Sample viewer

vx.netlux.org/Virus.DOS.SillyC.260.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:09:54.953942814Z	48	PC: 12d84 \| Get DOS version
2018-12-17T23:09:54.960024523Z	26	PC: 12db6 \| Set disk transfer address
2018-12-17T23:09:54.961634326Z	78	PC: 12dca \| Find first file
2018-12-17T23:09:54.968524962Z	61	PC: 12dd7 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:09:54.985279299Z	63	PC: 12e13 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:09:54.99168094Z	66	PC: 12e75 \| Move file pointer
2018-12-17T23:09:54.993282051Z	64	PC: 12e47 \| Write file or device (Write 260 bytes on handle 5)
2018-12-17T23:09:55.653784869Z	66	PC: 12e75 \| Move file pointer
2018-12-17T23:09:55.65630403Z	64	PC: 12e58 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:09:55.664153499Z	87	PC: 12e5f \| Get or set file date and time
2018-12-17T23:09:55.666156514Z	62	PC: 12dfa \| Close file
2018-12-17T23:09:55.677231213Z	79	PC: 12dca \| Find next file
2018-12-17T23:09:55.679862122Z	61	PC: 12dd7 \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:09:55.686159508Z	62	PC: 12dfa \| Close file
2018-12-17T23:09:55.688589982Z	79	PC: 12dca \| Find next file
2018-12-17T23:09:55.694122117Z	61	PC: 12dd7 \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:09:55.700961152Z	62	PC: 12dfa \| Close file
2018-12-17T23:09:55.703809486Z	79	PC: 12dca \| Find next file
2018-12-17T23:09:55.706442854Z	61	PC: 12dd7 \| Open file (Filename = 'PHANG.COM')
2018-12-17T23:09:55.712690073Z	62	PC: 12dfa \| Close file
2018-12-17T23:09:55.714519621Z	79	PC: 12dca \| Find next file
2018-12-17T23:09:55.717305978Z	61	PC: 12dd7 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:09:55.724627712Z	62	PC: 12dfa \| Close file
2018-12-17T23:09:55.726505143Z	79	PC: 12dca \| Find next file
2018-12-17T23:09:55.729678021Z	61	PC: 12dd7 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T23:09:55.733821936Z	63	PC: 12e13 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:09:55.738004232Z	66	PC: 12e75 \| Move file pointer
2018-12-17T23:09:55.740487976Z	64	PC: 12e47 \| Write file or device (Write 260 bytes on handle 5)
2018-12-17T23:09:55.745729275Z	66	PC: 12e75 \| Move file pointer
2018-12-17T23:09:55.747148384Z	64	PC: 12e58 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:09:55.756101542Z	87	PC: 12e5f \| Get or set file date and time
2018-12-17T23:09:55.757916719Z	62	PC: 12dfa \| Close file
2018-12-17T23:09:55.765848632Z	79	PC: 12dca \| Find next file
2018-12-17T23:09:55.769145986Z	61	PC: 12dd7 \| Open file (Filename = 'PAH.COM')
2018-12-17T23:09:55.776484609Z	62	PC: 12dfa \| Close file
2018-12-17T23:09:55.778509199Z	79	PC: 12dca \| Find next file
2018-12-17T23:09:55.782394598Z	61	PC: 12dd7 \| Open file (Filename = 'TEST.COM')
2018-12-17T23:09:55.788737309Z	63	PC: 12e13 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:09:55.791910786Z	66	PC: 12e75 \| Move file pointer
2018-12-17T23:09:55.794666746Z	64	PC: 12e47 \| Write file or device (Write 260 bytes on handle 5)
2018-12-17T23:09:55.797795097Z	66	PC: 12e75 \| Move file pointer
2018-12-17T23:09:55.799037517Z	64	PC: 12e58 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:09:55.801981922Z	87	PC: 12e5f \| Get or set file date and time
2018-12-17T23:09:55.803355987Z	62	PC: 12dfa \| Close file
2018-12-17T23:09:55.811122067Z	79	PC: 12dca \| Find next file
2018-12-17T23:09:55.815529069Z	26	PC: 12e6e \| Set disk transfer address
2018-12-17T23:09:55.817411867Z	48	PC: 12aa8 \| Get DOS version
2018-12-17T23:09:55.819709212Z	9	PC: 12abf \| Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 05/10/98 ]=------------------ (c) 1995-98 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.01 - Freeware ')
2018-12-17T23:09:55.827695504Z	61	PC: 12b9d \| Open file (Filename = '')
2018-12-17T23:09:55.834742664Z	93	PC: 12b3f \| File sharing functions
2018-12-17T23:09:55.836577827Z	9	PC: 12b1e \| Display string (String= 'Size change=0208h/00520d. Virus activ? ')
2018-12-17T23:09:55.841874618Z	76	PC: 12b24 \| Terminate with return code (Return code = '1')