Sample viewer

vx.netlux.org/Virus.DOS.SW.504

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:59:48.74744291Z 44 PC: 12bc0 | Get time 0x12bc0: cmp ch, 0xc
0x12bc3: je 0x12bcd
0x12bc5: cmp ch, 0
0x12bc8: je 0x12bcd
0x12bca: jmp 0x12c2f
0x12bcc: nop
0x12bcd: mov ah, 1
0x12bcf: mov cx, 0x2000
0x12bd2: int 0x10
0x12bd4: push es
0x12bd5: mov ax, 0xb800
0x12bd8: mov es, ax
0x12bda: xor bx, bx
0x12bdc: mov cx, 0xfa0
0x12bdf: mov ax, 0xb20
0x12be2: mov word ptr es:[bx], ax
0x12be5: add bx, 2
0x12be8: loop 0x12be2
0x12bea: mov ch, 0
0x12bec: mov cl, 1
2018-12-17T22:59:48.750176567Z 78 PC: 12c81 | Find first file
2018-12-17T22:59:48.757023265Z 61 PC: 12cae | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:59:48.763979435Z 63 PC: 12cc5 | Read file or device (Read 13 bytes on handle 5)
2018-12-17T22:59:48.770718302Z 66 PC: 12cd7 | Move file pointer
2018-12-17T22:59:48.772827735Z 64 PC: 12cef | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:48.775912454Z 64 PC: 12d07 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:59:48.778737875Z 64 PC: 12d16 | Write file or device (Write 8 bytes on handle 5)
2018-12-17T22:59:48.792116357Z 66 PC: 12d25 | Move file pointer
2018-12-17T22:59:48.793775269Z 64 PC: 12d38 | Write file or device (Write 504 bytes on handle 5)
2018-12-17T22:59:48.810585524Z 87 PC: 12d4a | Get or set file date and time
2018-12-17T22:59:48.81421452Z 62 PC: 12d50 | Close file
2018-12-17T22:59:48.823475352Z 79 PC: 12d60 | Find next file
2018-12-17T22:59:48.826930771Z 79 PC: 12d60 | Find next file
2018-12-17T22:59:48.831076403Z 79 PC: 12d60 | Find next file
2018-12-17T22:59:48.835154135Z 79 PC: 12d60 | Find next file
2018-12-17T22:59:48.838452147Z 79 PC: 12d60 | Find next file
2018-12-17T22:59:48.841690908Z 61 PC: 12cae | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:59:48.850118678Z 63 PC: 12cc5 | Read file or device (Read 13 bytes on handle 5)
2018-12-17T22:59:48.857030926Z 66 PC: 12cd7 | Move file pointer
2018-12-17T22:59:48.858698584Z 64 PC: 12cef | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:48.862230617Z 64 PC: 12d07 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:59:48.865396691Z 64 PC: 12d16 | Write file or device (Write 8 bytes on handle 5)
2018-12-17T22:59:48.868375892Z 66 PC: 12d25 | Move file pointer
2018-12-17T22:59:48.8707469Z 64 PC: 12d38 | Write file or device (Write 504 bytes on handle 5)
2018-12-17T22:59:48.881004241Z 87 PC: 12d4a | Get or set file date and time
2018-12-17T22:59:48.883337927Z 62 PC: 12d50 | Close file
2018-12-17T22:59:48.894035525Z 79 PC: 12d60 | Find next file
2018-12-17T22:59:48.898350119Z 79 PC: 12d60 | Find next file
2018-12-17T22:59:48.902775795Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:59:48.908596366Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13338,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:06.06243256Z 44 PC: 12bc0 | Get time 0x12bc0: cmp ch, 0xc
0x12bc3: je 0x12bcd
0x12bc5: cmp ch, 0
0x12bc8: je 0x12bcd
0x12bca: jmp 0x12c2f
0x12bcc: nop
0x12bcd: mov ah, 1
0x12bcf: mov cx, 0x2000
0x12bd2: int 0x10
0x12bd4: push es
0x12bd5: mov ax, 0xb800
0x12bd8: mov es, ax
0x12bda: xor bx, bx
0x12bdc: mov cx, 0xfa0
0x12bdf: mov ax, 0xb20
0x12be2: mov word ptr es:[bx], ax
0x12be5: add bx, 2
0x12be8: loop 0x12be2
0x12bea: mov ch, 0
0x12bec: mov cl, 1
2018-12-25T12:38:06.293007555Z 78 PC: 12c81 | Find first file
2018-12-25T12:38:06.299029448Z 61 PC: 12cae | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:06.305319842Z 63 PC: 12cc5 | Read file or device (Read 13 bytes on handle 5)
2018-12-25T12:38:06.315089822Z 66 PC: 12cd7 | Move file pointer
2018-12-25T12:38:06.317575511Z 64 PC: 12cef | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:38:06.31976157Z 64 PC: 12d07 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:38:06.32236072Z 64 PC: 12d16 | Write file or device (Write 8 bytes on handle 5)
2018-12-25T12:38:06.327098222Z 66 PC: 12d25 | Move file pointer
2018-12-25T12:38:06.328483303Z 64 PC: 12d38 | Write file or device (Write 504 bytes on handle 5)
2018-12-25T12:38:06.741463616Z 87 PC: 12d4a | Get or set file date and time
2018-12-25T12:38:06.753696885Z 62 PC: 12d50 | Close file
2018-12-25T12:38:06.761835543Z 79 PC: 12d60 | Find next file
2018-12-25T12:38:06.765592706Z 79 PC: 12d60 | Find next file (See above)
2018-12-25T12:38:06.771196729Z 79 PC: 12d60 | Find next file (See above)
2018-12-25T12:38:06.781984602Z 79 PC: 12d60 | Find next file (See above)
2018-12-25T12:38:06.784710772Z 79 PC: 12d60 | Find next file (See above)
2018-12-25T12:38:06.787757133Z 61 PC: 12cae | Open file (See above)
2018-12-25T12:38:06.794806221Z 63 PC: 12cc5 | Read file or device (See above)
2018-12-25T12:38:06.813022539Z 66 PC: 12cd7 | Move file pointer (See above)
2018-12-25T12:38:06.814552725Z 64 PC: 12cef | Write file or device (See above)
2018-12-25T12:38:06.818037887Z 64 PC: 12d07 | Write file or device (See above)
2018-12-25T12:38:06.82087992Z 64 PC: 12d16 | Write file or device (See above)
2018-12-25T12:38:06.827771616Z 66 PC: 12d25 | Move file pointer (See above)
2018-12-25T12:38:06.829700527Z 64 PC: 12d38 | Write file or device (See above)
2018-12-25T12:38:06.844189726Z 87 PC: 12d4a | Get or set file date and time (See above)
2018-12-25T12:38:06.85911337Z 62 PC: 12d50 | Close file (See above)
2018-12-25T12:38:06.867508416Z 79 PC: 12d60 | Find next file (See above)
2018-12-25T12:38:06.870329349Z 79 PC: 12d60 | Find next file (See above)
2018-12-25T12:38:06.872872447Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:38:06.879207345Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13338,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:06.421441768Z 44 PC: 12bc0 | Get time 0x12bc0: cmp ch, 0xc
0x12bc3: je 0x12bcd
0x12bc5: cmp ch, 0
0x12bc8: je 0x12bcd
0x12bca: jmp 0x12c2f
0x12bcc: nop
0x12bcd: mov ah, 1
0x12bcf: mov cx, 0x2000
0x12bd2: int 0x10
0x12bd4: push es
0x12bd5: mov ax, 0xb800
0x12bd8: mov es, ax
0x12bda: xor bx, bx
0x12bdc: mov cx, 0xfa0
0x12bdf: mov ax, 0xb20
0x12be2: mov word ptr es:[bx], ax
0x12be5: add bx, 2
0x12be8: loop 0x12be2
0x12bea: mov ch, 0
0x12bec: mov cl, 1
2018-12-25T12:38:06.423979326Z 78 PC: 12c81 | Find first file
2018-12-25T12:38:06.429592945Z 61 PC: 12cae | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:06.435671048Z 63 PC: 12cc5 | Read file or device (Read 13 bytes on handle 5)
2018-12-25T12:38:06.442287181Z 66 PC: 12cd7 | Move file pointer
2018-12-25T12:38:06.443774478Z 64 PC: 12cef | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:38:06.446390413Z 64 PC: 12d07 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:38:06.451919679Z 64 PC: 12d16 | Write file or device (Write 8 bytes on handle 5)
2018-12-25T12:38:06.454560916Z 66 PC: 12d25 | Move file pointer
2018-12-25T12:38:06.456017865Z 64 PC: 12d38 | Write file or device (Write 504 bytes on handle 5)
2018-12-25T12:38:06.739151398Z 87 PC: 12d4a | Get or set file date and time
2018-12-25T12:38:06.743359992Z 62 PC: 12d50 | Close file
2018-12-25T12:38:06.751110483Z 79 PC: 12d60 | Find next file
2018-12-25T12:38:06.754266753Z 79 PC: 12d60 | Find next file (See above)
2018-12-25T12:38:06.759489665Z 79 PC: 12d60 | Find next file (See above)
2018-12-25T12:38:06.762363445Z 79 PC: 12d60 | Find next file (See above)
2018-12-25T12:38:06.765255117Z 79 PC: 12d60 | Find next file (See above)
2018-12-25T12:38:06.769127075Z 61 PC: 12cae | Open file (See above)
2018-12-25T12:38:06.776244911Z 63 PC: 12cc5 | Read file or device (See above)
2018-12-25T12:38:06.782867015Z 66 PC: 12cd7 | Move file pointer (See above)
2018-12-25T12:38:06.785574643Z 64 PC: 12cef | Write file or device (See above)
2018-12-25T12:38:06.788563605Z 64 PC: 12d07 | Write file or device (See above)
2018-12-25T12:38:06.791678367Z 64 PC: 12d16 | Write file or device (See above)
2018-12-25T12:38:06.795332074Z 66 PC: 12d25 | Move file pointer (See above)
2018-12-25T12:38:06.797336424Z 64 PC: 12d38 | Write file or device (See above)
2018-12-25T12:38:06.810173591Z 87 PC: 12d4a | Get or set file date and time (See above)
2018-12-25T12:38:06.81217708Z 62 PC: 12d50 | Close file (See above)
2018-12-25T12:38:06.822103915Z 79 PC: 12d60 | Find next file (See above)
2018-12-25T12:38:06.825066225Z 79 PC: 12d60 | Find next file (See above)
2018-12-25T12:38:06.828079135Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:38:06.83551765Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":12,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13338,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:06.628738892Z 44 PC: 12bc0 | Get time 0x12bc0: cmp ch, 0xc
0x12bc3: je 0x12bcd
0x12bc5: cmp ch, 0
0x12bc8: je 0x12bcd
0x12bca: jmp 0x12c2f
0x12bcc: nop
0x12bcd: mov ah, 1
0x12bcf: mov cx, 0x2000
0x12bd2: int 0x10
0x12bd4: push es
0x12bd5: mov ax, 0xb800
0x12bd8: mov es, ax
0x12bda: xor bx, bx
0x12bdc: mov cx, 0xfa0
0x12bdf: mov ax, 0xb20
0x12be2: mov word ptr es:[bx], ax
0x12be5: add bx, 2
0x12be8: loop 0x12be2
0x12bea: mov ch, 0
0x12bec: mov cl, 1
2018-12-25T12:38:06.856487064Z 78 PC: 12c81 | Find first file
2018-12-25T12:38:06.863125764Z 61 PC: 12cae | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:06.869660598Z 63 PC: 12cc5 | Read file or device (Read 13 bytes on handle 5)
2018-12-25T12:38:06.876912182Z 66 PC: 12cd7 | Move file pointer
2018-12-25T12:38:06.878861921Z 64 PC: 12cef | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:38:06.882151282Z 64 PC: 12d07 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:38:06.885832852Z 64 PC: 12d16 | Write file or device (Write 8 bytes on handle 5)
2018-12-25T12:38:06.889353331Z 66 PC: 12d25 | Move file pointer
2018-12-25T12:38:06.890998381Z 64 PC: 12d38 | Write file or device (Write 504 bytes on handle 5)
2018-12-25T12:38:06.903891244Z 87 PC: 12d4a | Get or set file date and time
2018-12-25T12:38:06.906480143Z 62 PC: 12d50 | Close file
2018-12-25T12:38:06.914424525Z 79 PC: 12d60 | Find next file
2018-12-25T12:38:06.917457853Z 79 PC: 12d60 | Find next file (See above)
2018-12-25T12:38:06.920923894Z 79 PC: 12d60 | Find next file (See above)
2018-12-25T12:38:06.923524Z 79 PC: 12d60 | Find next file (See above)
2018-12-25T12:38:06.926071966Z 79 PC: 12d60 | Find next file (See above)
2018-12-25T12:38:06.929964438Z 61 PC: 12cae | Open file (See above)
2018-12-25T12:38:06.944838002Z 63 PC: 12cc5 | Read file or device (See above)
2018-12-25T12:38:06.951153413Z 66 PC: 12cd7 | Move file pointer (See above)
2018-12-25T12:38:06.9539049Z 64 PC: 12cef | Write file or device (See above)
2018-12-25T12:38:06.957508856Z 64 PC: 12d07 | Write file or device (See above)
2018-12-25T12:38:06.960065518Z 64 PC: 12d16 | Write file or device (See above)
2018-12-25T12:38:06.962846929Z 66 PC: 12d25 | Move file pointer (See above)
2018-12-25T12:38:06.971853071Z 64 PC: 12d38 | Write file or device (See above)
2018-12-25T12:38:06.98010951Z 87 PC: 12d4a | Get or set file date and time (See above)
2018-12-25T12:38:06.981952471Z 62 PC: 12d50 | Close file (See above)
2018-12-25T12:38:06.990141029Z 79 PC: 12d60 | Find next file (See above)
2018-12-25T12:38:06.992742495Z 79 PC: 12d60 | Find next file (See above)
2018-12-25T12:38:06.995116281Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:38:07.001087358Z 76 PC: 12a86 | Terminate with return code (Return code = '36')