Sample viewer

vx.netlux.org/Virus.DOS.Atenfor.2515

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:52:41.496691169Z 44 PC: 12ac2 | Get time 0x12ac2: cmp cl, 0x23
0x12ac5: je 0x12af6
0x12ac7: push 0x18c
0x12aca: ret
0x12acb: mov byte ptr [bx + si + 0x23fe], al
0x12acf: je 0x12af6
0x12ad1: cmp ch, 0x17
0x12ad4: je 0x12af6
0x12ad6: mov al, 0x23
0x12ad8: mul dl
0x12ada: mov word ptr [0x103], ax
0x12add: mov ah, byte ptr [0x4ee]
0x12ae1: mov dx, 0x148
0x12ae4: call 0x22a97
0x12ae7: cmp al, 0
0x12ae9: je 0x12af6
0x12aeb: mov ah, byte ptr [0x4ee]
0x12aef: call 0x22a94
0x12af2: cmp al, 0
0x12af4: je 0x12b36
2018-12-17T21:52:41.499520771Z 78 PC: 12a9c | Find first file
2018-12-17T21:52:41.505645408Z 78 PC: 12a9c | Find first file
2018-12-17T21:52:41.511263254Z 61 PC: 12c56 | Open file (Filename = 'SLEEP.COM')
2018-12-17T21:52:41.522489606Z 63 PC: 12b29 | Read file or device (Read 35 bytes on handle 5)
2018-12-17T21:52:41.529671248Z 62 PC: 12b29 | Close file
2018-12-17T21:52:41.531688548Z 67 PC: 12c56 | Get or set file attributes
2018-12-17T21:52:41.547033569Z 61 PC: 12c56 | Open file (Filename = 'SLEEP.COM')
2018-12-17T21:52:41.553812163Z 66 PC: 12b29 | Move file pointer
2018-12-17T21:52:41.555189566Z 63 PC: 12b29 | Read file or device (Read 1122 bytes on handle 5)
2018-12-17T21:52:41.557688776Z 66 PC: 12b29 | Move file pointer
2018-12-17T21:52:41.559238899Z 64 PC: 12b29 | Write file or device (Write 1122 bytes on handle 5)
2018-12-17T21:52:41.565316678Z 66 PC: 12b29 | Move file pointer
2018-12-17T21:52:41.566343153Z 64 PC: 12b29 | Write file or device (Write 1122 bytes on handle 5)
2018-12-17T21:52:41.572294694Z 66 PC: 12b29 | Move file pointer
2018-12-17T21:52:41.573813856Z 64 PC: 12b29 | Write file or device (Write 1122 bytes on handle 5)
2018-12-17T21:52:41.581982289Z 44 PC: 12c7b | Get time 0x12c7b: cmp dl, 0x5b
0x12c7e: jb 0x12ca0
0x12c80: cmp ch, 0xb
0x12c83: jl 0x12cbc
0x12c85: push 0x34a
0x12c88: ret
0x12c89: add word ptr [bx + si + 0x32f9], 0x4477
0x12c8f: cmp cl, 3
0x12c92: jbe 0x12cff
0x12c94: cmp dh, 0x11
0x12c97: ja 0x12c9c
0x12c99: jmp 0x12d4f
0x12c9c: jmp 0x12d21
0x12c9f: mov byte ptr [bx + si - 0x2482], 0xbf
0x12ca4: je 0x12cb1
0x12ca6: mov byte ptr [bp - 0x25], 0xbf
0x12caa: mov byte ptr [bp - 0x21], 0xe7
0x12cae: jmp 0x12c80
0x12cb0: mov dh, 0x46
0x12cb3: fstp xword ptr [bp + 0x46c6]
2018-12-17T21:52:41.593444313Z 64 PC: 12b29 | Write file or device (Write 28 bytes on handle 5)
2018-12-17T21:52:41.596221435Z 64 PC: 12b29 | Write file or device (Write 2135 bytes on handle 5)
2018-12-17T21:52:41.604677293Z 87 PC: 12d8a | Get or set file date and time
2018-12-17T21:52:41.606757215Z 62 PC: 12b29 | Close file
2018-12-17T21:52:41.615158787Z 67 PC: 12c56 | Get or set file attributes
2018-12-17T21:52:41.624654577Z 79 PC: 12a9c | Find next file
2018-12-17T21:52:41.628695027Z 79 PC: 12a9c | Find next file
2018-12-17T21:52:41.633003285Z 61 PC: 12c56 | Open file (Filename = 'HELLO.COM')
2018-12-17T21:52:41.640777476Z 63 PC: 12b29 | Read file or device (Read 35 bytes on handle 5)
2018-12-17T21:52:41.647775875Z 62 PC: 12b29 | Close file
2018-12-17T21:52:41.650084354Z 67 PC: 12c56 | Get or set file attributes
2018-12-17T21:52:41.660390867Z 61 PC: 12c56 | Open file (Filename = 'HELLO.COM')
2018-12-17T21:52:41.66759417Z 66 PC: 12b29 | Move file pointer
2018-12-17T21:52:41.669781125Z 63 PC: 12b29 | Read file or device (Read 1122 bytes on handle 5)
2018-12-17T21:52:41.672275636Z 66 PC: 12b29 | Move file pointer
2018-12-17T21:52:41.67463828Z 64 PC: 12b29 | Write file or device (Write 1122 bytes on handle 5)
2018-12-17T21:52:41.685868648Z 66 PC: 12b29 | Move file pointer
2018-12-17T21:52:41.687232361Z 64 PC: 12b29 | Write file or device (Write 1122 bytes on handle 5)
2018-12-17T21:52:41.695162599Z 66 PC: 12b29 | Move file pointer
2018-12-17T21:52:41.69658077Z 64 PC: 12b29 | Write file or device (Write 1122 bytes on handle 5)
2018-12-17T21:52:41.70466851Z 44 PC: 12c7b | Get time 0x12c7b: cmp dl, 0x5b
0x12c7e: jb 0x12ca0
0x12c80: cmp ch, 0xb
0x12c83: jl 0x12cbc
0x12c85: push 0x34a
0x12c88: ret
0x12c89: add word ptr [bx + si + 0x32f9], 0x4477
0x12c8f: cmp cl, 3
0x12c92: jbe 0x12cff
0x12c94: cmp dh, 0x11
0x12c97: ja 0x12c9c
0x12c99: jmp 0x12d4f
0x12c9c: jmp 0x12d21
0x12c9f: mov byte ptr [bx + si - 0x2482], 0xbf
0x12ca4: je 0x12cb1
0x12ca6: mov byte ptr [bp - 0x25], 0xbf
0x12caa: mov byte ptr [bp - 0x21], 0xe7
0x12cae: jmp 0x12c80
0x12cb0: mov dh, 0x46
0x12cb3: fstp xword ptr [bp + 0x46c6]
2018-12-17T21:52:41.707108685Z 64 PC: 12b29 | Write file or device (Write 28 bytes on handle 5)
2018-12-17T21:52:41.71067728Z 64 PC: 12b29 | Write file or device (Write 2135 bytes on handle 5)
2018-12-17T21:52:41.71924628Z 87 PC: 12d8a | Get or set file date and time
2018-12-17T21:52:41.72063988Z 62 PC: 12b29 | Close file
2018-12-17T21:52:41.729345689Z 67 PC: 12c56 | Get or set file attributes
2018-12-17T21:52:41.739103227Z 79 PC: 12a9c | Find next file
2018-12-17T21:52:41.742637214Z 79 PC: 12a9c | Find next file
2018-12-17T21:52:41.746295949Z 79 PC: 12a9c | Find next file
2018-12-17T21:52:41.749593048Z 61 PC: 12c56 | Open file (Filename = 'MANDEL.COM')
2018-12-17T21:52:41.756273157Z 63 PC: 12b29 | Read file or device (Read 35 bytes on handle 5)
2018-12-17T21:52:41.763430012Z 62 PC: 12b29 | Close file
2018-12-17T21:52:41.765347138Z 67 PC: 12c56 | Get or set file attributes
2018-12-17T21:52:41.77522546Z 61 PC: 12c56 | Open file (Filename = 'MANDEL.COM')
2018-12-17T21:52:41.782339106Z 66 PC: 12b29 | Move file pointer
2018-12-17T21:52:41.784032269Z 63 PC: 12b29 | Read file or device (Read 1122 bytes on handle 5)
2018-12-17T21:52:41.786858837Z 66 PC: 12b29 | Move file pointer
2018-12-17T21:52:41.789123176Z 64 PC: 12b29 | Write file or device (Write 1122 bytes on handle 5)
2018-12-17T21:52:41.799482273Z 66 PC: 12b29 | Move file pointer
2018-12-17T21:52:41.801155714Z 64 PC: 12b29 | Write file or device (Write 1122 bytes on handle 5)
2018-12-17T21:52:42.130363117Z 66 PC: 12b29 | Move file pointer
2018-12-17T21:52:42.13197244Z 64 PC: 12b29 | Write file or device (Write 1122 bytes on handle 5)
2018-12-17T21:52:42.140588995Z 44 PC: 12c7b | Get time 0x12c7b: cmp dl, 0x5b
0x12c7e: jb 0x12ca0
0x12c80: cmp ch, 0xb
0x12c83: jl 0x12cbc
0x12c85: push 0x34a
0x12c88: ret
0x12c89: add word ptr [bx + si + 0x32f9], 0x4477
0x12c8f: cmp cl, 3
0x12c92: jbe 0x12cff
0x12c94: cmp dh, 0x11
0x12c97: ja 0x12c9c
0x12c99: jmp 0x12d4f
0x12c9c: jmp 0x12d21
0x12c9f: mov byte ptr [bx + si - 0x2482], 0xbf
0x12ca4: je 0x12cb1
0x12ca6: mov byte ptr [bp - 0x25], 0xbf
0x12caa: mov byte ptr [bp - 0x21], 0xe7
0x12cae: jmp 0x12c80
0x12cb0: mov dh, 0x46
0x12cb3: fstp xword ptr [bp + 0x46c6]
2018-12-17T21:52:42.143204523Z 64 PC: 12b29 | Write file or device (Write 28 bytes on handle 5)
2018-12-17T21:52:42.145761998Z 64 PC: 12b29 | Write file or device (Write 2135 bytes on handle 5)
2018-12-17T21:52:42.15410555Z 87 PC: 12d8a | Get or set file date and time
2018-12-17T21:52:42.15610554Z 62 PC: 12b29 | Close file
2018-12-17T21:52:42.163489678Z 67 PC: 12c56 | Get or set file attributes
2018-12-17T21:52:42.173033743Z 79 PC: 12a9c | Find next file
2018-12-17T21:52:42.176445752Z 79 PC: 12a9c | Find next file
2018-12-17T21:52:42.179376683Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T21:52:42.184159839Z 0 PC: 12a89 | Program terminate

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":278,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:24.310519873Z 44 PC: 12ac2 | Get time 0x12ac2: cmp cl, 0x23
0x12ac5: je 0x12af6
0x12ac7: push 0x18c
0x12aca: ret
0x12acb: mov byte ptr [bx + si + 0x23fe], al
0x12acf: je 0x12af6
0x12ad1: cmp ch, 0x17
0x12ad4: je 0x12af6
0x12ad6: mov al, 0x23
0x12ad8: mul dl
0x12ada: mov word ptr [0x103], ax
0x12add: mov ah, byte ptr [0x4ee]
0x12ae1: mov dx, 0x148
0x12ae4: call 0x22a97
0x12ae7: cmp al, 0
0x12ae9: je 0x12af6
0x12aeb: mov ah, byte ptr [0x4ee]
0x12aef: call 0x22a94
0x12af2: cmp al, 0
0x12af4: je 0x12b36
2018-12-25T11:40:24.312685715Z 78 PC: 12a9c | Find first file
2018-12-25T11:40:24.320312891Z 78 PC: 12a9c | Find first file (See above)
2018-12-25T11:40:24.326537746Z 61 PC: 12c56 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:40:24.333535932Z 63 PC: 12b29 | Read file or device (Read 35 bytes on handle 5)
2018-12-25T11:40:24.341065109Z 62 PC: 12b29 | Close file (See above)
2018-12-25T11:40:24.34289685Z 67 PC: 12c56 | Get or set file attributes (See above)
2018-12-25T11:40:24.392823682Z 61 PC: 12c56 | Open file (See above)
2018-12-25T11:40:24.401159792Z 66 PC: 12b29 | Move file pointer (See above)
2018-12-25T11:40:24.403029135Z 63 PC: 12b29 | Read file or device (See above)
2018-12-25T11:40:24.405854353Z 66 PC: 12b29 | Move file pointer (See above)
2018-12-25T11:40:24.407973829Z 64 PC: 12b29 | Write file or device (See above)
2018-12-25T11:40:24.419243686Z 66 PC: 12b29 | Move file pointer (See above)
2018-12-25T11:40:24.420920707Z 64 PC: 12b29 | Write file or device (See above)
2018-12-25T11:40:24.437075848Z 66 PC: 12b29 | Move file pointer (See above)
2018-12-25T11:40:24.438635629Z 64 PC: 12b29 | Write file or device (See above)
2018-12-25T11:40:24.447641582Z 44 PC: 12c7b | Get time 0x12c7b: cmp dl, 0x5b
0x12c7e: jb 0x12ca0
0x12c80: cmp ch, 0xb
0x12c83: jl 0x12cbc
0x12c85: push 0x34a
0x12c88: ret
0x12c89: add word ptr [bx + si + 0x32f9], 0x4477
0x12c8f: cmp cl, 3
0x12c92: jbe 0x12cff
0x12c94: cmp dh, 0x11
0x12c97: ja 0x12c9c
0x12c99: jmp 0x12d4f
0x12c9c: jmp 0x12d21
0x12c9f: mov byte ptr [bx + si - 0x2482], 0xbf
0x12ca4: je 0x12cb1
0x12ca6: mov byte ptr [bp - 0x25], 0xbf
0x12caa: mov byte ptr [bp - 0x21], 0xe7
0x12cae: jmp 0x12c80
0x12cb0: mov dh, 0x46
0x12cb3: fstp xword ptr [bp + 0x46c6]
2018-12-25T11:40:24.450242722Z 64 PC: 12b29 | Write file or device (See above)
2018-12-25T11:40:24.454323908Z 64 PC: 12b29 | Write file or device (See above)
2018-12-25T11:40:24.463154173Z 87 PC: 12d8a | Get or set file date and time
2018-12-25T11:40:24.464507313Z 62 PC: 12b29 | Close file (See above)
2018-12-25T11:40:24.469700976Z 67 PC: 12c56 | Get or set file attributes (See above)
2018-12-25T11:40:24.476022993Z 79 PC: 12a9c | Find next file (See above)
2018-12-25T11:40:24.477816339Z 79 PC: 12a9c | Find next file (See above)
2018-12-25T11:40:24.480232135Z 61 PC: 12c56 | Open file (See above)
2018-12-25T11:40:24.487702608Z 63 PC: 12b29 | Read file or device (See above)
2018-12-25T11:40:24.49482416Z 62 PC: 12b29 | Close file (See above)
2018-12-25T11:40:24.500529999Z 67 PC: 12c56 | Get or set file attributes (See above)
2018-12-25T11:40:24.51150516Z 61 PC: 12c56 | Open file (See above)
2018-12-25T11:40:24.524548374Z 66 PC: 12b29 | Move file pointer (See above)
2018-12-25T11:40:24.526973162Z 63 PC: 12b29 | Read file or device (See above)
2018-12-25T11:40:24.534276359Z 66 PC: 12b29 | Move file pointer (See above)
2018-12-25T11:40:24.536004953Z 64 PC: 12b29 | Write file or device (See above)
2018-12-25T11:40:24.547830613Z 66 PC: 12b29 | Move file pointer (See above)
2018-12-25T11:40:24.550224559Z 64 PC: 12b29 | Write file or device (See above)
2018-12-25T11:40:24.559977265Z 66 PC: 12b29 | Move file pointer (See above)
2018-12-25T11:40:24.562283055Z 64 PC: 12b29 | Write file or device (See above)
2018-12-25T11:40:24.569173294Z 44 PC: 12c7b | Get time (See above)
2018-12-25T11:40:24.570942461Z 64 PC: 12b29 | Write file or device (See above)
2018-12-25T11:40:24.57294256Z 64 PC: 12b29 | Write file or device (See above)
2018-12-25T11:40:24.582290473Z 87 PC: 12d8a | Get or set file date and time (See above)
2018-12-25T11:40:24.585082542Z 62 PC: 12b29 | Close file (See above)
2018-12-25T11:40:24.600882218Z 67 PC: 12c56 | Get or set file attributes (See above)
2018-12-25T11:40:24.611822679Z 79 PC: 12a9c | Find next file (See above)
2018-12-25T11:40:24.614595033Z 79 PC: 12a9c | Find next file (See above)
2018-12-25T11:40:24.617290625Z 79 PC: 12a9c | Find next file (See above)
2018-12-25T11:40:24.620547095Z 61 PC: 12c56 | Open file (See above)
2018-12-25T11:40:24.6276304Z 63 PC: 12b29 | Read file or device (See above)
2018-12-25T11:40:24.634541185Z 62 PC: 12b29 | Close file (See above)
2018-12-25T11:40:24.636755054Z 67 PC: 12c56 | Get or set file attributes (See above)
2018-12-25T11:40:24.648125898Z 61 PC: 12c56 | Open file (See above)
2018-12-25T11:40:24.655797586Z 66 PC: 12b29 | Move file pointer (See above)
2018-12-25T11:40:24.658489518Z 63 PC: 12b29 | Read file or device (See above)
2018-12-25T11:40:24.663119222Z 66 PC: 12b29 | Move file pointer (See above)
2018-12-25T11:40:24.66507543Z 64 PC: 12b29 | Write file or device (See above)
2018-12-25T11:40:24.675997903Z 66 PC: 12b29 | Move file pointer (See above)
2018-12-25T11:40:24.677419199Z 64 PC: 12b29 | Write file or device (See above)
2018-12-25T11:40:24.685361344Z 66 PC: 12b29 | Move file pointer (See above)
2018-12-25T11:40:24.68718621Z 64 PC: 12b29 | Write file or device (See above)
2018-12-25T11:40:24.695908016Z 44 PC: 12c7b | Get time (See above)
2018-12-25T11:40:24.698418793Z 64 PC: 12b29 | Write file or device (See above)
2018-12-25T11:40:24.701442682Z 64 PC: 12b29 | Write file or device (See above)
2018-12-25T11:40:24.710211087Z 87 PC: 12d8a | Get or set file date and time (See above)
2018-12-25T11:40:24.713597597Z 62 PC: 12b29 | Close file (See above)
2018-12-25T11:40:24.721439671Z 67 PC: 12c56 | Get or set file attributes (See above)
2018-12-25T11:40:24.73770703Z 79 PC: 12a9c | Find next file (See above)
2018-12-25T11:40:24.741355067Z 79 PC: 12a9c | Find next file (See above)
2018-12-25T11:40:24.74906974Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T11:40:24.756010497Z 0 PC: 12a89 | Program terminate

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":35,"Second":0,"TimeBased":true,"OriginalID":278,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:25.117367027Z 44 PC: 12ac2 | Get time 0x12ac2: cmp cl, 0x23
0x12ac5: je 0x12af6
0x12ac7: push 0x18c
0x12aca: ret
0x12acb: mov byte ptr [bx + si + 0x23fe], al
0x12acf: je 0x12af6
0x12ad1: cmp ch, 0x17
0x12ad4: je 0x12af6
0x12ad6: mov al, 0x23
0x12ad8: mul dl
0x12ada: mov word ptr [0x103], ax
0x12add: mov ah, byte ptr [0x4ee]
0x12ae1: mov dx, 0x148
0x12ae4: call 0x22a97
0x12ae7: cmp al, 0
0x12ae9: je 0x12af6
0x12aeb: mov ah, byte ptr [0x4ee]
0x12aef: call 0x22a94
0x12af2: cmp al, 0
0x12af4: je 0x12b36
2018-12-25T11:40:25.120306266Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T11:40:25.125638162Z 0 PC: 12a89 | Program terminate