Sample viewer

vx.netlux.org/Virus.DOS.Eumel.401

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:58:28.819010083Z	26	PC: 1329d \| Set disk transfer address
2018-12-17T22:58:28.820855733Z	25	PC: 132ab \| Get default drive
2018-12-17T22:58:28.823146417Z	14	PC: 132b5 \| Set default drive (Drive = 'D')
2018-12-17T22:58:28.824903136Z	78	PC: 132bf \| Find first file
2018-12-17T22:58:28.832045562Z	61	PC: 132cc \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:58:28.850698373Z	66	PC: 13396 \| Move file pointer
2018-12-17T22:58:28.85278566Z	62	PC: 132f3 \| Close file
2018-12-17T22:58:28.855187031Z	79	PC: 132bf \| Find next file
2018-12-17T22:58:28.8595443Z	61	PC: 132cc \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:58:28.867036415Z	66	PC: 13396 \| Move file pointer
2018-12-17T22:58:28.868619615Z	62	PC: 132f3 \| Close file
2018-12-17T22:58:28.875985981Z	79	PC: 132bf \| Find next file
2018-12-17T22:58:28.879323717Z	61	PC: 132cc \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:58:28.887499759Z	66	PC: 13396 \| Move file pointer
2018-12-17T22:58:28.889620965Z	62	PC: 132f3 \| Close file
2018-12-17T22:58:28.893241805Z	79	PC: 132bf \| Find next file
2018-12-17T22:58:28.896455133Z	61	PC: 132cc \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:58:28.905071833Z	66	PC: 13396 \| Move file pointer
2018-12-17T22:58:28.907365069Z	62	PC: 132f3 \| Close file
2018-12-17T22:58:28.909455325Z	79	PC: 132bf \| Find next file
2018-12-17T22:58:28.912244471Z	61	PC: 132cc \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:58:28.921427042Z	66	PC: 13396 \| Move file pointer
2018-12-17T22:58:28.923133363Z	62	PC: 132f3 \| Close file
2018-12-17T22:58:28.92528328Z	79	PC: 132bf \| Find next file
2018-12-17T22:58:28.928994974Z	61	PC: 132cc \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:58:28.936486134Z	66	PC: 13396 \| Move file pointer
2018-12-17T22:58:28.937966989Z	62	PC: 132f3 \| Close file
2018-12-17T22:58:28.941260227Z	79	PC: 132bf \| Find next file
2018-12-17T22:58:28.944212674Z	61	PC: 132cc \| Open file (Filename = 'PAH.COM')
2018-12-17T22:58:28.951695204Z	66	PC: 13396 \| Move file pointer
2018-12-17T22:58:28.95350059Z	62	PC: 132f3 \| Close file
2018-12-17T22:58:28.956362601Z	79	PC: 132bf \| Find next file
2018-12-17T22:58:28.959254014Z	61	PC: 132cc \| Open file (Filename = 'TEST.COM')
2018-12-17T22:58:28.966936913Z	66	PC: 13396 \| Move file pointer
2018-12-17T22:58:28.970168849Z	87	PC: 132e3 \| Get or set file date and time
2018-12-17T22:58:28.972131036Z	44	PC: 13303 \| Get time 0x13303: or dl, dl 0x13305: je 0x132ff 0x13307: mov byte ptr [bp + 0x116], dl 0x1330b: mov ax, 0x4200 0x1330e: call 0x13390 0x13311: mov ah, 0x3f 0x13313: lea dx, word ptr [bp + 0x22b] 0x13317: mov cx, 3 0x1331a: int 0x21 0x1331c: mov ax, 0x4202 0x1331f: call 0x13390 0x13322: sub ax, 3 0x13325: mov word ptr cs:[bp + 0x229], ax 0x1332a: lea si, word ptr [bp + 0x105] 0x1332e: mov di, 0xfac8 0x13331: mov cx, 0x191 0x13334: cld 0x13335: rep movsb byte ptr es:[di], byte ptr [si] 0x13337: mov si, 0xfaea 0x1333a: call 0x23286
2018-12-17T22:58:28.974917987Z	66	PC: 13396 \| Move file pointer
2018-12-17T22:58:28.97742397Z	63	PC: 1331c \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:28.980359908Z	66	PC: 13396 \| Move file pointer
2018-12-17T22:58:28.982336269Z	64	PC: 13347 \| Write file or device (Write 401 bytes on handle 5)
2018-12-17T22:58:29.001340057Z	66	PC: 13396 \| Move file pointer
2018-12-17T22:58:29.003439314Z	64	PC: 13358 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:29.019487057Z	87	PC: 1335f \| Get or set file date and time
2018-12-17T22:58:29.02180525Z	62	PC: 13363 \| Close file
2018-12-17T22:58:29.030464989Z	42	PC: 13367 \| Get date 0x13367: cmp dh, dl 0x13369: jne 0x1337c 0x1336b: mov ah, 0x2c 0x1336d: int 0x21 0x1336f: and dh, 7 0x13372: jne 0x1337c 0x13374: mov ah, 9 0x13376: lea dx, word ptr [bp + 0x234] 0x1337a: int 0x21 0x1337c: mov ah, 0x1a 0x1337e: mov dx, 0x80 0x13381: int 0x21 0x13383: mov ah, 0xe 0x13385: mov dl, byte ptr [bp + 0x296] 0x13389: int 0x21 0x1338b: mov ax, 0x100 0x1338e: push ax 0x1338f: ret 0x13390: xor cx, cx 0x13392: xor dx, dx
2018-12-17T22:58:29.032873767Z	26	PC: 13383 \| Set disk transfer address
2018-12-17T22:58:29.034356099Z	14	PC: 1338b \| Set default drive (Drive = 'A')
2018-12-17T22:58:29.052231833Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-17T22:58:29.05861732Z	48	PC: 12a8f \| Get DOS version
2018-12-17T22:58:29.060106877Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-17T22:58:29.068409961Z	93	PC: 12afe \| File sharing functions
2018-12-17T22:58:29.070634372Z	9	PC: 12a86 \| Display string (String= 'Size change=0322h/00802d. ')
2018-12-17T22:58:29.075361672Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12897,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:45.898762197Z	26	PC: 1329d \| Set disk transfer address
2018-12-25T12:36:45.900645235Z	25	PC: 132ab \| Get default drive
2018-12-25T12:36:45.901905685Z	14	PC: 132b5 \| Set default drive (Drive = 'D')
2018-12-25T12:36:45.903340437Z	78	PC: 132bf \| Find first file
2018-12-25T12:36:45.910418793Z	61	PC: 132cc \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:45.923668677Z	66	PC: 13396 \| Move file pointer
2018-12-25T12:36:45.925083705Z	62	PC: 132f3 \| Close file
2018-12-25T12:36:45.928347055Z	79	PC: 132bf \| Find next file (See above)
2018-12-25T12:36:45.931641512Z	61	PC: 132cc \| Open file (See above)
2018-12-25T12:36:45.939544059Z	66	PC: 13396 \| Move file pointer (See above)
2018-12-25T12:36:45.946508291Z	62	PC: 132f3 \| Close file (See above)
2018-12-25T12:36:45.948981383Z	79	PC: 132bf \| Find next file (See above)
2018-12-25T12:36:45.952423653Z	61	PC: 132cc \| Open file (See above)
2018-12-25T12:36:45.962329518Z	66	PC: 13396 \| Move file pointer (See above)
2018-12-25T12:36:45.973182272Z	62	PC: 132f3 \| Close file (See above)
2018-12-25T12:36:45.975339946Z	79	PC: 132bf \| Find next file (See above)
2018-12-25T12:36:45.978143395Z	61	PC: 132cc \| Open file (See above)
2018-12-25T12:36:45.985748246Z	66	PC: 13396 \| Move file pointer (See above)
2018-12-25T12:36:45.988004089Z	62	PC: 132f3 \| Close file (See above)
2018-12-25T12:36:45.990155281Z	79	PC: 132bf \| Find next file (See above)
2018-12-25T12:36:45.994159515Z	61	PC: 132cc \| Open file (See above)
2018-12-25T12:36:46.000703151Z	66	PC: 13396 \| Move file pointer (See above)
2018-12-25T12:36:46.00246467Z	62	PC: 132f3 \| Close file (See above)
2018-12-25T12:36:46.005694234Z	79	PC: 132bf \| Find next file (See above)
2018-12-25T12:36:46.008668277Z	61	PC: 132cc \| Open file (See above)
2018-12-25T12:36:46.015710433Z	66	PC: 13396 \| Move file pointer (See above)
2018-12-25T12:36:46.017656974Z	62	PC: 132f3 \| Close file (See above)
2018-12-25T12:36:46.024213571Z	79	PC: 132bf \| Find next file (See above)
2018-12-25T12:36:46.027209403Z	61	PC: 132cc \| Open file (See above)
2018-12-25T12:36:46.034182327Z	66	PC: 13396 \| Move file pointer (See above)
2018-12-25T12:36:46.036258985Z	62	PC: 132f3 \| Close file (See above)
2018-12-25T12:36:46.039029506Z	79	PC: 132bf \| Find next file (See above)
2018-12-25T12:36:46.041741278Z	61	PC: 132cc \| Open file (See above)
2018-12-25T12:36:46.048520301Z	66	PC: 13396 \| Move file pointer (See above)
2018-12-25T12:36:46.049793004Z	87	PC: 132e3 \| Get or set file date and time
2018-12-25T12:36:46.051074288Z	44	PC: 13303 \| Get time 0x13303: or dl, dl 0x13305: je 0x132ff 0x13307: mov byte ptr [bp + 0x116], dl 0x1330b: mov ax, 0x4200 0x1330e: call 0x13390 0x13311: mov ah, 0x3f 0x13313: lea dx, word ptr [bp + 0x22b] 0x13317: mov cx, 3 0x1331a: int 0x21 0x1331c: mov ax, 0x4202 0x1331f: call 0x13390 0x13322: sub ax, 3 0x13325: mov word ptr cs:[bp + 0x229], ax 0x1332a: lea si, word ptr [bp + 0x105] 0x1332e: mov di, 0xfac8 0x13331: mov cx, 0x191 0x13334: cld 0x13335: rep movsb byte ptr es:[di], byte ptr [si] 0x13337: mov si, 0xfaea 0x1333a: call 0x23286
2018-12-25T12:36:46.053639283Z	66	PC: 13396 \| Move file pointer (See above)
2018-12-25T12:36:46.055779797Z	63	PC: 1331c \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:46.058583761Z	66	PC: 13396 \| Move file pointer (See above)
2018-12-25T12:36:46.060963555Z	64	PC: 13347 \| Write file or device (Write 401 bytes on handle 5)
2018-12-25T12:36:46.076381698Z	66	PC: 13396 \| Move file pointer (See above)
2018-12-25T12:36:46.078187227Z	64	PC: 13358 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:46.082536059Z	87	PC: 1335f \| Get or set file date and time
2018-12-25T12:36:46.084448762Z	62	PC: 13363 \| Close file
2018-12-25T12:36:46.092383378Z	42	PC: 13367 \| Get date 0x13367: cmp dh, dl 0x13369: jne 0x1337c 0x1336b: mov ah, 0x2c 0x1336d: int 0x21 0x1336f: and dh, 7 0x13372: jne 0x1337c 0x13374: mov ah, 9 0x13376: lea dx, word ptr [bp + 0x234] 0x1337a: int 0x21 0x1337c: mov ah, 0x1a 0x1337e: mov dx, 0x80 0x13381: int 0x21 0x13383: mov ah, 0xe 0x13385: mov dl, byte ptr [bp + 0x296] 0x13389: int 0x21 0x1338b: mov ax, 0x100 0x1338e: push ax 0x1338f: ret 0x13390: xor cx, cx 0x13392: xor dx, dx
2018-12-25T12:36:46.095116915Z	44	PC: 1336f \| Get time 0x1336f: and dh, 7 0x13372: jne 0x1337c 0x13374: mov ah, 9 0x13376: lea dx, word ptr [bp + 0x234] 0x1337a: int 0x21 0x1337c: mov ah, 0x1a 0x1337e: mov dx, 0x80 0x13381: int 0x21 0x13383: mov ah, 0xe 0x13385: mov dl, byte ptr [bp + 0x296] 0x13389: int 0x21 0x1338b: mov ax, 0x100 0x1338e: push ax 0x1338f: ret 0x13390: xor cx, cx 0x13392: xor dx, dx 0x13394: int 0x21 0x13396: ret 0x13397: jmp 0x13d5c 0x1339a: jmp 0x13bce
2018-12-25T12:36:46.097374096Z	26	PC: 13383 \| Set disk transfer address
2018-12-25T12:36:46.098678648Z	14	PC: 1338b \| Set default drive (Drive = 'A')
2018-12-25T12:36:46.100785744Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:36:46.106412769Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:36:46.108072455Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:36:46.119357681Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:36:46.121590788Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:36:46.125804617Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12897,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:46.057752684Z	26	PC: 1329d \| Set disk transfer address
2018-12-25T12:36:46.058854084Z	25	PC: 132ab \| Get default drive
2018-12-25T12:36:46.060401028Z	14	PC: 132b5 \| Set default drive (Drive = 'D')
2018-12-25T12:36:46.061759141Z	78	PC: 132bf \| Find first file
2018-12-25T12:36:46.068234831Z	61	PC: 132cc \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:46.077181652Z	66	PC: 13396 \| Move file pointer
2018-12-25T12:36:46.078792198Z	62	PC: 132f3 \| Close file
2018-12-25T12:36:46.080754086Z	79	PC: 132bf \| Find next file (See above)
2018-12-25T12:36:46.084192508Z	61	PC: 132cc \| Open file (See above)
2018-12-25T12:36:46.091449022Z	66	PC: 13396 \| Move file pointer (See above)
2018-12-25T12:36:46.092939663Z	62	PC: 132f3 \| Close file (See above)
2018-12-25T12:36:46.095423192Z	79	PC: 132bf \| Find next file (See above)
2018-12-25T12:36:46.098201131Z	61	PC: 132cc \| Open file (See above)
2018-12-25T12:36:46.105437876Z	66	PC: 13396 \| Move file pointer (See above)
2018-12-25T12:36:46.110286295Z	62	PC: 132f3 \| Close file (See above)
2018-12-25T12:36:46.112177054Z	79	PC: 132bf \| Find next file (See above)
2018-12-25T12:36:46.114778845Z	61	PC: 132cc \| Open file (See above)
2018-12-25T12:36:46.122139869Z	66	PC: 13396 \| Move file pointer (See above)
2018-12-25T12:36:46.12405388Z	62	PC: 132f3 \| Close file (See above)
2018-12-25T12:36:46.12595591Z	79	PC: 132bf \| Find next file (See above)
2018-12-25T12:36:46.128818601Z	61	PC: 132cc \| Open file (See above)
2018-12-25T12:36:46.136808762Z	66	PC: 13396 \| Move file pointer (See above)
2018-12-25T12:36:46.138420226Z	62	PC: 132f3 \| Close file (See above)
2018-12-25T12:36:46.140503085Z	79	PC: 132bf \| Find next file (See above)
2018-12-25T12:36:46.144479817Z	61	PC: 132cc \| Open file (See above)
2018-12-25T12:36:46.15157033Z	66	PC: 13396 \| Move file pointer (See above)
2018-12-25T12:36:46.152952395Z	62	PC: 132f3 \| Close file (See above)
2018-12-25T12:36:46.155329085Z	79	PC: 132bf \| Find next file (See above)
2018-12-25T12:36:46.158075943Z	61	PC: 132cc \| Open file (See above)
2018-12-25T12:36:46.165277162Z	66	PC: 13396 \| Move file pointer (See above)
2018-12-25T12:36:46.175191911Z	62	PC: 132f3 \| Close file (See above)
2018-12-25T12:36:46.177742524Z	79	PC: 132bf \| Find next file (See above)
2018-12-25T12:36:46.180783069Z	61	PC: 132cc \| Open file (See above)
2018-12-25T12:36:46.188434797Z	66	PC: 13396 \| Move file pointer (See above)
2018-12-25T12:36:46.190286479Z	87	PC: 132e3 \| Get or set file date and time
2018-12-25T12:36:46.191799873Z	44	PC: 13303 \| Get time 0x13303: or dl, dl 0x13305: je 0x132ff 0x13307: mov byte ptr [bp + 0x116], dl 0x1330b: mov ax, 0x4200 0x1330e: call 0x13390 0x13311: mov ah, 0x3f 0x13313: lea dx, word ptr [bp + 0x22b] 0x13317: mov cx, 3 0x1331a: int 0x21 0x1331c: mov ax, 0x4202 0x1331f: call 0x13390 0x13322: sub ax, 3 0x13325: mov word ptr cs:[bp + 0x229], ax 0x1332a: lea si, word ptr [bp + 0x105] 0x1332e: mov di, 0xfac8 0x13331: mov cx, 0x191 0x13334: cld 0x13335: rep movsb byte ptr es:[di], byte ptr [si] 0x13337: mov si, 0xfaea 0x1333a: call 0x23286
2018-12-25T12:36:46.195267206Z	66	PC: 13396 \| Move file pointer (See above)
2018-12-25T12:36:46.196973918Z	63	PC: 1331c \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:46.200114042Z	66	PC: 13396 \| Move file pointer (See above)
2018-12-25T12:36:46.2025019Z	64	PC: 13347 \| Write file or device (Write 401 bytes on handle 5)
2018-12-25T12:36:46.219461171Z	66	PC: 13396 \| Move file pointer (See above)
2018-12-25T12:36:46.221619623Z	64	PC: 13358 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:46.22585411Z	87	PC: 1335f \| Get or set file date and time
2018-12-25T12:36:46.229451901Z	62	PC: 13363 \| Close file
2018-12-25T12:36:46.237820178Z	42	PC: 13367 \| Get date 0x13367: cmp dh, dl 0x13369: jne 0x1337c 0x1336b: mov ah, 0x2c 0x1336d: int 0x21 0x1336f: and dh, 7 0x13372: jne 0x1337c 0x13374: mov ah, 9 0x13376: lea dx, word ptr [bp + 0x234] 0x1337a: int 0x21 0x1337c: mov ah, 0x1a 0x1337e: mov dx, 0x80 0x13381: int 0x21 0x13383: mov ah, 0xe 0x13385: mov dl, byte ptr [bp + 0x296] 0x13389: int 0x21 0x1338b: mov ax, 0x100 0x1338e: push ax 0x1338f: ret 0x13390: xor cx, cx 0x13392: xor dx, dx
2018-12-25T12:36:46.23960185Z	26	PC: 13383 \| Set disk transfer address
2018-12-25T12:36:46.24140209Z	14	PC: 1338b \| Set default drive (Drive = 'A')
2018-12-25T12:36:46.242585194Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:36:46.246185611Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:36:46.247822915Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:36:46.255137168Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:36:46.257172416Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:36:46.262329775Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')