Sample viewer

vx.netlux.org/Virus.DOS.GolWanted.923

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:01:15.967018365Z 26 PC: 12e5c | Set disk transfer address
2018-12-17T23:01:15.969070571Z 71 PC: 12e66 | Get current directory
2018-12-17T23:01:15.973741608Z 53 PC: 12e70 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:15.975296019Z 37 PC: 12e80 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:15.977002956Z 78 PC: 12f1f | Find first file
2018-12-17T23:01:15.984388825Z 67 PC: 13007 | Get or set file attributes
2018-12-17T23:01:16.003314979Z 61 PC: 12f2b | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:01:16.010353334Z 63 PC: 12f37 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:01:16.018172837Z 66 PC: 12f3f | Move file pointer
2018-12-17T23:01:16.02015424Z 79 PC: 12f1f | Find next file
2018-12-17T23:01:16.023515155Z 67 PC: 13007 | Get or set file attributes
2018-12-17T23:01:16.036275723Z 61 PC: 12f2b | Open file (Filename = 'PRINT.COM')
2018-12-17T23:01:16.043865595Z 63 PC: 12f37 | Read file or device (Read 26 bytes on handle 6)
2018-12-17T23:01:16.051632981Z 66 PC: 12f3f | Move file pointer
2018-12-17T23:01:16.054401823Z 79 PC: 12f1f | Find next file
2018-12-17T23:01:16.057863999Z 67 PC: 13007 | Get or set file attributes
2018-12-17T23:01:16.069374218Z 61 PC: 12f2b | Open file (Filename = 'HELLO.COM')
2018-12-17T23:01:16.07838567Z 63 PC: 12f37 | Read file or device (Read 26 bytes on handle 7)
2018-12-17T23:01:16.085844365Z 66 PC: 12f3f | Move file pointer
2018-12-17T23:01:16.088001809Z 79 PC: 12f1f | Find next file
2018-12-17T23:01:16.091816568Z 67 PC: 13007 | Get or set file attributes
2018-12-17T23:01:16.10389281Z 61 PC: 12f2b | Open file (Filename = 'PHANG.COM')
2018-12-17T23:01:16.111445652Z 63 PC: 12f37 | Read file or device (Read 26 bytes on handle 8)
2018-12-17T23:01:16.11895894Z 66 PC: 12f3f | Move file pointer
2018-12-17T23:01:16.121714708Z 79 PC: 12f1f | Find next file
2018-12-17T23:01:16.124747006Z 67 PC: 13007 | Get or set file attributes
2018-12-17T23:01:16.135563972Z 61 PC: 12f2b | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:01:16.144208475Z 63 PC: 12f37 | Read file or device (Read 26 bytes on handle 9)
2018-12-17T23:01:16.151251399Z 66 PC: 12f3f | Move file pointer
2018-12-17T23:01:16.153115392Z 79 PC: 12f1f | Find next file
2018-12-17T23:01:16.16575378Z 67 PC: 13007 | Get or set file attributes
2018-12-17T23:01:16.182645681Z 61 PC: 12f2b | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:01:16.188736185Z 63 PC: 12f37 | Read file or device (Read 26 bytes on handle 10)
2018-12-17T23:01:16.194654877Z 66 PC: 12f3f | Move file pointer
2018-12-17T23:01:16.196137232Z 79 PC: 12f1f | Find next file
2018-12-17T23:01:16.198886448Z 67 PC: 13007 | Get or set file attributes
2018-12-17T23:01:16.209864276Z 61 PC: 12f2b | Open file (Filename = 'PAH.COM')
2018-12-17T23:01:16.218052993Z 63 PC: 12f37 | Read file or device (Read 26 bytes on handle 11)
2018-12-17T23:01:16.225036225Z 66 PC: 12f3f | Move file pointer
2018-12-17T23:01:16.22659821Z 79 PC: 12f1f | Find next file
2018-12-17T23:01:16.230196913Z 59 PC: 12e91 | Change current directory
2018-12-17T23:01:16.235080639Z 42 PC: 12e97 | Get date 0x12e97: cmp al, 5
0x12e99: jne 0x12ea5
0x12e9b: mov ah, 0x2c
0x12e9d: int 0x21
0x12e9f: cmp cx, 0x805
0x12ea3: je 0x12eda
0x12ea5: mov ax, 0x2524
0x12ea8: lds dx, ptr [bp + 0x4e5]
0x12eac: int 0x21
0x12eae: push cs
0x12eaf: pop ds
0x12eb0: mov ah, 0x3b
0x12eb2: lea dx, word ptr [bp + 0x4e9]
0x12eb6: int 0x21
0x12eb8: mov ah, 0x1a
0x12eba: mov dx, 0x80
0x12ebd: int 0x21
0x12ebf: ret
0x12ec0: nop
0x12ec1: nop
2018-12-17T23:01:16.237329345Z 37 PC: 12eae | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:16.239192966Z 59 PC: 12eb8 | Change current directory
2018-12-17T23:01:16.243350078Z 26 PC: 12ebf | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13810,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:10.930930957Z 26 PC: 12e5c | Set disk transfer address
2018-12-25T12:39:10.932605519Z 71 PC: 12e66 | Get current directory
2018-12-25T12:39:10.93583929Z 53 PC: 12e70 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:39:10.937398775Z 37 PC: 12e80 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:39:10.939996024Z 78 PC: 12f1f | Find first file
2018-12-25T12:39:10.946304147Z 67 PC: 13007 | Get or set file attributes
2018-12-25T12:39:10.968941858Z 61 PC: 12f2b | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:10.982364808Z 63 PC: 12f37 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:39:10.989557355Z 66 PC: 12f3f | Move file pointer
2018-12-25T12:39:10.991491978Z 79 PC: 12f1f | Find next file (See above)
2018-12-25T12:39:10.994643232Z 67 PC: 13007 | Get or set file attributes (See above)
2018-12-25T12:39:11.005011557Z 61 PC: 12f2b | Open file (See above)
2018-12-25T12:39:11.011832583Z 63 PC: 12f37 | Read file or device (See above)
2018-12-25T12:39:11.018627903Z 66 PC: 12f3f | Move file pointer (See above)
2018-12-25T12:39:11.021269619Z 79 PC: 12f1f | Find next file (See above)
2018-12-25T12:39:11.024182685Z 67 PC: 13007 | Get or set file attributes (See above)
2018-12-25T12:39:11.201460252Z 61 PC: 12f2b | Open file (See above)
2018-12-25T12:39:11.21005243Z 63 PC: 12f37 | Read file or device (See above)
2018-12-25T12:39:11.216846752Z 66 PC: 12f3f | Move file pointer (See above)
2018-12-25T12:39:11.21802222Z 79 PC: 12f1f | Find next file (See above)
2018-12-25T12:39:11.22094351Z 67 PC: 13007 | Get or set file attributes (See above)
2018-12-25T12:39:11.239863175Z 61 PC: 12f2b | Open file (See above)
2018-12-25T12:39:11.246611546Z 63 PC: 12f37 | Read file or device (See above)
2018-12-25T12:39:11.254161132Z 66 PC: 12f3f | Move file pointer (See above)
2018-12-25T12:39:11.256073994Z 79 PC: 12f1f | Find next file (See above)
2018-12-25T12:39:11.258930793Z 67 PC: 13007 | Get or set file attributes (See above)
2018-12-25T12:39:11.271040737Z 61 PC: 12f2b | Open file (See above)
2018-12-25T12:39:11.278477624Z 63 PC: 12f37 | Read file or device (See above)
2018-12-25T12:39:11.284951579Z 66 PC: 12f3f | Move file pointer (See above)
2018-12-25T12:39:11.288443814Z 79 PC: 12f1f | Find next file (See above)
2018-12-25T12:39:11.291876865Z 67 PC: 13007 | Get or set file attributes (See above)
2018-12-25T12:39:11.310124208Z 61 PC: 12f2b | Open file (See above)
2018-12-25T12:39:11.317762138Z 63 PC: 12f37 | Read file or device (See above)
2018-12-25T12:39:11.325255905Z 66 PC: 12f3f | Move file pointer (See above)
2018-12-25T12:39:11.326978539Z 79 PC: 12f1f | Find next file (See above)
2018-12-25T12:39:11.329921643Z 67 PC: 13007 | Get or set file attributes (See above)
2018-12-25T12:39:11.34843664Z 61 PC: 12f2b | Open file (See above)
2018-12-25T12:39:11.355700186Z 63 PC: 12f37 | Read file or device (See above)
2018-12-25T12:39:11.366035055Z 66 PC: 12f3f | Move file pointer (See above)
2018-12-25T12:39:11.368461304Z 79 PC: 12f1f | Find next file (See above)
2018-12-25T12:39:11.371316419Z 59 PC: 12e91 | Change current directory
2018-12-25T12:39:11.375620523Z 42 PC: 12e97 | Get date 0x12e97: cmp al, 5
0x12e99: jne 0x12ea5
0x12e9b: mov ah, 0x2c
0x12e9d: int 0x21
0x12e9f: cmp cx, 0x805
0x12ea3: je 0x12eda
0x12ea5: mov ax, 0x2524
0x12ea8: lds dx, ptr [bp + 0x4e5]
0x12eac: int 0x21
0x12eae: push cs
0x12eaf: pop ds
0x12eb0: mov ah, 0x3b
0x12eb2: lea dx, word ptr [bp + 0x4e9]
0x12eb6: int 0x21
0x12eb8: mov ah, 0x1a
0x12eba: mov dx, 0x80
0x12ebd: int 0x21
0x12ebf: ret
0x12ec0: nop
0x12ec1: nop
2018-12-25T12:39:11.378838667Z 37 PC: 12eae | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:39:11.38074376Z 59 PC: 12eb8 | Change current directory
2018-12-25T12:39:11.384989181Z 26 PC: 12ebf | Set disk transfer address

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13810,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:10.910132502Z 26 PC: 12e5c | Set disk transfer address
2018-12-25T12:39:10.911662729Z 71 PC: 12e66 | Get current directory
2018-12-25T12:39:10.921840868Z 53 PC: 12e70 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:39:10.922762444Z 37 PC: 12e80 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:39:10.923938595Z 78 PC: 12f1f | Find first file
2018-12-25T12:39:10.927853567Z 67 PC: 13007 | Get or set file attributes
2018-12-25T12:39:10.942121506Z 61 PC: 12f2b | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:10.94921296Z 63 PC: 12f37 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:39:10.956479615Z 66 PC: 12f3f | Move file pointer
2018-12-25T12:39:10.957989837Z 79 PC: 12f1f | Find next file (See above)
2018-12-25T12:39:10.960874217Z 67 PC: 13007 | Get or set file attributes (See above)
2018-12-25T12:39:10.974920629Z 61 PC: 12f2b | Open file (See above)
2018-12-25T12:39:10.981962472Z 63 PC: 12f37 | Read file or device (See above)
2018-12-25T12:39:10.988835933Z 66 PC: 12f3f | Move file pointer (See above)
2018-12-25T12:39:10.99066226Z 79 PC: 12f1f | Find next file (See above)
2018-12-25T12:39:10.993491828Z 67 PC: 13007 | Get or set file attributes (See above)
2018-12-25T12:39:11.004354644Z 61 PC: 12f2b | Open file (See above)
2018-12-25T12:39:11.01489972Z 63 PC: 12f37 | Read file or device (See above)
2018-12-25T12:39:11.022096166Z 66 PC: 12f3f | Move file pointer (See above)
2018-12-25T12:39:11.023704533Z 79 PC: 12f1f | Find next file (See above)
2018-12-25T12:39:11.027694697Z 67 PC: 13007 | Get or set file attributes (See above)
2018-12-25T12:39:11.03916811Z 61 PC: 12f2b | Open file (See above)
2018-12-25T12:39:11.045665471Z 63 PC: 12f37 | Read file or device (See above)
2018-12-25T12:39:11.052118645Z 66 PC: 12f3f | Move file pointer (See above)
2018-12-25T12:39:11.054291586Z 79 PC: 12f1f | Find next file (See above)
2018-12-25T12:39:11.056843545Z 67 PC: 13007 | Get or set file attributes (See above)
2018-12-25T12:39:11.065759094Z 61 PC: 12f2b | Open file (See above)
2018-12-25T12:39:11.07231254Z 63 PC: 12f37 | Read file or device (See above)
2018-12-25T12:39:11.079346191Z 66 PC: 12f3f | Move file pointer (See above)
2018-12-25T12:39:11.08075657Z 79 PC: 12f1f | Find next file (See above)
2018-12-25T12:39:11.083801755Z 67 PC: 13007 | Get or set file attributes (See above)
2018-12-25T12:39:11.092721835Z 61 PC: 12f2b | Open file (See above)
2018-12-25T12:39:11.103719926Z 63 PC: 12f37 | Read file or device (See above)
2018-12-25T12:39:11.110271935Z 66 PC: 12f3f | Move file pointer (See above)
2018-12-25T12:39:11.111712002Z 79 PC: 12f1f | Find next file (See above)
2018-12-25T12:39:11.114047516Z 67 PC: 13007 | Get or set file attributes (See above)
2018-12-25T12:39:11.123272228Z 61 PC: 12f2b | Open file (See above)
2018-12-25T12:39:11.12925514Z 63 PC: 12f37 | Read file or device (See above)
2018-12-25T12:39:11.135106992Z 66 PC: 12f3f | Move file pointer (See above)
2018-12-25T12:39:11.13704958Z 79 PC: 12f1f | Find next file (See above)
2018-12-25T12:39:11.139442412Z 59 PC: 12e91 | Change current directory
2018-12-25T12:39:11.143135486Z 42 PC: 12e97 | Get date 0x12e97: cmp al, 5
0x12e99: jne 0x12ea5
0x12e9b: mov ah, 0x2c
0x12e9d: int 0x21
0x12e9f: cmp cx, 0x805
0x12ea3: je 0x12eda
0x12ea5: mov ax, 0x2524
0x12ea8: lds dx, ptr [bp + 0x4e5]
0x12eac: int 0x21
0x12eae: push cs
0x12eaf: pop ds
0x12eb0: mov ah, 0x3b
0x12eb2: lea dx, word ptr [bp + 0x4e9]
0x12eb6: int 0x21
0x12eb8: mov ah, 0x1a
0x12eba: mov dx, 0x80
0x12ebd: int 0x21
0x12ebf: ret
0x12ec0: nop
0x12ec1: nop
2018-12-25T12:39:11.145431492Z 44 PC: 12e9f | Get time 0x12e9f: cmp cx, 0x805
0x12ea3: je 0x12eda
0x12ea5: mov ax, 0x2524
0x12ea8: lds dx, ptr [bp + 0x4e5]
0x12eac: int 0x21
0x12eae: push cs
0x12eaf: pop ds
0x12eb0: mov ah, 0x3b
0x12eb2: lea dx, word ptr [bp + 0x4e9]
0x12eb6: int 0x21
0x12eb8: mov ah, 0x1a
0x12eba: mov dx, 0x80
0x12ebd: int 0x21
0x12ebf: ret
0x12ec0: nop
0x12ec1: nop
0x12ec2: nop
0x12ec3: nop
0x12ec4: nop
0x12ec5: nop
2018-12-25T12:39:11.147533363Z 37 PC: 12eae | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:39:11.148682661Z 59 PC: 12eb8 | Change current directory
2018-12-25T12:39:11.152604769Z 26 PC: 12ebf | Set disk transfer address