Sample viewer

vx.netlux.org/Virus.DOS.Foo.956

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:05:26.336649848Z	26	PC: 12bb4 \| Set disk transfer address
2018-12-17T23:05:26.338411615Z	42	PC: 12bc3 \| Get date 0x12bc3: cmp dl, 0x1d 0x12bc6: jne 0x12bcb 0x12bc8: jmp 0x12e67 0x12bcb: mov ah, 0x47 0x12bcd: xor dl, dl 0x12bcf: lea si, word ptr [bp + 0x460] 0x12bd3: int 0x21 0x12bd5: mov byte ptr ds:[bp + 0x3fa], 0 0x12bdb: nop 0x12bdc: mov byte ptr ds:[bp + 0x405], 0 0x12be2: nop 0x12be3: mov ah, 0x4e 0x12be5: lea dx, word ptr [bp + 0x45a] 0x12be9: mov cx, 7 0x12bec: int 0x21 0x12bee: jae 0x12bf6 0x12bf0: nop 0x12bf1: nop 0x12bf2: nop 0x12bf3: call 0x12e39
2018-12-17T23:05:26.340307103Z	71	PC: 12bd5 \| Get current directory
2018-12-17T23:05:26.342900769Z	78	PC: 12bee \| Find first file
2018-12-17T23:05:26.348808554Z	61	PC: 12c07 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:05:26.354875139Z	87	PC: 12c15 \| Get or set file date and time
2018-12-17T23:05:26.356028093Z	63	PC: 12c2a \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:05:26.362015562Z	66	PC: 12e38 \| Move file pointer
2018-12-17T23:05:26.363342229Z	63	PC: 12c40 \| Read file or device (Read 7 bytes on handle 5)
2018-12-17T23:05:26.36561498Z	66	PC: 12e38 \| Move file pointer
2018-12-17T23:05:26.367031401Z	64	PC: 12cff \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:05:26.370010381Z	66	PC: 12e38 \| Move file pointer
2018-12-17T23:05:26.371511251Z	64	PC: 12d1e \| Write file or device (Write 50 bytes on handle 5)
2018-12-17T23:05:26.374569753Z	64	PC: 12d45 \| Write file or device (Write 882 bytes on handle 5)
2018-12-17T23:05:26.390011539Z	64	PC: 12d5b \| Write file or device (Write 24 bytes on handle 5)
2018-12-17T23:05:26.392601939Z	87	PC: 12db9 \| Get or set file date and time
2018-12-17T23:05:26.393948108Z	62	PC: 12dbd \| Close file
2018-12-17T23:05:26.401957288Z	59	PC: 12e10 \| Change current directory
2018-12-17T23:05:26.406896947Z	59	PC: 12e1f \| Change current directory
2018-12-17T23:05:26.408979339Z	26	PC: 12e26 \| Set disk transfer address
2018-12-17T23:05:26.411029633Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T23:05:26.415602629Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15200,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:53.472915245Z	26	PC: 12bb4 \| Set disk transfer address
2018-12-25T12:42:53.475012989Z	42	PC: 12bc3 \| Get date 0x12bc3: cmp dl, 0x1d 0x12bc6: jne 0x12bcb 0x12bc8: jmp 0x12e67 0x12bcb: mov ah, 0x47 0x12bcd: xor dl, dl 0x12bcf: lea si, word ptr [bp + 0x460] 0x12bd3: int 0x21 0x12bd5: mov byte ptr ds:[bp + 0x3fa], 0 0x12bdb: nop 0x12bdc: mov byte ptr ds:[bp + 0x405], 0 0x12be2: nop 0x12be3: mov ah, 0x4e 0x12be5: lea dx, word ptr [bp + 0x45a] 0x12be9: mov cx, 7 0x12bec: int 0x21 0x12bee: jae 0x12bf6 0x12bf0: nop 0x12bf1: nop 0x12bf2: nop 0x12bf3: call 0x12e39
2018-12-25T12:42:53.483373369Z	71	PC: 12bd5 \| Get current directory
2018-12-25T12:42:53.486100971Z	78	PC: 12bee \| Find first file
2018-12-25T12:42:53.492544484Z	61	PC: 12c07 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:53.499770637Z	87	PC: 12c15 \| Get or set file date and time
2018-12-25T12:42:53.501652116Z	63	PC: 12c2a \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:53.508655345Z	66	PC: 12e38 \| Move file pointer
2018-12-25T12:42:53.510113059Z	63	PC: 12c40 \| Read file or device (Read 7 bytes on handle 5)
2018-12-25T12:42:53.512492404Z	66	PC: 12e38 \| Move file pointer (See above)
2018-12-25T12:42:53.514381068Z	64	PC: 12cff \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:53.517060329Z	66	PC: 12e38 \| Move file pointer (See above)
2018-12-25T12:42:53.518364191Z	64	PC: 12d1e \| Write file or device (Write 50 bytes on handle 5)
2018-12-25T12:42:53.521736099Z	64	PC: 12d45 \| Write file or device (Write 882 bytes on handle 5)
2018-12-25T12:42:54.600028202Z	64	PC: 12d5b \| Write file or device (Write 24 bytes on handle 5)
2018-12-25T12:42:54.603200837Z	87	PC: 12db9 \| Get or set file date and time
2018-12-25T12:42:54.604941326Z	62	PC: 12dbd \| Close file
2018-12-25T12:42:54.644149414Z	59	PC: 12e10 \| Change current directory
2018-12-25T12:42:54.648502368Z	59	PC: 12e1f \| Change current directory
2018-12-25T12:42:54.651110008Z	26	PC: 12e26 \| Set disk transfer address
2018-12-25T12:42:54.653741294Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:42:54.659432355Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":29,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15200,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:53.423659319Z	26	PC: 12bb4 \| Set disk transfer address
2018-12-25T12:42:53.427868021Z	42	PC: 12bc3 \| Get date 0x12bc3: cmp dl, 0x1d 0x12bc6: jne 0x12bcb 0x12bc8: jmp 0x12e67 0x12bcb: mov ah, 0x47 0x12bcd: xor dl, dl 0x12bcf: lea si, word ptr [bp + 0x460] 0x12bd3: int 0x21 0x12bd5: mov byte ptr ds:[bp + 0x3fa], 0 0x12bdb: nop 0x12bdc: mov byte ptr ds:[bp + 0x405], 0 0x12be2: nop 0x12be3: mov ah, 0x4e 0x12be5: lea dx, word ptr [bp + 0x45a] 0x12be9: mov cx, 7 0x12bec: int 0x21 0x12bee: jae 0x12bf6 0x12bf0: nop 0x12bf1: nop 0x12bf2: nop 0x12bf3: call 0x12e39
2018-12-25T12:42:53.439064155Z	9	PC: 12e74 \| Display string (String= '--FOO VIRUS-- WE'RE ALL STARS NOW, IN THE DOPESHOW MADE IN THE UK, WE EXIST..')