Sample viewer

vx.netlux.org/Virus.DOS.Xav.Baron.576

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:12:50.992766056Z	26	PC: 132a9 \| Set disk transfer address
2018-12-17T23:12:51.000547345Z	44	PC: 132ad \| Get time 0x132ad: cmp cl, 0x20 0x132b0: jne 0x132be 0x132b2: mov ah, 9 0x132b4: lea dx, word ptr [bp + 0x270] 0x132b8: int 0x21 0x132ba: xor ax, ax 0x132bc: int 0x16 0x132be: mov ah, 0x4e 0x132c0: xor cx, cx 0x132c2: lea dx, word ptr [bp + 0x2a2] 0x132c6: int 0x21 0x132c8: jae 0x132dc 0x132ca: mov ah, 0x1a 0x132cc: mov dx, 0x80 0x132cf: int 0x21 0x132d1: push ax 0x132d2: push bp 0x132d3: mov bp, sp 0x132d5: mov word ptr [bp + 2], 0x100 0x132da: pop bp
2018-12-17T23:12:51.002978512Z	78	PC: 132c8 \| Find first file
2018-12-17T23:12:51.009471996Z	61	PC: 132e5 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:12:51.019099092Z	87	PC: 132eb \| Get or set file date and time
2018-12-17T23:12:51.020408853Z	63	PC: 132f8 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:51.032748726Z	66	PC: 13301 \| Move file pointer
2018-12-17T23:12:51.035268575Z	87	PC: 1339b \| Get or set file date and time
2018-12-17T23:12:51.036874869Z	62	PC: 1339f \| Close file
2018-12-17T23:12:51.052375213Z	79	PC: 133a3 \| Find next file
2018-12-17T23:12:51.056105101Z	61	PC: 132e5 \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:12:51.062447341Z	87	PC: 132eb \| Get or set file date and time
2018-12-17T23:12:51.063714239Z	63	PC: 132f8 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:51.070380289Z	66	PC: 13301 \| Move file pointer
2018-12-17T23:12:51.071770012Z	87	PC: 1339b \| Get or set file date and time
2018-12-17T23:12:51.073186401Z	62	PC: 1339f \| Close file
2018-12-17T23:12:51.080797964Z	79	PC: 133a3 \| Find next file
2018-12-17T23:12:51.083676938Z	61	PC: 132e5 \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:12:51.090669073Z	87	PC: 132eb \| Get or set file date and time
2018-12-17T23:12:51.093272867Z	63	PC: 132f8 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:51.100817333Z	66	PC: 13301 \| Move file pointer
2018-12-17T23:12:51.102566793Z	87	PC: 1339b \| Get or set file date and time
2018-12-17T23:12:51.10460937Z	62	PC: 1339f \| Close file
2018-12-17T23:12:51.112447712Z	79	PC: 133a3 \| Find next file
2018-12-17T23:12:51.115778055Z	61	PC: 132e5 \| Open file (Filename = 'PHANG.COM')
2018-12-17T23:12:51.122772558Z	87	PC: 132eb \| Get or set file date and time
2018-12-17T23:12:51.12500133Z	63	PC: 132f8 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:51.131660344Z	66	PC: 13301 \| Move file pointer
2018-12-17T23:12:51.132997686Z	87	PC: 1339b \| Get or set file date and time
2018-12-17T23:12:51.135161275Z	62	PC: 1339f \| Close file
2018-12-17T23:12:51.14219904Z	79	PC: 133a3 \| Find next file
2018-12-17T23:12:51.145124807Z	61	PC: 132e5 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:12:51.152624997Z	87	PC: 132eb \| Get or set file date and time
2018-12-17T23:12:51.154506651Z	63	PC: 132f8 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:51.161156778Z	66	PC: 13301 \| Move file pointer
2018-12-17T23:12:51.163467963Z	87	PC: 1339b \| Get or set file date and time
2018-12-17T23:12:51.164861337Z	62	PC: 1339f \| Close file
2018-12-17T23:12:51.171734339Z	79	PC: 133a3 \| Find next file
2018-12-17T23:12:51.174901627Z	61	PC: 132e5 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T23:12:51.181200854Z	87	PC: 132eb \| Get or set file date and time
2018-12-17T23:12:51.182467926Z	63	PC: 132f8 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:51.190565949Z	66	PC: 13301 \| Move file pointer
2018-12-17T23:12:51.191933532Z	87	PC: 1339b \| Get or set file date and time
2018-12-17T23:12:51.193325383Z	62	PC: 1339f \| Close file
2018-12-17T23:12:51.2005852Z	79	PC: 133a3 \| Find next file
2018-12-17T23:12:51.203906039Z	61	PC: 132e5 \| Open file (Filename = 'PAH.COM')
2018-12-17T23:12:51.208189572Z	87	PC: 132eb \| Get or set file date and time
2018-12-17T23:12:51.209527679Z	63	PC: 132f8 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:51.213801152Z	66	PC: 13301 \| Move file pointer
2018-12-17T23:12:51.215261546Z	87	PC: 1339b \| Get or set file date and time
2018-12-17T23:12:51.217038165Z	62	PC: 1339f \| Close file
2018-12-17T23:12:51.225143123Z	79	PC: 133a3 \| Find next file
2018-12-17T23:12:51.227951167Z	61	PC: 132e5 \| Open file (Filename = 'TEST.COM')
2018-12-17T23:12:51.234434572Z	87	PC: 132eb \| Get or set file date and time
2018-12-17T23:12:51.235981701Z	63	PC: 132f8 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:51.240014871Z	66	PC: 13301 \| Move file pointer
2018-12-17T23:12:51.241070686Z	87	PC: 1339b \| Get or set file date and time
2018-12-17T23:12:51.24318695Z	62	PC: 1339f \| Close file
2018-12-17T23:12:51.252442659Z	79	PC: 133a3 \| Find next file
2018-12-17T23:12:51.256117394Z	26	PC: 132d1 \| Set disk transfer address
2018-12-17T23:12:51.258519543Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-17T23:12:51.264374819Z	48	PC: 12a8f \| Get DOS version
2018-12-17T23:12:51.265604091Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-17T23:12:51.272656719Z	93	PC: 12afe \| File sharing functions
2018-12-17T23:12:51.275575756Z	9	PC: 12a86 \| Display string (String= 'Size change=0240h/00576d. ')
2018-12-17T23:12:51.279121805Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17651,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:56:15.430786841Z	26	PC: 132a9 \| Set disk transfer address
2018-12-25T12:56:15.433343372Z	44	PC: 132ad \| Get time 0x132ad: cmp cl, 0x20 0x132b0: jne 0x132be 0x132b2: mov ah, 9 0x132b4: lea dx, word ptr [bp + 0x270] 0x132b8: int 0x21 0x132ba: xor ax, ax 0x132bc: int 0x16 0x132be: mov ah, 0x4e 0x132c0: xor cx, cx 0x132c2: lea dx, word ptr [bp + 0x2a2] 0x132c6: int 0x21 0x132c8: jae 0x132dc 0x132ca: mov ah, 0x1a 0x132cc: mov dx, 0x80 0x132cf: int 0x21 0x132d1: push ax 0x132d2: push bp 0x132d3: mov bp, sp 0x132d5: mov word ptr [bp + 2], 0x100 0x132da: pop bp
2018-12-25T12:56:15.436585251Z	78	PC: 132c8 \| Find first file
2018-12-25T12:56:15.444189417Z	61	PC: 132e5 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:56:15.45185659Z	87	PC: 132eb \| Get or set file date and time
2018-12-25T12:56:15.454366025Z	63	PC: 132f8 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:56:15.462115999Z	66	PC: 13301 \| Move file pointer
2018-12-25T12:56:15.463661396Z	87	PC: 1339b \| Get or set file date and time
2018-12-25T12:56:15.46647563Z	62	PC: 1339f \| Close file
2018-12-25T12:56:15.48022852Z	79	PC: 133a3 \| Find next file
2018-12-25T12:56:15.483566442Z	61	PC: 132e5 \| Open file (See above)
2018-12-25T12:56:15.492166063Z	87	PC: 132eb \| Get or set file date and time (See above)
2018-12-25T12:56:15.495139376Z	63	PC: 132f8 \| Read file or device (See above)
2018-12-25T12:56:15.503268727Z	66	PC: 13301 \| Move file pointer (See above)
2018-12-25T12:56:15.505256268Z	87	PC: 1339b \| Get or set file date and time (See above)
2018-12-25T12:56:15.508880968Z	62	PC: 1339f \| Close file (See above)
2018-12-25T12:56:15.516922888Z	79	PC: 133a3 \| Find next file (See above)
2018-12-25T12:56:15.519949652Z	61	PC: 132e5 \| Open file (See above)
2018-12-25T12:56:15.528243204Z	87	PC: 132eb \| Get or set file date and time (See above)
2018-12-25T12:56:15.530198898Z	63	PC: 132f8 \| Read file or device (See above)
2018-12-25T12:56:15.537257792Z	66	PC: 13301 \| Move file pointer (See above)
2018-12-25T12:56:15.539401342Z	87	PC: 1339b \| Get or set file date and time (See above)
2018-12-25T12:56:15.541106363Z	62	PC: 1339f \| Close file (See above)
2018-12-25T12:56:15.549301631Z	79	PC: 133a3 \| Find next file (See above)
2018-12-25T12:56:15.553832084Z	61	PC: 132e5 \| Open file (See above)
2018-12-25T12:56:15.568971818Z	87	PC: 132eb \| Get or set file date and time (See above)
2018-12-25T12:56:15.570565125Z	63	PC: 132f8 \| Read file or device (See above)
2018-12-25T12:56:15.578000798Z	66	PC: 13301 \| Move file pointer (See above)
2018-12-25T12:56:15.580049495Z	87	PC: 1339b \| Get or set file date and time (See above)
2018-12-25T12:56:15.582042846Z	62	PC: 1339f \| Close file (See above)
2018-12-25T12:56:15.590759379Z	79	PC: 133a3 \| Find next file (See above)
2018-12-25T12:56:15.594512717Z	61	PC: 132e5 \| Open file (See above)
2018-12-25T12:56:15.60236753Z	87	PC: 132eb \| Get or set file date and time (See above)
2018-12-25T12:56:15.604376878Z	63	PC: 132f8 \| Read file or device (See above)
2018-12-25T12:56:15.620676949Z	66	PC: 13301 \| Move file pointer (See above)
2018-12-25T12:56:15.622678519Z	87	PC: 1339b \| Get or set file date and time (See above)
2018-12-25T12:56:15.624785799Z	62	PC: 1339f \| Close file (See above)
2018-12-25T12:56:15.633823165Z	79	PC: 133a3 \| Find next file (See above)
2018-12-25T12:56:15.636823286Z	61	PC: 132e5 \| Open file (See above)
2018-12-25T12:56:15.6442388Z	87	PC: 132eb \| Get or set file date and time (See above)
2018-12-25T12:56:15.64694035Z	63	PC: 132f8 \| Read file or device (See above)
2018-12-25T12:56:15.65472218Z	66	PC: 13301 \| Move file pointer (See above)
2018-12-25T12:56:15.6566824Z	87	PC: 1339b \| Get or set file date and time (See above)
2018-12-25T12:56:15.659529703Z	62	PC: 1339f \| Close file (See above)
2018-12-25T12:56:15.667713234Z	79	PC: 133a3 \| Find next file (See above)
2018-12-25T12:56:15.670833825Z	61	PC: 132e5 \| Open file (See above)
2018-12-25T12:56:15.67850757Z	87	PC: 132eb \| Get or set file date and time (See above)
2018-12-25T12:56:15.680746964Z	63	PC: 132f8 \| Read file or device (See above)
2018-12-25T12:56:15.689031462Z	66	PC: 13301 \| Move file pointer (See above)
2018-12-25T12:56:15.691082977Z	87	PC: 1339b \| Get or set file date and time (See above)
2018-12-25T12:56:15.694423341Z	62	PC: 1339f \| Close file (See above)
2018-12-25T12:56:15.703553557Z	79	PC: 133a3 \| Find next file (See above)
2018-12-25T12:56:15.706702608Z	61	PC: 132e5 \| Open file (See above)
2018-12-25T12:56:15.714966527Z	87	PC: 132eb \| Get or set file date and time (See above)
2018-12-25T12:56:15.716772822Z	63	PC: 132f8 \| Read file or device (See above)
2018-12-25T12:56:15.719802147Z	66	PC: 13301 \| Move file pointer (See above)
2018-12-25T12:56:15.722031384Z	87	PC: 1339b \| Get or set file date and time (See above)
2018-12-25T12:56:15.723787962Z	62	PC: 1339f \| Close file (See above)
2018-12-25T12:56:15.731724885Z	79	PC: 133a3 \| Find next file (See above)
2018-12-25T12:56:15.737069294Z	26	PC: 132d1 \| Set disk transfer address
2018-12-25T12:56:15.73849047Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:56:15.745406741Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:56:15.748095944Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:56:15.755677183Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:56:15.757538837Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:56:15.762523583Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":32,"Second":0,"TimeBased":true,"OriginalID":17651,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:56:15.456489033Z	26	PC: 132a9 \| Set disk transfer address
2018-12-25T12:56:15.457967684Z	44	PC: 132ad \| Get time 0x132ad: cmp cl, 0x20 0x132b0: jne 0x132be 0x132b2: mov ah, 9 0x132b4: lea dx, word ptr [bp + 0x270] 0x132b8: int 0x21 0x132ba: xor ax, ax 0x132bc: int 0x16 0x132be: mov ah, 0x4e 0x132c0: xor cx, cx 0x132c2: lea dx, word ptr [bp + 0x2a2] 0x132c6: int 0x21 0x132c8: jae 0x132dc 0x132ca: mov ah, 0x1a 0x132cc: mov dx, 0x80 0x132cf: int 0x21 0x132d1: push ax 0x132d2: push bp 0x132d3: mov bp, sp 0x132d5: mov word ptr [bp + 2], 0x100 0x132da: pop bp
2018-12-25T12:56:15.460387464Z	9	PC: 132ba \| Display string (String= 'Virus Bar�n Rojo! by Xavirus Hacker (AJVM!)')