Sample viewer

vx.netlux.org/Virus.DOS.LosLobos.627

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:01:15.362296008Z	11	PC: 13e60 \| Get input status
2018-12-17T23:01:15.364517839Z	42	PC: 13e77 \| Get date 0x13e77: cmp al, 0 0x13e79: jne 0x13ea4 0x13e7b: mov ah, 0x2b 0x13e7d: mov cx, 0x1979 0x13e80: mov dh, 0x12 0x13e82: mov dl, 2 0x13e84: int 0x21 0x13e86: jmp 0x13e9c 0x13e88: nop 0x13e89: bound sp, dword ptr [bx + di + 0x69] 0x13e8c: insb byte ptr es:[di], dx 0x13e8d: outsw dx, word ptr [si] 0x13e8e: jae 0x13eb0 0x13e90: insb byte ptr es:[di], dx 0x13e91: outsw dx, word ptr [si] 0x13e92: jae 0x13eb4 0x13e94: insb byte ptr es:[di], dx 0x13e95: outsw dx, word ptr [si] 0x13e96: bound bp, dword ptr [bx + 0x73] 0x13e99: or ax, 0x240a
2018-12-17T23:01:15.366559905Z	71	PC: 13eb1 \| Get current directory
2018-12-17T23:01:15.369735083Z	59	PC: 13eb9 \| Change current directory
2018-12-17T23:01:15.371850484Z	59	PC: 13ec1 \| Change current directory
2018-12-17T23:01:15.37585791Z	26	PC: 13f24 \| Set disk transfer address
2018-12-17T23:01:15.377440037Z	78	PC: 13f44 \| Find first file
2018-12-17T23:01:15.381515372Z	79	PC: 13f67 \| Find next file
2018-12-17T23:01:15.38549654Z	79	PC: 13f67 \| Find next file
2018-12-17T23:01:15.388603165Z	79	PC: 13f67 \| Find next file
2018-12-17T23:01:15.391131035Z	79	PC: 13f67 \| Find next file
2018-12-17T23:01:15.39458331Z	79	PC: 13f67 \| Find next file
2018-12-17T23:01:15.397151482Z	79	PC: 13f67 \| Find next file
2018-12-17T23:01:15.399767078Z	79	PC: 13f67 \| Find next file
2018-12-17T23:01:15.402994227Z	61	PC: 13f9d \| Open file (Filename = 'TEST.COM')
2018-12-17T23:01:15.411123675Z	63	PC: 13fb5 \| Read file or device (Read 65535 bytes on handle 5)
2018-12-17T23:01:15.419826123Z	79	PC: 13f67 \| Find next file
2018-12-17T23:01:15.423481599Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T23:01:15.429924742Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13805,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:02.755637016Z	11	PC: 13e60 \| Get input status
2018-12-25T12:39:02.758715051Z	42	PC: 13e77 \| Get date 0x13e77: cmp al, 0 0x13e79: jne 0x13ea4 0x13e7b: mov ah, 0x2b 0x13e7d: mov cx, 0x1979 0x13e80: mov dh, 0x12 0x13e82: mov dl, 2 0x13e84: int 0x21 0x13e86: jmp 0x13e9c 0x13e88: nop 0x13e89: bound sp, dword ptr [bx + di + 0x69] 0x13e8c: insb byte ptr es:[di], dx 0x13e8d: outsw dx, word ptr [si] 0x13e8e: jae 0x13eb0 0x13e90: insb byte ptr es:[di], dx 0x13e91: outsw dx, word ptr [si] 0x13e92: jae 0x13eb4 0x13e94: insb byte ptr es:[di], dx 0x13e95: outsw dx, word ptr [si] 0x13e96: bound bp, dword ptr [bx + 0x73] 0x13e99: or ax, 0x240a
2018-12-25T12:39:02.760747187Z	71	PC: 13eb1 \| Get current directory
2018-12-25T12:39:02.763357828Z	59	PC: 13eb9 \| Change current directory
2018-12-25T12:39:02.76577387Z	59	PC: 13ec1 \| Change current directory
2018-12-25T12:39:02.769886778Z	26	PC: 13f24 \| Set disk transfer address
2018-12-25T12:39:02.770805192Z	78	PC: 13f44 \| Find first file
2018-12-25T12:39:02.777284369Z	79	PC: 13f67 \| Find next file
2018-12-25T12:39:02.780027697Z	79	PC: 13f67 \| Find next file (See above)
2018-12-25T12:39:02.782832098Z	79	PC: 13f67 \| Find next file (See above)
2018-12-25T12:39:02.789488303Z	79	PC: 13f67 \| Find next file (See above)
2018-12-25T12:39:02.79219612Z	79	PC: 13f67 \| Find next file (See above)
2018-12-25T12:39:02.794118778Z	79	PC: 13f67 \| Find next file (See above)
2018-12-25T12:39:02.795973892Z	79	PC: 13f67 \| Find next file (See above)
2018-12-25T12:39:02.798853728Z	61	PC: 13f9d \| Open file (Filename = 'TEST.COM')
2018-12-25T12:39:02.804819964Z	63	PC: 13fb5 \| Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:39:02.812446376Z	79	PC: 13f67 \| Find next file (See above)
2018-12-25T12:39:02.815991527Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:39:02.821387989Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13805,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:02.794954609Z	11	PC: 13e60 \| Get input status
2018-12-25T12:39:02.797467434Z	42	PC: 13e77 \| Get date 0x13e77: cmp al, 0 0x13e79: jne 0x13ea4 0x13e7b: mov ah, 0x2b 0x13e7d: mov cx, 0x1979 0x13e80: mov dh, 0x12 0x13e82: mov dl, 2 0x13e84: int 0x21 0x13e86: jmp 0x13e9c 0x13e88: nop 0x13e89: bound sp, dword ptr [bx + di + 0x69] 0x13e8c: insb byte ptr es:[di], dx 0x13e8d: outsw dx, word ptr [si] 0x13e8e: jae 0x13eb0 0x13e90: insb byte ptr es:[di], dx 0x13e91: outsw dx, word ptr [si] 0x13e92: jae 0x13eb4 0x13e94: insb byte ptr es:[di], dx 0x13e95: outsw dx, word ptr [si] 0x13e96: bound bp, dword ptr [bx + 0x73] 0x13e99: or ax, 0x240a
2018-12-25T12:39:02.799763797Z	43	PC: 13e86 \| Set date
2018-12-25T12:39:02.801056463Z	9	PC: 13ea4 \| Display string (String= 'bailos los lobos ')
2018-12-25T12:39:02.804410093Z	71	PC: 13eb1 \| Get current directory
2018-12-25T12:39:02.806587728Z	59	PC: 13eb9 \| Change current directory
2018-12-25T12:39:02.808692749Z	59	PC: 13ec1 \| Change current directory
2018-12-25T12:39:02.812686071Z	26	PC: 13f24 \| Set disk transfer address
2018-12-25T12:39:02.828659967Z	78	PC: 13f44 \| Find first file
2018-12-25T12:39:02.840884771Z	79	PC: 13f67 \| Find next file
2018-12-25T12:39:02.843585471Z	79	PC: 13f67 \| Find next file (See above)
2018-12-25T12:39:02.846556594Z	79	PC: 13f67 \| Find next file (See above)
2018-12-25T12:39:02.849279571Z	79	PC: 13f67 \| Find next file (See above)
2018-12-25T12:39:02.852057802Z	79	PC: 13f67 \| Find next file (See above)
2018-12-25T12:39:02.855709227Z	79	PC: 13f67 \| Find next file (See above)
2018-12-25T12:39:02.858349495Z	79	PC: 13f67 \| Find next file (See above)
2018-12-25T12:39:02.860645018Z	61	PC: 13f9d \| Open file (Filename = 'TEST.COM')
2018-12-25T12:39:02.866066163Z	63	PC: 13fb5 \| Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:39:02.874826826Z	79	PC: 13f67 \| Find next file (See above)
2018-12-25T12:39:02.878673418Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:39:02.886626775Z	0	PC: 12a89 \| Program terminate