Sample viewer

vx.netlux.org/Virus.DOS.Yoni.659

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:00:11.507536347Z 78 PC: 12bec | Find first file
2018-12-17T23:00:11.514737811Z 67 PC: 12c1a | Get or set file attributes
2018-12-17T23:00:11.531387849Z 61 PC: 12c24 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:00:11.537762799Z 63 PC: 12c46 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:00:11.550751378Z 62 PC: 12c57 | Close file
2018-12-17T23:00:11.552426171Z 67 PC: 12c6a | Get or set file attributes
2018-12-17T23:00:11.79837142Z 79 PC: 12c32 | Find next file
2018-12-17T23:00:11.802105025Z 67 PC: 12c1a | Get or set file attributes
2018-12-17T23:00:11.856709781Z 61 PC: 12c24 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:00:11.862992309Z 63 PC: 12c46 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:00:11.871202084Z 62 PC: 12c57 | Close file
2018-12-17T23:00:11.873856221Z 67 PC: 12c6a | Get or set file attributes
2018-12-17T23:00:11.883909891Z 79 PC: 12c32 | Find next file
2018-12-17T23:00:11.88654675Z 67 PC: 12c1a | Get or set file attributes
2018-12-17T23:00:11.89603493Z 61 PC: 12c24 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:00:11.914444262Z 63 PC: 12c46 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:00:11.921340806Z 62 PC: 12c57 | Close file
2018-12-17T23:00:11.92464553Z 67 PC: 12c6a | Get or set file attributes
2018-12-17T23:00:11.935190909Z 79 PC: 12c32 | Find next file
2018-12-17T23:00:11.937870683Z 67 PC: 12c1a | Get or set file attributes
2018-12-17T23:00:11.948171011Z 61 PC: 12c24 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:00:11.954842181Z 63 PC: 12c46 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:00:11.961001489Z 62 PC: 12c57 | Close file
2018-12-17T23:00:11.965975006Z 67 PC: 12c6a | Get or set file attributes
2018-12-17T23:00:11.975774998Z 79 PC: 12c32 | Find next file
2018-12-17T23:00:11.978339332Z 67 PC: 12c1a | Get or set file attributes
2018-12-17T23:00:11.988656512Z 61 PC: 12c24 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:00:12.000867432Z 63 PC: 12c46 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:00:12.007512515Z 62 PC: 12c57 | Close file
2018-12-17T23:00:12.010541003Z 67 PC: 12c6a | Get or set file attributes
2018-12-17T23:00:12.021415538Z 79 PC: 12c32 | Find next file
2018-12-17T23:00:12.024087642Z 67 PC: 12c1a | Get or set file attributes
2018-12-17T23:00:12.039007973Z 61 PC: 12c24 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:00:12.045888928Z 63 PC: 12c46 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:00:12.053160288Z 62 PC: 12c57 | Close file
2018-12-17T23:00:12.055934626Z 67 PC: 12c6a | Get or set file attributes
2018-12-17T23:00:12.06666681Z 79 PC: 12c32 | Find next file
2018-12-17T23:00:12.069849609Z 67 PC: 12c1a | Get or set file attributes
2018-12-17T23:00:12.079983421Z 61 PC: 12c24 | Open file (Filename = 'PAH.COM')
2018-12-17T23:00:12.086398884Z 63 PC: 12c46 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:00:12.092966736Z 62 PC: 12c57 | Close file
2018-12-17T23:00:12.095121718Z 67 PC: 12c6a | Get or set file attributes
2018-12-17T23:00:12.105567534Z 79 PC: 12c32 | Find next file
2018-12-17T23:00:12.108298397Z 67 PC: 12c1a | Get or set file attributes
2018-12-17T23:00:12.118134627Z 61 PC: 12c24 | Open file (Filename = 'TEST.COM')
2018-12-17T23:00:12.130144193Z 63 PC: 12c46 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:00:12.136327362Z 66 PC: 12c91 | Move file pointer
2018-12-17T23:00:12.137331888Z 63 PC: 12ca0 | Read file or device (Read 2 bytes on handle 5)
2018-12-17T23:00:12.142053696Z 62 PC: 12c57 | Close file
2018-12-17T23:00:12.143294229Z 67 PC: 12c6a | Get or set file attributes
2018-12-17T23:00:12.150126311Z 79 PC: 12c32 | Find next file
2018-12-17T23:00:12.152176321Z 44 PC: 12da3 | Get time 0x12da3: and ch, 1
0x12da6: cmp ch, 1
0x12da9: je 0x12daf
0x12dab: mov al, 0x20
0x12dad: mov byte ptr [bx], al
0x12daf: mov al, 0x2a
0x12db1: mov byte ptr [bx + 0xc], al
0x12db4: mov al, 0x2e
0x12db6: mov byte ptr [bx + 0xd], al
0x12db9: mov al, 0x44
0x12dbb: mov byte ptr [bx + 0xe], al
0x12dbe: mov al, 0x41
0x12dc0: mov byte ptr [bx + 0xf], al
0x12dc3: mov al, 0x54
0x12dc5: mov byte ptr [bx + 0x10], al
0x12dc8: mov al, 0
0x12dca: mov byte ptr [bx + 0x11], al
0x12dcd: mov dx, di
0x12dcf: add dx, 0xc
0x12dd2: mov ax, 0x4e00
2018-12-17T23:00:12.153820891Z 78 PC: 12ddb | Find first file
2018-12-17T23:00:12.1576507Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T23:00:12.160566773Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13456,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:16.824816473Z 78 PC: 12bec | Find first file
2018-12-25T12:38:16.83051882Z 67 PC: 12c1a | Get or set file attributes
2018-12-25T12:38:16.846519296Z 61 PC: 12c24 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:16.853783964Z 63 PC: 12c46 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:38:16.860062896Z 62 PC: 12c57 | Close file
2018-12-25T12:38:16.861779871Z 67 PC: 12c6a | Get or set file attributes
2018-12-25T12:38:16.871490286Z 79 PC: 12c32 | Find next file
2018-12-25T12:38:16.874346123Z 67 PC: 12c1a | Get or set file attributes (See above)
2018-12-25T12:38:16.88395609Z 61 PC: 12c24 | Open file (See above)
2018-12-25T12:38:16.895744978Z 63 PC: 12c46 | Read file or device (See above)
2018-12-25T12:38:16.90250531Z 62 PC: 12c57 | Close file (See above)
2018-12-25T12:38:16.904471732Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:38:16.917148983Z 79 PC: 12c32 | Find next file (See above)
2018-12-25T12:38:16.921592193Z 67 PC: 12c1a | Get or set file attributes (See above)
2018-12-25T12:38:16.933241081Z 61 PC: 12c24 | Open file (See above)
2018-12-25T12:38:16.939534062Z 63 PC: 12c46 | Read file or device (See above)
2018-12-25T12:38:16.946205959Z 62 PC: 12c57 | Close file (See above)
2018-12-25T12:38:16.948946977Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:38:16.960860274Z 79 PC: 12c32 | Find next file (See above)
2018-12-25T12:38:16.964891989Z 67 PC: 12c1a | Get or set file attributes (See above)
2018-12-25T12:38:16.97471268Z 61 PC: 12c24 | Open file (See above)
2018-12-25T12:38:16.982036866Z 63 PC: 12c46 | Read file or device (See above)
2018-12-25T12:38:16.989011547Z 62 PC: 12c57 | Close file (See above)
2018-12-25T12:38:16.99129871Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:38:17.001176816Z 79 PC: 12c32 | Find next file (See above)
2018-12-25T12:38:17.003859052Z 67 PC: 12c1a | Get or set file attributes (See above)
2018-12-25T12:38:17.014312143Z 61 PC: 12c24 | Open file (See above)
2018-12-25T12:38:17.021894393Z 63 PC: 12c46 | Read file or device (See above)
2018-12-25T12:38:17.028558991Z 62 PC: 12c57 | Close file (See above)
2018-12-25T12:38:17.031240754Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:38:17.041693205Z 79 PC: 12c32 | Find next file (See above)
2018-12-25T12:38:17.045425056Z 67 PC: 12c1a | Get or set file attributes (See above)
2018-12-25T12:38:17.056284049Z 61 PC: 12c24 | Open file (See above)
2018-12-25T12:38:17.063465623Z 63 PC: 12c46 | Read file or device (See above)
2018-12-25T12:38:17.070575667Z 62 PC: 12c57 | Close file (See above)
2018-12-25T12:38:17.073758674Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:38:17.083798562Z 79 PC: 12c32 | Find next file (See above)
2018-12-25T12:38:17.086316782Z 67 PC: 12c1a | Get or set file attributes (See above)
2018-12-25T12:38:17.096423999Z 61 PC: 12c24 | Open file (See above)
2018-12-25T12:38:17.103445866Z 63 PC: 12c46 | Read file or device (See above)
2018-12-25T12:38:17.10895838Z 62 PC: 12c57 | Close file (See above)
2018-12-25T12:38:17.111167338Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:38:17.11933746Z 79 PC: 12c32 | Find next file (See above)
2018-12-25T12:38:17.121660548Z 67 PC: 12c1a | Get or set file attributes (See above)
2018-12-25T12:38:17.129885146Z 61 PC: 12c24 | Open file (See above)
2018-12-25T12:38:17.135811083Z 63 PC: 12c46 | Read file or device (See above)
2018-12-25T12:38:17.141056326Z 66 PC: 12c91 | Move file pointer
2018-12-25T12:38:17.142466416Z 63 PC: 12ca0 | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:38:17.148455984Z 62 PC: 12c57 | Close file (See above)
2018-12-25T12:38:17.150085646Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:38:17.158203666Z 79 PC: 12c32 | Find next file (See above)
2018-12-25T12:38:17.160752314Z 44 PC: 12da3 | Get time 0x12da3: and ch, 1
0x12da6: cmp ch, 1
0x12da9: je 0x12daf
0x12dab: mov al, 0x20
0x12dad: mov byte ptr [bx], al
0x12daf: mov al, 0x2a
0x12db1: mov byte ptr [bx + 0xc], al
0x12db4: mov al, 0x2e
0x12db6: mov byte ptr [bx + 0xd], al
0x12db9: mov al, 0x44
0x12dbb: mov byte ptr [bx + 0xe], al
0x12dbe: mov al, 0x41
0x12dc0: mov byte ptr [bx + 0xf], al
0x12dc3: mov al, 0x54
0x12dc5: mov byte ptr [bx + 0x10], al
0x12dc8: mov al, 0
0x12dca: mov byte ptr [bx + 0x11], al
0x12dcd: mov dx, di
0x12dcf: add dx, 0xc
0x12dd2: mov ax, 0x4e00
2018-12-25T12:38:17.162708938Z 78 PC: 12ddb | Find first file
2018-12-25T12:38:17.17398834Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:38:17.180082315Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13456,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:16.912975586Z 78 PC: 12bec | Find first file
2018-12-25T12:38:16.919971048Z 67 PC: 12c1a | Get or set file attributes
2018-12-25T12:38:16.938605885Z 61 PC: 12c24 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:16.945905015Z 63 PC: 12c46 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:38:16.952810314Z 62 PC: 12c57 | Close file
2018-12-25T12:38:16.9552916Z 67 PC: 12c6a | Get or set file attributes
2018-12-25T12:38:16.965882715Z 79 PC: 12c32 | Find next file
2018-12-25T12:38:16.968983029Z 67 PC: 12c1a | Get or set file attributes (See above)
2018-12-25T12:38:16.983848855Z 61 PC: 12c24 | Open file (See above)
2018-12-25T12:38:16.990027636Z 63 PC: 12c46 | Read file or device (See above)
2018-12-25T12:38:16.996621899Z 62 PC: 12c57 | Close file (See above)
2018-12-25T12:38:16.999104869Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:38:17.009039689Z 79 PC: 12c32 | Find next file (See above)
2018-12-25T12:38:17.012256115Z 67 PC: 12c1a | Get or set file attributes (See above)
2018-12-25T12:38:17.021944482Z 61 PC: 12c24 | Open file (See above)
2018-12-25T12:38:17.029354419Z 63 PC: 12c46 | Read file or device (See above)
2018-12-25T12:38:17.036558432Z 62 PC: 12c57 | Close file (See above)
2018-12-25T12:38:17.039957096Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:38:17.051395928Z 79 PC: 12c32 | Find next file (See above)
2018-12-25T12:38:17.05455579Z 67 PC: 12c1a | Get or set file attributes (See above)
2018-12-25T12:38:17.065605557Z 61 PC: 12c24 | Open file (See above)
2018-12-25T12:38:17.073874966Z 63 PC: 12c46 | Read file or device (See above)
2018-12-25T12:38:17.082621159Z 62 PC: 12c57 | Close file (See above)
2018-12-25T12:38:17.084861269Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:38:17.096659284Z 79 PC: 12c32 | Find next file (See above)
2018-12-25T12:38:17.099649051Z 67 PC: 12c1a | Get or set file attributes (See above)
2018-12-25T12:38:17.111020338Z 61 PC: 12c24 | Open file (See above)
2018-12-25T12:38:17.118945772Z 63 PC: 12c46 | Read file or device (See above)
2018-12-25T12:38:17.125988281Z 62 PC: 12c57 | Close file (See above)
2018-12-25T12:38:17.128043078Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:38:17.140039266Z 79 PC: 12c32 | Find next file (See above)
2018-12-25T12:38:17.142909007Z 67 PC: 12c1a | Get or set file attributes (See above)
2018-12-25T12:38:17.153722733Z 61 PC: 12c24 | Open file (See above)
2018-12-25T12:38:17.161800725Z 63 PC: 12c46 | Read file or device (See above)
2018-12-25T12:38:17.169635131Z 62 PC: 12c57 | Close file (See above)
2018-12-25T12:38:17.17186542Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:38:17.18381095Z 79 PC: 12c32 | Find next file (See above)
2018-12-25T12:38:17.186636551Z 67 PC: 12c1a | Get or set file attributes (See above)
2018-12-25T12:38:17.197177334Z 61 PC: 12c24 | Open file (See above)
2018-12-25T12:38:17.20270125Z 63 PC: 12c46 | Read file or device (See above)
2018-12-25T12:38:17.208236257Z 62 PC: 12c57 | Close file (See above)
2018-12-25T12:38:17.210253462Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:38:17.221521376Z 79 PC: 12c32 | Find next file (See above)
2018-12-25T12:38:17.224975393Z 67 PC: 12c1a | Get or set file attributes (See above)
2018-12-25T12:38:17.239187403Z 61 PC: 12c24 | Open file (See above)
2018-12-25T12:38:17.246692543Z 63 PC: 12c46 | Read file or device (See above)
2018-12-25T12:38:17.254583181Z 66 PC: 12c91 | Move file pointer
2018-12-25T12:38:17.256484425Z 63 PC: 12ca0 | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:38:17.264154988Z 62 PC: 12c57 | Close file (See above)
2018-12-25T12:38:17.266921636Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:38:17.27850269Z 79 PC: 12c32 | Find next file (See above)
2018-12-25T12:38:17.281591968Z 44 PC: 12da3 | Get time 0x12da3: and ch, 1
0x12da6: cmp ch, 1
0x12da9: je 0x12daf
0x12dab: mov al, 0x20
0x12dad: mov byte ptr [bx], al
0x12daf: mov al, 0x2a
0x12db1: mov byte ptr [bx + 0xc], al
0x12db4: mov al, 0x2e
0x12db6: mov byte ptr [bx + 0xd], al
0x12db9: mov al, 0x44
0x12dbb: mov byte ptr [bx + 0xe], al
0x12dbe: mov al, 0x41
0x12dc0: mov byte ptr [bx + 0xf], al
0x12dc3: mov al, 0x54
0x12dc5: mov byte ptr [bx + 0x10], al
0x12dc8: mov al, 0
0x12dca: mov byte ptr [bx + 0x11], al
0x12dcd: mov dx, di
0x12dcf: add dx, 0xc
0x12dd2: mov ax, 0x4e00
2018-12-25T12:38:17.285116647Z 78 PC: 12ddb | Find first file
2018-12-25T12:38:17.292080751Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:38:17.299284176Z 76 PC: 12a86 | Terminate with return code (Return code = '36')