Sample viewer

vx.netlux.org/Virus.DOS.Industrial.1841

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:03:49.882162098Z	42	PC: 13f0e \| Get date 0x13f0e: cmp dl, 0x14 0x13f11: ja 0x13f53 0x13f13: jmp 0x1426c 0x13f16: mov ah, 0x1a 0x13f18: mov dx, 0x80 0x13f1b: int 0x21 0x13f1d: xor ax, ax 0x13f1f: mov es, ax 0x13f21: cli 0x13f22: mov ax, word ptr es:[0x3c4] 0x13f26: mov bx, word ptr es:[0x3c6] 0x13f2b: mov word ptr es:[0x4c], ax 0x13f2f: mov word ptr es:[0x4e], bx 0x13f34: sti 0x13f35: mov bx, 0xffc8 0x13f38: add bx, di 0x13f3a: mov si, 0x100 0x13f3d: mov ax, word ptr [bx] 0x13f3f: mov word ptr [si], ax 0x13f41: add bx, 2
2018-12-17T23:03:49.884985436Z	44	PC: 14276 \| Get time 0x14276: add dl, dh 0x14278: add dh, cl 0x1427a: mov bx, 0x6f6 0x1427d: add bx, di 0x1427f: xchg dh, dl 0x14281: mov word ptr [bx], dx 0x14283: mov ah, 0x1a 0x14285: mov dx, 0x6f8 0x14288: add dx, di 0x1428a: int 0x21 0x1428c: mov byte ptr [0xea], 0 0x14291: mov byte ptr [0xeb], 0 0x14296: mov si, 0x650 0x14299: add si, di 0x1429b: jmp 0x1433a 0x1429e: mov ah, 0x4e 0x142a0: mov dx, 0x650 0x142a3: add dx, di 0x142a5: mov cx, 0x12 0x142a8: int 0x21
2018-12-17T23:03:49.887379157Z	26	PC: 1428c \| Set disk transfer address
2018-12-17T23:03:49.888864967Z	78	PC: 142aa \| Find first file
2018-12-17T23:03:49.896248673Z	79	PC: 14310 \| Find next file
2018-12-17T23:03:49.898749693Z	79	PC: 14310 \| Find next file
2018-12-17T23:03:49.901439845Z	79	PC: 14310 \| Find next file
2018-12-17T23:03:49.906403684Z	79	PC: 14310 \| Find next file
2018-12-17T23:03:49.909307562Z	79	PC: 14310 \| Find next file
2018-12-17T23:03:49.912179023Z	79	PC: 14310 \| Find next file
2018-12-17T23:03:49.915068082Z	79	PC: 14310 \| Find next file
2018-12-17T23:03:49.918440346Z	79	PC: 14310 \| Find next file
2018-12-17T23:03:49.921319109Z	79	PC: 14310 \| Find next file
2018-12-17T23:03:49.923866411Z	61	PC: 1441a \| Open file (Filename = '��W��')
2018-12-17T23:03:49.931215123Z	63	PC: 1442d \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:03:49.938028261Z	66	PC: 1444e \| Move file pointer
2018-12-17T23:03:49.939410345Z	64	PC: 14479 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:03:49.943113181Z	66	PC: 14488 \| Move file pointer
2018-12-17T23:03:49.94506478Z	64	PC: 1456d \| Write file or device (Write 1841 bytes on handle 5)
2018-12-17T23:03:49.959714186Z	87	PC: 1449e \| Get or set file date and time
2018-12-17T23:03:49.961946221Z	62	PC: 144a6 \| Close file
2018-12-17T23:03:49.9694943Z	67	PC: 144b9 \| Get or set file attributes
2018-12-17T23:03:49.979087789Z	26	PC: 13f1d \| Set disk transfer address
2018-12-17T23:03:49.985080569Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T23:03:49.990502803Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14663,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:16.055293144Z	42	PC: 13f0e \| Get date 0x13f0e: cmp dl, 0x14 0x13f11: ja 0x13f53 0x13f13: jmp 0x1426c 0x13f16: mov ah, 0x1a 0x13f18: mov dx, 0x80 0x13f1b: int 0x21 0x13f1d: xor ax, ax 0x13f1f: mov es, ax 0x13f21: cli 0x13f22: mov ax, word ptr es:[0x3c4] 0x13f26: mov bx, word ptr es:[0x3c6] 0x13f2b: mov word ptr es:[0x4c], ax 0x13f2f: mov word ptr es:[0x4e], bx 0x13f34: sti 0x13f35: mov bx, 0xffc8 0x13f38: add bx, di 0x13f3a: mov si, 0x100 0x13f3d: mov ax, word ptr [bx] 0x13f3f: mov word ptr [si], ax 0x13f41: add bx, 2
2018-12-25T12:41:16.058641596Z	44	PC: 14276 \| Get time 0x14276: add dl, dh 0x14278: add dh, cl 0x1427a: mov bx, 0x6f6 0x1427d: add bx, di 0x1427f: xchg dh, dl 0x14281: mov word ptr [bx], dx 0x14283: mov ah, 0x1a 0x14285: mov dx, 0x6f8 0x14288: add dx, di 0x1428a: int 0x21 0x1428c: mov byte ptr [0xea], 0 0x14291: mov byte ptr [0xeb], 0 0x14296: mov si, 0x650 0x14299: add si, di 0x1429b: jmp 0x1433a 0x1429e: mov ah, 0x4e 0x142a0: mov dx, 0x650 0x142a3: add dx, di 0x142a5: mov cx, 0x12 0x142a8: int 0x21
2018-12-25T12:41:16.060851395Z	26	PC: 1428c \| Set disk transfer address
2018-12-25T12:41:16.062026418Z	78	PC: 142aa \| Find first file
2018-12-25T12:41:16.068806399Z	79	PC: 14310 \| Find next file
2018-12-25T12:41:16.071999417Z	79	PC: 14310 \| Find next file (See above)
2018-12-25T12:41:16.074916863Z	79	PC: 14310 \| Find next file (See above)
2018-12-25T12:41:16.077918255Z	79	PC: 14310 \| Find next file (See above)
2018-12-25T12:41:16.081725987Z	79	PC: 14310 \| Find next file (See above)
2018-12-25T12:41:16.085240455Z	79	PC: 14310 \| Find next file (See above)
2018-12-25T12:41:16.088144473Z	79	PC: 14310 \| Find next file (See above)
2018-12-25T12:41:16.092549516Z	79	PC: 14310 \| Find next file (See above)
2018-12-25T12:41:16.095312546Z	79	PC: 14310 \| Find next file (See above)
2018-12-25T12:41:16.097771218Z	61	PC: 1441a \| Open file (Filename = '��W��')
2018-12-25T12:41:16.10633399Z	63	PC: 1442d \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:41:16.113916951Z	66	PC: 1444e \| Move file pointer
2018-12-25T12:41:16.115213991Z	64	PC: 14479 \| Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:41:16.118891733Z	66	PC: 14488 \| Move file pointer
2018-12-25T12:41:16.121092773Z	64	PC: 1456d \| Write file or device (Write 1841 bytes on handle 5)
2018-12-25T12:41:16.446344679Z	87	PC: 1449e \| Get or set file date and time
2018-12-25T12:41:16.448803529Z	62	PC: 144a6 \| Close file
2018-12-25T12:41:16.458394704Z	67	PC: 144b9 \| Get or set file attributes
2018-12-25T12:41:16.469796744Z	26	PC: 13f1d \| Set disk transfer address
2018-12-25T12:41:16.471444372Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:41:16.479560804Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":21,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14663,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:16.277721219Z	42	PC: 13f0e \| Get date 0x13f0e: cmp dl, 0x14 0x13f11: ja 0x13f53 0x13f13: jmp 0x1426c 0x13f16: mov ah, 0x1a 0x13f18: mov dx, 0x80 0x13f1b: int 0x21 0x13f1d: xor ax, ax 0x13f1f: mov es, ax 0x13f21: cli 0x13f22: mov ax, word ptr es:[0x3c4] 0x13f26: mov bx, word ptr es:[0x3c6] 0x13f2b: mov word ptr es:[0x4c], ax 0x13f2f: mov word ptr es:[0x4e], bx 0x13f34: sti 0x13f35: mov bx, 0xffc8 0x13f38: add bx, di 0x13f3a: mov si, 0x100 0x13f3d: mov ax, word ptr [bx] 0x13f3f: mov word ptr [si], ax 0x13f41: add bx, 2
2018-12-25T12:41:16.281513013Z	44	PC: 13f57 \| Get time 0x13f57: cmp dh, 5 0x13f5a: jae 0x13f16 0x13f5c: call 0x14272 0x13f5f: mov ah, 0xf 0x13f61: int 0x10 0x13f63: mov ah, 0 0x13f65: int 0x10 0x13f67: mov ah, 9 0x13f69: mov dx, 0x103 0x13f6c: add dx, di 0x13f6e: int 0x21 0x13f70: mov ah, 7 0x13f72: int 0x21 0x13f74: mov ah, 0xf 0x13f76: int 0x10 0x13f78: mov ah, 0 0x13f7a: int 0x10 0x13f7c: jmp 0x13f16 0x13f7e: push di 0x13f7f: popaw
2018-12-25T12:41:16.284071918Z	26	PC: 13f1d \| Set disk transfer address
2018-12-25T12:41:16.285490724Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:41:16.289508245Z	0	PC: 12a89 \| Program terminate