Sample viewer

vx.netlux.org/Virus.DOS.Champaigne.542

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:01:20.998226713Z 42 PC: 140f8 | Get date 0x140f8: mov byte ptr ds:[bp + 0x2d8], dl
0x140fd: mov byte ptr ds:[bp + 0x2d7], dh
0x14102: mov byte ptr ds:[bp + 0x2d6], al
0x14107: cmp al, 0
0x14109: je 0x14115
0x1410b: mov di, 0x100
0x1410e: lea si, word ptr [bp + 0x293]
0x14112: push di
0x14113: movsw word ptr es:[di], word ptr [si]
0x14114: movsw word ptr es:[di], word ptr [si]
0x14115: lea dx, word ptr [bp + 0x2f8]
0x14119: call 0x14224
0x1411c: jmp 0x1420f
0x1411f: cmp byte ptr ds:[bp + 0x2d8], 0x1a
0x14125: jne 0x14132
0x14127: call 0x14161
0x1412a: cmp byte ptr ds:[bp + 0x2d7], 6
0x14130: je 0x14150
0x14132: mov dx, 0x80
0x14135: call 0x14224
2018-12-17T23:01:21.001355472Z 26 PC: 14228 | Set disk transfer address
2018-12-17T23:01:21.003095491Z 78 PC: 1421a | Find first file
2018-12-17T23:01:21.009660747Z 61 PC: 1417f | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:01:21.02166854Z 87 PC: 14185 | Get or set file date and time
2018-12-17T23:01:21.024022253Z 63 PC: 14192 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:01:21.031637503Z 66 PC: 1422e | Move file pointer
2018-12-17T23:01:21.034374937Z 66 PC: 1422e | Move file pointer
2018-12-17T23:01:21.036347012Z 64 PC: 14269 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:01:21.039706895Z 66 PC: 1422e | Move file pointer
2018-12-17T23:01:21.042001968Z 44 PC: 141c5 | Get time 0x141c5: mov word ptr ds:[bp + 0x2e3], dx
0x141ca: mov cx, 0x12
0x141cd: lea di, word ptr [bp + 0x323]
0x141d1: lea si, word ptr [bp + 0x2e5]
0x141d5: push cx
0x141d6: push si
0x141d7: rep movsb byte ptr es:[di], byte ptr [si]
0x141d9: cmp byte ptr ds:[bp + 0x2d6], 0
0x141df: jne 0x141ed
0x141e1: mov cx, 0xd
0x141e4: lea si, word ptr [bp + 0x258]
0x141e8: rep movsb byte ptr es:[di], byte ptr [si]
0x141ea: jmp 0x141f6
0x141ec: nop
0x141ed: mov cx, 0xb
0x141f0: lea si, word ptr [bp + 0x164]
0x141f4: rep movsb byte ptr es:[di], byte ptr [si]
0x141f6: pop si
0x141f7: pop cx
0x141f8: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-17T23:01:21.04548371Z 64 PC: 14321 | Write file or device (Write 542 bytes on handle 5)
2018-12-17T23:01:21.097461058Z 87 PC: 14207 | Get or set file date and time
2018-12-17T23:01:21.099562277Z 62 PC: 1420b | Close file
2018-12-17T23:01:21.109379613Z 79 PC: 1421a | Find next file
2018-12-17T23:01:21.113010967Z 61 PC: 1417f | Open file (Filename = 'PRINT.COM')
2018-12-17T23:01:21.12124002Z 87 PC: 14185 | Get or set file date and time
2018-12-17T23:01:21.12387974Z 63 PC: 14192 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:01:21.13182505Z 87 PC: 14207 | Get or set file date and time
2018-12-17T23:01:21.133666961Z 62 PC: 1420b | Close file
2018-12-17T23:01:21.143066933Z 79 PC: 1421a | Find next file
2018-12-17T23:01:21.145971772Z 61 PC: 1417f | Open file (Filename = 'HELLO.COM')
2018-12-17T23:01:21.153534513Z 87 PC: 14185 | Get or set file date and time
2018-12-17T23:01:21.156351466Z 63 PC: 14192 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:01:21.164461405Z 66 PC: 1422e | Move file pointer
2018-12-17T23:01:21.166399617Z 66 PC: 1422e | Move file pointer
2018-12-17T23:01:21.168863767Z 64 PC: 14269 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:01:21.172320452Z 66 PC: 1422e | Move file pointer
2018-12-17T23:01:21.174229069Z 44 PC: 141c5 | Get time 0x141c5: mov word ptr ds:[bp + 0x2e3], dx
0x141ca: mov cx, 0x12
0x141cd: lea di, word ptr [bp + 0x323]
0x141d1: lea si, word ptr [bp + 0x2e5]
0x141d5: push cx
0x141d6: push si
0x141d7: rep movsb byte ptr es:[di], byte ptr [si]
0x141d9: cmp byte ptr ds:[bp + 0x2d6], 0
0x141df: jne 0x141ed
0x141e1: mov cx, 0xd
0x141e4: lea si, word ptr [bp + 0x258]
0x141e8: rep movsb byte ptr es:[di], byte ptr [si]
0x141ea: jmp 0x141f6
0x141ec: nop
0x141ed: mov cx, 0xb
0x141f0: lea si, word ptr [bp + 0x164]
0x141f4: rep movsb byte ptr es:[di], byte ptr [si]
0x141f6: pop si
0x141f7: pop cx
0x141f8: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-17T23:01:21.177487842Z 64 PC: 14321 | Write file or device (Write 542 bytes on handle 5)
2018-12-17T23:01:21.187634468Z 87 PC: 14207 | Get or set file date and time
2018-12-17T23:01:21.190524339Z 62 PC: 1420b | Close file
2018-12-17T23:01:21.204241273Z 79 PC: 1421a | Find next file
2018-12-17T23:01:21.216100998Z 61 PC: 1417f | Open file (Filename = 'PHANG.COM')
2018-12-17T23:01:21.223257736Z 87 PC: 14185 | Get or set file date and time
2018-12-17T23:01:21.22523412Z 63 PC: 14192 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:01:21.235059752Z 87 PC: 14207 | Get or set file date and time
2018-12-17T23:01:21.238237573Z 62 PC: 1420b | Close file
2018-12-17T23:01:21.247520487Z 79 PC: 1421a | Find next file
2018-12-17T23:01:21.251972793Z 61 PC: 1417f | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:01:21.269010908Z 87 PC: 14185 | Get or set file date and time
2018-12-17T23:01:21.271628717Z 63 PC: 14192 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:01:21.282324285Z 87 PC: 14207 | Get or set file date and time
2018-12-17T23:01:21.284452995Z 62 PC: 1420b | Close file
2018-12-17T23:01:21.292376223Z 79 PC: 1421a | Find next file
2018-12-17T23:01:21.295795598Z 61 PC: 1417f | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:01:21.302176457Z 87 PC: 14185 | Get or set file date and time
2018-12-17T23:01:21.303584012Z 63 PC: 14192 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:01:21.309444796Z 66 PC: 1422e | Move file pointer
2018-12-17T23:01:21.311539031Z 66 PC: 1422e | Move file pointer
2018-12-17T23:01:21.312973957Z 64 PC: 14269 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:01:21.31571653Z 66 PC: 1422e | Move file pointer
2018-12-17T23:01:21.318713973Z 44 PC: 141c5 | Get time 0x141c5: mov word ptr ds:[bp + 0x2e3], dx
0x141ca: mov cx, 0x12
0x141cd: lea di, word ptr [bp + 0x323]
0x141d1: lea si, word ptr [bp + 0x2e5]
0x141d5: push cx
0x141d6: push si
0x141d7: rep movsb byte ptr es:[di], byte ptr [si]
0x141d9: cmp byte ptr ds:[bp + 0x2d6], 0
0x141df: jne 0x141ed
0x141e1: mov cx, 0xd
0x141e4: lea si, word ptr [bp + 0x258]
0x141e8: rep movsb byte ptr es:[di], byte ptr [si]
0x141ea: jmp 0x141f6
0x141ec: nop
0x141ed: mov cx, 0xb
0x141f0: lea si, word ptr [bp + 0x164]
0x141f4: rep movsb byte ptr es:[di], byte ptr [si]
0x141f6: pop si
0x141f7: pop cx
0x141f8: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-17T23:01:21.321099285Z 64 PC: 14321 | Write file or device (Write 542 bytes on handle 5)
2018-12-17T23:01:21.337082768Z 87 PC: 14207 | Get or set file date and time
2018-12-17T23:01:21.351888599Z 62 PC: 1420b | Close file
2018-12-17T23:01:21.360668737Z 79 PC: 1421a | Find next file
2018-12-17T23:01:21.364583573Z 61 PC: 1417f | Open file (Filename = 'PAH.COM')
2018-12-17T23:01:21.372814079Z 87 PC: 14185 | Get or set file date and time
2018-12-17T23:01:21.375180616Z 63 PC: 14192 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:01:21.382490241Z 87 PC: 14207 | Get or set file date and time
2018-12-17T23:01:21.385220211Z 62 PC: 1420b | Close file
2018-12-17T23:01:21.399757917Z 79 PC: 1421a | Find next file
2018-12-17T23:01:21.403210335Z 61 PC: 1417f | Open file (Filename = 'TEST.COM')
2018-12-17T23:01:21.412021893Z 87 PC: 14185 | Get or set file date and time
2018-12-17T23:01:21.413855698Z 63 PC: 14192 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:01:21.417333373Z 87 PC: 14207 | Get or set file date and time
2018-12-17T23:01:21.419580736Z 62 PC: 1420b | Close file
2018-12-17T23:01:21.427806542Z 79 PC: 1421a | Find next file
2018-12-17T23:01:21.430653632Z 26 PC: 14228 | Set disk transfer address
2018-12-17T23:01:21.432492849Z 48 PC: 12a63 | Get DOS version
2018-12-17T23:01:21.435514306Z 9 PC: 12a7a | Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-17T23:01:21.445363573Z 61 PC: 12cb7 | Open file (Filename = '')
2018-12-17T23:01:21.452597987Z 9 PC: 12a88 | Display string (String= 'Self test: ')
2018-12-17T23:01:21.455836943Z 93 PC: 12b24 | File sharing functions
2018-12-17T23:01:21.457957828Z 9 PC: 12b03 | Display string (String= 'Size change=+021Eh/00542d. Virus might be activ? ')
2018-12-17T23:01:21.463952072Z 76 PC: 12b09 | Terminate with return code (Return code = '1')