Sample viewer

vx.netlux.org/Virus.DOS.Maf.774

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:56:55.674891712Z	25	PC: 12a47 \| Get default drive
2018-12-17T22:56:55.683428352Z	71	PC: 12a6e \| Get current directory
2018-12-17T22:56:55.695604895Z	59	PC: 12cda \| Change current directory
2018-12-17T22:56:55.702401463Z	78	PC: 12ce7 \| Find first file
2018-12-17T22:56:55.721028815Z	79	PC: 12ab2 \| Find next file
2018-12-17T22:56:55.723853756Z	79	PC: 12ab2 \| Find next file
2018-12-17T22:56:55.726810104Z	79	PC: 12ab2 \| Find next file
2018-12-17T22:56:55.729679769Z	79	PC: 12ab2 \| Find next file
2018-12-17T22:56:55.735451371Z	79	PC: 12ab2 \| Find next file
2018-12-17T22:56:55.738373164Z	79	PC: 12ab2 \| Find next file
2018-12-17T22:56:55.741244533Z	79	PC: 12ab2 \| Find next file
2018-12-17T22:56:55.744814565Z	79	PC: 12ab2 \| Find next file
2018-12-17T22:56:55.748135699Z	79	PC: 12ab2 \| Find next file
2018-12-17T22:56:55.751475718Z	78	PC: 12b04 \| Find first file
2018-12-17T22:56:55.759017818Z	79	PC: 12b0b \| Find next file
2018-12-17T22:56:55.7622737Z	79	PC: 12b0b \| Find next file
2018-12-17T22:56:55.765658915Z	79	PC: 12b0b \| Find next file
2018-12-17T22:56:55.779499145Z	79	PC: 12b0b \| Find next file
2018-12-17T22:56:55.782679675Z	79	PC: 12b0b \| Find next file
2018-12-17T22:56:55.786071301Z	79	PC: 12b0b \| Find next file
2018-12-17T22:56:55.789833124Z	79	PC: 12b0b \| Find next file
2018-12-17T22:56:55.792948592Z	79	PC: 12b0b \| Find next file
2018-12-17T22:56:55.795908346Z	44	PC: 12cf2 \| Get time 0x12cf2: xor cx, cx 0x12cf4: mov cl, dl 0x12cf6: and cx, si 0x12cf8: pop ax 0x12cf9: push cx 0x12cfa: push ax 0x12cfb: ret 0x12cfc: mov ax, 0x4301 0x12cff: xor cx, cx 0x12d01: mov dx, 0x9e 0x12d04: int 0x21 0x12d06: ret 0x12d07: add byte ptr cs:[bp + si], ch 0x12d0b: sub al, byte ptr cs:[bx + si] 0x12d0e: sub ch, byte ptr [0x6f63] 0x12d12: insw word ptr es:[di], dx 0x12d13: add byte ptr [bp + di + 0x68], ah 0x12d16: imul bp, word ptr [si + 0x69], 0x73 0x12d1a: je 0x12d4a 0x12d1c: sub al, byte ptr [bx + si]
2018-12-17T22:56:55.798873381Z	78	PC: 12b1d \| Find first file
2018-12-17T22:56:55.813668407Z	79	PC: 12b28 \| Find next file
2018-12-17T22:56:55.817049914Z	79	PC: 12b28 \| Find next file
2018-12-17T22:56:55.82014283Z	79	PC: 12b28 \| Find next file
2018-12-17T22:56:55.82380222Z	79	PC: 12b28 \| Find next file
2018-12-17T22:56:55.827224754Z	79	PC: 12b28 \| Find next file
2018-12-17T22:56:55.830273887Z	79	PC: 12b28 \| Find next file
2018-12-17T22:56:55.834556318Z	79	PC: 12b28 \| Find next file
2018-12-17T22:56:55.837613767Z	67	PC: 12d06 \| Get or set file attributes
2018-12-17T22:56:55.856993382Z	61	PC: 12b51 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:56:55.865311962Z	63	PC: 12b63 \| Read file or device (Read 5894 bytes on handle 5)
2018-12-17T22:56:55.873481822Z	62	PC: 12b78 \| Close file
2018-12-17T22:56:55.875566221Z	67	PC: 12b83 \| Get or set file attributes
2018-12-17T22:56:55.887732826Z	78	PC: 12ce7 \| Find first file
2018-12-17T22:56:55.894295023Z	79	PC: 12ab2 \| Find next file
2018-12-17T22:56:55.897279294Z	79	PC: 12ab2 \| Find next file
2018-12-17T22:56:55.901059231Z	79	PC: 12ab2 \| Find next file
2018-12-17T22:56:55.904221136Z	79	PC: 12ab2 \| Find next file
2018-12-17T22:56:55.907252665Z	79	PC: 12ab2 \| Find next file
2018-12-17T22:56:55.911295917Z	79	PC: 12ab2 \| Find next file
2018-12-17T22:56:55.914708072Z	79	PC: 12ab2 \| Find next file
2018-12-17T22:56:55.917730414Z	79	PC: 12ab2 \| Find next file
2018-12-17T22:56:55.92079701Z	79	PC: 12ab2 \| Find next file
2018-12-17T22:56:55.925644053Z	78	PC: 12b04 \| Find first file
2018-12-17T22:56:55.932205429Z	79	PC: 12b0b \| Find next file
2018-12-17T22:56:55.935244452Z	79	PC: 12b0b \| Find next file
2018-12-17T22:56:55.942249733Z	79	PC: 12b0b \| Find next file
2018-12-17T22:56:55.945307271Z	79	PC: 12b0b \| Find next file
2018-12-17T22:56:55.948433008Z	79	PC: 12b0b \| Find next file
2018-12-17T22:56:55.951976821Z	79	PC: 12b0b \| Find next file
2018-12-17T22:56:55.955198198Z	79	PC: 12b0b \| Find next file
2018-12-17T22:56:55.958394086Z	79	PC: 12b0b \| Find next file
2018-12-17T22:56:55.962309107Z	44	PC: 12cf2 \| Get time 0x12cf2: xor cx, cx 0x12cf4: mov cl, dl 0x12cf6: and cx, si 0x12cf8: pop ax 0x12cf9: push cx 0x12cfa: push ax 0x12cfb: ret 0x12cfc: mov ax, 0x4301 0x12cff: xor cx, cx 0x12d01: mov dx, 0x9e 0x12d04: int 0x21 0x12d06: ret 0x12d07: add byte ptr cs:[bp + si], ch 0x12d0b: sub al, byte ptr cs:[bx + si] 0x12d0e: sub ch, byte ptr [0x6f63] 0x12d12: insw word ptr es:[di], dx 0x12d13: add byte ptr [bp + di + 0x68], ah 0x12d16: imul bp, word ptr [si + 0x69], 0x73 0x12d1a: je 0x12d4a 0x12d1c: sub al, byte ptr [bx + si]
2018-12-17T22:56:55.965040582Z	78	PC: 12b1d \| Find first file
2018-12-17T22:56:55.972330237Z	67	PC: 12d06 \| Get or set file attributes
2018-12-17T22:56:55.98480948Z	61	PC: 12b51 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:56:55.992408486Z	63	PC: 12b63 \| Read file or device (Read 407 bytes on handle 5)
2018-12-17T22:56:56.000376707Z	66	PC: 12b9c \| Move file pointer
2018-12-17T22:56:56.003828908Z	64	PC: 12bc7 \| Write file or device (Write 1181 bytes on handle 5)
2018-12-17T22:56:56.014405784Z	87	PC: 12bcf \| Get or set file date and time
2018-12-17T22:56:56.016458443Z	62	PC: 12bd3 \| Close file
2018-12-17T22:56:56.025122522Z	67	PC: 12bde \| Get or set file attributes
2018-12-17T22:56:56.296589226Z	78	PC: 12be8 \| Find first file
2018-12-17T22:56:56.301371587Z	59	PC: 12cda \| Change current directory
2018-12-17T22:56:56.305619644Z	59	PC: 12c06 \| Change current directory
2018-12-17T22:56:56.326049694Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T22:56:56.337551299Z	0	PC: 12a89 \| Program terminate