Sample viewer

vx.netlux.org/Virus.DOS.7son.271

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:04:21.3857082Z	51	PC: 140fc \| Get or set Ctrl-Break
2018-12-17T23:04:21.387224479Z	37	PC: 1410a \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:21.388492062Z	26	PC: 14113 \| Set disk transfer address
2018-12-17T23:04:21.3896322Z	78	PC: 14139 \| Find first file
2018-12-17T23:04:21.395699394Z	67	PC: 14144 \| Get or set file attributes
2018-12-17T23:04:21.411565018Z	61	PC: 1414b \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:04:21.418409736Z	87	PC: 14153 \| Get or set file date and time
2018-12-17T23:04:21.420018676Z	63	PC: 1415e \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:04:21.434604489Z	66	PC: 141b8 \| Move file pointer
2018-12-17T23:04:21.435895785Z	64	PC: 1417a \| Write file or device (Write 271 bytes on handle 5)
2018-12-17T23:04:21.444192187Z	66	PC: 141b8 \| Move file pointer
2018-12-17T23:04:21.446661665Z	64	PC: 14190 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:04:21.453787309Z	87	PC: 14199 \| Get or set file date and time
2018-12-17T23:04:21.455592329Z	62	PC: 1419d \| Close file
2018-12-17T23:04:21.465142953Z	79	PC: 14139 \| Find next file
2018-12-17T23:04:21.468038637Z	67	PC: 14144 \| Get or set file attributes
2018-12-17T23:04:21.477946993Z	61	PC: 1414b \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:04:21.485571218Z	87	PC: 14153 \| Get or set file date and time
2018-12-17T23:04:21.486954743Z	63	PC: 1415e \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:04:21.493290037Z	66	PC: 141b8 \| Move file pointer
2018-12-17T23:04:21.495409121Z	64	PC: 1417a \| Write file or device (Write 271 bytes on handle 5)
2018-12-17T23:04:21.498263154Z	66	PC: 141b8 \| Move file pointer
2018-12-17T23:04:21.499669547Z	64	PC: 14190 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:04:21.50264542Z	87	PC: 14199 \| Get or set file date and time
2018-12-17T23:04:21.504705748Z	62	PC: 1419d \| Close file
2018-12-17T23:04:21.76474118Z	79	PC: 14139 \| Find next file
2018-12-17T23:04:21.766931393Z	67	PC: 14144 \| Get or set file attributes
2018-12-17T23:04:21.924579701Z	61	PC: 1414b \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:04:21.936599499Z	87	PC: 14153 \| Get or set file date and time
2018-12-17T23:04:21.938568445Z	63	PC: 1415e \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:04:21.944973357Z	66	PC: 141b8 \| Move file pointer
2018-12-17T23:04:21.946280036Z	64	PC: 1417a \| Write file or device (Write 271 bytes on handle 5)
2018-12-17T23:04:21.953334034Z	66	PC: 141b8 \| Move file pointer
2018-12-17T23:04:21.954475819Z	64	PC: 14190 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:04:21.957677601Z	87	PC: 14199 \| Get or set file date and time
2018-12-17T23:04:21.959782984Z	62	PC: 1419d \| Close file
2018-12-17T23:04:21.971498518Z	79	PC: 14139 \| Find next file
2018-12-17T23:04:21.974257384Z	67	PC: 14144 \| Get or set file attributes
2018-12-17T23:04:21.987529226Z	61	PC: 1414b \| Open file (Filename = 'PHANG.COM')
2018-12-17T23:04:21.993981183Z	87	PC: 14153 \| Get or set file date and time
2018-12-17T23:04:21.995392209Z	63	PC: 1415e \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:04:22.002122373Z	66	PC: 141b8 \| Move file pointer
2018-12-17T23:04:22.004373517Z	64	PC: 1417a \| Write file or device (Write 271 bytes on handle 5)
2018-12-17T23:04:22.007037833Z	66	PC: 141b8 \| Move file pointer
2018-12-17T23:04:22.008391017Z	64	PC: 14190 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:04:22.011968587Z	87	PC: 14199 \| Get or set file date and time
2018-12-17T23:04:22.013754917Z	62	PC: 1419d \| Close file
2018-12-17T23:04:22.027076266Z	79	PC: 14139 \| Find next file
2018-12-17T23:04:22.029885108Z	67	PC: 14144 \| Get or set file attributes
2018-12-17T23:04:22.043192895Z	61	PC: 1414b \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:04:22.050136691Z	87	PC: 14153 \| Get or set file date and time
2018-12-17T23:04:22.051535939Z	63	PC: 1415e \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:04:22.057657684Z	66	PC: 141b8 \| Move file pointer
2018-12-17T23:04:22.059470915Z	64	PC: 1417a \| Write file or device (Write 271 bytes on handle 5)
2018-12-17T23:04:22.063039949Z	66	PC: 141b8 \| Move file pointer
2018-12-17T23:04:22.064338506Z	64	PC: 14190 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:04:22.066868859Z	87	PC: 14199 \| Get or set file date and time
2018-12-17T23:04:22.070412515Z	62	PC: 1419d \| Close file
2018-12-17T23:04:22.088465182Z	79	PC: 14139 \| Find next file
2018-12-17T23:04:22.091097541Z	67	PC: 14144 \| Get or set file attributes
2018-12-17T23:04:22.120555298Z	61	PC: 1414b \| Open file (Filename = 'MANDEL.COM')
2018-12-17T23:04:22.127119978Z	87	PC: 14153 \| Get or set file date and time
2018-12-17T23:04:22.128455048Z	63	PC: 1415e \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:04:22.135160519Z	66	PC: 141b8 \| Move file pointer
2018-12-17T23:04:22.136485779Z	64	PC: 1417a \| Write file or device (Write 271 bytes on handle 5)
2018-12-17T23:04:22.157130966Z	66	PC: 141b8 \| Move file pointer
2018-12-17T23:04:22.159590832Z	64	PC: 14190 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:04:22.166583058Z	87	PC: 14199 \| Get or set file date and time
2018-12-17T23:04:22.1681983Z	62	PC: 1419d \| Close file
2018-12-17T23:04:22.177748054Z	79	PC: 14139 \| Find next file
2018-12-17T23:04:22.180344549Z	67	PC: 14144 \| Get or set file attributes
2018-12-17T23:04:22.189861736Z	61	PC: 1414b \| Open file (Filename = 'PAH.COM')
2018-12-17T23:04:22.197565397Z	87	PC: 14153 \| Get or set file date and time
2018-12-17T23:04:22.199035631Z	63	PC: 1415e \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:04:22.205267876Z	66	PC: 141b8 \| Move file pointer
2018-12-17T23:04:22.20780368Z	64	PC: 1417a \| Write file or device (Write 271 bytes on handle 5)
2018-12-17T23:04:22.21068306Z	66	PC: 141b8 \| Move file pointer
2018-12-17T23:04:22.211965405Z	64	PC: 14190 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:04:22.215510144Z	87	PC: 14199 \| Get or set file date and time
2018-12-17T23:04:22.217398591Z	62	PC: 1419d \| Close file
2018-12-17T23:04:22.224516347Z	79	PC: 14139 \| Find next file
2018-12-17T23:04:22.232295082Z	67	PC: 14144 \| Get or set file attributes
2018-12-17T23:04:22.241959068Z	61	PC: 1414b \| Open file (Filename = 'TEST.COM')
2018-12-17T23:04:22.248633956Z	87	PC: 14153 \| Get or set file date and time
2018-12-17T23:04:22.250893597Z	63	PC: 1415e \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:04:22.257994882Z	87	PC: 14199 \| Get or set file date and time
2018-12-17T23:04:22.259449845Z	62	PC: 1419d \| Close file
2018-12-17T23:04:22.268244524Z	79	PC: 14139 \| Find next file
2018-12-17T23:04:22.270829445Z	26	PC: 141a7 \| Set disk transfer address
2018-12-17T23:04:22.272175156Z	48	PC: 12a63 \| Get DOS version
2018-12-17T23:04:22.274651058Z	9	PC: 12a7a \| Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-17T23:04:22.284273291Z	61	PC: 12cb7 \| Open file (Filename = '')
2018-12-17T23:04:22.29180001Z	9	PC: 12a88 \| Display string (String= 'Self test: ')
2018-12-17T23:04:22.295240118Z	93	PC: 12b24 \| File sharing functions
2018-12-17T23:04:22.297439914Z	9	PC: 12b03 \| Display string (String= 'Size change=+010Fh/00271d. Virus might be activ? ')
2018-12-17T23:04:22.303034202Z	76	PC: 12b09 \| Terminate with return code (Return code = '1')