Sample viewer

vx.netlux.org/Virus.DOS.Gawenda.419

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:07:00.016200952Z 47 PC: 13a00 | Get disk transfer address
2018-12-17T23:07:00.01866392Z 26 PC: 13a11 | Set disk transfer address
2018-12-17T23:07:00.020117401Z 44 PC: 13a15 | Get time 0x13a15: mov word ptr [si + 0x261], dx
0x13a19: mov ah, 0x4e
0x13a1b: mov cx, 3
0x13a1e: lea dx, word ptr [si + 0x25b]
0x13a22: int 0x21
0x13a24: jb 0x13a28
0x13a26: jmp 0x13a73
0x13a28: cmp byte ptr [si + 0x24b], 2
0x13a2d: je 0x13a43
0x13a2f: mov byte ptr [si + 0x24b], 2
0x13a34: nop
0x13a35: mov ah, 0x3d
0x13a37: mov al, 2
0x13a39: lea dx, word ptr [si + 0x24c]
0x13a3d: int 0x21
0x13a3f: jb 0x13a43
0x13a41: jmp 0x13a73
0x13a43: push ds
0x13a44: mov ah, 0x1a
0x13a46: mov dx, word ptr [si + 0x26b]
2018-12-17T23:07:00.022552214Z 78 PC: 13a24 | Find first file
2018-12-17T23:07:00.039532316Z 67 PC: 13a7c | Get or set file attributes
2018-12-17T23:07:00.046613618Z 67 PC: 13a8c | Get or set file attributes
2018-12-17T23:07:00.052001843Z 61 PC: 13aa6 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:07:00.059713497Z 63 PC: 13ab5 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:07:00.067574772Z 66 PC: 13acd | Move file pointer
2018-12-17T23:07:00.069523098Z 66 PC: 13ae5 | Move file pointer
2018-12-17T23:07:00.071461882Z 64 PC: 13af0 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:07:00.075339915Z 66 PC: 13afc | Move file pointer
2018-12-17T23:07:00.07766423Z 64 PC: 13b07 | Write file or device (Write 419 bytes on handle 5)
2018-12-17T23:07:00.092347389Z 62 PC: 13b0b | Close file
2018-12-17T23:07:00.10206856Z 67 PC: 13b18 | Get or set file attributes
2018-12-17T23:07:00.113125111Z 79 PC: 13a24 | Find next file
2018-12-17T23:07:00.116037497Z 67 PC: 13a7c | Get or set file attributes
2018-12-17T23:07:00.121153245Z 67 PC: 13a8c | Get or set file attributes
2018-12-17T23:07:00.126487379Z 67 PC: 13b18 | Get or set file attributes
2018-12-17T23:07:00.140349523Z 79 PC: 13a24 | Find next file
2018-12-17T23:07:00.144483703Z 67 PC: 13a7c | Get or set file attributes
2018-12-17T23:07:00.151686477Z 67 PC: 13a8c | Get or set file attributes
2018-12-17T23:07:00.157045841Z 67 PC: 13b18 | Get or set file attributes
2018-12-17T23:07:00.168016003Z 79 PC: 13a24 | Find next file
2018-12-17T23:07:00.170630423Z 67 PC: 13a7c | Get or set file attributes
2018-12-17T23:07:00.177669678Z 67 PC: 13a8c | Get or set file attributes
2018-12-17T23:07:00.182943327Z 67 PC: 13b18 | Get or set file attributes
2018-12-17T23:07:00.193794814Z 79 PC: 13a24 | Find next file
2018-12-17T23:07:00.196594792Z 67 PC: 13a7c | Get or set file attributes
2018-12-17T23:07:00.202787754Z 67 PC: 13a8c | Get or set file attributes
2018-12-17T23:07:00.213925815Z 67 PC: 13b18 | Get or set file attributes
2018-12-17T23:07:00.220910643Z 79 PC: 13a24 | Find next file
2018-12-17T23:07:00.222960252Z 67 PC: 13a7c | Get or set file attributes
2018-12-17T23:07:00.227254348Z 67 PC: 13a8c | Get or set file attributes
2018-12-17T23:07:00.230750464Z 61 PC: 13aa6 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:07:00.235861355Z 63 PC: 13ab5 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:07:00.240830353Z 66 PC: 13acd | Move file pointer
2018-12-17T23:07:00.242150751Z 66 PC: 13ae5 | Move file pointer
2018-12-17T23:07:00.243810488Z 64 PC: 13af0 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:07:00.247165637Z 66 PC: 13afc | Move file pointer
2018-12-17T23:07:00.249259767Z 64 PC: 13b07 | Write file or device (Write 419 bytes on handle 5)
2018-12-17T23:07:00.258867217Z 62 PC: 13b0b | Close file
2018-12-17T23:07:00.27193725Z 67 PC: 13b18 | Get or set file attributes
2018-12-17T23:07:00.285952552Z 79 PC: 13a24 | Find next file
2018-12-17T23:07:00.288897383Z 67 PC: 13a7c | Get or set file attributes
2018-12-17T23:07:00.295091682Z 67 PC: 13a8c | Get or set file attributes
2018-12-17T23:07:00.300346098Z 67 PC: 13b18 | Get or set file attributes
2018-12-17T23:07:00.312656393Z 79 PC: 13a24 | Find next file
2018-12-17T23:07:00.315904111Z 67 PC: 13a7c | Get or set file attributes
2018-12-17T23:07:00.323010548Z 67 PC: 13a8c | Get or set file attributes
2018-12-17T23:07:00.333876727Z 61 PC: 13aa6 | Open file (Filename = 'TEST.COM')
2018-12-17T23:07:00.345733711Z 63 PC: 13ab5 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:07:00.354076212Z 67 PC: 13b18 | Get or set file attributes
2018-12-17T23:07:00.365869233Z 79 PC: 13a24 | Find next file
2018-12-17T23:07:00.368639116Z 61 PC: 13a3f | Open file (Filename = 'c:\command.com')
2018-12-17T23:07:00.376421192Z 67 PC: 13a7c | Get or set file attributes
2018-12-17T23:07:00.38303177Z 67 PC: 13a8c | Get or set file attributes
2018-12-17T23:07:00.389111057Z 61 PC: 13aa6 | Open file (Filename = 'TEST.COM')
2018-12-17T23:07:00.400915764Z 63 PC: 13ab5 | Read file or device (Read 4 bytes on handle 7)
2018-12-17T23:07:00.403981427Z 67 PC: 13b18 | Get or set file attributes
2018-12-17T23:07:00.415613849Z 79 PC: 13a24 | Find next file
2018-12-17T23:07:00.418540729Z 26 PC: 13a50 | Set disk transfer address
2018-12-17T23:07:00.421420641Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000FA0h/0000004000d bytes. ')
2018-12-17T23:07:00.427998593Z 48 PC: 12a8f | Get DOS version
2018-12-17T23:07:00.429728449Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-17T23:07:00.438015018Z 93 PC: 12afe | File sharing functions
2018-12-17T23:07:00.440533285Z 9 PC: 12a86 | Display string (String= 'Size change=01A3h/00419d. ')
2018-12-17T23:07:00.445492789Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')