Sample viewer

vx.netlux.org/Virus.DOS.SillyC.553

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:05:02.738409367Z	53	PC: 13e9b \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:02.74005409Z	37	PC: 13eae \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:02.744056396Z	47	PC: 13eb2 \| Get disk transfer address
2018-12-17T23:05:02.746337186Z	26	PC: 13ec3 \| Set disk transfer address
2018-12-17T23:05:02.748805788Z	78	PC: 13ed5 \| Find first file
2018-12-17T23:05:02.75930871Z	37	PC: 1401c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:02.761428616Z	44	PC: 14020 \| Get time 0x14020: cmp ch, 0x16 0x14023: jne 0x14045 0x14025: cmp cl, 9 0x14028: ja 0x14045 0x1402a: int 0x11 0x1402c: and al, 0x20 0x1402e: cmp al, 0 0x14030: je 0x14045 0x14032: mov ax, 0x1200 0x14035: mov bl, 0x30 0x14037: int 0x10 0x14039: mov ax, 3 0x1403c: int 0x10 0x1403e: mov ax, 0x1111 0x14041: mov bl, 0 0x14043: int 0x10 0x14045: push ds 0x14046: pop es 0x14047: cld 0x14048: mov cx, 3
2018-12-17T23:05:02.764341685Z	26	PC: 14062 \| Set disk transfer address
2018-12-17T23:05:02.768016946Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T23:05:02.77534658Z	0	PC: 12a89 \| Program terminate

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15077,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:30.723375009Z	53	PC: 13e9b \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:30.725512289Z	37	PC: 13eae \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:30.726821212Z	47	PC: 13eb2 \| Get disk transfer address
2018-12-25T12:42:30.728250634Z	26	PC: 13ec3 \| Set disk transfer address
2018-12-25T12:42:30.730214465Z	78	PC: 13ed5 \| Find first file
2018-12-25T12:42:30.735935943Z	37	PC: 1401c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:30.73704324Z	44	PC: 14020 \| Get time 0x14020: cmp ch, 0x16 0x14023: jne 0x14045 0x14025: cmp cl, 9 0x14028: ja 0x14045 0x1402a: int 0x11 0x1402c: and al, 0x20 0x1402e: cmp al, 0 0x14030: je 0x14045 0x14032: mov ax, 0x1200 0x14035: mov bl, 0x30 0x14037: int 0x10 0x14039: mov ax, 3 0x1403c: int 0x10 0x1403e: mov ax, 0x1111 0x14041: mov bl, 0 0x14043: int 0x10 0x14045: push ds 0x14046: pop es 0x14047: cld 0x14048: mov cx, 3
2018-12-25T12:42:30.739458475Z	26	PC: 14062 \| Set disk transfer address
2018-12-25T12:42:30.741034164Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:42:30.746311747Z	0	PC: 12a89 \| Program terminate

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":22,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15077,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:30.885218881Z	53	PC: 13e9b \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:30.886983149Z	37	PC: 13eae \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:30.888303304Z	47	PC: 13eb2 \| Get disk transfer address
2018-12-25T12:42:30.889602355Z	26	PC: 13ec3 \| Set disk transfer address
2018-12-25T12:42:30.90014473Z	78	PC: 13ed5 \| Find first file
2018-12-25T12:42:30.910998281Z	37	PC: 1401c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:30.912334109Z	44	PC: 14020 \| Get time 0x14020: cmp ch, 0x16 0x14023: jne 0x14045 0x14025: cmp cl, 9 0x14028: ja 0x14045 0x1402a: int 0x11 0x1402c: and al, 0x20 0x1402e: cmp al, 0 0x14030: je 0x14045 0x14032: mov ax, 0x1200 0x14035: mov bl, 0x30 0x14037: int 0x10 0x14039: mov ax, 3 0x1403c: int 0x10 0x1403e: mov ax, 0x1111 0x14041: mov bl, 0 0x14043: int 0x10 0x14045: push ds 0x14046: pop es 0x14047: cld 0x14048: mov cx, 3
2018-12-25T12:42:30.923544421Z	26	PC: 14062 \| Set disk transfer address
2018-12-25T12:42:30.924781115Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:42:30.9287812Z	0	PC: 12a89 \| Program terminate

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":22,"Min":10,"Second":0,"TimeBased":true,"OriginalID":15077,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:30.914131172Z	53	PC: 13e9b \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:30.916139323Z	37	PC: 13eae \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:30.917503299Z	47	PC: 13eb2 \| Get disk transfer address
2018-12-25T12:42:30.918759625Z	26	PC: 13ec3 \| Set disk transfer address
2018-12-25T12:42:30.920063218Z	78	PC: 13ed5 \| Find first file
2018-12-25T12:42:30.927047536Z	37	PC: 1401c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:30.92861901Z	44	PC: 14020 \| Get time 0x14020: cmp ch, 0x16 0x14023: jne 0x14045 0x14025: cmp cl, 9 0x14028: ja 0x14045 0x1402a: int 0x11 0x1402c: and al, 0x20 0x1402e: cmp al, 0 0x14030: je 0x14045 0x14032: mov ax, 0x1200 0x14035: mov bl, 0x30 0x14037: int 0x10 0x14039: mov ax, 3 0x1403c: int 0x10 0x1403e: mov ax, 0x1111 0x14041: mov bl, 0 0x14043: int 0x10 0x14045: push ds 0x14046: pop es 0x14047: cld 0x14048: mov cx, 3
2018-12-25T12:42:30.931396225Z	26	PC: 14062 \| Set disk transfer address
2018-12-25T12:42:30.933435635Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:42:30.939318399Z	0	PC: 12a89 \| Program terminate