Sample viewer

vx.netlux.org/Virus.DOS.Badguy.265

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:55:25.142571055Z	78	PC: 12a4c \| Find first file
2018-12-17T22:55:25.149356396Z	61	PC: 12a5c \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:55:25.157034788Z	64	PC: 12ab1 \| Write file or device (Write 265 bytes on handle 5)
2018-12-17T22:55:25.163983597Z	62	PC: 12ab7 \| Close file
2018-12-17T22:55:25.177563899Z	79	PC: 12a71 \| Find next file
2018-12-17T22:55:25.181661345Z	61	PC: 12a5c \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:55:25.193965207Z	64	PC: 12ab1 \| Write file or device (Write 265 bytes on handle 5)
2018-12-17T22:55:25.200935516Z	62	PC: 12ab7 \| Close file
2018-12-17T22:55:25.2098111Z	79	PC: 12a71 \| Find next file
2018-12-17T22:55:25.212856898Z	61	PC: 12a5c \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:55:25.220064985Z	64	PC: 12ab1 \| Write file or device (Write 265 bytes on handle 5)
2018-12-17T22:55:25.228428896Z	62	PC: 12ab7 \| Close file
2018-12-17T22:55:25.236761768Z	79	PC: 12a71 \| Find next file
2018-12-17T22:55:25.239583936Z	61	PC: 12a5c \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:55:25.246465218Z	64	PC: 12ab1 \| Write file or device (Write 265 bytes on handle 5)
2018-12-17T22:55:25.254774296Z	62	PC: 12ab7 \| Close file
2018-12-17T22:55:25.262867588Z	79	PC: 12a71 \| Find next file
2018-12-17T22:55:25.265603503Z	61	PC: 12a5c \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:55:25.272900227Z	64	PC: 12ab1 \| Write file or device (Write 265 bytes on handle 5)
2018-12-17T22:55:25.279826373Z	62	PC: 12ab7 \| Close file
2018-12-17T22:55:25.287841138Z	79	PC: 12a71 \| Find next file
2018-12-17T22:55:25.290908226Z	61	PC: 12a5c \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:55:25.297712584Z	64	PC: 12ab1 \| Write file or device (Write 265 bytes on handle 5)
2018-12-17T22:55:25.30482983Z	62	PC: 12ab7 \| Close file
2018-12-17T22:55:25.31449096Z	79	PC: 12a71 \| Find next file
2018-12-17T22:55:25.317413558Z	61	PC: 12a5c \| Open file (Filename = 'PAH.COM')
2018-12-17T22:55:25.325130321Z	64	PC: 12ab1 \| Write file or device (Write 265 bytes on handle 5)
2018-12-17T22:55:25.333951021Z	62	PC: 12ab7 \| Close file
2018-12-17T22:55:25.342563659Z	79	PC: 12a71 \| Find next file
2018-12-17T22:55:25.345830033Z	61	PC: 12a5c \| Open file (Filename = 'TEST.COM')
2018-12-17T22:55:25.353446237Z	64	PC: 12ab1 \| Write file or device (Write 265 bytes on handle 5)
2018-12-17T22:55:25.362517058Z	62	PC: 12ab7 \| Close file
2018-12-17T22:55:25.371489172Z	79	PC: 12a71 \| Find next file
2018-12-17T22:55:25.375333422Z	42	PC: 12a7d \| Get date 0x12a7d: cmp al, 1 0x12a7f: je 0x12a92 0x12a81: jmp 0x12aa0 0x12a83: nop 0x12a84: pop es 0x12a85: pop ds 0x12a86: pop bp 0x12a87: pop di 0x12a88: pop si 0x12a89: pop dx 0x12a8a: pop cx 0x12a8b: pop bx 0x12a8c: pop ax 0x12a8d: ljmp ptr cs:[0x182] 0x12a92: mov dx, 0x3d4 0x12a95: mov al, 2 0x12a97: out dx, al 0x12a98: mov al, 0xff 0x12a9a: mov dx, 0x3d5 0x12a9d: out dx, al

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11888,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:28.771487203Z	78	PC: 12a4c \| Find first file
2018-12-25T12:31:28.778781172Z	61	PC: 12a5c \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:28.786198809Z	64	PC: 12ab1 \| Write file or device (Write 265 bytes on handle 5)
2018-12-25T12:31:28.793672359Z	62	PC: 12ab7 \| Close file
2018-12-25T12:31:28.809458745Z	79	PC: 12a71 \| Find next file
2018-12-25T12:31:28.813971936Z	61	PC: 12a5c \| Open file (See above)
2018-12-25T12:31:28.821573518Z	64	PC: 12ab1 \| Write file or device (See above)
2018-12-25T12:31:28.829374437Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T12:31:28.840640306Z	79	PC: 12a71 \| Find next file (See above)
2018-12-25T12:31:28.843602106Z	61	PC: 12a5c \| Open file (See above)
2018-12-25T12:31:28.851089988Z	64	PC: 12ab1 \| Write file or device (See above)
2018-12-25T12:31:28.859414891Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T12:31:28.869065524Z	79	PC: 12a71 \| Find next file (See above)
2018-12-25T12:31:28.873866115Z	61	PC: 12a5c \| Open file (See above)
2018-12-25T12:31:28.881970853Z	64	PC: 12ab1 \| Write file or device (See above)
2018-12-25T12:31:28.889482392Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T12:31:28.898655565Z	79	PC: 12a71 \| Find next file (See above)
2018-12-25T12:31:28.903857862Z	61	PC: 12a5c \| Open file (See above)
2018-12-25T12:31:28.91022754Z	64	PC: 12ab1 \| Write file or device (See above)
2018-12-25T12:31:28.917618521Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T12:31:28.92796596Z	79	PC: 12a71 \| Find next file (See above)
2018-12-25T12:31:28.930864617Z	61	PC: 12a5c \| Open file (See above)
2018-12-25T12:31:28.93807737Z	64	PC: 12ab1 \| Write file or device (See above)
2018-12-25T12:31:28.945340308Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T12:31:28.954319686Z	79	PC: 12a71 \| Find next file (See above)
2018-12-25T12:31:28.957424378Z	61	PC: 12a5c \| Open file (See above)
2018-12-25T12:31:28.965338103Z	64	PC: 12ab1 \| Write file or device (See above)
2018-12-25T12:31:28.97421754Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T12:31:28.983410149Z	79	PC: 12a71 \| Find next file (See above)
2018-12-25T12:31:28.987707599Z	61	PC: 12a5c \| Open file (See above)
2018-12-25T12:31:28.996343918Z	64	PC: 12ab1 \| Write file or device (See above)
2018-12-25T12:31:29.000012922Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T12:31:29.010112611Z	79	PC: 12a71 \| Find next file (See above)
2018-12-25T12:31:29.015048375Z	42	PC: 12a7d \| Get date 0x12a7d: cmp al, 1 0x12a7f: je 0x12a92 0x12a81: jmp 0x12aa0 0x12a83: nop 0x12a84: pop es 0x12a85: pop ds 0x12a86: pop bp 0x12a87: pop di 0x12a88: pop si 0x12a89: pop dx 0x12a8a: pop cx 0x12a8b: pop bx 0x12a8c: pop ax 0x12a8d: ljmp ptr cs:[0x182] 0x12a92: mov dx, 0x3d4 0x12a95: mov al, 2 0x12a97: out dx, al 0x12a98: mov al, 0xff 0x12a9a: mov dx, 0x3d5 0x12a9d: out dx, al
2018-12-25T12:31:29.01752327Z	76	PC: 12aa4 \| Terminate with return code (Return code = '2')

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11888,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:28.818796044Z	78	PC: 12a4c \| Find first file
2018-12-25T12:31:28.825322002Z	61	PC: 12a5c \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:28.831671217Z	64	PC: 12ab1 \| Write file or device (Write 265 bytes on handle 5)
2018-12-25T12:31:28.837974757Z	62	PC: 12ab7 \| Close file
2018-12-25T12:31:28.852344177Z	79	PC: 12a71 \| Find next file
2018-12-25T12:31:28.854945101Z	61	PC: 12a5c \| Open file (See above)
2018-12-25T12:31:28.861539545Z	64	PC: 12ab1 \| Write file or device (See above)
2018-12-25T12:31:28.869852418Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T12:31:28.877959205Z	79	PC: 12a71 \| Find next file (See above)
2018-12-25T12:31:28.880249045Z	61	PC: 12a5c \| Open file (See above)
2018-12-25T12:31:28.884939701Z	64	PC: 12ab1 \| Write file or device (See above)
2018-12-25T12:31:28.889105406Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T12:31:28.894268463Z	79	PC: 12a71 \| Find next file (See above)
2018-12-25T12:31:28.896292638Z	61	PC: 12a5c \| Open file (See above)
2018-12-25T12:31:28.900813901Z	64	PC: 12ab1 \| Write file or device (See above)
2018-12-25T12:31:28.904872281Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T12:31:28.909857969Z	79	PC: 12a71 \| Find next file (See above)
2018-12-25T12:31:28.911730339Z	61	PC: 12a5c \| Open file (See above)
2018-12-25T12:31:28.918753Z	64	PC: 12ab1 \| Write file or device (See above)
2018-12-25T12:31:28.922752377Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T12:31:28.928035938Z	79	PC: 12a71 \| Find next file (See above)
2018-12-25T12:31:28.929667368Z	61	PC: 12a5c \| Open file (See above)
2018-12-25T12:31:28.937546153Z	64	PC: 12ab1 \| Write file or device (See above)
2018-12-25T12:31:28.942221601Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T12:31:28.947150682Z	79	PC: 12a71 \| Find next file (See above)
2018-12-25T12:31:28.948766527Z	61	PC: 12a5c \| Open file (See above)
2018-12-25T12:31:28.953303141Z	64	PC: 12ab1 \| Write file or device (See above)
2018-12-25T12:31:28.959527345Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T12:31:28.967304874Z	79	PC: 12a71 \| Find next file (See above)
2018-12-25T12:31:28.970115638Z	61	PC: 12a5c \| Open file (See above)
2018-12-25T12:31:28.976337623Z	64	PC: 12ab1 \| Write file or device (See above)
2018-12-25T12:31:28.982648373Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T12:31:28.991079455Z	79	PC: 12a71 \| Find next file (See above)
2018-12-25T12:31:28.993264984Z	42	PC: 12a7d \| Get date 0x12a7d: cmp al, 1 0x12a7f: je 0x12a92 0x12a81: jmp 0x12aa0 0x12a83: nop 0x12a84: pop es 0x12a85: pop ds 0x12a86: pop bp 0x12a87: pop di 0x12a88: pop si 0x12a89: pop dx 0x12a8a: pop cx 0x12a8b: pop bx 0x12a8c: pop ax 0x12a8d: ljmp ptr cs:[0x182] 0x12a92: mov dx, 0x3d4 0x12a95: mov al, 2 0x12a97: out dx, al 0x12a98: mov al, 0xff 0x12a9a: mov dx, 0x3d5 0x12a9d: out dx, al