c39: mov ah, 0x11 0x12c3b: mov al, 0 0x12c3d: mov cx, 1 0x12c40: mov bp, 0x411 0x12c43: add bp, si 0x12c45: mov dh, 0 0x12c47: add dl, 0x41 0x12c4a: mov bh, 0x10 0x12c4c: mov bl, 0 0x12c4e: int 0x10 0x12c50: mov ax, 0x100 0x12c53: jmp ax 0x12c55: mov dx, 0x47e 0x12c58: add dx, si
2018-12-25T12:29:58.9444772Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:29:58.952190321Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11114,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:57.679111102Z	26	PC: 12bd5 \| Set disk transfer address
2018-12-25T12:29:57.681846587Z	78	PC: 12be1 \| Find first file
2018-12-25T12:29:57.68865214Z	78	PC: 12bf8 \| Find first file
2018-12-25T12:29:57.695233877Z	67	PC: 12c63 \| Get or set file attributes
2018-12-25T12:29:57.714376273Z	61	PC: 12c6e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:57.723220049Z	87	PC: 12c77 \| Get or set file date and time
2018-12-25T12:29:57.725184213Z	66	PC: 12c90 \| Move file pointer
2018-12-25T12:29:57.727841274Z	63	PC: 12c9c \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:57.736463196Z	66	PC: 12cc0 \| Move file pointer
2018-12-25T12:29:57.737933103Z	63	PC: 12ccc \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:57.741142761Z	66	PC: 12cd8 \| Move file pointer
2018-12-25T12:29:57.743817455Z	64	PC: 12d1e \| Write file or device (Write 920 bytes on handle 5)
2018-12-25T12:29:57.754145485Z	66	PC: 12d2a \| Move file pointer
2018-12-25T12:29:57.756389935Z	64	PC: 12d41 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:57.764617881Z	62	PC: 12d45 \| Close file
2018-12-25T12:29:57.774436395Z	61	PC: 12d50 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:57.782217359Z	87	PC: 12d5f \| Get or set file date and time
2018-12-25T12:29:57.784346279Z	62	PC: 12d63 \| Close file
2018-12-25T12:29:57.793109995Z	78	PC: 12d6f \| Find first file
2018-12-25T12:29:57.80055059Z	78	PC: 12c0f \| Find first file
2018-12-25T12:29:57.807101218Z	67	PC: 12c63 \| Get or set file attributes (See above)
2018-12-25T12:29:58.822972265Z	61	PC: 12c6e \| Open file (See above)
2018-12-25T12:29:58.831007425Z	87	PC: 12c77 \| Get or set file date and time (See above)
2018-12-25T12:29:58.83308847Z	66	PC: 12c90 \| Move file pointer (See above)
2018-12-25T12:29:58.837009615Z	63	PC: 12c9c \| Read file or device (See above)
2018-12-25T12:29:58.840871801Z	66	PC: 12cc0 \| Move file pointer (See above)
2018-12-25T12:29:58.842710599Z	63	PC: 12ccc \| Read file or device (See above)
2018-12-25T12:29:58.846494062Z	66	PC: 12cd8 \| Move file pointer (See above)
2018-12-25T12:29:58.848940858Z	64	PC: 12d1e \| Write file or device (See above)
2018-12-25T12:29:58.870352821Z	66	PC: 12d2a \| Move file pointer (See above)
2018-12-25T12:29:58.872597492Z	64	PC: 12d41 \| Write file or device (See above)
2018-12-25T12:29:58.876858553Z	62	PC: 12d45 \| Close file (See above)
2018-12-25T12:29:58.884127003Z	61	PC: 12d50 \| Open file (See above)
2018-12-25T12:29:58.889618278Z	87	PC: 12d5f \| Get or set file date and time (See above)
2018-12-25T12:29:58.891581506Z	62	PC: 12d63 \| Close file (See above)
2018-12-25T12:29:58.895720957Z	78	PC: 12d6f \| Find first file (See above)
2018-12-25T12:29:58.900917718Z	78	PC: 12c0f \| Find first file (See above)
2018-12-25T12:29:58.905642806Z	67	PC: 12c63 \| Get or set file attributes (See above)
2018-12-25T12:29:58.911903418Z	61	PC: 12c6e \| Open file (See above)
2018-12-25T12:29:58.916506728Z	87	PC: 12c77 \| Get or set file date and time (See above)
2018-12-25T12:29:58.918214901Z	66	PC: 12c90 \| Move file pointer (See above)
2018-12-25T12:29:58.919445054Z	63	PC: 12c9c \| Read file or device (See above)
2018-12-25T12:29:58.921590863Z	62	PC: 12cb3 \| Close file
2018-12-25T12:29:58.924147782Z	78	PC: 12d8c \| Find first file
2018-12-25T12:29:58.928620631Z	42	PC: 12c2c \| Get date 0x12c2c: cmp dh, 5 0x12c2f: jl 0x12c50 0x12c31: cmp al, 1 0x12c33: jne 0x12c50 0x12c35: mov ah, 0x2c 0x12c37: int 0x21 0x12c39: mov ah, 0x11 0x12c3b: mov al, 0 0x12c3d: mov cx, 1 0x12c40: mov bp, 0x411 0x12c43: add bp, si 0x12c45: mov dh, 0 0x12c47: add dl, 0x41 0x12c4a: mov bh, 0x10 0x12c4c: mov bl, 0 0x12c4e: int 0x10 0x12c50: mov ax, 0x100 0x12c53: jmp ax 0x12c55: mov dx, 0x47e 0x12c58: add dx, si
2018-12-25T12:29:58.930286269Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:29:58.937666497Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":5,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11114,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:57.711718598Z	26	PC: 12bd5 \| Set disk transfer address
2018-12-25T12:29:57.714584856Z	78	PC: 12be1 \| Find first file
2018-12-25T12:29:57.721586085Z	78	PC: 12bf8 \| Find first file
2018-12-25T12:29:57.726729912Z	67	PC: 12c63 \| Get or set file attributes
2018-12-25T12:29:57.741298179Z	61	PC: 12c6e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:57.745930735Z	87	PC: 12c77 \| Get or set file date and time
2018-12-25T12:29:57.747241252Z	66	PC: 12c90 \| Move file pointer
2018-12-25T12:29:57.74898248Z	63	PC: 12c9c \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:57.753356498Z	66	PC: 12cc0 \| Move file pointer
2018-12-25T12:29:57.754691244Z	63	PC: 12ccc \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:57.75720445Z	66	PC: 12cd8 \| Move file pointer
2018-12-25T12:29:57.759291839Z	64	PC: 12d1e \| Write file or device (Write 920 bytes on handle 5)
2018-12-25T12:29:57.766157027Z	66	PC: 12d2a \| Move file pointer
2018-12-25T12:29:57.768097118Z	64	PC: 12d41 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:57.775035991Z	62	PC: 12d45 \| Close file
2018-12-25T12:29:57.785263761Z	61	PC: 12d50 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:57.792784016Z	87	PC: 12d5f \| Get or set file date and time
2018-12-25T12:29:57.800046089Z	62	PC: 12d63 \| Close file
2018-12-25T12:29:57.807931222Z	78	PC: 12d6f \| Find first file
2018-12-25T12:29:57.814172949Z	78	PC: 12c0f \| Find first file
2018-12-25T12:29:57.8214203Z	67	PC: 12c63 \| Get or set file attributes (See above)
2018-12-25T12:29:58.816698161Z	61	PC: 12c6e \| Open file (See above)
2018-12-25T12:29:58.824386918Z	87	PC: 12c77 \| Get or set file date and time (See above)
2018-12-25T12:29:58.827050234Z	66	PC: 12c90 \| Move file pointer (See above)
2018-12-25T12:29:58.829587376Z	63	PC: 12c9c \| Read file or device (See above)
2018-12-25T12:29:58.833447091Z	66	PC: 12cc0 \| Move file pointer (See above)
2018-12-25T12:29:58.836660464Z	63	PC: 12ccc \| Read file or device (See above)
2018-12-25T12:29:58.841294928Z	66	PC: 12cd8 \| Move file pointer (See above)
2018-12-25T12:29:58.843557091Z	64	PC: 12d1e \| Write file or device (See above)
2018-12-25T12:29:58.855719064Z	66	PC: 12d2a \| Move file pointer (See above)
2018-12-25T12:29:58.85870399Z	64	PC: 12d41 \| Write file or device (See above)
2018-12-25T12:29:58.86226494Z	62	PC: 12d45 \| Close file (See above)
2018-12-25T12:29:58.871311848Z	61	PC: 12d50 \| Open file (See above)
2018-12-25T12:29:58.879647007Z	87	PC: 12d5f \| Get or set file date and time (See above)
2018-12-25T12:29:58.881808251Z	62	PC: 12d63 \| Close file (See above)
2018-12-25T12:29:58.889545009Z	78	PC: 12d6f \| Find first file (See above)
2018-12-25T12:29:58.896696393Z	78	PC: 12c0f \| Find first file (See above)
2018-12-25T12:29:58.904137995Z	67	PC: 12c63 \| Get or set file attributes (See above)
2018-12-25T12:29:58.915361915Z	61	PC: 12c6e \| Open file (See above)
2018-12-25T12:29:58.923345721Z	87	PC: 12c77 \| Get or set file date and time (See above)
2018-12-25T12:29:58.925651092Z	66	PC: 12c90 \| Move file pointer (See above)
2018-12-25T12:29:58.92779084Z	63	PC: 12c9c \| Read file or device (See above)
2018-12-25T12:29:58.931888133Z	62	PC: 12cb3 \| Close file
2018-12-25T12:29:58.934085761Z	78	PC: 12d8c \| Find first file
2018-12-25T12:29:58.940260732Z	42	PC: 12c2c \| Get date 0x12c2c: cmp dh, 5 0x12c2f: jl 0x12c50 0x12c31: cmp al, 1 0x12c33: jne 0x12c50 0x12c35: mov ah, 0x2c 0x12c37: int 0x21 0x12c39: mov ah, 0x11 0x12c3b: mov al, 0 0x12c3d: mov cx, 1 0x12c40: mov bp, 0x411 0x12c43: add bp, si 0x12c45: mov dh, 0 0x12c47: add dl, 0x41 0x12c4a: mov bh, 0x10 0x12c4c: mov bl, 0 0x12c4e: int 0x10 0x12c50: mov ax, 0x100 0x12c53: jmp ax 0x12c55: mov dx, 0x47e 0x12c58: add dx, si
2018-12-25T12:29:58.943286087Z	44	PC: 12c39 \| Get time 0x12c39: mov ah, 0x11 0x12c3b: mov al, 0 0x12c3d: mov cx, 1 0x12c40: mov bp, 0x411 0x12c43: add bp, si 0x12c45: mov dh, 0 0x12c47: add dl, 0x41 0x12c4a: mov bh, 0x10 0x12c4c: mov bl, 0 0x12c4e: int 0x10 0x12c50: mov ax, 0x100 0x12c53: jmp ax 0x12c55: mov dx, 0x47e 0x12c58: add dx, si 0x12c5a: mov ah, 0x43 0x12c5c: mov al, 1 0x12c5e: mov cx, 0 0x12c61: int 0x21 0x12c63: mov dx, 0x47e 0x12c66: add dx, si
2018-12-25T12:29:58.947140247Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:29:58.953688596Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')