Sample viewer

vx.netlux.org/Virus.DOS.Vnu.418

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:55:46.212812369Z 78 PC: 13ea3 | Find first file
2018-12-17T22:55:46.218952379Z 61 PC: 13ec7 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:55:46.225233748Z 63 PC: 13edf | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:55:46.23125073Z 66 PC: 13ef7 | Move file pointer
2018-12-17T22:55:46.232761881Z 66 PC: 13f18 | Move file pointer
2018-12-17T22:55:46.233960547Z 64 PC: 13f23 | Write file or device (Write 6 bytes on handle 5)
2018-12-17T22:55:46.236343692Z 66 PC: 13f2c | Move file pointer
2018-12-17T22:55:46.237752728Z 64 PC: 13f37 | Write file or device (Write 31 bytes on handle 5)
2018-12-17T22:55:46.240288776Z 64 PC: 13f5c | Write file or device (Write 387 bytes on handle 5)
2018-12-17T22:55:46.254085211Z 62 PC: 13f60 | Close file
2018-12-17T22:55:46.261766763Z 79 PC: 13ea3 | Find next file
2018-12-17T22:55:46.264579371Z 61 PC: 13ec7 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:55:46.270942208Z 63 PC: 13edf | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:55:46.27775443Z 66 PC: 13ef7 | Move file pointer
2018-12-17T22:55:46.284778901Z 62 PC: 13f60 | Close file
2018-12-17T22:55:46.286474127Z 79 PC: 13ea3 | Find next file
2018-12-17T22:55:46.288959435Z 61 PC: 13ec7 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:55:46.295575405Z 63 PC: 13edf | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:55:46.301771229Z 66 PC: 13ef7 | Move file pointer
2018-12-17T22:55:46.303005279Z 62 PC: 13f60 | Close file
2018-12-17T22:55:46.305000547Z 79 PC: 13ea3 | Find next file
2018-12-17T22:55:46.30748726Z 61 PC: 13ec7 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:55:46.313739967Z 63 PC: 13edf | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:55:46.320471452Z 66 PC: 13ef7 | Move file pointer
2018-12-17T22:55:46.321783878Z 62 PC: 13f60 | Close file
2018-12-17T22:55:46.323431754Z 79 PC: 13ea3 | Find next file
2018-12-17T22:55:46.32690434Z 61 PC: 13ec7 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:55:46.333153518Z 63 PC: 13edf | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:55:46.339221567Z 66 PC: 13ef7 | Move file pointer
2018-12-17T22:55:46.341963718Z 62 PC: 13f60 | Close file
2018-12-17T22:55:46.344416784Z 79 PC: 13ea3 | Find next file
2018-12-17T22:55:46.346901752Z 61 PC: 13ec7 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:55:46.35354152Z 63 PC: 13edf | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:55:46.360189603Z 66 PC: 13ef7 | Move file pointer
2018-12-17T22:55:46.361765659Z 66 PC: 13f18 | Move file pointer
2018-12-17T22:55:46.3638735Z 64 PC: 13f23 | Write file or device (Write 6 bytes on handle 5)
2018-12-17T22:55:46.366525408Z 66 PC: 13f2c | Move file pointer
2018-12-17T22:55:46.368184841Z 64 PC: 13f37 | Write file or device (Write 31 bytes on handle 5)
2018-12-17T22:55:46.376510982Z 64 PC: 13f5c | Write file or device (Write 387 bytes on handle 5)
2018-12-17T22:55:46.379559873Z 62 PC: 13f60 | Close file
2018-12-17T22:55:46.387779028Z 79 PC: 13ea3 | Find next file
2018-12-17T22:55:46.390949973Z 61 PC: 13ec7 | Open file (Filename = 'PAH.COM')
2018-12-17T22:55:46.401057821Z 63 PC: 13edf | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:55:46.407677335Z 66 PC: 13ef7 | Move file pointer
2018-12-17T22:55:46.409545849Z 62 PC: 13f60 | Close file
2018-12-17T22:55:46.412820081Z 79 PC: 13ea3 | Find next file
2018-12-17T22:55:46.415415259Z 61 PC: 13ec7 | Open file (Filename = 'TEST.COM')
2018-12-17T22:55:46.421777773Z 63 PC: 13edf | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:55:46.425378567Z 62 PC: 13f60 | Close file
2018-12-17T22:55:46.427273199Z 79 PC: 13ea3 | Find next file
2018-12-17T22:55:46.429737907Z 44 PC: 13f74 | Get time 0x13f74: cmp ch, 9
0x13f77: je 0x13f7e
0x13f79: mov ax, 0x100
0x13f7c: jmp ax
0x13f7e: mov ah, 0x3c
0x13f80: mov cx, 0x20
0x13f83: lea dx, word ptr [bp + 0x286]
0x13f87: int 0x21
0x13f89: jb 0x13f8e
0x13f8b: jmp 0x13f98
0x13f8e: mov al, byte ptr [0x286]
0x13f91: inc al
0x13f93: mov byte ptr [0x286], al
0x13f96: jmp 0x13f7e
0x13f98: xchg ax, bx
0x13f99: mov ah, 0x40
0x13f9b: lea dx, word ptr [bp + 0x13e]
0x13f9f: mov cx, 0x2d
0x13fa2: int 0x21
0x13fa4: mov ah, 0x3d
2018-12-17T22:55:46.432359465Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T22:55:46.437687937Z 0 PC: 12a89 | Program terminate

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12003,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:47.707357171Z 78 PC: 13ea3 | Find first file
2018-12-25T12:31:47.712701058Z 61 PC: 13ec7 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:47.716967054Z 63 PC: 13edf | Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:31:47.721005255Z 66 PC: 13ef7 | Move file pointer
2018-12-25T12:31:47.722360463Z 66 PC: 13f18 | Move file pointer
2018-12-25T12:31:47.723508422Z 64 PC: 13f23 | Write file or device (Write 6 bytes on handle 5)
2018-12-25T12:31:47.72523143Z 66 PC: 13f2c | Move file pointer
2018-12-25T12:31:47.726184483Z 64 PC: 13f37 | Write file or device (Write 31 bytes on handle 5)
2018-12-25T12:31:47.729424464Z 64 PC: 13f5c | Write file or device (Write 387 bytes on handle 5)
2018-12-25T12:31:47.746989939Z 62 PC: 13f60 | Close file
2018-12-25T12:31:47.766165259Z 79 PC: 13ea3 | Find next file (See above)
2018-12-25T12:31:47.772280063Z 61 PC: 13ec7 | Open file (See above)
2018-12-25T12:31:47.779495958Z 63 PC: 13edf | Read file or device (See above)
2018-12-25T12:31:47.786610116Z 66 PC: 13ef7 | Move file pointer (See above)
2018-12-25T12:31:47.796441475Z 62 PC: 13f60 | Close file (See above)
2018-12-25T12:31:47.798330106Z 79 PC: 13ea3 | Find next file (See above)
2018-12-25T12:31:47.801155638Z 61 PC: 13ec7 | Open file (See above)
2018-12-25T12:31:47.810269814Z 63 PC: 13edf | Read file or device (See above)
2018-12-25T12:31:47.817257582Z 66 PC: 13ef7 | Move file pointer (See above)
2018-12-25T12:31:47.818885024Z 62 PC: 13f60 | Close file (See above)
2018-12-25T12:31:47.821274743Z 79 PC: 13ea3 | Find next file (See above)
2018-12-25T12:31:47.82423171Z 61 PC: 13ec7 | Open file (See above)
2018-12-25T12:31:47.832531431Z 63 PC: 13edf | Read file or device (See above)
2018-12-25T12:31:47.840166469Z 66 PC: 13ef7 | Move file pointer (See above)
2018-12-25T12:31:47.842122041Z 62 PC: 13f60 | Close file (See above)
2018-12-25T12:31:47.844724156Z 79 PC: 13ea3 | Find next file (See above)
2018-12-25T12:31:47.848510347Z 61 PC: 13ec7 | Open file (See above)
2018-12-25T12:31:47.85732026Z 63 PC: 13edf | Read file or device (See above)
2018-12-25T12:31:47.86471385Z 66 PC: 13ef7 | Move file pointer (See above)
2018-12-25T12:31:47.86619424Z 62 PC: 13f60 | Close file (See above)
2018-12-25T12:31:47.868983565Z 79 PC: 13ea3 | Find next file (See above)
2018-12-25T12:31:47.871839712Z 61 PC: 13ec7 | Open file (See above)
2018-12-25T12:31:47.879069615Z 63 PC: 13edf | Read file or device (See above)
2018-12-25T12:31:47.886915497Z 66 PC: 13ef7 | Move file pointer (See above)
2018-12-25T12:31:47.888512906Z 66 PC: 13f18 | Move file pointer (See above)
2018-12-25T12:31:47.890537892Z 64 PC: 13f23 | Write file or device (See above)
2018-12-25T12:31:47.895611484Z 66 PC: 13f2c | Move file pointer (See above)
2018-12-25T12:31:47.897113622Z 64 PC: 13f37 | Write file or device (See above)
2018-12-25T12:31:47.906903555Z 64 PC: 13f5c | Write file or device (See above)
2018-12-25T12:31:47.911145875Z 62 PC: 13f60 | Close file (See above)
2018-12-25T12:31:47.920419814Z 79 PC: 13ea3 | Find next file (See above)
2018-12-25T12:31:47.923333433Z 61 PC: 13ec7 | Open file (See above)
2018-12-25T12:31:47.931363458Z 63 PC: 13edf | Read file or device (See above)
2018-12-25T12:31:47.939575619Z 66 PC: 13ef7 | Move file pointer (See above)
2018-12-25T12:31:47.941279575Z 62 PC: 13f60 | Close file (See above)
2018-12-25T12:31:47.943363671Z 79 PC: 13ea3 | Find next file (See above)
2018-12-25T12:31:47.946611924Z 61 PC: 13ec7 | Open file (See above)
2018-12-25T12:31:47.954205112Z 63 PC: 13edf | Read file or device (See above)
2018-12-25T12:31:47.957411727Z 62 PC: 13f60 | Close file (See above)
2018-12-25T12:31:47.960940622Z 79 PC: 13ea3 | Find next file (See above)
2018-12-25T12:31:47.96357559Z 44 PC: 13f74 | Get time 0x13f74: cmp ch, 9
0x13f77: je 0x13f7e
0x13f79: mov ax, 0x100
0x13f7c: jmp ax
0x13f7e: mov ah, 0x3c
0x13f80: mov cx, 0x20
0x13f83: lea dx, word ptr [bp + 0x286]
0x13f87: int 0x21
0x13f89: jb 0x13f8e
0x13f8b: jmp 0x13f98
0x13f8e: mov al, byte ptr [0x286]
0x13f91: inc al
0x13f93: mov byte ptr [0x286], al
0x13f96: jmp 0x13f7e
0x13f98: xchg ax, bx
0x13f99: mov ah, 0x40
0x13f9b: lea dx, word ptr [bp + 0x13e]
0x13f9f: mov cx, 0x2d
0x13fa2: int 0x21
0x13fa4: mov ah, 0x3d
2018-12-25T12:31:47.965805152Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:31:47.973476306Z 0 PC: 12a89 | Program terminate

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":9,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12003,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:48.074916295Z 78 PC: 13ea3 | Find first file
2018-12-25T12:31:48.081574986Z 61 PC: 13ec7 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:48.089368954Z 63 PC: 13edf | Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:31:48.096324477Z 66 PC: 13ef7 | Move file pointer
2018-12-25T12:31:48.097919252Z 66 PC: 13f18 | Move file pointer
2018-12-25T12:31:48.099579135Z 64 PC: 13f23 | Write file or device (Write 6 bytes on handle 5)
2018-12-25T12:31:48.102303507Z 66 PC: 13f2c | Move file pointer
2018-12-25T12:31:48.103523921Z 64 PC: 13f37 | Write file or device (Write 31 bytes on handle 5)
2018-12-25T12:31:48.106525809Z 64 PC: 13f5c | Write file or device (Write 387 bytes on handle 5)
2018-12-25T12:31:48.121173947Z 62 PC: 13f60 | Close file
2018-12-25T12:31:48.129528591Z 79 PC: 13ea3 | Find next file (See above)
2018-12-25T12:31:48.132709073Z 61 PC: 13ec7 | Open file (See above)
2018-12-25T12:31:48.136857283Z 63 PC: 13edf | Read file or device (See above)
2018-12-25T12:31:48.141408093Z 66 PC: 13ef7 | Move file pointer (See above)
2018-12-25T12:31:48.142904644Z 62 PC: 13f60 | Close file (See above)
2018-12-25T12:31:48.144840839Z 79 PC: 13ea3 | Find next file (See above)
2018-12-25T12:31:48.147325203Z 61 PC: 13ec7 | Open file (See above)
2018-12-25T12:31:48.165953286Z 63 PC: 13edf | Read file or device (See above)
2018-12-25T12:31:48.170109842Z 66 PC: 13ef7 | Move file pointer (See above)
2018-12-25T12:31:48.171147706Z 62 PC: 13f60 | Close file (See above)
2018-12-25T12:31:48.172778358Z 79 PC: 13ea3 | Find next file (See above)
2018-12-25T12:31:48.174683105Z 61 PC: 13ec7 | Open file (See above)
2018-12-25T12:31:48.178800027Z 63 PC: 13edf | Read file or device (See above)
2018-12-25T12:31:48.18345827Z 66 PC: 13ef7 | Move file pointer (See above)
2018-12-25T12:31:48.184570986Z 62 PC: 13f60 | Close file (See above)
2018-12-25T12:31:48.185835707Z 79 PC: 13ea3 | Find next file (See above)
2018-12-25T12:31:48.188060393Z 61 PC: 13ec7 | Open file (See above)
2018-12-25T12:31:48.192366392Z 63 PC: 13edf | Read file or device (See above)
2018-12-25T12:31:48.198077007Z 66 PC: 13ef7 | Move file pointer (See above)
2018-12-25T12:31:48.199560359Z 62 PC: 13f60 | Close file (See above)
2018-12-25T12:31:48.201947228Z 79 PC: 13ea3 | Find next file (See above)
2018-12-25T12:31:48.206092366Z 61 PC: 13ec7 | Open file (See above)
2018-12-25T12:31:48.21368369Z 63 PC: 13edf | Read file or device (See above)
2018-12-25T12:31:48.221786901Z 66 PC: 13ef7 | Move file pointer (See above)
2018-12-25T12:31:48.223226019Z 66 PC: 13f18 | Move file pointer (See above)
2018-12-25T12:31:48.224613128Z 64 PC: 13f23 | Write file or device (See above)
2018-12-25T12:31:48.228245834Z 66 PC: 13f2c | Move file pointer (See above)
2018-12-25T12:31:48.230221218Z 64 PC: 13f37 | Write file or device (See above)
2018-12-25T12:31:48.239266076Z 64 PC: 13f5c | Write file or device (See above)
2018-12-25T12:31:48.242598567Z 62 PC: 13f60 | Close file (See above)
2018-12-25T12:31:48.251605913Z 79 PC: 13ea3 | Find next file (See above)
2018-12-25T12:31:48.25423175Z 61 PC: 13ec7 | Open file (See above)
2018-12-25T12:31:48.261818667Z 63 PC: 13edf | Read file or device (See above)
2018-12-25T12:31:48.269313223Z 66 PC: 13ef7 | Move file pointer (See above)
2018-12-25T12:31:48.270776046Z 62 PC: 13f60 | Close file (See above)
2018-12-25T12:31:48.273441744Z 79 PC: 13ea3 | Find next file (See above)
2018-12-25T12:31:48.276270139Z 61 PC: 13ec7 | Open file (See above)
2018-12-25T12:31:48.283324333Z 63 PC: 13edf | Read file or device (See above)
2018-12-25T12:31:48.286490174Z 62 PC: 13f60 | Close file (See above)
2018-12-25T12:31:48.288369065Z 79 PC: 13ea3 | Find next file (See above)
2018-12-25T12:31:48.290868879Z 44 PC: 13f74 | Get time 0x13f74: cmp ch, 9
0x13f77: je 0x13f7e
0x13f79: mov ax, 0x100
0x13f7c: jmp ax
0x13f7e: mov ah, 0x3c
0x13f80: mov cx, 0x20
0x13f83: lea dx, word ptr [bp + 0x286]
0x13f87: int 0x21
0x13f89: jb 0x13f8e
0x13f8b: jmp 0x13f98
0x13f8e: mov al, byte ptr [0x286]
0x13f91: inc al
0x13f93: mov byte ptr [0x286], al
0x13f96: jmp 0x13f7e
0x13f98: xchg ax, bx
0x13f99: mov ah, 0x40
0x13f9b: lea dx, word ptr [bp + 0x13e]
0x13f9f: mov cx, 0x2d
0x13fa2: int 0x21
0x13fa4: mov ah, 0x3d
2018-12-25T12:31:48.293161256Z 60 PC: 13f89 | Create or truncate file
2018-12-25T12:31:48.640671334Z 64 PC: 13fa4 | Write file or device (Write 45 bytes on handle 5)
2018-12-25T12:31:48.649677874Z 61 PC: 13fa8 | Open file (Filename = 'Dedicated to Goofy��')
2018-12-25T12:31:48.655832418Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:31:48.66243549Z 0 PC: 12a89 | Program terminate