Sample viewer

vx.netlux.org/Virus.DOS.DarthVader.992

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:55:02.694859277Z	53	PC: 12b02 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:02.697388684Z	37	PC: 12b18 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:02.699133216Z	37	PC: 12b20 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:55:02.700743135Z	37	PC: 12b25 \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:55:02.702724822Z	26	PC: 12c06 \| Set disk transfer address
2018-12-17T22:55:02.70546703Z	78	PC: 12cfb \| Find first file
2018-12-17T22:55:02.71299501Z	61	PC: 12d61 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:55:02.720069457Z	67	PC: 12dc6 \| Get or set file attributes
2018-12-17T22:55:02.727241699Z	67	PC: 12dd0 \| Get or set file attributes
2018-12-17T22:55:03.006373518Z	62	PC: 12d68 \| Close file
2018-12-17T22:55:03.008783612Z	61	PC: 12d74 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:55:03.022260612Z	63	PC: 12d80 \| Read file or device (Read 2 bytes on handle 6)
2018-12-17T22:55:03.030236695Z	66	PC: 12d9f \| Move file pointer
2018-12-17T22:55:03.032170914Z	63	PC: 12da9 \| Read file or device (Read 2 bytes on handle 6)
2018-12-17T22:55:03.035668462Z	87	PC: 12d36 \| Get or set file date and time
2018-12-17T22:55:03.037982124Z	66	PC: 12dde \| Move file pointer
2018-12-17T22:55:03.039834218Z	63	PC: 12deb \| Read file or device (Read 3 bytes on handle 6)
2018-12-17T22:55:03.043148282Z	66	PC: 12e0b \| Move file pointer
2018-12-17T22:55:03.046323645Z	64	PC: 12e2c \| Write file or device (Write 3 bytes on handle 6)
2018-12-17T22:55:03.049089247Z	66	PC: 12e40 \| Move file pointer
2018-12-17T22:55:03.051033033Z	64	PC: 12e55 \| Write file or device (Write 992 bytes on handle 6)
2018-12-17T22:55:03.06102637Z	87	PC: 12e66 \| Get or set file date and time
2018-12-17T22:55:03.062892711Z	62	PC: 12e6a \| Close file
2018-12-17T22:55:03.071773055Z	37	PC: 12b3f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:03.074458927Z	26	PC: 12e7d \| Set disk transfer address
2018-12-17T22:55:03.076539Z	42	PC: 12bb1 \| Get date 0x12bb1: cmp dh, 8 0x12bb4: jl 0x12bf5 0x12bb6: mov dl, 0x80 0x12bb8: mov ah, 8 0x12bba: int 0x13 0x12bbc: push dx 0x12bbd: push cx 0x12bbe: mov dl, 0x80 0x12bc0: mov cx, 7 0x12bc3: dec cx 0x12bc4: push cx 0x12bc5: mov cx, word ptr [bp - 1] 0x12bc8: xor ch, ch 0x12bca: dec cx 0x12bcb: push cx 0x12bcc: mov dh, byte ptr [bp - 8] 0x12bcf: mov ch, byte ptr [bp - 6] 0x12bd2: mov cl, 1 0x12bd4: mov al, byte ptr [bp - 4] 0x12bd7: mov ah, 3
2018-12-17T22:55:04.21552434Z	9	PC: 12bf5 \| Display string (String= 'The Evil Impire wasn't destroyed,I'm the ghost of DARTH VADER ! ')
2018-12-17T22:55:04.222741636Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=00000064h/0000000100d bytes. ')
2018-12-17T22:55:04.227322413Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11760,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:16.484106926Z	53	PC: 12b02 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:16.48587932Z	37	PC: 12b18 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:16.487124189Z	37	PC: 12b20 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:31:16.488180894Z	37	PC: 12b25 \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:31:16.490390743Z	26	PC: 12c06 \| Set disk transfer address
2018-12-25T12:31:16.491594682Z	78	PC: 12cfb \| Find first file
2018-12-25T12:31:16.497515475Z	61	PC: 12d61 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:16.504328125Z	67	PC: 12dc6 \| Get or set file attributes
2018-12-25T12:31:16.509891432Z	67	PC: 12dd0 \| Get or set file attributes
2018-12-25T12:31:16.525874203Z	62	PC: 12d68 \| Close file
2018-12-25T12:31:16.527610883Z	61	PC: 12d74 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:16.539309863Z	63	PC: 12d80 \| Read file or device (Read 2 bytes on handle 6)
2018-12-25T12:31:16.545796887Z	66	PC: 12d9f \| Move file pointer
2018-12-25T12:31:16.547079771Z	63	PC: 12da9 \| Read file or device (Read 2 bytes on handle 6)
2018-12-25T12:31:16.550301727Z	87	PC: 12d36 \| Get or set file date and time
2018-12-25T12:31:16.552001539Z	66	PC: 12dde \| Move file pointer
2018-12-25T12:31:16.553632908Z	63	PC: 12deb \| Read file or device (Read 3 bytes on handle 6)
2018-12-25T12:31:16.556886781Z	66	PC: 12e0b \| Move file pointer
2018-12-25T12:31:16.558548629Z	64	PC: 12e2c \| Write file or device (Write 3 bytes on handle 6)
2018-12-25T12:31:16.561439508Z	66	PC: 12e40 \| Move file pointer
2018-12-25T12:31:16.564010749Z	64	PC: 12e55 \| Write file or device (Write 992 bytes on handle 6)
2018-12-25T12:31:16.572466554Z	87	PC: 12e66 \| Get or set file date and time
2018-12-25T12:31:16.573818073Z	62	PC: 12e6a \| Close file
2018-12-25T12:31:16.582041864Z	37	PC: 12b3f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:16.583230456Z	26	PC: 12e7d \| Set disk transfer address
2018-12-25T12:31:16.584249031Z	42	PC: 12bb1 \| Get date 0x12bb1: cmp dh, 8 0x12bb4: jl 0x12bf5 0x12bb6: mov dl, 0x80 0x12bb8: mov ah, 8 0x12bba: int 0x13 0x12bbc: push dx 0x12bbd: push cx 0x12bbe: mov dl, 0x80 0x12bc0: mov cx, 7 0x12bc3: dec cx 0x12bc4: push cx 0x12bc5: mov cx, word ptr [bp - 1] 0x12bc8: xor ch, ch 0x12bca: dec cx 0x12bcb: push cx 0x12bcc: mov dh, byte ptr [bp - 8] 0x12bcf: mov ch, byte ptr [bp - 6] 0x12bd2: mov cl, 1 0x12bd4: mov al, byte ptr [bp - 4] 0x12bd7: mov ah, 3
2018-12-25T12:31:16.586650419Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=00000064h/0000000100d bytes. ')
2018-12-25T12:31:16.591878126Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11760,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:17.090912519Z	53	PC: 12b02 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:17.092610684Z	37	PC: 12b18 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:17.09482837Z	37	PC: 12b20 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:31:17.096085817Z	37	PC: 12b25 \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:31:17.097686546Z	26	PC: 12c06 \| Set disk transfer address
2018-12-25T12:31:17.099762118Z	78	PC: 12cfb \| Find first file
2018-12-25T12:31:17.106032691Z	61	PC: 12d61 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:17.112811232Z	67	PC: 12dc6 \| Get or set file attributes
2018-12-25T12:31:17.119694612Z	67	PC: 12dd0 \| Get or set file attributes
2018-12-25T12:31:17.135273807Z	62	PC: 12d68 \| Close file
2018-12-25T12:31:17.137257368Z	61	PC: 12d74 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:17.145504498Z	63	PC: 12d80 \| Read file or device (Read 2 bytes on handle 6)
2018-12-25T12:31:17.152255696Z	66	PC: 12d9f \| Move file pointer
2018-12-25T12:31:17.154196138Z	63	PC: 12da9 \| Read file or device (Read 2 bytes on handle 6)
2018-12-25T12:31:17.157745301Z	87	PC: 12d36 \| Get or set file date and time
2018-12-25T12:31:17.159655143Z	66	PC: 12dde \| Move file pointer
2018-12-25T12:31:17.161586155Z	63	PC: 12deb \| Read file or device (Read 3 bytes on handle 6)
2018-12-25T12:31:17.16490278Z	66	PC: 12e0b \| Move file pointer
2018-12-25T12:31:17.167430993Z	64	PC: 12e2c \| Write file or device (Write 3 bytes on handle 6)
2018-12-25T12:31:17.170652762Z	66	PC: 12e40 \| Move file pointer
2018-12-25T12:31:17.172832324Z	64	PC: 12e55 \| Write file or device (Write 992 bytes on handle 6)
2018-12-25T12:31:17.179391586Z	87	PC: 12e66 \| Get or set file date and time
2018-12-25T12:31:17.180657009Z	62	PC: 12e6a \| Close file
2018-12-25T12:31:17.185765293Z	37	PC: 12b3f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:17.187454482Z	26	PC: 12e7d \| Set disk transfer address
2018-12-25T12:31:17.188427191Z	42	PC: 12bb1 \| Get date 0x12bb1: cmp dh, 8 0x12bb4: jl 0x12bf5 0x12bb6: mov dl, 0x80 0x12bb8: mov ah, 8 0x12bba: int 0x13 0x12bbc: push dx 0x12bbd: push cx 0x12bbe: mov dl, 0x80 0x12bc0: mov cx, 7 0x12bc3: dec cx 0x12bc4: push cx 0x12bc5: mov cx, word ptr [bp - 1] 0x12bc8: xor ch, ch 0x12bca: dec cx 0x12bcb: push cx 0x12bcc: mov dh, byte ptr [bp - 8] 0x12bcf: mov ch, byte ptr [bp - 6] 0x12bd2: mov cl, 1 0x12bd4: mov al, byte ptr [bp - 4] 0x12bd7: mov ah, 3
2018-12-25T12:31:17.915781825Z	9	PC: 12bf5 \| Display string (String= 'The Evil Impire wasn't destroyed,I'm the ghost of DARTH VADER ! ')
2018-12-25T12:31:17.922341586Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=00000064h/0000000100d bytes. ')
2018-12-25T12:31:17.927803977Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')