Sample viewer

vx.netlux.org/Virus.DOS.SillyC.642

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:57:15.734519852Z 26 PC: 13e62 | Set disk transfer address
2018-12-17T22:57:15.737453809Z 48 PC: 13e6a | Get DOS version
2018-12-17T22:57:15.739402115Z 53 PC: 13e76 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:15.741360825Z 37 PC: 13e82 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:15.743434691Z 78 PC: 13e90 | Find first file
2018-12-17T22:57:15.749434028Z 67 PC: 13ea3 | Get or set file attributes
2018-12-17T22:57:15.754965226Z 67 PC: 13eb8 | Get or set file attributes
2018-12-17T22:57:16.029800577Z 61 PC: 13ec6 | Open file (Filename = '')
2018-12-17T22:57:16.037678067Z 66 PC: 13ed3 | Move file pointer
2018-12-17T22:57:16.03951762Z 66 PC: 13ef0 | Move file pointer
2018-12-17T22:57:16.041290871Z 63 PC: 13efe | Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:57:16.049031196Z 61 PC: 13f34 | Open file (Filename = '')
2018-12-17T22:57:16.055947154Z 87 PC: 13f39 | Get or set file date and time
2018-12-17T22:57:16.057683585Z 66 PC: 13f4c | Move file pointer
2018-12-17T22:57:16.06062173Z 63 PC: 13f5a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:57:16.063514403Z 66 PC: 13f65 | Move file pointer
2018-12-17T22:57:16.065278947Z 66 PC: 13f79 | Move file pointer
2018-12-17T22:57:16.068007938Z 64 PC: 13f87 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:57:16.071494754Z 66 PC: 13f92 | Move file pointer
2018-12-17T22:57:16.073234198Z 64 PC: 13fa0 | Write file or device (Write 642 bytes on handle 5)
2018-12-17T22:57:16.094445983Z 87 PC: 13fad | Get or set file date and time
2018-12-17T22:57:16.097508795Z 67 PC: 13fbf | Get or set file attributes
2018-12-17T22:57:16.107932787Z 62 PC: 13fc4 | Close file
2018-12-17T22:57:16.127811275Z 42 PC: 13fcf | Get date 0x13fcf: cmp dx, 0xa1d
0x13fd3: jne 0x13fe5
0x13fd5: nop
0x13fd6: nop
0x13fd7: nop
0x13fd8: mov ax, 0x900
0x13fdb: mov dx, si
0x13fdd: add dx, 0x2e3
0x13fe1: int 0x21
0x13fe3: jmp 0x13fe3
0x13fe5: mov ax, 0x2524
0x13fe8: pop dx
0x13fe9: push es
0x13fea: pop ds
0x13feb: int 0x21
0x13fed: push cs
0x13fee: pop ds
0x13fef: mov ax, 0x1a00
0x13ff2: mov dx, 0x80
0x13ff5: int 0x21
2018-12-17T22:57:16.130962841Z 37 PC: 13fed | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:16.132391296Z 26 PC: 13ff7 | Set disk transfer address
2018-12-17T22:57:16.133801449Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T22:57:16.139888132Z 0 PC: 12a89 | Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12493,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:33:00.271002197Z 26 PC: 13e62 | Set disk transfer address
2018-12-25T12:33:00.274073149Z 48 PC: 13e6a | Get DOS version
2018-12-25T12:33:00.275734835Z 53 PC: 13e76 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:33:00.2773889Z 37 PC: 13e82 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:33:00.2791829Z 78 PC: 13e90 | Find first file
2018-12-25T12:33:00.287127516Z 67 PC: 13ea3 | Get or set file attributes
2018-12-25T12:33:00.293844249Z 67 PC: 13eb8 | Get or set file attributes
2018-12-25T12:33:00.311433452Z 61 PC: 13ec6 | Open file (Filename = '')
2018-12-25T12:33:00.320323195Z 66 PC: 13ed3 | Move file pointer
2018-12-25T12:33:00.322254601Z 66 PC: 13ef0 | Move file pointer
2018-12-25T12:33:00.324161119Z 63 PC: 13efe | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:33:00.332879142Z 61 PC: 13f34 | Open file (Filename = '')
2018-12-25T12:33:00.340597895Z 87 PC: 13f39 | Get or set file date and time
2018-12-25T12:33:00.342569798Z 66 PC: 13f4c | Move file pointer
2018-12-25T12:33:00.348289535Z 63 PC: 13f5a | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:33:00.351239196Z 66 PC: 13f65 | Move file pointer
2018-12-25T12:33:00.352836663Z 66 PC: 13f79 | Move file pointer
2018-12-25T12:33:00.355371539Z 64 PC: 13f87 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:33:00.358742174Z 66 PC: 13f92 | Move file pointer
2018-12-25T12:33:00.360607652Z 64 PC: 13fa0 | Write file or device (Write 642 bytes on handle 5)
2018-12-25T12:33:00.370414235Z 87 PC: 13fad | Get or set file date and time
2018-12-25T12:33:00.372962491Z 67 PC: 13fbf | Get or set file attributes
2018-12-25T12:33:00.385098788Z 62 PC: 13fc4 | Close file
2018-12-25T12:33:00.39411679Z 42 PC: 13fcf | Get date 0x13fcf: cmp dx, 0xa1d
0x13fd3: jne 0x13fe5
0x13fd5: nop
0x13fd6: nop
0x13fd7: nop
0x13fd8: mov ax, 0x900
0x13fdb: mov dx, si
0x13fdd: add dx, 0x2e3
0x13fe1: int 0x21
0x13fe3: jmp 0x13fe3
0x13fe5: mov ax, 0x2524
0x13fe8: pop dx
0x13fe9: push es
0x13fea: pop ds
0x13feb: int 0x21
0x13fed: push cs
0x13fee: pop ds
0x13fef: mov ax, 0x1a00
0x13ff2: mov dx, 0x80
0x13ff5: int 0x21
2018-12-25T12:33:00.401510301Z 37 PC: 13fed | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:33:00.403444704Z 26 PC: 13ff7 | Set disk transfer address
2018-12-25T12:33:00.40530089Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:33:00.412605911Z 0 PC: 12a89 | Program terminate

{"DateBased":true,"Day":29,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12493,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:33:00.205590981Z 64 PC: 0 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:33:00.215611086Z 41 PC: 94fae | Parse filename
2018-12-25T12:33:00.224104577Z 41 PC: 9502f | Parse filename
2018-12-25T12:33:00.228734454Z 41 PC: 9504c | Parse filename
2018-12-25T12:33:00.231538262Z 26 PC: 984f7 | Set disk transfer address
2018-12-25T12:33:00.243104516Z 71 PC: 986f3 | Get current directory
2018-12-25T12:33:00.24693847Z 78 PC: 986fe | Find first file
2018-12-25T12:33:00.259477941Z 71 PC: 986f3 | Get current directory (See above)
2018-12-25T12:33:00.265136472Z 78 PC: 986fe | Find first file (See above)
2018-12-25T12:33:00.276513165Z 64 PC: 9a848 | Write file or device (Write 26 bytes on handle 2)
2018-12-25T12:33:00.283103136Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:33:00.29651506Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:33:00.29915738Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:33:00.300961447Z 62 PC: 122ab | Close file
2018-12-25T12:33:00.304787441Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:33:00.306609627Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:33:00.30832044Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:33:00.311441247Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:33:00.32061639Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:33:00.322682874Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:33:00.339672086Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:33:00.34241127Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:33:00.344542643Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:33:00.346627941Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:33:00.349634951Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:33:00.352487811Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:33:00.354527123Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:33:00.357283587Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:33:00.359563098Z 99 PC: 9a5d7 | Get DBCS lead byte table pointer
2018-12-25T12:33:00.361101311Z 56 PC: 94df9 | Get or set country info
2018-12-25T12:33:00.363925997Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T12:33:00.378050153Z 25 PC: 94e62 | Get default drive
2018-12-25T12:33:00.380077865Z 71 PC: 970dd | Get current directory
2018-12-25T12:33:00.384803183Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T12:33:00.389230896Z 2 PC: 970b2 | Character output (Char = '3e')
2018-12-25T12:33:00.391618825Z 93 PC: 94f20 | File sharing functions
2018-12-25T12:33:00.393622487Z 93 PC: 94f27 | File sharing functions
2018-12-25T12:33:00.396921413Z 10 PC: 94f39 | Buffered keyboard input
2018-12-25T12:33:15.252054365Z 0 PC: 0 | Program terminate (See above)
2018-12-25T12:33:16.607924192Z 0 PC: 0 | Program terminate (See above)
2018-12-25T12:33:16.710757144Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T12:33:16.717528497Z 41 PC: 94fae | Parse filename (See above)
2018-12-25T12:33:16.724627648Z 41 PC: 9502f | Parse filename (See above)
2018-12-25T12:33:16.727811468Z 41 PC: 9504c | Parse filename (See above)
2018-12-25T12:33:16.730418543Z 26 PC: 984f7 | Set disk transfer address (See above)
2018-12-25T12:33:16.735520669Z 71 PC: 986f3 | Get current directory (See above)
2018-12-25T12:33:16.745146971Z 78 PC: 986fe | Find first file (See above)
2018-12-25T12:33:16.755980779Z 71 PC: 9856c | Get current directory
2018-12-25T12:33:16.76085554Z 73 PC: 97c09 | Release memory
2018-12-25T12:33:16.76331781Z 75 PC: 11821 | Execute program
2018-12-25T12:33:16.77907961Z 9 PC: 12a47 | Display string (String= 'Hello, World! ')
2018-12-25T12:33:16.784010439Z 76 PC: 12a4b | Terminate with return code (Return code = '36')