Sample viewer

vx.netlux.org/Virus.DOS.Walhala.1283

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:01:17.899874893Z	74	PC: 13282 \| Reallocate memory
2018-12-17T23:01:17.9021537Z	72	PC: 13289 \| Allocate memory
2018-12-17T23:01:17.904249711Z	26	PC: 132af \| Set disk transfer address
2018-12-17T23:01:17.905663072Z	78	PC: 132b9 \| Find first file
2018-12-17T23:01:17.912981324Z	61	PC: 132da \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:01:17.921249475Z	66	PC: 132e9 \| Move file pointer
2018-12-17T23:01:17.923217571Z	66	PC: 132f6 \| Move file pointer
2018-12-17T23:01:17.925161965Z	63	PC: 13306 \| Read file or device (Read 407 bytes on handle 5)
2018-12-17T23:01:17.933407105Z	79	PC: 132c7 \| Find next file
2018-12-17T23:01:17.936463587Z	61	PC: 132da \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:01:17.944269539Z	66	PC: 132e9 \| Move file pointer
2018-12-17T23:01:17.94738816Z	66	PC: 132f6 \| Move file pointer
2018-12-17T23:01:17.949429925Z	63	PC: 13306 \| Read file or device (Read 27 bytes on handle 6)
2018-12-17T23:01:17.956964866Z	79	PC: 132c7 \| Find next file
2018-12-17T23:01:17.966722306Z	61	PC: 132da \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:01:17.976346298Z	66	PC: 132e9 \| Move file pointer
2018-12-17T23:01:17.979055074Z	66	PC: 132f6 \| Move file pointer
2018-12-17T23:01:17.982111522Z	63	PC: 13306 \| Read file or device (Read 92 bytes on handle 7)
2018-12-17T23:01:17.989819353Z	79	PC: 132c7 \| Find next file
2018-12-17T23:01:17.993177465Z	61	PC: 132da \| Open file (Filename = 'PHANG.COM')
2018-12-17T23:01:18.001105155Z	66	PC: 132e9 \| Move file pointer
2018-12-17T23:01:18.003912537Z	66	PC: 132f6 \| Move file pointer
2018-12-17T23:01:18.005813469Z	63	PC: 13306 \| Read file or device (Read 29 bytes on handle 8)
2018-12-17T23:01:18.013255624Z	79	PC: 132c7 \| Find next file
2018-12-17T23:01:18.018052401Z	61	PC: 132da \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:01:18.025705661Z	66	PC: 132e9 \| Move file pointer
2018-12-17T23:01:18.027489211Z	66	PC: 132f6 \| Move file pointer
2018-12-17T23:01:18.030252243Z	63	PC: 13306 \| Read file or device (Read 29 bytes on handle 9)
2018-12-17T23:01:18.038203156Z	79	PC: 132c7 \| Find next file
2018-12-17T23:01:18.041515813Z	61	PC: 132da \| Open file (Filename = 'MANDEL.COM')
2018-12-17T23:01:18.04984226Z	66	PC: 132e9 \| Move file pointer
2018-12-17T23:01:18.051499617Z	66	PC: 132f6 \| Move file pointer
2018-12-17T23:01:18.053134486Z	63	PC: 13306 \| Read file or device (Read 501 bytes on handle 10)
2018-12-17T23:01:18.061406908Z	79	PC: 132c7 \| Find next file
2018-12-17T23:01:18.064702424Z	61	PC: 132da \| Open file (Filename = 'PAH.COM')
2018-12-17T23:01:18.072135458Z	66	PC: 132e9 \| Move file pointer
2018-12-17T23:01:18.073878872Z	66	PC: 132f6 \| Move file pointer
2018-12-17T23:01:18.076312391Z	63	PC: 13306 \| Read file or device (Read 29 bytes on handle 11)
2018-12-17T23:01:18.083619013Z	79	PC: 132c7 \| Find next file
2018-12-17T23:01:18.086553293Z	61	PC: 132da \| Open file (Filename = 'TEST.COM')
2018-12-17T23:01:18.094731149Z	66	PC: 132e9 \| Move file pointer
2018-12-17T23:01:18.096883032Z	66	PC: 132f6 \| Move file pointer
2018-12-17T23:01:18.098528076Z	63	PC: 13306 \| Read file or device (Read 3383 bytes on handle 12)
2018-12-17T23:01:18.1083385Z	62	PC: 13351 \| Close file
2018-12-17T23:01:18.110801358Z	79	PC: 132c7 \| Find next file
2018-12-17T23:01:18.11387739Z	42	PC: 13444 \| Get date 0x13444: mov cl, 0x1f 0x13446: cmp dl, cl 0x13448: jne 0x1345a 0x1344a: mov al, 2 0x1344c: mov cx, 1 0x1344f: mov dx, 0 0x13452: mov bx, 0 0x13455: int 0x26 0x13457: jmp 0x1345a 0x13459: nop 0x1345a: jmp 0x12a43 0x1345d: pop ax 0x1345e: mov ax, 0x4c00 0x13461: int 0x21 0x13463: pop ds 0x13464: add sp, 6 0x13467: stc 0x13468: retf 0 0x1346b: add byte ptr [bx + si], al 0x1346d: add byte ptr [bx + si], al
2018-12-17T23:01:18.117398665Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-17T23:01:18.134543796Z	48	PC: 12a8f \| Get DOS version
2018-12-17T23:01:18.136669609Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-17T23:01:18.146433109Z	93	PC: 12afe \| File sharing functions
2018-12-17T23:01:18.148865828Z	9	PC: 12a86 \| Display string (String= 'Size change=0503h/01283d. ')
2018-12-17T23:01:18.153567824Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13819,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:10.958669069Z	74	PC: 13282 \| Reallocate memory
2018-12-25T12:39:10.961628331Z	72	PC: 13289 \| Allocate memory
2018-12-25T12:39:10.963108077Z	26	PC: 132af \| Set disk transfer address
2018-12-25T12:39:10.96444325Z	78	PC: 132b9 \| Find first file
2018-12-25T12:39:10.971309704Z	61	PC: 132da \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:10.978612075Z	66	PC: 132e9 \| Move file pointer
2018-12-25T12:39:10.980226943Z	66	PC: 132f6 \| Move file pointer
2018-12-25T12:39:10.982404756Z	63	PC: 13306 \| Read file or device (Read 407 bytes on handle 5)
2018-12-25T12:39:10.990177499Z	79	PC: 132c7 \| Find next file
2018-12-25T12:39:10.992834116Z	61	PC: 132da \| Open file (See above)
2018-12-25T12:39:10.999884595Z	66	PC: 132e9 \| Move file pointer (See above)
2018-12-25T12:39:11.001259482Z	66	PC: 132f6 \| Move file pointer (See above)
2018-12-25T12:39:11.002538878Z	63	PC: 13306 \| Read file or device (See above)
2018-12-25T12:39:11.009689554Z	79	PC: 132c7 \| Find next file (See above)
2018-12-25T12:39:11.013216381Z	61	PC: 132da \| Open file (See above)
2018-12-25T12:39:11.019874402Z	66	PC: 132e9 \| Move file pointer (See above)
2018-12-25T12:39:11.021524994Z	66	PC: 132f6 \| Move file pointer (See above)
2018-12-25T12:39:11.024189938Z	63	PC: 13306 \| Read file or device (See above)
2018-12-25T12:39:11.030722811Z	79	PC: 132c7 \| Find next file (See above)
2018-12-25T12:39:11.033519852Z	61	PC: 132da \| Open file (See above)
2018-12-25T12:39:11.041010373Z	66	PC: 132e9 \| Move file pointer (See above)
2018-12-25T12:39:11.042254292Z	66	PC: 132f6 \| Move file pointer (See above)
2018-12-25T12:39:11.043426965Z	63	PC: 13306 \| Read file or device (See above)
2018-12-25T12:39:11.049417898Z	79	PC: 132c7 \| Find next file (See above)
2018-12-25T12:39:11.051991705Z	61	PC: 132da \| Open file (See above)
2018-12-25T12:39:11.058532192Z	66	PC: 132e9 \| Move file pointer (See above)
2018-12-25T12:39:11.060663855Z	66	PC: 132f6 \| Move file pointer (See above)
2018-12-25T12:39:11.061972545Z	63	PC: 13306 \| Read file or device (See above)
2018-12-25T12:39:11.068047206Z	79	PC: 132c7 \| Find next file (See above)
2018-12-25T12:39:11.07179695Z	61	PC: 132da \| Open file (See above)
2018-12-25T12:39:11.078500803Z	66	PC: 132e9 \| Move file pointer (See above)
2018-12-25T12:39:11.079915999Z	66	PC: 132f6 \| Move file pointer (See above)
2018-12-25T12:39:11.082192592Z	63	PC: 13306 \| Read file or device (See above)
2018-12-25T12:39:11.088834528Z	79	PC: 132c7 \| Find next file (See above)
2018-12-25T12:39:11.091358113Z	61	PC: 132da \| Open file (See above)
2018-12-25T12:39:11.098092835Z	66	PC: 132e9 \| Move file pointer (See above)
2018-12-25T12:39:11.099595993Z	66	PC: 132f6 \| Move file pointer (See above)
2018-12-25T12:39:11.10086651Z	63	PC: 13306 \| Read file or device (See above)
2018-12-25T12:39:11.107596568Z	79	PC: 132c7 \| Find next file (See above)
2018-12-25T12:39:11.110884673Z	61	PC: 132da \| Open file (See above)
2018-12-25T12:39:11.117117032Z	66	PC: 132e9 \| Move file pointer (See above)
2018-12-25T12:39:11.119027716Z	66	PC: 132f6 \| Move file pointer (See above)
2018-12-25T12:39:11.121839774Z	63	PC: 13306 \| Read file or device (See above)
2018-12-25T12:39:11.129424986Z	62	PC: 13351 \| Close file
2018-12-25T12:39:11.131063663Z	79	PC: 132c7 \| Find next file (See above)
2018-12-25T12:39:11.132967694Z	42	PC: 13444 \| Get date 0x13444: mov cl, 0x1f 0x13446: cmp dl, cl 0x13448: jne 0x1345a 0x1344a: mov al, 2 0x1344c: mov cx, 1 0x1344f: mov dx, 0 0x13452: mov bx, 0 0x13455: int 0x26 0x13457: jmp 0x1345a 0x13459: nop 0x1345a: jmp 0x12a43 0x1345d: pop ax 0x1345e: mov ax, 0x4c00 0x13461: int 0x21 0x13463: pop ds 0x13464: add sp, 6 0x13467: stc 0x13468: retf 0 0x1346b: add byte ptr [bx + si], al 0x1346d: add byte ptr [bx + si], al
2018-12-25T12:39:11.13476954Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:39:11.138295354Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:39:11.139662082Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:39:11.144768783Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:39:11.146675434Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:39:11.149498668Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":31,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13819,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:11.030452945Z	74	PC: 13282 \| Reallocate memory
2018-12-25T12:39:11.033172901Z	72	PC: 13289 \| Allocate memory
2018-12-25T12:39:11.038057561Z	26	PC: 132af \| Set disk transfer address
2018-12-25T12:39:11.039275144Z	78	PC: 132b9 \| Find first file
2018-12-25T12:39:11.045785021Z	61	PC: 132da \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:11.052341184Z	66	PC: 132e9 \| Move file pointer
2018-12-25T12:39:11.05376854Z	66	PC: 132f6 \| Move file pointer
2018-12-25T12:39:11.05541991Z	63	PC: 13306 \| Read file or device (Read 407 bytes on handle 5)
2018-12-25T12:39:11.061491541Z	79	PC: 132c7 \| Find next file
2018-12-25T12:39:11.064125871Z	61	PC: 132da \| Open file (See above)
2018-12-25T12:39:11.070681298Z	66	PC: 132e9 \| Move file pointer (See above)
2018-12-25T12:39:11.07263909Z	66	PC: 132f6 \| Move file pointer (See above)
2018-12-25T12:39:11.074052619Z	63	PC: 13306 \| Read file or device (See above)
2018-12-25T12:39:11.080952934Z	79	PC: 132c7 \| Find next file (See above)
2018-12-25T12:39:11.084447449Z	61	PC: 132da \| Open file (See above)
2018-12-25T12:39:11.090861208Z	66	PC: 132e9 \| Move file pointer (See above)
2018-12-25T12:39:11.092291124Z	66	PC: 132f6 \| Move file pointer (See above)
2018-12-25T12:39:11.094305391Z	63	PC: 13306 \| Read file or device (See above)
2018-12-25T12:39:11.100469357Z	79	PC: 132c7 \| Find next file (See above)
2018-12-25T12:39:11.102623163Z	61	PC: 132da \| Open file (See above)
2018-12-25T12:39:11.107281611Z	66	PC: 132e9 \| Move file pointer (See above)
2018-12-25T12:39:11.108348118Z	66	PC: 132f6 \| Move file pointer (See above)
2018-12-25T12:39:11.10943056Z	63	PC: 13306 \| Read file or device (See above)
2018-12-25T12:39:11.11380048Z	79	PC: 132c7 \| Find next file (See above)
2018-12-25T12:39:11.115549271Z	61	PC: 132da \| Open file (See above)
2018-12-25T12:39:11.119836027Z	66	PC: 132e9 \| Move file pointer (See above)
2018-12-25T12:39:11.121933564Z	66	PC: 132f6 \| Move file pointer (See above)
2018-12-25T12:39:11.123403994Z	63	PC: 13306 \| Read file or device (See above)
2018-12-25T12:39:11.13006776Z	79	PC: 132c7 \| Find next file (See above)
2018-12-25T12:39:11.139167936Z	61	PC: 132da \| Open file (See above)
2018-12-25T12:39:11.145909408Z	66	PC: 132e9 \| Move file pointer (See above)
2018-12-25T12:39:11.147456479Z	66	PC: 132f6 \| Move file pointer (See above)
2018-12-25T12:39:11.153388492Z	63	PC: 13306 \| Read file or device (See above)
2018-12-25T12:39:11.160583333Z	79	PC: 132c7 \| Find next file (See above)
2018-12-25T12:39:11.163813383Z	61	PC: 132da \| Open file (See above)
2018-12-25T12:39:11.171249408Z	66	PC: 132e9 \| Move file pointer (See above)
2018-12-25T12:39:11.17298525Z	66	PC: 132f6 \| Move file pointer (See above)
2018-12-25T12:39:11.17425671Z	63	PC: 13306 \| Read file or device (See above)
2018-12-25T12:39:11.181163849Z	79	PC: 132c7 \| Find next file (See above)
2018-12-25T12:39:11.183735521Z	61	PC: 132da \| Open file (See above)
2018-12-25T12:39:11.189937636Z	66	PC: 132e9 \| Move file pointer (See above)
2018-12-25T12:39:11.191346142Z	66	PC: 132f6 \| Move file pointer (See above)
2018-12-25T12:39:11.19272115Z	63	PC: 13306 \| Read file or device (See above)
2018-12-25T12:39:11.199673518Z	62	PC: 13351 \| Close file
2018-12-25T12:39:11.209261366Z	79	PC: 132c7 \| Find next file (See above)
2018-12-25T12:39:11.211765785Z	42	PC: 13444 \| Get date 0x13444: mov cl, 0x1f 0x13446: cmp dl, cl 0x13448: jne 0x1345a 0x1344a: mov al, 2 0x1344c: mov cx, 1 0x1344f: mov dx, 0 0x13452: mov bx, 0 0x13455: int 0x26 0x13457: jmp 0x1345a 0x13459: nop 0x1345a: jmp 0x12a43 0x1345d: pop ax 0x1345e: mov ax, 0x4c00 0x13461: int 0x21 0x13463: pop ds 0x13464: add sp, 6 0x13467: stc 0x13468: retf 0 0x1346b: add byte ptr [bx + si], al 0x1346d: add byte ptr [bx + si], al
2018-12-25T12:39:11.214384641Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:39:11.220007286Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:39:11.221553795Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:39:11.228089718Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:39:11.238377333Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:39:11.242398991Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')