Sample viewer

vx.netlux.org/Virus.DOS.Taek.2119

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:01:36.916576446Z 47 PC: 12d45 | Get disk transfer address
2018-12-17T23:01:36.918236319Z 26 PC: 12d57 | Set disk transfer address
2018-12-17T23:01:36.920058955Z 78 PC: 12d62 | Find first file
2018-12-17T23:01:36.927644106Z 255 PC: 12d72 | UNKNOWN!
2018-12-17T23:01:36.928991588Z 79 PC: 12d62 | Find next file
2018-12-17T23:01:36.932398765Z 26 PC: 12d7c | Set disk transfer address
2018-12-17T23:01:36.934225275Z 255 PC: 12d82 | UNKNOWN!
2018-12-17T23:01:36.935709358Z 74 PC: 12da8 | Reallocate memory
2018-12-17T23:01:36.938525456Z 72 PC: 12db2 | Allocate memory
2018-12-17T23:01:36.940606703Z 72 PC: 12dc7 | Allocate memory
2018-12-17T23:01:36.942909429Z 74 PC: 9ed23 | Reallocate memory
2018-12-17T23:01:36.9459513Z 75 PC: 9ed63 | Execute program
2018-12-17T23:01:36.965349281Z 47 PC: 12ea5 | Get disk transfer address
2018-12-17T23:01:36.966905979Z 26 PC: 12eb7 | Set disk transfer address
2018-12-17T23:01:36.969581864Z 78 PC: 12ec2 | Find first file
2018-12-17T23:01:36.976757441Z 67 PC: 9ed63 | Get or set file attributes
2018-12-17T23:01:36.983499427Z 67 PC: 9ed63 | Get or set file attributes
2018-12-17T23:01:37.001706863Z 61 PC: 9ed63 | Open file (Filename = ' "Program too big to fit in memory  No free file handlesBad Command or file name Access denied  Memory allocation error& Cannot load COMMAND, system halted ! Cannot start COMMAND, exiting . Top level process aborted, cannot continue  � ')
2018-12-17T23:01:37.009895281Z 87 PC: 9ed63 | Get or set file date and time
2018-12-17T23:01:37.011436309Z 66 PC: 9ed63 | Move file pointer
2018-12-17T23:01:37.013100662Z 66 PC: 9ed63 | Move file pointer
2018-12-17T23:01:37.015403159Z 63 PC: 9ed63 | Read file or device (Read 64 bytes on handle 5)
2018-12-17T23:01:37.018380346Z 66 PC: 9ed63 | Move file pointer
2018-12-17T23:01:37.020318147Z 63 PC: 9ed63 | Read file or device (Read 2 bytes on handle 5)
2018-12-17T23:01:37.024632112Z 66 PC: 9ed63 | Move file pointer
2018-12-17T23:01:37.026236786Z 64 PC: 9ed63 | Write file or device (Write 32 bytes on handle 5)
2018-12-17T23:01:37.030276934Z 66 PC: 9ed63 | Move file pointer
2018-12-17T23:01:37.032359978Z 64 PC: 9ed63 | Write file or device (Write 8 bytes on handle 5)
2018-12-17T23:01:37.035828587Z 64 PC: 9ed63 | Write file or device (Write 2119 bytes on handle 5)
2018-12-17T23:01:37.042594387Z 64 PC: 9ed63 | Write file or device (Write 49 bytes on handle 5)
2018-12-17T23:01:37.045381214Z 64 PC: 9ed63 | Write file or device (Write 8 bytes on handle 5)
2018-12-17T23:01:37.047266963Z 87 PC: 9ed63 | Get or set file date and time
2018-12-17T23:01:37.048431467Z 44 PC: 9f17b | Get time 0x9f17b: cmp ch, 0x17
0x9f17e: jb 0x9f1e1
0x9f180: mov es, word ptr cs:[0x735]
0x9f185: mov ax, 0xb800
0x9f188: mov ds, ax
0x9f18a: xor si, si
0x9f18c: xor di, di
0x9f18e: mov cx, 0x50
0x9f191: cld
0x9f192: rep movsd dword ptr es:[di], dword ptr [si]
0x9f194: push cs
0x9f195: pop ds
0x9f196: mov ax, 0xb800
0x9f199: mov es, ax
0x9f19b: mov si, 0x6d2
0x9f19e: xor di, di
0x9f1a0: mov cx, 0x50
0x9f1a3: mov ah, 0x1f
0x9f1a5: cld
0x9f1a6: lodsb al, byte ptr [si]
2018-12-17T23:01:37.050654114Z 62 PC: 9ed63 | Close file
2018-12-17T23:01:37.056132204Z 67 PC: 9ed63 | Get or set file attributes
2018-12-17T23:01:37.063001292Z 255 PC: 12ed2 | UNKNOWN!
2018-12-17T23:01:37.063874953Z 79 PC: 12ec2 | Find next file
2018-12-17T23:01:37.06608863Z 26 PC: 12edc | Set disk transfer address
2018-12-17T23:01:37.067154011Z 9 PC: 12be2 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-17T23:01:37.069795312Z 76 PC: 12be6 | Terminate with return code (Return code = '36')
2018-12-17T23:01:37.073344006Z 73 PC: 9ed52 | Release memory
2018-12-17T23:01:37.074389652Z 77 PC: 9ed56 | Get program return code
2018-12-17T23:01:37.075351931Z 76 PC: 9ed5a | Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13939,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:28.403105126Z 47 PC: 12d45 | Get disk transfer address
2018-12-25T12:39:28.40481749Z 26 PC: 12d57 | Set disk transfer address
2018-12-25T12:39:28.405752279Z 78 PC: 12d62 | Find first file
2018-12-25T12:39:28.409574628Z 255 PC: 12d72 | UNKNOWN!
2018-12-25T12:39:28.411082278Z 79 PC: 12d62 | Find next file (See above)
2018-12-25T12:39:28.412677318Z 26 PC: 12d7c | Set disk transfer address
2018-12-25T12:39:28.413560263Z 255 PC: 12d82 | UNKNOWN!
2018-12-25T12:39:28.414847761Z 74 PC: 12da8 | Reallocate memory
2018-12-25T12:39:28.416871197Z 72 PC: 12db2 | Allocate memory
2018-12-25T12:39:28.419056167Z 72 PC: 12dc7 | Allocate memory
2018-12-25T12:39:28.421220618Z 74 PC: 9ed23 | Reallocate memory
2018-12-25T12:39:28.423036466Z 75 PC: 9ed63 | Execute program
2018-12-25T12:39:28.441224018Z 47 PC: 12ea5 | Get disk transfer address
2018-12-25T12:39:28.44250048Z 26 PC: 12eb7 | Set disk transfer address
2018-12-25T12:39:28.443677856Z 78 PC: 12ec2 | Find first file
2018-12-25T12:39:28.450577354Z 67 PC: 9ed63 | Get or set file attributes (See above)
2018-12-25T12:39:28.456357153Z 67 PC: 9ed63 | Get or set file attributes (See above)
2018-12-25T12:39:28.475887495Z 61 PC: 9ed63 | Open file (See above)
2018-12-25T12:39:28.484472482Z 87 PC: 9ed63 | Get or set file date and time (See above)
2018-12-25T12:39:28.48641254Z 66 PC: 9ed63 | Move file pointer (See above)
2018-12-25T12:39:28.488208372Z 66 PC: 9ed63 | Move file pointer (See above)
2018-12-25T12:39:28.491347293Z 63 PC: 9ed63 | Read file or device (See above)
2018-12-25T12:39:28.498189163Z 66 PC: 9ed63 | Move file pointer (See above)
2018-12-25T12:39:28.499510834Z 63 PC: 9ed63 | Read file or device (See above)
2018-12-25T12:39:28.502541159Z 66 PC: 9ed63 | Move file pointer (See above)
2018-12-25T12:39:28.504457081Z 64 PC: 9ed63 | Write file or device (See above)
2018-12-25T12:39:28.508007924Z 66 PC: 9ed63 | Move file pointer (See above)
2018-12-25T12:39:28.509382224Z 64 PC: 9ed63 | Write file or device (See above)
2018-12-25T12:39:28.524166074Z 64 PC: 9ed63 | Write file or device (See above)
2018-12-25T12:39:28.533002378Z 64 PC: 9ed63 | Write file or device (See above)
2018-12-25T12:39:28.535742023Z 64 PC: 9ed63 | Write file or device (See above)
2018-12-25T12:39:28.539591264Z 87 PC: 9ed63 | Get or set file date and time (See above)
2018-12-25T12:39:28.541360911Z 44 PC: 9f17b | Get time 0x9f17b: cmp ch, 0x17
0x9f17e: jb 0x9f1e1
0x9f180: mov es, word ptr cs:[0x735]
0x9f185: mov ax, 0xb800
0x9f188: mov ds, ax
0x9f18a: xor si, si
0x9f18c: xor di, di
0x9f18e: mov cx, 0x50
0x9f191: cld
0x9f192: rep movsd dword ptr es:[di], dword ptr [si]
0x9f194: push cs
0x9f195: pop ds
0x9f196: mov ax, 0xb800
0x9f199: mov es, ax
0x9f19b: mov si, 0x6d2
0x9f19e: xor di, di
0x9f1a0: mov cx, 0x50
0x9f1a3: mov ah, 0x1f
0x9f1a5: cld
0x9f1a6: lodsb al, byte ptr [si]
2018-12-25T12:39:28.543720096Z 62 PC: 9ed63 | Close file (See above)
2018-12-25T12:39:28.553202446Z 67 PC: 9ed63 | Get or set file attributes (See above)
2018-12-25T12:39:28.563023436Z 255 PC: 12ed2 | UNKNOWN!
2018-12-25T12:39:28.564019256Z 79 PC: 12ec2 | Find next file (See above)
2018-12-25T12:39:28.567250684Z 26 PC: 12edc | Set disk transfer address
2018-12-25T12:39:28.568880689Z 9 PC: 12be2 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T12:39:28.574577058Z 76 PC: 12be6 | Terminate with return code (Return code = '36')
2018-12-25T12:39:28.578624905Z 73 PC: 9ed52 | Release memory
2018-12-25T12:39:28.580293195Z 77 PC: 9ed56 | Get program return code
2018-12-25T12:39:28.581721923Z 76 PC: 9ed5a | Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":23,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13939,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:28.698189751Z 47 PC: 12d45 | Get disk transfer address
2018-12-25T12:39:28.70337119Z 26 PC: 12d57 | Set disk transfer address
2018-12-25T12:39:28.704824192Z 78 PC: 12d62 | Find first file
2018-12-25T12:39:28.71020673Z 255 PC: 12d72 | UNKNOWN!
2018-12-25T12:39:28.71118293Z 79 PC: 12d62 | Find next file (See above)
2018-12-25T12:39:28.712934947Z 26 PC: 12d7c | Set disk transfer address
2018-12-25T12:39:28.713768223Z 255 PC: 12d82 | UNKNOWN!
2018-12-25T12:39:28.714458484Z 74 PC: 12da8 | Reallocate memory
2018-12-25T12:39:28.716440067Z 72 PC: 12db2 | Allocate memory
2018-12-25T12:39:28.718153838Z 72 PC: 12dc7 | Allocate memory
2018-12-25T12:39:28.719983828Z 74 PC: 9ed23 | Reallocate memory
2018-12-25T12:39:28.721366Z 75 PC: 9ed63 | Execute program
2018-12-25T12:39:28.731838066Z 47 PC: 12ea5 | Get disk transfer address
2018-12-25T12:39:28.7326731Z 26 PC: 12eb7 | Set disk transfer address
2018-12-25T12:39:28.733861925Z 78 PC: 12ec2 | Find first file
2018-12-25T12:39:28.738515552Z 67 PC: 9ed63 | Get or set file attributes (See above)
2018-12-25T12:39:28.742043291Z 67 PC: 9ed63 | Get or set file attributes (See above)
2018-12-25T12:39:28.75604465Z 61 PC: 9ed63 | Open file (See above)
2018-12-25T12:39:28.763229989Z 87 PC: 9ed63 | Get or set file date and time (See above)
2018-12-25T12:39:28.764308852Z 66 PC: 9ed63 | Move file pointer (See above)
2018-12-25T12:39:28.765274395Z 66 PC: 9ed63 | Move file pointer (See above)
2018-12-25T12:39:28.774431165Z 63 PC: 9ed63 | Read file or device (See above)
2018-12-25T12:39:28.778755641Z 66 PC: 9ed63 | Move file pointer (See above)
2018-12-25T12:39:28.779880454Z 63 PC: 9ed63 | Read file or device (See above)
2018-12-25T12:39:28.78275456Z 66 PC: 9ed63 | Move file pointer (See above)
2018-12-25T12:39:28.78382467Z 64 PC: 9ed63 | Write file or device (See above)
2018-12-25T12:39:28.786146182Z 66 PC: 9ed63 | Move file pointer (See above)
2018-12-25T12:39:28.787773885Z 64 PC: 9ed63 | Write file or device (See above)
2018-12-25T12:39:28.792359106Z 64 PC: 9ed63 | Write file or device (See above)
2018-12-25T12:39:28.798207704Z 64 PC: 9ed63 | Write file or device (See above)
2018-12-25T12:39:28.801178289Z 64 PC: 9ed63 | Write file or device (See above)
2018-12-25T12:39:28.804154804Z 87 PC: 9ed63 | Get or set file date and time (See above)
2018-12-25T12:39:28.805684816Z 44 PC: 9f17b | Get time 0x9f17b: cmp ch, 0x17
0x9f17e: jb 0x9f1e1
0x9f180: mov es, word ptr cs:[0x735]
0x9f185: mov ax, 0xb800
0x9f188: mov ds, ax
0x9f18a: xor si, si
0x9f18c: xor di, di
0x9f18e: mov cx, 0x50
0x9f191: cld
0x9f192: rep movsd dword ptr es:[di], dword ptr [si]
0x9f194: push cs
0x9f195: pop ds
0x9f196: mov ax, 0xb800
0x9f199: mov es, ax
0x9f19b: mov si, 0x6d2
0x9f19e: xor di, di
0x9f1a0: mov cx, 0x50
0x9f1a3: mov ah, 0x1f
0x9f1a5: cld
0x9f1a6: lodsb al, byte ptr [si]
2018-12-25T12:39:28.808308849Z 62 PC: 9ed63 | Close file (See above)
2018-12-25T12:39:28.816198625Z 67 PC: 9ed63 | Get or set file attributes (See above)
2018-12-25T12:39:28.826129241Z 255 PC: 12ed2 | UNKNOWN!
2018-12-25T12:39:28.827770173Z 79 PC: 12ec2 | Find next file (See above)
2018-12-25T12:39:28.834913962Z 26 PC: 12edc | Set disk transfer address
2018-12-25T12:39:28.836140555Z 9 PC: 12be2 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T12:39:28.841476186Z 76 PC: 12be6 | Terminate with return code (Return code = '36')
2018-12-25T12:39:28.844541339Z 73 PC: 9ed52 | Release memory
2018-12-25T12:39:28.845675576Z 77 PC: 9ed56 | Get program return code
2018-12-25T12:39:28.847077141Z 76 PC: 9ed5a | Terminate with return code (Return code = '36')