Sample viewer

vx.netlux.org/Virus.DOS.Dsyf.924

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:03:08.753367702Z 26 PC: 140d2 | Set disk transfer address
2018-12-17T23:03:08.754281885Z 53 PC: 13e8b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:08.755747087Z 37 PC: 13e9d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:08.756756542Z 71 PC: 13ea9 | Get current directory
2018-12-17T23:03:08.758923864Z 78 PC: 13f1f | Find first file
2018-12-17T23:03:08.763705704Z 78 PC: 13f1f | Find first file
2018-12-17T23:03:08.767553961Z 61 PC: 140db | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:03:08.771759246Z 63 PC: 13f3a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:03:08.786192106Z 62 PC: 13f3e | Close file
2018-12-17T23:03:08.788379868Z 79 PC: 13f1f | Find next file
2018-12-17T23:03:08.790347425Z 61 PC: 140db | Open file (Filename = 'PRINT.COM')
2018-12-17T23:03:08.795554609Z 63 PC: 13f3a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:03:08.800003375Z 62 PC: 13f3e | Close file
2018-12-17T23:03:08.801505127Z 79 PC: 13f1f | Find next file
2018-12-17T23:03:08.804212127Z 61 PC: 140db | Open file (Filename = 'HELLO.COM')
2018-12-17T23:03:08.808484809Z 63 PC: 13f3a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:03:08.815582072Z 62 PC: 13f3e | Close file
2018-12-17T23:03:08.818445881Z 79 PC: 13f1f | Find next file
2018-12-17T23:03:08.821415633Z 61 PC: 140db | Open file (Filename = 'PHANG.COM')
2018-12-17T23:03:08.829142947Z 63 PC: 13f3a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:03:08.836516171Z 62 PC: 13f3e | Close file
2018-12-17T23:03:08.838842801Z 79 PC: 13f1f | Find next file
2018-12-17T23:03:08.841827613Z 61 PC: 140db | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:03:08.849248442Z 63 PC: 13f3a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:03:08.863496944Z 62 PC: 13f3e | Close file
2018-12-17T23:03:08.866113391Z 79 PC: 13f1f | Find next file
2018-12-17T23:03:08.86945363Z 61 PC: 140db | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:03:08.87897835Z 63 PC: 13f3a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:03:08.886668938Z 62 PC: 13f3e | Close file
2018-12-17T23:03:08.889105317Z 79 PC: 13f1f | Find next file
2018-12-17T23:03:08.893264598Z 61 PC: 140db | Open file (Filename = 'PAH.COM')
2018-12-17T23:03:08.900956676Z 63 PC: 13f3a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:03:08.9120733Z 62 PC: 13f3e | Close file
2018-12-17T23:03:08.914671553Z 79 PC: 13f1f | Find next file
2018-12-17T23:03:08.930481177Z 61 PC: 140db | Open file (Filename = 'TEST.COM')
2018-12-17T23:03:08.937661285Z 63 PC: 13f3a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:03:08.940976835Z 62 PC: 13f3e | Close file
2018-12-17T23:03:08.943072657Z 79 PC: 13f1f | Find next file
2018-12-17T23:03:08.94563061Z 59 PC: 13ebf | Change current directory
2018-12-17T23:03:08.950778541Z 42 PC: 1406a | Get date 0x1406a: cmp cx, 0x7ce
0x1406e: jb 0x140c4
0x14070: cmp dl, 0x19
0x14073: jne 0x140c4
0x14075: mov ah, 0x2c
0x14077: int 0x21
0x14079: cmp ch, 0x13
0x1407c: jne 0x140c4
0x1407e: mov ah, 9
0x14080: lea dx, word ptr [bp + 0x3b2]
0x14084: int 0x21
0x14086: mov cx, 6
0x14089: push cx
0x1408a: mov dx, 0x140
0x1408d: mov bx, 0x100
0x14090: in al, 0x61
0x14092: and al, 0xfc
0x14094: xor al, 2
0x14096: out 0x61, al
0x14098: add dx, 0x9248
2018-12-17T23:03:08.953229695Z 37 PC: 13ece | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:08.954545497Z 59 PC: 13ed8 | Change current directory
2018-12-17T23:03:08.956522752Z 26 PC: 140d2 | Set disk transfer address
2018-12-17T23:03:08.958293083Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=00001400h/0000005120d bytes. ')
2018-12-17T23:03:08.962873525Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14448,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:44.231371478Z 26 PC: 140d2 | Set disk transfer address
2018-12-25T12:40:44.233154433Z 53 PC: 13e8b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:40:44.23454305Z 37 PC: 13e9d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:40:44.23586921Z 71 PC: 13ea9 | Get current directory
2018-12-25T12:40:44.239315365Z 78 PC: 13f1f | Find first file
2018-12-25T12:40:44.245157764Z 78 PC: 13f1f | Find first file (See above)
2018-12-25T12:40:44.257345484Z 61 PC: 140db | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:40:44.27566159Z 63 PC: 13f3a | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:40:44.282156319Z 62 PC: 13f3e | Close file
2018-12-25T12:40:44.284152827Z 79 PC: 13f1f | Find next file (See above)
2018-12-25T12:40:44.28743328Z 61 PC: 140db | Open file (See above)
2018-12-25T12:40:44.29430531Z 63 PC: 13f3a | Read file or device (See above)
2018-12-25T12:40:44.300734655Z 62 PC: 13f3e | Close file (See above)
2018-12-25T12:40:44.303063326Z 79 PC: 13f1f | Find next file (See above)
2018-12-25T12:40:44.306364718Z 61 PC: 140db | Open file (See above)
2018-12-25T12:40:44.312860273Z 63 PC: 13f3a | Read file or device (See above)
2018-12-25T12:40:44.3191382Z 62 PC: 13f3e | Close file (See above)
2018-12-25T12:40:44.322675392Z 79 PC: 13f1f | Find next file (See above)
2018-12-25T12:40:44.325625663Z 61 PC: 140db | Open file (See above)
2018-12-25T12:40:44.332406777Z 63 PC: 13f3a | Read file or device (See above)
2018-12-25T12:40:44.342709483Z 62 PC: 13f3e | Close file (See above)
2018-12-25T12:40:44.345337332Z 79 PC: 13f1f | Find next file (See above)
2018-12-25T12:40:44.348104144Z 61 PC: 140db | Open file (See above)
2018-12-25T12:40:44.355604558Z 63 PC: 13f3a | Read file or device (See above)
2018-12-25T12:40:44.36199321Z 62 PC: 13f3e | Close file (See above)
2018-12-25T12:40:44.363729513Z 79 PC: 13f1f | Find next file (See above)
2018-12-25T12:40:44.367109487Z 61 PC: 140db | Open file (See above)
2018-12-25T12:40:44.373795136Z 63 PC: 13f3a | Read file or device (See above)
2018-12-25T12:40:44.380403202Z 62 PC: 13f3e | Close file (See above)
2018-12-25T12:40:44.383006353Z 79 PC: 13f1f | Find next file (See above)
2018-12-25T12:40:44.38582499Z 61 PC: 140db | Open file (See above)
2018-12-25T12:40:44.392865935Z 63 PC: 13f3a | Read file or device (See above)
2018-12-25T12:40:44.400216994Z 62 PC: 13f3e | Close file (See above)
2018-12-25T12:40:44.404268684Z 79 PC: 13f1f | Find next file (See above)
2018-12-25T12:40:44.407176563Z 61 PC: 140db | Open file (See above)
2018-12-25T12:40:44.414883391Z 63 PC: 13f3a | Read file or device (See above)
2018-12-25T12:40:44.421195853Z 62 PC: 13f3e | Close file (See above)
2018-12-25T12:40:44.423180223Z 79 PC: 13f1f | Find next file (See above)
2018-12-25T12:40:44.426221386Z 59 PC: 13ebf | Change current directory
2018-12-25T12:40:44.43027832Z 42 PC: 1406a | Get date 0x1406a: cmp cx, 0x7ce
0x1406e: jb 0x140c4
0x14070: cmp dl, 0x19
0x14073: jne 0x140c4
0x14075: mov ah, 0x2c
0x14077: int 0x21
0x14079: cmp ch, 0x13
0x1407c: jne 0x140c4
0x1407e: mov ah, 9
0x14080: lea dx, word ptr [bp + 0x3b2]
0x14084: int 0x21
0x14086: mov cx, 6
0x14089: push cx
0x1408a: mov dx, 0x140
0x1408d: mov bx, 0x100
0x14090: in al, 0x61
0x14092: and al, 0xfc
0x14094: xor al, 2
0x14096: out 0x61, al
0x14098: add dx, 0x9248
2018-12-25T12:40:44.432291772Z 37 PC: 13ece | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:40:44.433887716Z 59 PC: 13ed8 | Change current directory
2018-12-25T12:40:44.435540219Z 26 PC: 140d2 | Set disk transfer address (See above)
2018-12-25T12:40:44.436479854Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=00001400h/0000005120d bytes. ')
2018-12-25T12:40:44.441825285Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1998,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14448,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:44.355635267Z 26 PC: 140d2 | Set disk transfer address
2018-12-25T12:40:44.357916959Z 53 PC: 13e8b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:40:44.36669294Z 37 PC: 13e9d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:40:44.368027095Z 71 PC: 13ea9 | Get current directory
2018-12-25T12:40:44.371361644Z 78 PC: 13f1f | Find first file
2018-12-25T12:40:44.379781216Z 78 PC: 13f1f | Find first file (See above)
2018-12-25T12:40:44.3862699Z 61 PC: 140db | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:40:44.393498Z 63 PC: 13f3a | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:40:44.401980156Z 62 PC: 13f3e | Close file
2018-12-25T12:40:44.404490455Z 79 PC: 13f1f | Find next file (See above)
2018-12-25T12:40:44.407750701Z 61 PC: 140db | Open file (See above)
2018-12-25T12:40:44.421511599Z 63 PC: 13f3a | Read file or device (See above)
2018-12-25T12:40:44.428987292Z 62 PC: 13f3e | Close file (See above)
2018-12-25T12:40:44.431381975Z 79 PC: 13f1f | Find next file (See above)
2018-12-25T12:40:44.434178501Z 61 PC: 140db | Open file (See above)
2018-12-25T12:40:44.438457103Z 63 PC: 13f3a | Read file or device (See above)
2018-12-25T12:40:44.444614101Z 62 PC: 13f3e | Close file (See above)
2018-12-25T12:40:44.454541397Z 79 PC: 13f1f | Find next file (See above)
2018-12-25T12:40:44.458140467Z 61 PC: 140db | Open file (See above)
2018-12-25T12:40:44.46526002Z 63 PC: 13f3a | Read file or device (See above)
2018-12-25T12:40:44.473412994Z 62 PC: 13f3e | Close file (See above)
2018-12-25T12:40:44.475334893Z 79 PC: 13f1f | Find next file (See above)
2018-12-25T12:40:44.4781698Z 61 PC: 140db | Open file (See above)
2018-12-25T12:40:44.487589805Z 63 PC: 13f3a | Read file or device (See above)
2018-12-25T12:40:44.494753723Z 62 PC: 13f3e | Close file (See above)
2018-12-25T12:40:44.496933632Z 79 PC: 13f1f | Find next file (See above)
2018-12-25T12:40:44.50010793Z 61 PC: 140db | Open file (See above)
2018-12-25T12:40:44.508516397Z 63 PC: 13f3a | Read file or device (See above)
2018-12-25T12:40:44.515801871Z 62 PC: 13f3e | Close file (See above)
2018-12-25T12:40:44.518217596Z 79 PC: 13f1f | Find next file (See above)
2018-12-25T12:40:44.522381971Z 61 PC: 140db | Open file (See above)
2018-12-25T12:40:44.529654683Z 63 PC: 13f3a | Read file or device (See above)
2018-12-25T12:40:44.537095025Z 62 PC: 13f3e | Close file (See above)
2018-12-25T12:40:44.540025397Z 79 PC: 13f1f | Find next file (See above)
2018-12-25T12:40:44.543170723Z 61 PC: 140db | Open file (See above)
2018-12-25T12:40:44.550664898Z 63 PC: 13f3a | Read file or device (See above)
2018-12-25T12:40:44.560383499Z 62 PC: 13f3e | Close file (See above)
2018-12-25T12:40:44.563617842Z 79 PC: 13f1f | Find next file (See above)
2018-12-25T12:40:44.56713955Z 59 PC: 13ebf | Change current directory
2018-12-25T12:40:44.573271027Z 42 PC: 1406a | Get date 0x1406a: cmp cx, 0x7ce
0x1406e: jb 0x140c4
0x14070: cmp dl, 0x19
0x14073: jne 0x140c4
0x14075: mov ah, 0x2c
0x14077: int 0x21
0x14079: cmp ch, 0x13
0x1407c: jne 0x140c4
0x1407e: mov ah, 9
0x14080: lea dx, word ptr [bp + 0x3b2]
0x14084: int 0x21
0x14086: mov cx, 6
0x14089: push cx
0x1408a: mov dx, 0x140
0x1408d: mov bx, 0x100
0x14090: in al, 0x61
0x14092: and al, 0xfc
0x14094: xor al, 2
0x14096: out 0x61, al
0x14098: add dx, 0x9248
2018-12-25T12:40:44.576844827Z 37 PC: 13ece | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:40:44.578146379Z 59 PC: 13ed8 | Change current directory
2018-12-25T12:40:44.580299875Z 26 PC: 140d2 | Set disk transfer address (See above)
2018-12-25T12:40:44.581753762Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=00001400h/0000005120d bytes. ')
2018-12-25T12:40:44.58801218Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":25,"Month":1,"Year":1998,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14448,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:44.459511143Z 26 PC: 140d2 | Set disk transfer address
2018-12-25T12:40:44.461479576Z 53 PC: 13e8b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:40:44.462698602Z 37 PC: 13e9d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:40:44.463807716Z 71 PC: 13ea9 | Get current directory
2018-12-25T12:40:44.466875927Z 78 PC: 13f1f | Find first file
2018-12-25T12:40:44.475412732Z 78 PC: 13f1f | Find first file (See above)
2018-12-25T12:40:44.481720698Z 61 PC: 140db | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:40:44.488466053Z 63 PC: 13f3a | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:40:44.497057127Z 62 PC: 13f3e | Close file
2018-12-25T12:40:44.500283316Z 79 PC: 13f1f | Find next file (See above)
2018-12-25T12:40:44.503350049Z 61 PC: 140db | Open file (See above)
2018-12-25T12:40:44.510660478Z 63 PC: 13f3a | Read file or device (See above)
2018-12-25T12:40:44.520494733Z 62 PC: 13f3e | Close file (See above)
2018-12-25T12:40:44.528112543Z 79 PC: 13f1f | Find next file (See above)
2018-12-25T12:40:44.531942527Z 61 PC: 140db | Open file (See above)
2018-12-25T12:40:44.541487904Z 63 PC: 13f3a | Read file or device (See above)
2018-12-25T12:40:44.54971958Z 62 PC: 13f3e | Close file (See above)
2018-12-25T12:40:44.554267512Z 79 PC: 13f1f | Find next file (See above)
2018-12-25T12:40:44.557044879Z 61 PC: 140db | Open file (See above)
2018-12-25T12:40:44.563537099Z 63 PC: 13f3a | Read file or device (See above)
2018-12-25T12:40:44.570840496Z 62 PC: 13f3e | Close file (See above)
2018-12-25T12:40:44.573041139Z 79 PC: 13f1f | Find next file (See above)
2018-12-25T12:40:44.575710618Z 61 PC: 140db | Open file (See above)
2018-12-25T12:40:44.583130657Z 63 PC: 13f3a | Read file or device (See above)
2018-12-25T12:40:44.589713842Z 62 PC: 13f3e | Close file (See above)
2018-12-25T12:40:44.591491155Z 79 PC: 13f1f | Find next file (See above)
2018-12-25T12:40:44.602781018Z 61 PC: 140db | Open file (See above)
2018-12-25T12:40:44.610491002Z 63 PC: 13f3a | Read file or device (See above)
2018-12-25T12:40:44.616953148Z 62 PC: 13f3e | Close file (See above)
2018-12-25T12:40:44.619063281Z 79 PC: 13f1f | Find next file (See above)
2018-12-25T12:40:44.622369713Z 61 PC: 140db | Open file (See above)
2018-12-25T12:40:44.629077684Z 63 PC: 13f3a | Read file or device (See above)
2018-12-25T12:40:44.635624634Z 62 PC: 13f3e | Close file (See above)
2018-12-25T12:40:44.641532713Z 79 PC: 13f1f | Find next file (See above)
2018-12-25T12:40:44.644097334Z 61 PC: 140db | Open file (See above)
2018-12-25T12:40:44.650735329Z 63 PC: 13f3a | Read file or device (See above)
2018-12-25T12:40:44.653855587Z 62 PC: 13f3e | Close file (See above)
2018-12-25T12:40:44.655683587Z 79 PC: 13f1f | Find next file (See above)
2018-12-25T12:40:44.657969245Z 59 PC: 13ebf | Change current directory
2018-12-25T12:40:44.6626801Z 42 PC: 1406a | Get date 0x1406a: cmp cx, 0x7ce
0x1406e: jb 0x140c4
0x14070: cmp dl, 0x19
0x14073: jne 0x140c4
0x14075: mov ah, 0x2c
0x14077: int 0x21
0x14079: cmp ch, 0x13
0x1407c: jne 0x140c4
0x1407e: mov ah, 9
0x14080: lea dx, word ptr [bp + 0x3b2]
0x14084: int 0x21
0x14086: mov cx, 6
0x14089: push cx
0x1408a: mov dx, 0x140
0x1408d: mov bx, 0x100
0x14090: in al, 0x61
0x14092: and al, 0xfc
0x14094: xor al, 2
0x14096: out 0x61, al
0x14098: add dx, 0x9248
2018-12-25T12:40:44.664885081Z 44 PC: 14079 | Get time 0x14079: cmp ch, 0x13
0x1407c: jne 0x140c4
0x1407e: mov ah, 9
0x14080: lea dx, word ptr [bp + 0x3b2]
0x14084: int 0x21
0x14086: mov cx, 6
0x14089: push cx
0x1408a: mov dx, 0x140
0x1408d: mov bx, 0x100
0x14090: in al, 0x61
0x14092: and al, 0xfc
0x14094: xor al, 2
0x14096: out 0x61, al
0x14098: add dx, 0x9248
0x1409c: mov cl, 3
0x1409e: ror dx, cl
0x140a0: mov cx, dx
0x140a2: and cx, 0x1ff
0x140a6: or cx, 0xa
0x140a9: loop 0x140a9
2018-12-25T12:40:44.666997262Z 37 PC: 13ece | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:40:44.668537826Z 59 PC: 13ed8 | Change current directory
2018-12-25T12:40:44.670677123Z 26 PC: 140d2 | Set disk transfer address (See above)
2018-12-25T12:40:44.67254571Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=00001400h/0000005120d bytes. ')
2018-12-25T12:40:44.678515568Z 76 PC: 12a86 | Terminate with return code (Return code = '36')