Sample viewer

vx.netlux.org/Virus.DOS.SillyC.543

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:56:05.643585859Z	26	PC: 12bbc \| Set disk transfer address
2018-12-17T22:56:05.64497577Z	17	PC: 12bc3 \| Find first file
2018-12-17T22:56:05.650908163Z	15	PC: 12bd2 \| Open file (Filename = 'SLEEP COM dò¨¸L¸Lò¨¸L— ...We - fury, we - horror, we - killers, but we - nothing !ñ:#u¬èb:Š!uZZéÆ:‹!uZZé³X^‹Ðèàèzüë–>H"à!tG>H"Ô!tT>H"ì!tv>H""uéŒ>H"7"t\|>H"ø!uéŠ>H"C"ué¸>H""té¸é•€>zÿu¸é\ÿÆzÿé2ÿ€>st¸')
2018-12-17T22:56:05.657841341Z	16	PC: 12bf0 \| Close file
2018-12-17T22:56:05.661210859Z	61	PC: 12c1a \| Open file (Filename = 'SLEEP .COM')
2018-12-17T22:56:05.672490801Z	42	PC: 12c22 \| Get date 0x12c22: cmp dl, 0xd 0x12c25: jne 0x12c2a 0x12c27: jmp 0x12cf2 0x12c2a: pop dx 0x12c2b: pop cx 0x12c2c: add dx, 0x28 0x12c2f: mov cx, 3 0x12c32: mov ah, 0x3f 0x12c34: int 0x21 0x12c36: sub dx, 0x28 0x12c39: push dx 0x12c3a: mov ax, 0x4202 0x12c3d: sub cx, cx 0x12c3f: sub dx, dx 0x12c41: int 0x21 0x12c43: pop dx 0x12c44: push bx 0x12c45: mov bx, dx 0x12c47: sub ax, 3 0x12c4a: mov word ptr [bx + 0x2d], ax
2018-12-17T22:56:05.674491329Z	63	PC: 12c36 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:56:05.68147047Z	66	PC: 12c43 \| Move file pointer
2018-12-17T22:56:05.683590652Z	66	PC: 12c58 \| Move file pointer
2018-12-17T22:56:05.684873103Z	64	PC: 12c8d \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:56:05.687342241Z	66	PC: 12c9a \| Move file pointer
2018-12-17T22:56:05.689074356Z	64	PC: 12ca6 \| Write file or device (Write 543 bytes on handle 5)
2018-12-17T22:56:05.705924262Z	87	PC: 12cb3 \| Get or set file date and time
2018-12-17T22:56:05.707936376Z	62	PC: 12cb7 \| Close file
2018-12-17T22:56:05.71595096Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:56:05.719893014Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12105,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:01.014605831Z	26	PC: 12bbc \| Set disk transfer address
2018-12-25T12:32:01.016914992Z	17	PC: 12bc3 \| Find first file
2018-12-25T12:32:01.024295476Z	15	PC: 12bd2 \| Open file (Filename = 'SLEEP COM dò¨¸L¸Lò¨¸L— ...We - fury, we - horror, we - killers, but we - nothing !ñ:#u¬èb:Š!uZZéÆ:‹!uZZé³X^‹Ðèàèzüë–>H"à!tG>H"Ô!tT>H"ì!tv>H""uéŒ>H"7"t\|>H"ø!uéŠ>H"C"ué¸>H""té¸é•€>zÿu¸é\ÿÆzÿé2ÿ€>st¸')
2018-12-25T12:32:01.032954129Z	16	PC: 12bf0 \| Close file
2018-12-25T12:32:01.036411547Z	61	PC: 12c1a \| Open file (Filename = 'SLEEP .COM')
2018-12-25T12:32:01.044071214Z	42	PC: 12c22 \| Get date 0x12c22: cmp dl, 0xd 0x12c25: jne 0x12c2a 0x12c27: jmp 0x12cf2 0x12c2a: pop dx 0x12c2b: pop cx 0x12c2c: add dx, 0x28 0x12c2f: mov cx, 3 0x12c32: mov ah, 0x3f 0x12c34: int 0x21 0x12c36: sub dx, 0x28 0x12c39: push dx 0x12c3a: mov ax, 0x4202 0x12c3d: sub cx, cx 0x12c3f: sub dx, dx 0x12c41: int 0x21 0x12c43: pop dx 0x12c44: push bx 0x12c45: mov bx, dx 0x12c47: sub ax, 3 0x12c4a: mov word ptr [bx + 0x2d], ax
2018-12-25T12:32:01.047735229Z	63	PC: 12c36 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:32:01.055494458Z	66	PC: 12c43 \| Move file pointer
2018-12-25T12:32:01.057716908Z	66	PC: 12c58 \| Move file pointer
2018-12-25T12:32:01.059769849Z	64	PC: 12c8d \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:32:01.063196878Z	66	PC: 12c9a \| Move file pointer
2018-12-25T12:32:01.065737757Z	64	PC: 12ca6 \| Write file or device (Write 543 bytes on handle 5)
2018-12-25T12:32:01.082008Z	87	PC: 12cb3 \| Get or set file date and time
2018-12-25T12:32:01.085294651Z	62	PC: 12cb7 \| Close file
2018-12-25T12:32:01.100192578Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:32:01.106225854Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12105,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:01.231872928Z	26	PC: 12bbc \| Set disk transfer address
2018-12-25T12:32:01.233712297Z	17	PC: 12bc3 \| Find first file
2018-12-25T12:32:01.240397939Z	15	PC: 12bd2 \| Open file (Filename = 'SLEEP COM dò¨¸L¸Lò¨¸L— ...We - fury, we - horror, we - killers, but we - nothing !ñ:#u¬èb:Š!uZZéÆ:‹!uZZé³X^‹Ðèàèzüë–>H"à!tG>H"Ô!tT>H"ì!tv>H""uéŒ>H"7"t\|>H"ø!uéŠ>H"C"ué¸>H""té¸é•€>zÿu¸é\ÿÆzÿé2ÿ€>st¸')
2018-12-25T12:32:01.247959747Z	16	PC: 12bf0 \| Close file
2018-12-25T12:32:01.250734308Z	61	PC: 12c1a \| Open file (Filename = 'SLEEP .COM')
2018-12-25T12:32:01.258317707Z	42	PC: 12c22 \| Get date 0x12c22: cmp dl, 0xd 0x12c25: jne 0x12c2a 0x12c27: jmp 0x12cf2 0x12c2a: pop dx 0x12c2b: pop cx 0x12c2c: add dx, 0x28 0x12c2f: mov cx, 3 0x12c32: mov ah, 0x3f 0x12c34: int 0x21 0x12c36: sub dx, 0x28 0x12c39: push dx 0x12c3a: mov ax, 0x4202 0x12c3d: sub cx, cx 0x12c3f: sub dx, dx 0x12c41: int 0x21 0x12c43: pop dx 0x12c44: push bx 0x12c45: mov bx, dx 0x12c47: sub ax, 3 0x12c4a: mov word ptr [bx + 0x2d], ax
2018-12-25T12:32:01.260308106Z	64	PC: 12d03 \| Write file or device (Write 61 bytes on handle 5)
2018-12-25T12:32:01.267117786Z	62	PC: 12d07 \| Close file
2018-12-25T12:32:01.282360217Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:32:01.287542392Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')