Sample viewer

vx.netlux.org/Virus.DOS.Sarampo.1371

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:02:03.097606884Z 237 PC: 138a7 | UNKNOWN!
2018-12-17T22:02:03.098981858Z 53 PC: 138d8 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:02:03.100001487Z 53 PC: 138e4 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:02:03.101126666Z 37 PC: 13941 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:02:03.10265104Z 42 PC: 13945 | Get date 0x13945: cmp dx, 0x419
0x13949: je 0x1395a
0x1394b: cmp dx, 0xc19
0x1394f: je 0x1395a
0x13951: cmp dx, 0xa0c
0x13955: je 0x1395a
0x13957: jmp 0x13964
0x13959: nop
0x1395a: push es
0x1395b: pop ds
0x1395c: mov dx, 0x2be
0x1395f: mov ax, 0x251c
0x13962: int 0x21
0x13964: push cs
0x13965: pop ds
0x13966: ret
0x13967: push si
0x13968: add si, 0xd
0x1396b: mov cx, 3
0x1396e: push cs
2018-12-17T22:02:03.104735242Z 53 PC: 13d05 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:02:03.105781197Z 37 PC: 13d1e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:02:03.107065945Z 67 PC: 13ad7 | Get or set file attributes
2018-12-17T22:02:03.113110614Z 67 PC: 13ae5 | Get or set file attributes
2018-12-17T22:02:03.446766073Z 61 PC: 13af7 | Open file (Filename = '')
2018-12-17T22:02:03.453060737Z 66 PC: 13b0b | Move file pointer
2018-12-17T22:02:03.455319671Z 63 PC: 13cd9 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:02:03.458162611Z 62 PC: 13cfb | Close file
2018-12-17T22:02:03.459837313Z 61 PC: 13b37 | Open file (Filename = 'c:\command.com')
2018-12-17T22:02:03.466844523Z 66 PC: 13cec | Move file pointer
2018-12-17T22:02:03.468252921Z 63 PC: 13cd9 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:02:03.470788146Z 87 PC: 13cb3 | Get or set file date and time
2018-12-17T22:02:03.47284952Z 66 PC: 13cf6 | Move file pointer
2018-12-17T22:02:03.47470021Z 66 PC: 13cf6 | Move file pointer
2018-12-17T22:02:03.476498888Z 64 PC: 13ce2 | Write file or device (Write 1371 bytes on handle 5)
2018-12-17T22:02:03.487579996Z 66 PC: 13cec | Move file pointer
2018-12-17T22:02:03.488851887Z 64 PC: 13ce2 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:02:03.491532655Z 87 PC: 13ccc | Get or set file date and time
2018-12-17T22:02:03.493867429Z 62 PC: 13cfb | Close file
2018-12-17T22:02:03.501779108Z 67 PC: 13aef | Get or set file attributes
2018-12-17T22:02:03.512048565Z 37 PC: 13d31 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:02:03.529306065Z 9 PC: 12a86 | Display string (String= 'Goat file (EXE/....). Size=00000FA0h/0000004000d bytes. ')
2018-12-17T22:02:03.534590662Z 48 PC: 12a8f | Get DOS version
2018-12-17T22:02:03.535862221Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-17T22:02:03.542761219Z 93 PC: 12afe | File sharing functions
2018-12-17T22:02:03.544980277Z 9 PC: 12a86 | Display string (String= 'Size change=055Bh/01371d. ')
2018-12-17T22:02:03.549240569Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1347,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:24.751592091Z 237 PC: 138a7 | UNKNOWN!
2018-12-25T11:43:24.753120963Z 53 PC: 138d8 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:24.754983471Z 53 PC: 138e4 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:43:24.756626325Z 37 PC: 13941 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:24.758968649Z 42 PC: 13945 | Get date 0x13945: cmp dx, 0x419
0x13949: je 0x1395a
0x1394b: cmp dx, 0xc19
0x1394f: je 0x1395a
0x13951: cmp dx, 0xa0c
0x13955: je 0x1395a
0x13957: jmp 0x13964
0x13959: nop
0x1395a: push es
0x1395b: pop ds
0x1395c: mov dx, 0x2be
0x1395f: mov ax, 0x251c
0x13962: int 0x21
0x13964: push cs
0x13965: pop ds
0x13966: ret
0x13967: push si
0x13968: add si, 0xd
0x1396b: mov cx, 3
0x1396e: push cs
2018-12-25T11:43:24.761451921Z 53 PC: 13d05 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:24.762939853Z 37 PC: 13d1e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:24.765102282Z 67 PC: 13ad7 | Get or set file attributes
2018-12-25T11:43:24.781397539Z 67 PC: 13ae5 | Get or set file attributes
2018-12-25T11:43:25.428427345Z 61 PC: 13af7 | Open file (Filename = '')
2018-12-25T11:43:25.434743843Z 66 PC: 13b0b | Move file pointer
2018-12-25T11:43:25.436413844Z 63 PC: 13cd9 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:43:25.439269727Z 62 PC: 13cfb | Close file
2018-12-25T11:43:25.440993191Z 61 PC: 13b37 | Open file (Filename = 'c:\command.com')
2018-12-25T11:43:25.448098741Z 66 PC: 13cec | Move file pointer
2018-12-25T11:43:25.45080707Z 63 PC: 13cd9 | Read file or device (See above)
2018-12-25T11:43:25.454167412Z 87 PC: 13cb3 | Get or set file date and time
2018-12-25T11:43:25.456604434Z 66 PC: 13cf6 | Move file pointer
2018-12-25T11:43:25.458490106Z 66 PC: 13cf6 | Move file pointer (See above)
2018-12-25T11:43:25.460183552Z 64 PC: 13ce2 | Write file or device (Write 1371 bytes on handle 5)
2018-12-25T11:43:25.472679917Z 66 PC: 13cec | Move file pointer (See above)
2018-12-25T11:43:25.474398006Z 64 PC: 13ce2 | Write file or device (See above)
2018-12-25T11:43:25.47746228Z 87 PC: 13ccc | Get or set file date and time
2018-12-25T11:43:25.479453372Z 62 PC: 13cfb | Close file (See above)
2018-12-25T11:43:25.52227594Z 67 PC: 13aef | Get or set file attributes
2018-12-25T11:43:25.533345137Z 37 PC: 13d31 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:25.535187736Z 9 PC: 12a86 | Display string (String= 'Goat file (EXE/....). Size=00000FA0h/0000004000d bytes. ')
2018-12-25T11:43:25.540757657Z 48 PC: 12a8f | Get DOS version
2018-12-25T11:43:25.541926415Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T11:43:25.54858528Z 93 PC: 12afe | File sharing functions
2018-12-25T11:43:25.551320852Z 9 PC: 12a86 | Display string (See above)
2018-12-25T11:43:25.555252422Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":25,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1347,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:25.405761033Z 237 PC: 138a7 | UNKNOWN!
2018-12-25T11:43:25.407524411Z 53 PC: 138d8 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:25.409353673Z 53 PC: 138e4 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:43:25.41118197Z 37 PC: 13941 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:25.41406629Z 42 PC: 13945 | Get date 0x13945: cmp dx, 0x419
0x13949: je 0x1395a
0x1394b: cmp dx, 0xc19
0x1394f: je 0x1395a
0x13951: cmp dx, 0xa0c
0x13955: je 0x1395a
0x13957: jmp 0x13964
0x13959: nop
0x1395a: push es
0x1395b: pop ds
0x1395c: mov dx, 0x2be
0x1395f: mov ax, 0x251c
0x13962: int 0x21
0x13964: push cs
0x13965: pop ds
0x13966: ret
0x13967: push si
0x13968: add si, 0xd
0x1396b: mov cx, 3
0x1396e: push cs
2018-12-25T11:43:25.416652995Z 37 PC: 13964 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:43:25.418131493Z 53 PC: 13d05 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:25.419872191Z 37 PC: 13d1e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:25.421492764Z 67 PC: 13ad7 | Get or set file attributes
2018-12-25T11:43:25.427203718Z 67 PC: 13ae5 | Get or set file attributes
2018-12-25T11:43:25.762471512Z 61 PC: 13af7 | Open file (Filename = '')
2018-12-25T11:43:25.770575403Z 66 PC: 13b0b | Move file pointer
2018-12-25T11:43:25.772382652Z 63 PC: 13cd9 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:43:25.775661569Z 62 PC: 13cfb | Close file
2018-12-25T11:43:25.779488085Z 61 PC: 13b37 | Open file (Filename = 'c:\command.com')
2018-12-25T11:43:25.786525035Z 66 PC: 13cec | Move file pointer
2018-12-25T11:43:25.788094026Z 63 PC: 13cd9 | Read file or device (See above)
2018-12-25T11:43:25.791496998Z 87 PC: 13cb3 | Get or set file date and time
2018-12-25T11:43:25.792995735Z 66 PC: 13cf6 | Move file pointer
2018-12-25T11:43:25.794435499Z 66 PC: 13cf6 | Move file pointer (See above)
2018-12-25T11:43:25.797500974Z 64 PC: 13ce2 | Write file or device (Write 1371 bytes on handle 5)
2018-12-25T11:43:25.809354077Z 66 PC: 13cec | Move file pointer (See above)
2018-12-25T11:43:25.810898987Z 64 PC: 13ce2 | Write file or device (See above)
2018-12-25T11:43:25.813975049Z 87 PC: 13ccc | Get or set file date and time
2018-12-25T11:43:25.84066223Z 62 PC: 13cfb | Close file (See above)
2018-12-25T11:43:25.849028341Z 67 PC: 13aef | Get or set file attributes
2018-12-25T11:43:25.859361417Z 37 PC: 13d31 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:25.862516455Z 9 PC: 12a86 | Display string (String= 'Goat file (EXE/....). Size=00000FA0h/0000004000d bytes. ')
2018-12-25T11:43:25.869096832Z 48 PC: 12a8f | Get DOS version
2018-12-25T11:43:25.870913169Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T11:43:25.880073768Z 93 PC: 12afe | File sharing functions
2018-12-25T11:43:25.882503344Z 9 PC: 12a86 | Display string (See above)
2018-12-25T11:43:25.88781142Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":12,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1347,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:25.979451575Z 237 PC: 138a7 | UNKNOWN!
2018-12-25T11:43:25.981080819Z 53 PC: 138d8 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:25.982295478Z 53 PC: 138e4 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:43:25.9836162Z 37 PC: 13941 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:25.98499544Z 42 PC: 13945 | Get date 0x13945: cmp dx, 0x419
0x13949: je 0x1395a
0x1394b: cmp dx, 0xc19
0x1394f: je 0x1395a
0x13951: cmp dx, 0xa0c
0x13955: je 0x1395a
0x13957: jmp 0x13964
0x13959: nop
0x1395a: push es
0x1395b: pop ds
0x1395c: mov dx, 0x2be
0x1395f: mov ax, 0x251c
0x13962: int 0x21
0x13964: push cs
0x13965: pop ds
0x13966: ret
0x13967: push si
0x13968: add si, 0xd
0x1396b: mov cx, 3
0x1396e: push cs
2018-12-25T11:43:25.9880238Z 37 PC: 13964 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:43:25.989374688Z 53 PC: 13d05 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:25.990768589Z 37 PC: 13d1e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:25.992488633Z 67 PC: 13ad7 | Get or set file attributes
2018-12-25T11:43:25.998524326Z 67 PC: 13ae5 | Get or set file attributes
2018-12-25T11:43:27.002060142Z 61 PC: 13af7 | Open file (Filename = '')
2018-12-25T11:43:27.01086076Z 66 PC: 13b0b | Move file pointer
2018-12-25T11:43:27.012539705Z 63 PC: 13cd9 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:43:27.016356497Z 62 PC: 13cfb | Close file
2018-12-25T11:43:27.02505239Z 61 PC: 13b37 | Open file (Filename = 'c:\command.com')
2018-12-25T11:43:27.034767776Z 66 PC: 13cec | Move file pointer
2018-12-25T11:43:27.03626252Z 63 PC: 13cd9 | Read file or device (See above)
2018-12-25T11:43:27.039595369Z 87 PC: 13cb3 | Get or set file date and time
2018-12-25T11:43:27.041302742Z 66 PC: 13cf6 | Move file pointer
2018-12-25T11:43:27.043347029Z 66 PC: 13cf6 | Move file pointer (See above)
2018-12-25T11:43:27.04649178Z 64 PC: 13ce2 | Write file or device (Write 1371 bytes on handle 5)
2018-12-25T11:43:27.060147711Z 66 PC: 13cec | Move file pointer (See above)
2018-12-25T11:43:27.06293953Z 64 PC: 13ce2 | Write file or device (See above)
2018-12-25T11:43:27.067012183Z 87 PC: 13ccc | Get or set file date and time
2018-12-25T11:43:27.069394852Z 62 PC: 13cfb | Close file (See above)
2018-12-25T11:43:27.07776919Z 67 PC: 13aef | Get or set file attributes
2018-12-25T11:43:27.088186934Z 37 PC: 13d31 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:27.091198041Z 9 PC: 12a86 | Display string (String= 'Goat file (EXE/....). Size=00000FA0h/0000004000d bytes. ')
2018-12-25T11:43:27.098279547Z 48 PC: 12a8f | Get DOS version
2018-12-25T11:43:27.100186539Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T11:43:27.109237746Z 93 PC: 12afe | File sharing functions
2018-12-25T11:43:27.111364022Z 9 PC: 12a86 | Display string (See above)
2018-12-25T11:43:27.115735738Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":25,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1347,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:26.077242689Z 237 PC: 138a7 | UNKNOWN!
2018-12-25T11:43:26.078687258Z 53 PC: 138d8 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:26.080873712Z 53 PC: 138e4 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:43:26.083330673Z 37 PC: 13941 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:26.085078542Z 42 PC: 13945 | Get date 0x13945: cmp dx, 0x419
0x13949: je 0x1395a
0x1394b: cmp dx, 0xc19
0x1394f: je 0x1395a
0x13951: cmp dx, 0xa0c
0x13955: je 0x1395a
0x13957: jmp 0x13964
0x13959: nop
0x1395a: push es
0x1395b: pop ds
0x1395c: mov dx, 0x2be
0x1395f: mov ax, 0x251c
0x13962: int 0x21
0x13964: push cs
0x13965: pop ds
0x13966: ret
0x13967: push si
0x13968: add si, 0xd
0x1396b: mov cx, 3
0x1396e: push cs
2018-12-25T11:43:26.088393534Z 37 PC: 13964 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:43:26.089858931Z 53 PC: 13d05 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:26.09129897Z 37 PC: 13d1e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:26.096889996Z 67 PC: 13ad7 | Get or set file attributes
2018-12-25T11:43:26.104336509Z 67 PC: 13ae5 | Get or set file attributes
2018-12-25T11:43:27.003349932Z 61 PC: 13af7 | Open file (Filename = '')
2018-12-25T11:43:27.018668276Z 66 PC: 13b0b | Move file pointer
2018-12-25T11:43:27.020531472Z 63 PC: 13cd9 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:43:27.024259593Z 62 PC: 13cfb | Close file
2018-12-25T11:43:27.028182376Z 61 PC: 13b37 | Open file (Filename = 'c:\command.com')
2018-12-25T11:43:27.036758603Z 66 PC: 13cec | Move file pointer
2018-12-25T11:43:27.038873309Z 63 PC: 13cd9 | Read file or device (See above)
2018-12-25T11:43:27.044876406Z 87 PC: 13cb3 | Get or set file date and time
2018-12-25T11:43:27.050250538Z 66 PC: 13cf6 | Move file pointer
2018-12-25T11:43:27.051864517Z 66 PC: 13cf6 | Move file pointer (See above)
2018-12-25T11:43:27.053321777Z 64 PC: 13ce2 | Write file or device (Write 1371 bytes on handle 5)
2018-12-25T11:43:27.064826209Z 66 PC: 13cec | Move file pointer (See above)
2018-12-25T11:43:27.0665927Z 64 PC: 13ce2 | Write file or device (See above)
2018-12-25T11:43:27.069917583Z 87 PC: 13ccc | Get or set file date and time
2018-12-25T11:43:27.072387867Z 62 PC: 13cfb | Close file (See above)
2018-12-25T11:43:27.079643372Z 67 PC: 13aef | Get or set file attributes
2018-12-25T11:43:27.089461176Z 37 PC: 13d31 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:27.091408653Z 9 PC: 12a86 | Display string (String= 'Goat file (EXE/....). Size=00000FA0h/0000004000d bytes. ')
2018-12-25T11:43:27.097712477Z 48 PC: 12a8f | Get DOS version
2018-12-25T11:43:27.09915282Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T11:43:27.108662313Z 93 PC: 12afe | File sharing functions
2018-12-25T11:43:27.111978708Z 9 PC: 12a86 | Display string (See above)
2018-12-25T11:43:27.116965015Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')