Sample viewer

vx.netlux.org/Virus.DOS.VCL.CED.647

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:07:35.120262589Z	42	PC: 13e55 \| Get date 0x13e55: cmp dh, 0xc 0x13e58: jne 0x13e71 0x13e5a: nop 0x13e5b: nop 0x13e5c: nop 0x13e5d: cmp dl, 0xa 0x13e60: jne 0x13e71 0x13e62: nop 0x13e63: nop 0x13e64: nop 0x13e65: mov ah, 9 0x13e67: lea dx, word ptr [bp + 0x2d8] 0x13e6b: int 0x21 0x13e6d: xor ax, ax 0x13e6f: int 0x16 0x13e71: mov ah, 0x2f 0x13e73: int 0x21 0x13e75: push bx 0x13e76: mov ah, 0x1a 0x13e78: lea dx, word ptr [bp + 0x258]
2018-12-17T23:07:35.122684422Z	47	PC: 13e75 \| Get disk transfer address
2018-12-17T23:07:35.123728074Z	26	PC: 13e7e \| Set disk transfer address
2018-12-17T23:07:35.12474444Z	78	PC: 13e89 \| Find first file
2018-12-17T23:07:35.131262461Z	61	PC: 13e98 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:07:35.137641669Z	66	PC: 13ea8 \| Move file pointer
2018-12-17T23:07:35.138903733Z	66	PC: 13eb9 \| Move file pointer
2018-12-17T23:07:35.140698418Z	63	PC: 13ec9 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:35.146761069Z	66	PC: 13eea \| Move file pointer
2018-12-17T23:07:35.147926234Z	63	PC: 13efa \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:35.150541004Z	66	PC: 13f09 \| Move file pointer
2018-12-17T23:07:35.152016732Z	66	PC: 13f22 \| Move file pointer
2018-12-17T23:07:35.153644667Z	64	PC: 13f32 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:35.156199268Z	66	PC: 13f41 \| Move file pointer
2018-12-17T23:07:35.157905952Z	64	PC: 13f51 \| Write file or device (Write 647 bytes on handle 5)
2018-12-17T23:07:35.280586196Z	62	PC: 13f6e \| Close file
2018-12-17T23:07:35.289185707Z	26	PC: 13f73 \| Set disk transfer address
2018-12-17T23:07:35.292097582Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T23:07:35.298580697Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15912,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:44:53.625536723Z	42	PC: 13e55 \| Get date 0x13e55: cmp dh, 0xc 0x13e58: jne 0x13e71 0x13e5a: nop 0x13e5b: nop 0x13e5c: nop 0x13e5d: cmp dl, 0xa 0x13e60: jne 0x13e71 0x13e62: nop 0x13e63: nop 0x13e64: nop 0x13e65: mov ah, 9 0x13e67: lea dx, word ptr [bp + 0x2d8] 0x13e6b: int 0x21 0x13e6d: xor ax, ax 0x13e6f: int 0x16 0x13e71: mov ah, 0x2f 0x13e73: int 0x21 0x13e75: push bx 0x13e76: mov ah, 0x1a 0x13e78: lea dx, word ptr [bp + 0x258]
2018-12-25T12:44:53.62760234Z	47	PC: 13e75 \| Get disk transfer address
2018-12-25T12:44:53.628518001Z	26	PC: 13e7e \| Set disk transfer address
2018-12-25T12:44:53.629547389Z	78	PC: 13e89 \| Find first file
2018-12-25T12:44:53.636336236Z	61	PC: 13e98 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:53.646292175Z	66	PC: 13ea8 \| Move file pointer
2018-12-25T12:44:53.647723491Z	66	PC: 13eb9 \| Move file pointer
2018-12-25T12:44:53.649016029Z	63	PC: 13ec9 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:53.656111504Z	66	PC: 13eea \| Move file pointer
2018-12-25T12:44:53.657650184Z	63	PC: 13efa \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:53.660231617Z	66	PC: 13f09 \| Move file pointer
2018-12-25T12:44:53.66243106Z	66	PC: 13f22 \| Move file pointer
2018-12-25T12:44:53.66394694Z	64	PC: 13f32 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:53.666644809Z	66	PC: 13f41 \| Move file pointer
2018-12-25T12:44:53.673427389Z	64	PC: 13f51 \| Write file or device (Write 647 bytes on handle 5)
2018-12-25T12:44:53.688476639Z	62	PC: 13f6e \| Close file
2018-12-25T12:44:53.696381121Z	26	PC: 13f73 \| Set disk transfer address
2018-12-25T12:44:53.697838988Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:44:53.701516847Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15912,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:44:53.864491849Z	42	PC: 13e55 \| Get date 0x13e55: cmp dh, 0xc 0x13e58: jne 0x13e71 0x13e5a: nop 0x13e5b: nop 0x13e5c: nop 0x13e5d: cmp dl, 0xa 0x13e60: jne 0x13e71 0x13e62: nop 0x13e63: nop 0x13e64: nop 0x13e65: mov ah, 9 0x13e67: lea dx, word ptr [bp + 0x2d8] 0x13e6b: int 0x21 0x13e6d: xor ax, ax 0x13e6f: int 0x16 0x13e71: mov ah, 0x2f 0x13e73: int 0x21 0x13e75: push bx 0x13e76: mov ah, 0x1a 0x13e78: lea dx, word ptr [bp + 0x258]
2018-12-25T12:44:53.867254321Z	47	PC: 13e75 \| Get disk transfer address
2018-12-25T12:44:53.868487046Z	26	PC: 13e7e \| Set disk transfer address
2018-12-25T12:44:53.869623412Z	78	PC: 13e89 \| Find first file
2018-12-25T12:44:53.876717551Z	61	PC: 13e98 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:53.885191257Z	66	PC: 13ea8 \| Move file pointer
2018-12-25T12:44:53.887037525Z	66	PC: 13eb9 \| Move file pointer
2018-12-25T12:44:53.88895667Z	63	PC: 13ec9 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:53.896329843Z	66	PC: 13eea \| Move file pointer
2018-12-25T12:44:53.897567244Z	63	PC: 13efa \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:53.900010767Z	66	PC: 13f09 \| Move file pointer
2018-12-25T12:44:53.901808027Z	66	PC: 13f22 \| Move file pointer
2018-12-25T12:44:53.903350517Z	64	PC: 13f32 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:53.906455469Z	66	PC: 13f41 \| Move file pointer
2018-12-25T12:44:53.909054579Z	64	PC: 13f51 \| Write file or device (Write 647 bytes on handle 5)
2018-12-25T12:44:53.924574769Z	62	PC: 13f6e \| Close file
2018-12-25T12:44:53.934308353Z	26	PC: 13f73 \| Set disk transfer address
2018-12-25T12:44:53.935935134Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:44:53.941946339Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":10,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15912,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:44:54.114039752Z	42	PC: 13e55 \| Get date 0x13e55: cmp dh, 0xc 0x13e58: jne 0x13e71 0x13e5a: nop 0x13e5b: nop 0x13e5c: nop 0x13e5d: cmp dl, 0xa 0x13e60: jne 0x13e71 0x13e62: nop 0x13e63: nop 0x13e64: nop 0x13e65: mov ah, 9 0x13e67: lea dx, word ptr [bp + 0x2d8] 0x13e6b: int 0x21 0x13e6d: xor ax, ax 0x13e6f: int 0x16 0x13e71: mov ah, 0x2f 0x13e73: int 0x21 0x13e75: push bx 0x13e76: mov ah, 0x1a 0x13e78: lea dx, word ptr [bp + 0x258]
2018-12-25T12:44:54.11699183Z	9	PC: 13e6d \| Display string (String= ' � CED-3 Virus.. Por WMA. (Benigno) (Puaj! Apesta no!?) � Oh!, 10 de Diciembre, el peor dia de mi vida.. (hasta ahora) � La vida no tiene sentido.. el mundo me repugna.. ')