Sample viewer

vx.netlux.org/Virus.DOS.Garfio.1000.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:59:44.805276378Z	250	PC: 12a68 \| UNKNOWN!
2018-12-17T22:59:44.806917435Z	42	PC: 12c19 \| Get date 0x12c19: cmp dl, 0xa 0x12c1c: jne 0x12c2a 0x12c1e: mov ah, 9 0x12c20: lea dx, word ptr [bp + 0x137] 0x12c24: int 0x21 0x12c26: mov ah, 0x4c 0x12c28: int 0x21 0x12c2a: cld 0x12c2b: mov di, 0x100 0x12c2e: mov cx, 4 0x12c31: lea si, word ptr [bp + 0x2ad] 0x12c35: rep movsb byte ptr es:[di], byte ptr [si] 0x12c37: mov ax, 0x4e00 0x12c3a: mov cx, 0x27 0x12c3d: lea dx, word ptr [bp + 0x2b1] 0x12c41: int 0x21 0x12c43: jae 0x12c57 0x12c45: mov di, 0x80 0x12c48: mov cx, 0x2b 0x12c4b: lea si, word ptr [bp + 0x27e]
2018-12-17T22:59:44.80915958Z	78	PC: 12c43 \| Find first file
2018-12-17T22:59:44.815082272Z	67	PC: 12c62 \| Get or set file attributes
2018-12-17T22:59:44.821793808Z	67	PC: 12c7d \| Get or set file attributes
2018-12-17T22:59:44.840779235Z	61	PC: 12c85 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:59:44.847574168Z	63	PC: 12c94 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:59:44.854102332Z	66	PC: 12cd3 \| Move file pointer
2018-12-17T22:59:44.855617251Z	64	PC: 12ce0 \| Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:59:44.858197403Z	64	PC: 12cff \| Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:59:44.860650949Z	64	PC: 12d0c \| Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:59:44.864760411Z	66	PC: 12d19 \| Move file pointer
2018-12-17T22:59:44.866560322Z	64	PC: 12d3e \| Write file or device (Write 1000 bytes on handle 5)
2018-12-17T22:59:44.875201113Z	87	PC: 12d4b \| Get or set file date and time
2018-12-17T22:59:44.87819309Z	62	PC: 12d4f \| Close file
2018-12-17T22:59:44.886170256Z	67	PC: 12d5c \| Get or set file attributes
2018-12-17T22:59:44.888717788Z	67	PC: 12d67 \| Get or set file attributes
2018-12-17T22:59:44.894835963Z	65	PC: 12d6b \| Delete file (Filename = 'CHKLIST.MS')
2018-12-17T22:59:44.90097356Z	67	PC: 12d73 \| Get or set file attributes
2018-12-17T22:59:44.912054608Z	67	PC: 12d82 \| Get or set file attributes
2018-12-17T22:59:44.918080728Z	61	PC: 12d8a \| Open file (Filename = 'ANTI-VIR.DAT')
2018-12-17T22:59:44.924406079Z	76	PC: 12a4a \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13307,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:59.628291101Z	250	PC: 12a68 \| UNKNOWN!
2018-12-25T12:37:59.630626113Z	42	PC: 12c19 \| Get date 0x12c19: cmp dl, 0xa 0x12c1c: jne 0x12c2a 0x12c1e: mov ah, 9 0x12c20: lea dx, word ptr [bp + 0x137] 0x12c24: int 0x21 0x12c26: mov ah, 0x4c 0x12c28: int 0x21 0x12c2a: cld 0x12c2b: mov di, 0x100 0x12c2e: mov cx, 4 0x12c31: lea si, word ptr [bp + 0x2ad] 0x12c35: rep movsb byte ptr es:[di], byte ptr [si] 0x12c37: mov ax, 0x4e00 0x12c3a: mov cx, 0x27 0x12c3d: lea dx, word ptr [bp + 0x2b1] 0x12c41: int 0x21 0x12c43: jae 0x12c57 0x12c45: mov di, 0x80 0x12c48: mov cx, 0x2b 0x12c4b: lea si, word ptr [bp + 0x27e]
2018-12-25T12:37:59.633220067Z	78	PC: 12c43 \| Find first file
2018-12-25T12:37:59.639636595Z	67	PC: 12c62 \| Get or set file attributes
2018-12-25T12:37:59.64632144Z	67	PC: 12c7d \| Get or set file attributes
2018-12-25T12:37:59.73585084Z	61	PC: 12c85 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:59.743565968Z	63	PC: 12c94 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:37:59.751130662Z	66	PC: 12cd3 \| Move file pointer
2018-12-25T12:37:59.754164835Z	64	PC: 12ce0 \| Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:37:59.757765888Z	64	PC: 12cff \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:37:59.761122836Z	64	PC: 12d0c \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:37:59.765261726Z	66	PC: 12d19 \| Move file pointer
2018-12-25T12:37:59.767330789Z	64	PC: 12d3e \| Write file or device (Write 1000 bytes on handle 5)
2018-12-25T12:37:59.777743271Z	87	PC: 12d4b \| Get or set file date and time
2018-12-25T12:37:59.780293156Z	62	PC: 12d4f \| Close file
2018-12-25T12:37:59.789631402Z	67	PC: 12d5c \| Get or set file attributes
2018-12-25T12:37:59.791830347Z	67	PC: 12d67 \| Get or set file attributes
2018-12-25T12:37:59.798897883Z	65	PC: 12d6b \| Delete file (Filename = 'CHKLIST.MS')
2018-12-25T12:37:59.806495626Z	67	PC: 12d73 \| Get or set file attributes
2018-12-25T12:37:59.813551199Z	67	PC: 12d82 \| Get or set file attributes
2018-12-25T12:37:59.828302197Z	61	PC: 12d8a \| Open file (Filename = 'ANTI-VIR.DAT')
2018-12-25T12:37:59.8478408Z	76	PC: 12a4a \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":10,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13307,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:59.710000457Z	250	PC: 12a68 \| UNKNOWN!
2018-12-25T12:37:59.71111572Z	42	PC: 12c19 \| Get date 0x12c19: cmp dl, 0xa 0x12c1c: jne 0x12c2a 0x12c1e: mov ah, 9 0x12c20: lea dx, word ptr [bp + 0x137] 0x12c24: int 0x21 0x12c26: mov ah, 0x4c 0x12c28: int 0x21 0x12c2a: cld 0x12c2b: mov di, 0x100 0x12c2e: mov cx, 4 0x12c31: lea si, word ptr [bp + 0x2ad] 0x12c35: rep movsb byte ptr es:[di], byte ptr [si] 0x12c37: mov ax, 0x4e00 0x12c3a: mov cx, 0x27 0x12c3d: lea dx, word ptr [bp + 0x2b1] 0x12c41: int 0x21 0x12c43: jae 0x12c57 0x12c45: mov di, 0x80 0x12c48: mov cx, 0x2b 0x12c4b: lea si, word ptr [bp + 0x27e]
2018-12-25T12:37:59.713500754Z	9	PC: 12c26 \| Display string (Could not find end pointer)
2018-12-25T12:37:59.728945115Z	76	PC: 12c2a \| Terminate with return code (Return code = '36')