Sample viewer

vx.netlux.org/Virus.DOS.Big.1068

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:59:17.068200329Z	26	PC: 1304e \| Set disk transfer address
2018-12-17T22:59:17.070398119Z	78	PC: 13058 \| Find first file
2018-12-17T22:59:17.077173824Z	61	PC: 13253 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:59:17.084449217Z	66	PC: 13269 \| Move file pointer
2018-12-17T22:59:17.086757605Z	63	PC: 13092 \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:59:17.094356376Z	62	PC: 1325e \| Close file
2018-12-17T22:59:17.096733454Z	67	PC: 130af \| Get or set file attributes
2018-12-17T22:59:17.103276792Z	67	PC: 130be \| Get or set file attributes
2018-12-17T22:59:17.122068268Z	61	PC: 13253 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:59:17.134915043Z	66	PC: 13269 \| Move file pointer
2018-12-17T22:59:17.136549515Z	63	PC: 130d7 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:17.144421289Z	62	PC: 1325e \| Close file
2018-12-17T22:59:17.146789059Z	61	PC: 13253 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:59:17.15419109Z	66	PC: 13269 \| Move file pointer
2018-12-17T22:59:17.156680158Z	64	PC: 130f1 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:17.160082032Z	66	PC: 13269 \| Move file pointer
2018-12-17T22:59:17.161937979Z	64	PC: 1310e \| Write file or device (Write 1068 bytes on handle 5)
2018-12-17T22:59:17.171704154Z	62	PC: 1325e \| Close file
2018-12-17T22:59:17.18107686Z	67	PC: 13120 \| Get or set file attributes
2018-12-17T22:59:17.192219291Z	44	PC: 13139 \| Get time 0x13139: cmp dh, 5 0x1313c: jge 0x1319d 0x1313e: mov ax, 0x600 0x13141: mov bh, 7 0x13143: mov cx, 0 0x13146: mov dx, 0x184f 0x13149: int 0x10 0x1314b: mov ah, 2 0x1314d: mov bh, 0 0x1314f: mov dx, 0x1900 0x13152: int 0x10 0x13154: push cs 0x13155: pop ax 0x13156: mov ds, ax 0x13158: mov es, ax 0x1315a: lea si, word ptr [bp + 0x4b] 0x1315d: lea di, word ptr [bp + 0x55] 0x13160: mov cx, 7 0x13163: push cx 0x13164: mov cx, 2
2018-12-17T22:59:17.195607719Z	9	PC: 12a83 \| Display string (String= 'This is a COM sacrificial goat exactly 400H bytes long ')
2018-12-17T22:59:17.204573429Z	0	PC: 12a87 \| Program terminate

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13155,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:37.398654066Z	26	PC: 1304e \| Set disk transfer address
2018-12-25T12:37:37.400076965Z	78	PC: 13058 \| Find first file
2018-12-25T12:37:37.406676419Z	61	PC: 13253 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:37.413838618Z	66	PC: 13269 \| Move file pointer
2018-12-25T12:37:37.415389116Z	63	PC: 13092 \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:37:37.422963111Z	62	PC: 1325e \| Close file
2018-12-25T12:37:37.425122438Z	67	PC: 130af \| Get or set file attributes
2018-12-25T12:37:37.432452649Z	67	PC: 130be \| Get or set file attributes
2018-12-25T12:37:37.563974245Z	61	PC: 13253 \| Open file (See above)
2018-12-25T12:37:37.578876225Z	66	PC: 13269 \| Move file pointer (See above)
2018-12-25T12:37:37.580920867Z	63	PC: 130d7 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:37:37.589654592Z	62	PC: 1325e \| Close file (See above)
2018-12-25T12:37:37.592133531Z	61	PC: 13253 \| Open file (See above)
2018-12-25T12:37:37.600156795Z	66	PC: 13269 \| Move file pointer (See above)
2018-12-25T12:37:37.602746741Z	64	PC: 130f1 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:37:37.606039712Z	66	PC: 13269 \| Move file pointer (See above)
2018-12-25T12:37:37.607564145Z	64	PC: 1310e \| Write file or device (Write 1068 bytes on handle 5)
2018-12-25T12:37:37.618541452Z	62	PC: 1325e \| Close file (See above)
2018-12-25T12:37:37.628302759Z	67	PC: 13120 \| Get or set file attributes
2018-12-25T12:37:37.639239498Z	44	PC: 13139 \| Get time 0x13139: cmp dh, 5 0x1313c: jge 0x1319d 0x1313e: mov ax, 0x600 0x13141: mov bh, 7 0x13143: mov cx, 0 0x13146: mov dx, 0x184f 0x13149: int 0x10 0x1314b: mov ah, 2 0x1314d: mov bh, 0 0x1314f: mov dx, 0x1900 0x13152: int 0x10 0x13154: push cs 0x13155: pop ax 0x13156: mov ds, ax 0x13158: mov es, ax 0x1315a: lea si, word ptr [bp + 0x4b] 0x1315d: lea di, word ptr [bp + 0x55] 0x13160: mov cx, 7 0x13163: push cx 0x13164: mov cx, 2

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":5,"TimeBased":true,"OriginalID":13155,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:37.544415545Z	26	PC: 1304e \| Set disk transfer address
2018-12-25T12:37:37.555364261Z	78	PC: 13058 \| Find first file
2018-12-25T12:37:37.561586985Z	61	PC: 13253 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:37.567842308Z	66	PC: 13269 \| Move file pointer
2018-12-25T12:37:37.569714743Z	63	PC: 13092 \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:37:37.577974721Z	62	PC: 1325e \| Close file
2018-12-25T12:37:37.580122725Z	67	PC: 130af \| Get or set file attributes
2018-12-25T12:37:37.585978931Z	67	PC: 130be \| Get or set file attributes
2018-12-25T12:37:39.144429556Z	61	PC: 13253 \| Open file (See above)
2018-12-25T12:37:39.156834293Z	66	PC: 13269 \| Move file pointer (See above)
2018-12-25T12:37:39.158553249Z	63	PC: 130d7 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:37:39.166227177Z	62	PC: 1325e \| Close file (See above)
2018-12-25T12:37:39.168294404Z	61	PC: 13253 \| Open file (See above)
2018-12-25T12:37:39.175085873Z	66	PC: 13269 \| Move file pointer (See above)
2018-12-25T12:37:39.177885956Z	64	PC: 130f1 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:37:39.180894695Z	66	PC: 13269 \| Move file pointer (See above)
2018-12-25T12:37:39.182534783Z	64	PC: 1310e \| Write file or device (Write 1068 bytes on handle 5)
2018-12-25T12:37:39.192208419Z	62	PC: 1325e \| Close file (See above)
2018-12-25T12:37:39.20028406Z	67	PC: 13120 \| Get or set file attributes
2018-12-25T12:37:39.209547249Z	44	PC: 13139 \| Get time 0x13139: cmp dh, 5 0x1313c: jge 0x1319d 0x1313e: mov ax, 0x600 0x13141: mov bh, 7 0x13143: mov cx, 0 0x13146: mov dx, 0x184f 0x13149: int 0x10 0x1314b: mov ah, 2 0x1314d: mov bh, 0 0x1314f: mov dx, 0x1900 0x13152: int 0x10 0x13154: push cs 0x13155: pop ax 0x13156: mov ds, ax 0x13158: mov es, ax 0x1315a: lea si, word ptr [bp + 0x4b] 0x1315d: lea di, word ptr [bp + 0x55] 0x13160: mov cx, 7 0x13163: push cx 0x13164: mov cx, 2
2018-12-25T12:37:39.212410971Z	9	PC: 12a83 \| Display string (String= 'This is a COM sacrificial goat exactly 400H bytes long ')
2018-12-25T12:37:39.216316238Z	0	PC: 12a87 \| Program terminate