Sample viewer

vx.netlux.org/Virus.DOS.Aniver.507

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:55:11.165007024Z	47	PC: 12baa \| Get disk transfer address
2018-12-17T22:55:11.166716406Z	26	PC: 12bb6 \| Set disk transfer address
2018-12-17T22:55:11.168061903Z	37	PC: 12bbf \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:11.169540995Z	78	PC: 12c3c \| Find first file
2018-12-17T22:55:11.176324997Z	67	PC: 12c6d \| Get or set file attributes
2018-12-17T22:55:11.194876562Z	61	PC: 12c82 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:55:11.202419281Z	63	PC: 12c91 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:55:11.210453171Z	66	PC: 12ca1 \| Move file pointer
2018-12-17T22:55:11.212749895Z	64	PC: 12cb5 \| Write file or device (Write 507 bytes on handle 5)
2018-12-17T22:55:11.221355415Z	66	PC: 12cc5 \| Move file pointer
2018-12-17T22:55:11.222985417Z	64	PC: 12cd2 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:55:11.231059576Z	87	PC: 12ce5 \| Get or set file date and time
2018-12-17T22:55:11.237135851Z	62	PC: 12ce9 \| Close file
2018-12-17T22:55:11.246722719Z	67	PC: 12cf8 \| Get or set file attributes
2018-12-17T22:55:11.259302831Z	26	PC: 12d01 \| Set disk transfer address
2018-12-17T22:55:11.260648356Z	37	PC: 12d0b \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:11.262004368Z	42	PC: 12d10 \| Get date 0x12d10: cmp dx, 0x31b 0x12d14: jl 0x12d3b 0x12d16: cmp dx, 0x405 0x12d1a: jg 0x12d3b 0x12d1c: sub cx, 0x7ad 0x12d20: xor ax, ax 0x12d22: mov al, cl 0x12d24: mov ch, 0xa 0x12d26: div ch 0x12d28: add ax, 0x3030 0x12d2b: mov byte ptr [bp + 0x313], al 0x12d2f: mov byte ptr [bp + 0x314], ah 0x12d33: mov ah, 9 0x12d35: lea dx, word ptr [bp + 0x30c] 0x12d39: int 0x21 0x12d3b: cmp byte ptr [bp + 0x326], 0 0x12d40: jne 0x12d46 0x12d42: ljmp ptr [bp + 0x2fd] 0x12d46: pop dx 0x12d47: xor ax, ax
2018-12-17T22:55:11.264772586Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:55:11.270056392Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11805,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:23.168774312Z	47	PC: 12baa \| Get disk transfer address
2018-12-25T12:31:23.170554796Z	26	PC: 12bb6 \| Set disk transfer address
2018-12-25T12:31:23.172005306Z	37	PC: 12bbf \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:23.173865038Z	78	PC: 12c3c \| Find first file
2018-12-25T12:31:23.179766469Z	67	PC: 12c6d \| Get or set file attributes
2018-12-25T12:31:23.195216766Z	61	PC: 12c82 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:23.201725768Z	63	PC: 12c91 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:31:23.208361094Z	66	PC: 12ca1 \| Move file pointer
2018-12-25T12:31:23.218630087Z	64	PC: 12cb5 \| Write file or device (Write 507 bytes on handle 5)
2018-12-25T12:31:23.229014578Z	66	PC: 12cc5 \| Move file pointer
2018-12-25T12:31:23.230742378Z	64	PC: 12cd2 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:31:23.237866646Z	87	PC: 12ce5 \| Get or set file date and time
2018-12-25T12:31:23.239607971Z	62	PC: 12ce9 \| Close file
2018-12-25T12:31:23.248519179Z	67	PC: 12cf8 \| Get or set file attributes
2018-12-25T12:31:23.26040121Z	26	PC: 12d01 \| Set disk transfer address
2018-12-25T12:31:23.266119915Z	37	PC: 12d0b \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:23.267171888Z	42	PC: 12d10 \| Get date 0x12d10: cmp dx, 0x31b 0x12d14: jl 0x12d3b 0x12d16: cmp dx, 0x405 0x12d1a: jg 0x12d3b 0x12d1c: sub cx, 0x7ad 0x12d20: xor ax, ax 0x12d22: mov al, cl 0x12d24: mov ch, 0xa 0x12d26: div ch 0x12d28: add ax, 0x3030 0x12d2b: mov byte ptr [bp + 0x313], al 0x12d2f: mov byte ptr [bp + 0x314], ah 0x12d33: mov ah, 9 0x12d35: lea dx, word ptr [bp + 0x30c] 0x12d39: int 0x21 0x12d3b: cmp byte ptr [bp + 0x326], 0 0x12d40: jne 0x12d46 0x12d42: ljmp ptr [bp + 0x2fd] 0x12d46: pop dx 0x12d47: xor ax, ax
2018-12-25T12:31:23.270436058Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:31:23.275896501Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":27,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11805,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:23.167848696Z	47	PC: 12baa \| Get disk transfer address
2018-12-25T12:31:23.176106469Z	26	PC: 12bb6 \| Set disk transfer address
2018-12-25T12:31:23.177593401Z	37	PC: 12bbf \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:23.179058531Z	78	PC: 12c3c \| Find first file
2018-12-25T12:31:23.190641381Z	67	PC: 12c6d \| Get or set file attributes
2018-12-25T12:31:23.208287173Z	61	PC: 12c82 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:23.215794901Z	63	PC: 12c91 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:31:23.223696472Z	66	PC: 12ca1 \| Move file pointer
2018-12-25T12:31:23.226161743Z	64	PC: 12cb5 \| Write file or device (Write 507 bytes on handle 5)
2018-12-25T12:31:23.235111438Z	66	PC: 12cc5 \| Move file pointer
2018-12-25T12:31:23.237211168Z	64	PC: 12cd2 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:31:23.25881236Z	87	PC: 12ce5 \| Get or set file date and time
2018-12-25T12:31:23.260442061Z	62	PC: 12ce9 \| Close file
2018-12-25T12:31:23.268997817Z	67	PC: 12cf8 \| Get or set file attributes
2018-12-25T12:31:23.280495565Z	26	PC: 12d01 \| Set disk transfer address
2018-12-25T12:31:23.281705949Z	37	PC: 12d0b \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:23.282853906Z	42	PC: 12d10 \| Get date 0x12d10: cmp dx, 0x31b 0x12d14: jl 0x12d3b 0x12d16: cmp dx, 0x405 0x12d1a: jg 0x12d3b 0x12d1c: sub cx, 0x7ad 0x12d20: xor ax, ax 0x12d22: mov al, cl 0x12d24: mov ch, 0xa 0x12d26: div ch 0x12d28: add ax, 0x3030 0x12d2b: mov byte ptr [bp + 0x313], al 0x12d2f: mov byte ptr [bp + 0x314], ah 0x12d33: mov ah, 9 0x12d35: lea dx, word ptr [bp + 0x30c] 0x12d39: int 0x21 0x12d3b: cmp byte ptr [bp + 0x326], 0 0x12d40: jne 0x12d46 0x12d42: ljmp ptr [bp + 0x2fd] 0x12d46: pop dx 0x12d47: xor ax, ax
2018-12-25T12:31:23.285832357Z	9	PC: 12d3b \| Display string (String= 'I.T.M. 15 Aniversario. ')
2018-12-25T12:31:23.290271936Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:31:23.296304199Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":6,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11805,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:23.240485785Z	47	PC: 12baa \| Get disk transfer address
2018-12-25T12:31:23.242291309Z	26	PC: 12bb6 \| Set disk transfer address
2018-12-25T12:31:23.243225438Z	37	PC: 12bbf \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:23.244505054Z	78	PC: 12c3c \| Find first file
2018-12-25T12:31:23.251156665Z	67	PC: 12c6d \| Get or set file attributes
2018-12-25T12:31:23.268067304Z	61	PC: 12c82 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:23.274755829Z	63	PC: 12c91 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:31:23.28100403Z	66	PC: 12ca1 \| Move file pointer
2018-12-25T12:31:23.283411495Z	64	PC: 12cb5 \| Write file or device (Write 507 bytes on handle 5)
2018-12-25T12:31:23.301548831Z	66	PC: 12cc5 \| Move file pointer
2018-12-25T12:31:23.302918769Z	64	PC: 12cd2 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:31:23.312366352Z	87	PC: 12ce5 \| Get or set file date and time
2018-12-25T12:31:23.314296582Z	62	PC: 12ce9 \| Close file
2018-12-25T12:31:23.322315506Z	67	PC: 12cf8 \| Get or set file attributes
2018-12-25T12:31:23.332508539Z	26	PC: 12d01 \| Set disk transfer address
2018-12-25T12:31:23.33939212Z	37	PC: 12d0b \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:23.340865429Z	42	PC: 12d10 \| Get date 0x12d10: cmp dx, 0x31b 0x12d14: jl 0x12d3b 0x12d16: cmp dx, 0x405 0x12d1a: jg 0x12d3b 0x12d1c: sub cx, 0x7ad 0x12d20: xor ax, ax 0x12d22: mov al, cl 0x12d24: mov ch, 0xa 0x12d26: div ch 0x12d28: add ax, 0x3030 0x12d2b: mov byte ptr [bp + 0x313], al 0x12d2f: mov byte ptr [bp + 0x314], ah 0x12d33: mov ah, 9 0x12d35: lea dx, word ptr [bp + 0x30c] 0x12d39: int 0x21 0x12d3b: cmp byte ptr [bp + 0x326], 0 0x12d40: jne 0x12d46 0x12d42: ljmp ptr [bp + 0x2fd] 0x12d46: pop dx 0x12d47: xor ax, ax
2018-12-25T12:31:23.34339937Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:31:23.350164615Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')