Sample viewer

vx.netlux.org/Virus.DOS.GDIKill.1288

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:08:08.997063211Z	59	PC: 13e77 \| Change current directory
2018-12-17T23:08:09.017497677Z	42	PC: 13fc7 \| Get date 0x13fc7: cmp dh, 3 0x13fca: jne 0x13fd1 0x13fcc: cmp dl, 0xe 0x13fcf: je 0x13ff1 0x13fd1: jmp 0x13f74 0x13fd4: mov ah, 0x3b 0x13fd6: mov dx, 0x3b1 0x13fd9: int 0x21 0x13fdb: mov ah, 0x4e 0x13fdd: mov cx, 0x26 0x13fe0: lea dx, word ptr [0x364] 0x13fe4: int 0x21 0x13fe6: jae 0x13ff7 0x13fe8: jmp 0x13f74 0x13feb: mov ah, 0x4f 0x13fed: int 0x21 0x13fef: jae 0x13ff7 0x13ff1: jmp 0x14111 0x13ff4: jmp 0x13f74 0x13ff7: mov ah, 0x2f
2018-12-17T23:08:09.019778072Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T23:08:09.02515888Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16110,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:23.759920123Z	59	PC: 13e77 \| Change current directory
2018-12-25T12:45:23.768922597Z	42	PC: 13fc7 \| Get date 0x13fc7: cmp dh, 3 0x13fca: jne 0x13fd1 0x13fcc: cmp dl, 0xe 0x13fcf: je 0x13ff1 0x13fd1: jmp 0x13f74 0x13fd4: mov ah, 0x3b 0x13fd6: mov dx, 0x3b1 0x13fd9: int 0x21 0x13fdb: mov ah, 0x4e 0x13fdd: mov cx, 0x26 0x13fe0: lea dx, word ptr [0x364] 0x13fe4: int 0x21 0x13fe6: jae 0x13ff7 0x13fe8: jmp 0x13f74 0x13feb: mov ah, 0x4f 0x13fed: int 0x21 0x13fef: jae 0x13ff7 0x13ff1: jmp 0x14111 0x13ff4: jmp 0x13f74 0x13ff7: mov ah, 0x2f
2018-12-25T12:45:23.771023011Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:45:23.776929721Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16110,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:23.941600328Z	59	PC: 13e77 \| Change current directory
2018-12-25T12:45:23.950796592Z	42	PC: 13fc7 \| Get date 0x13fc7: cmp dh, 3 0x13fca: jne 0x13fd1 0x13fcc: cmp dl, 0xe 0x13fcf: je 0x13ff1 0x13fd1: jmp 0x13f74 0x13fd4: mov ah, 0x3b 0x13fd6: mov dx, 0x3b1 0x13fd9: int 0x21 0x13fdb: mov ah, 0x4e 0x13fdd: mov cx, 0x26 0x13fe0: lea dx, word ptr [0x364] 0x13fe4: int 0x21 0x13fe6: jae 0x13ff7 0x13fe8: jmp 0x13f74 0x13feb: mov ah, 0x4f 0x13fed: int 0x21 0x13fef: jae 0x13ff7 0x13ff1: jmp 0x14111 0x13ff4: jmp 0x13f74 0x13ff7: mov ah, 0x2f
2018-12-25T12:45:23.953025627Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:45:23.967661673Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":14,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16110,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:23.977715402Z	59	PC: 13e77 \| Change current directory
2018-12-25T12:45:23.987704572Z	42	PC: 13fc7 \| Get date 0x13fc7: cmp dh, 3 0x13fca: jne 0x13fd1 0x13fcc: cmp dl, 0xe 0x13fcf: je 0x13ff1 0x13fd1: jmp 0x13f74 0x13fd4: mov ah, 0x3b 0x13fd6: mov dx, 0x3b1 0x13fd9: int 0x21 0x13fdb: mov ah, 0x4e 0x13fdd: mov cx, 0x26 0x13fe0: lea dx, word ptr [0x364] 0x13fe4: int 0x21 0x13fe6: jae 0x13ff7 0x13fe8: jmp 0x13f74 0x13feb: mov ah, 0x4f 0x13fed: int 0x21 0x13fef: jae 0x13ff7 0x13ff1: jmp 0x14111 0x13ff4: jmp 0x13f74 0x13ff7: mov ah, 0x2f
2018-12-25T12:45:23.990121986Z	65	PC: 14119 \| Delete file (Filename = '')
2018-12-25T12:45:24.001746879Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:45:24.006426552Z	0	PC: 12a89 \| Program terminate