Sample viewer

vx.netlux.org/Virus.DOS.Virogen.BombTrack.2349

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:05:27.378008212Z	250	PC: 13fb7 \| UNKNOWN!
2018-12-17T23:05:27.379284194Z	42	PC: 13fbf \| Get date 0x13fbf: cmp dl, 1 0x13fc2: jne 0x13fca 0x13fc4: mov byte ptr cs:[bp + 0x609], 1 0x13fca: mov ax, es 0x13fcc: dec ax 0x13fcd: mov ds, ax 0x13fcf: cmp byte ptr [0], 0x5a 0x13fd4: jne 0x1401b 0x13fd6: sub word ptr [3], 0x180 0x13fdc: sub word ptr [0x12], 0x180 0x13fe2: mov es, word ptr [0x12] 0x13fe6: push cs 0x13fe7: pop ds 0x13fe8: mov si, bp 0x13fea: mov cx, 0x493 0x13fed: xor di, di 0x13fef: rep movsd dword ptr es:[di], dword ptr [si] 0x13ff1: xor ax, ax 0x13ff3: mov ds, ax 0x13ff5: push ds
2018-12-17T23:05:27.382701039Z	44	PC: 143f3 \| Get time 0x143f3: ret 0x143f4: and dh, bh 0x143f6: and byte ptr [bp + si + 0x4f], al 0x143f9: dec bp 0x143fa: inc dx 0x143fb: push sp 0x143fc: push dx 0x143fd: inc cx 0x143fe: inc bx 0x143ff: dec bx 0x14400: and byte ptr [bp + 0x31], dh 0x14403: xor byte ptr cs:[bx + si], dh 0x14406: and byte ptr [di], ch 0x14408: and byte ptr [bp + di + 0x6f], al 0x1440b: and byte ptr fs:[bp + si + 0x79], ah 0x14411: and byte ptr [bp + 0x45], cl 0x14414: push si 0x14415: inc bp 0x14416: push dx 0x14417: in ax, dx
2018-12-17T23:05:27.385228771Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T23:05:27.391264369Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15208,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:56.272835769Z	250	PC: 13fb7 \| UNKNOWN!
2018-12-25T12:42:56.274436913Z	42	PC: 13fbf \| Get date 0x13fbf: cmp dl, 1 0x13fc2: jne 0x13fca 0x13fc4: mov byte ptr cs:[bp + 0x609], 1 0x13fca: mov ax, es 0x13fcc: dec ax 0x13fcd: mov ds, ax 0x13fcf: cmp byte ptr [0], 0x5a 0x13fd4: jne 0x1401b 0x13fd6: sub word ptr [3], 0x180 0x13fdc: sub word ptr [0x12], 0x180 0x13fe2: mov es, word ptr [0x12] 0x13fe6: push cs 0x13fe7: pop ds 0x13fe8: mov si, bp 0x13fea: mov cx, 0x493 0x13fed: xor di, di 0x13fef: rep movsd dword ptr es:[di], dword ptr [si] 0x13ff1: xor ax, ax 0x13ff3: mov ds, ax 0x13ff5: push ds
2018-12-25T12:42:56.278800444Z	44	PC: 143f3 \| Get time 0x143f3: ret 0x143f4: and dh, bh 0x143f6: and byte ptr [bp + si + 0x4f], al 0x143f9: dec bp 0x143fa: inc dx 0x143fb: push sp 0x143fc: push dx 0x143fd: inc cx 0x143fe: inc bx 0x143ff: dec bx 0x14400: and byte ptr [bp + 0x31], dh 0x14403: xor byte ptr cs:[bx + si], dh 0x14406: and byte ptr [di], ch 0x14408: and byte ptr [bp + di + 0x6f], al 0x1440b: and byte ptr fs:[bp + si + 0x79], ah 0x14411: and byte ptr [bp + 0x45], cl 0x14414: push si 0x14415: inc bp 0x14416: push dx 0x14417: in ax, dx
2018-12-25T12:42:56.281945947Z	26	PC: 9ea4c \| Set disk transfer address
2018-12-25T12:42:56.283678691Z	25	PC: 9ea50 \| Get default drive
2018-12-25T12:42:56.286024425Z	71	PC: 9ea5b \| Get current directory
2018-12-25T12:42:56.289318803Z	59	PC: 9ea62 \| Change current directory
2018-12-25T12:42:56.29426425Z	78	PC: 9ea6c \| Find first file
2018-12-25T12:42:56.307288979Z	59	PC: 9ea91 \| Change current directory
2018-12-25T12:42:56.317964572Z	47	PC: 9eaba \| Get disk transfer address
2018-12-25T12:42:56.319396572Z	47	PC: 9eac4 \| Get disk transfer address
2018-12-25T12:42:56.321317009Z	26	PC: 9eacb \| Set disk transfer address
2018-12-25T12:42:56.322718831Z	78	PC: 9ead5 \| Find first file
2018-12-25T12:42:56.33442542Z	67	PC: 9eae1 \| Get or set file attributes
2018-12-25T12:42:56.412936034Z	60	PC: 9eae7 \| Create or truncate file
2018-12-25T12:42:56.428032168Z	65	PC: 9eaf1 \| Delete file (Filename = 'SLEEP.COM')
2018-12-25T12:42:56.44071661Z	62	PC: 9eaf5 \| Close file
2018-12-25T12:42:56.457728137Z	57	PC: 9eaf9 \| Create subdirectory
2018-12-25T12:42:56.472755054Z	79	PC: 9ead5 \| Find next file (See above)
2018-12-25T12:42:56.475725467Z	67	PC: 9eae1 \| Get or set file attributes (See above)
2018-12-25T12:42:56.486774663Z	60	PC: 9eae7 \| Create or truncate file (See above)
2018-12-25T12:42:56.501854358Z	65	PC: 9eaf1 \| Delete file (See above)
2018-12-25T12:42:56.513178115Z	62	PC: 9eaf5 \| Close file (See above)
2018-12-25T12:42:56.515642591Z	57	PC: 9eaf9 \| Create subdirectory (See above)
2018-12-25T12:42:56.531351852Z	79	PC: 9ead5 \| Find next file (See above)
2018-12-25T12:42:56.534369597Z	67	PC: 9eae1 \| Get or set file attributes (See above)
2018-12-25T12:42:56.545383408Z	60	PC: 9eae7 \| Create or truncate file (See above)
2018-12-25T12:42:56.560376678Z	65	PC: 9eaf1 \| Delete file (See above)
2018-12-25T12:42:56.572028381Z	62	PC: 9eaf5 \| Close file (See above)
2018-12-25T12:42:56.574590953Z	57	PC: 9eaf9 \| Create subdirectory (See above)
2018-12-25T12:42:56.591344644Z	79	PC: 9ead5 \| Find next file (See above)
2018-12-25T12:42:56.594533728Z	67	PC: 9eae1 \| Get or set file attributes (See above)
2018-12-25T12:42:56.606086053Z	60	PC: 9eae7 \| Create or truncate file (See above)
2018-12-25T12:42:56.620478093Z	65	PC: 9eaf1 \| Delete file (See above)
2018-12-25T12:42:56.639413801Z	62	PC: 9eaf5 \| Close file (See above)
2018-12-25T12:42:56.641742558Z	57	PC: 9eaf9 \| Create subdirectory (See above)
2018-12-25T12:42:56.656796524Z	79	PC: 9ead5 \| Find next file (See above)
2018-12-25T12:42:56.660564278Z	67	PC: 9eae1 \| Get or set file attributes (See above)
2018-12-25T12:42:56.671823126Z	60	PC: 9eae7 \| Create or truncate file (See above)
2018-12-25T12:42:56.685859683Z	65	PC: 9eaf1 \| Delete file (See above)
2018-12-25T12:42:56.697735461Z	62	PC: 9eaf5 \| Close file (See above)
2018-12-25T12:42:56.700099106Z	57	PC: 9eaf9 \| Create subdirectory (See above)
2018-12-25T12:42:56.714519312Z	79	PC: 9ead5 \| Find next file (See above)
2018-12-25T12:42:56.718137421Z	67	PC: 9eae1 \| Get or set file attributes (See above)
2018-12-25T12:42:56.729006931Z	60	PC: 9eae7 \| Create or truncate file (See above)
2018-12-25T12:42:56.742487531Z	65	PC: 9eaf1 \| Delete file (See above)
2018-12-25T12:42:56.75424908Z	62	PC: 9eaf5 \| Close file (See above)
2018-12-25T12:42:56.756374739Z	57	PC: 9eaf9 \| Create subdirectory (See above)
2018-12-25T12:42:56.770443284Z	79	PC: 9ead5 \| Find next file (See above)
2018-12-25T12:42:56.774051374Z	67	PC: 9eae1 \| Get or set file attributes (See above)
2018-12-25T12:42:56.785223842Z	60	PC: 9eae7 \| Create or truncate file (See above)
2018-12-25T12:42:56.798651486Z	65	PC: 9eaf1 \| Delete file (See above)
2018-12-25T12:42:56.810163116Z	62	PC: 9eaf5 \| Close file (See above)
2018-12-25T12:42:56.812285268Z	57	PC: 9eaf9 \| Create subdirectory (See above)
2018-12-25T12:42:56.825756493Z	79	PC: 9ead5 \| Find next file (See above)
2018-12-25T12:42:56.82871696Z	67	PC: 9eae1 \| Get or set file attributes (See above)
2018-12-25T12:42:56.840208857Z	60	PC: 9eae7 \| Create or truncate file (See above)
2018-12-25T12:42:56.853671672Z	65	PC: 9eaf1 \| Delete file (See above)
2018-12-25T12:42:56.864386577Z	62	PC: 9eaf5 \| Close file (See above)
2018-12-25T12:42:56.867820846Z	57	PC: 9eaf9 \| Create subdirectory (See above)
2018-12-25T12:42:56.881686492Z	79	PC: 9ead5 \| Find next file (See above)
2018-12-25T12:42:56.884709484Z	67	PC: 9eae1 \| Get or set file attributes (See above)
2018-12-25T12:42:56.896707562Z	60	PC: 9eae7 \| Create or truncate file (See above)
2018-12-25T12:42:56.91317624Z	65	PC: 9eaf1 \| Delete file (See above)
2018-12-25T12:42:56.924090242Z	62	PC: 9eaf5 \| Close file (See above)
2018-12-25T12:42:56.927171084Z	57	PC: 9eaf9 \| Create subdirectory (See above)
2018-12-25T12:42:56.942952418Z	79	PC: 9ead5 \| Find next file (See above)
2018-12-25T12:42:56.954307633Z	26	PC: 9eb09 \| Set disk transfer address
2018-12-25T12:42:56.95586273Z	57	PC: 9ea9b \| Create subdirectory
2018-12-25T12:42:56.970699227Z	57	PC: 9eaa4 \| Create subdirectory
2018-12-25T12:42:56.985212004Z	59	PC: 9eaad \| Change current directory
2018-12-25T12:42:56.989011833Z	47	PC: 9eaba \| Get disk transfer address (See above)
2018-12-25T12:42:56.991271581Z	47	PC: 9eac4 \| Get disk transfer address (See above)
2018-12-25T12:42:56.992946982Z	26	PC: 9eacb \| Set disk transfer address (See above)
2018-12-25T12:42:56.994604272Z	78	PC: 9ead5 \| Find first file (See above)
2018-12-25T12:42:57.002414706Z	26	PC: 9eb09 \| Set disk transfer address (See above)

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15208,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:56.331795514Z	250	PC: 13fb7 \| UNKNOWN!
2018-12-25T12:42:56.333109777Z	42	PC: 13fbf \| Get date 0x13fbf: cmp dl, 1 0x13fc2: jne 0x13fca 0x13fc4: mov byte ptr cs:[bp + 0x609], 1 0x13fca: mov ax, es 0x13fcc: dec ax 0x13fcd: mov ds, ax 0x13fcf: cmp byte ptr [0], 0x5a 0x13fd4: jne 0x1401b 0x13fd6: sub word ptr [3], 0x180 0x13fdc: sub word ptr [0x12], 0x180 0x13fe2: mov es, word ptr [0x12] 0x13fe6: push cs 0x13fe7: pop ds 0x13fe8: mov si, bp 0x13fea: mov cx, 0x493 0x13fed: xor di, di 0x13fef: rep movsd dword ptr es:[di], dword ptr [si] 0x13ff1: xor ax, ax 0x13ff3: mov ds, ax 0x13ff5: push ds
2018-12-25T12:42:56.336961992Z	44	PC: 143f3 \| Get time 0x143f3: ret 0x143f4: and dh, bh 0x143f6: and byte ptr [bp + si + 0x4f], al 0x143f9: dec bp 0x143fa: inc dx 0x143fb: push sp 0x143fc: push dx 0x143fd: inc cx 0x143fe: inc bx 0x143ff: dec bx 0x14400: and byte ptr [bp + 0x31], dh 0x14403: xor byte ptr cs:[bx + si], dh 0x14406: and byte ptr [di], ch 0x14408: and byte ptr [bp + di + 0x6f], al 0x1440b: and byte ptr fs:[bp + si + 0x79], ah 0x14411: and byte ptr [bp + 0x45], cl 0x14414: push si 0x14415: inc bp 0x14416: push dx 0x14417: in ax, dx
2018-12-25T12:42:56.33967183Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:42:56.346256496Z	0	PC: 12a89 \| Program terminate