Sample viewer

vx.netlux.org/Virus.DOS.Sirius.Annihilator.272.d

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:04:17.441863431Z	48	PC: 140ed \| Get DOS version
2018-12-17T22:04:17.443501321Z	26	PC: 14117 \| Set disk transfer address
2018-12-17T22:04:17.444555021Z	78	PC: 1412b \| Find first file
2018-12-17T22:04:17.450236325Z	61	PC: 14138 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:04:17.457153259Z	63	PC: 14174 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:04:17.463427143Z	66	PC: 141da \| Move file pointer
2018-12-17T22:04:17.465276914Z	64	PC: 141b2 \| Write file or device (Write 272 bytes on handle 5)
2018-12-17T22:04:17.527942918Z	66	PC: 141da \| Move file pointer
2018-12-17T22:04:17.529439127Z	64	PC: 141c3 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:04:17.536212013Z	87	PC: 141ca \| Get or set file date and time
2018-12-17T22:04:17.538406642Z	62	PC: 1415b \| Close file
2018-12-17T22:04:17.546068623Z	79	PC: 1412b \| Find next file
2018-12-17T22:04:17.548753808Z	61	PC: 14138 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:04:17.555781733Z	62	PC: 1415b \| Close file
2018-12-17T22:04:17.557939197Z	79	PC: 1412b \| Find next file
2018-12-17T22:04:17.560765006Z	61	PC: 14138 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:04:17.567759103Z	62	PC: 1415b \| Close file
2018-12-17T22:04:17.569538691Z	79	PC: 1412b \| Find next file
2018-12-17T22:04:17.572302525Z	61	PC: 14138 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:04:17.580134729Z	62	PC: 1415b \| Close file
2018-12-17T22:04:17.581865347Z	79	PC: 1412b \| Find next file
2018-12-17T22:04:17.584264796Z	61	PC: 14138 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:04:17.596056196Z	62	PC: 1415b \| Close file
2018-12-17T22:04:17.606371606Z	79	PC: 1412b \| Find next file
2018-12-17T22:04:17.609781342Z	61	PC: 14138 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:04:17.616803451Z	63	PC: 14174 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:04:17.625789698Z	66	PC: 141da \| Move file pointer
2018-12-17T22:04:17.627362569Z	64	PC: 141b2 \| Write file or device (Write 272 bytes on handle 5)
2018-12-17T22:04:17.635291682Z	66	PC: 141da \| Move file pointer
2018-12-17T22:04:17.63730799Z	64	PC: 141c3 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:04:17.643958025Z	87	PC: 141ca \| Get or set file date and time
2018-12-17T22:04:17.645756076Z	62	PC: 1415b \| Close file
2018-12-17T22:04:17.659444389Z	79	PC: 1412b \| Find next file
2018-12-17T22:04:17.669746472Z	61	PC: 14138 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:04:17.678176424Z	62	PC: 1415b \| Close file
2018-12-17T22:04:17.680632251Z	79	PC: 1412b \| Find next file
2018-12-17T22:04:17.683123482Z	61	PC: 14138 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:04:17.689666394Z	63	PC: 14174 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:04:17.696647038Z	66	PC: 141da \| Move file pointer
2018-12-17T22:04:17.698205905Z	64	PC: 141b2 \| Write file or device (Write 272 bytes on handle 5)
2018-12-17T22:04:17.996595965Z	66	PC: 141da \| Move file pointer
2018-12-17T22:04:17.999342009Z	64	PC: 141c3 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:04:18.002821461Z	87	PC: 141ca \| Get or set file date and time
2018-12-17T22:04:18.004566912Z	62	PC: 1415b \| Close file
2018-12-17T22:04:18.013018157Z	79	PC: 1412b \| Find next file
2018-12-17T22:04:18.015448217Z	26	PC: 141d3 \| Set disk transfer address
2018-12-17T22:04:18.016996531Z	48	PC: 12a63 \| Get DOS version
2018-12-17T22:04:18.018807555Z	9	PC: 12a7a \| Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-17T22:04:18.028070861Z	61	PC: 12cb7 \| Open file (Filename = '')
2018-12-17T22:04:18.035190479Z	9	PC: 12a88 \| Display string (String= 'Self test: ')
2018-12-17T22:04:18.037631504Z	93	PC: 12b24 \| File sharing functions
2018-12-17T22:04:18.040391267Z	9	PC: 12b03 \| Display string (String= 'Size change=+0220h/00544d. Virus might be activ? ')
2018-12-17T22:04:18.04609596Z	76	PC: 12b09 \| Terminate with return code (Return code = '1')