Sample viewer

vx.netlux.org/Virus.DOS.SillyC.1024

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:15:20.518735702Z 26 PC: 13e69 | Set disk transfer address
2018-12-17T22:15:20.520898868Z 78 PC: 13e76 | Find first file
2018-12-17T22:15:20.527459267Z 61 PC: 13e86 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:15:20.534067784Z 63 PC: 13e97 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:15:20.541455691Z 66 PC: 13eab | Move file pointer
2018-12-17T22:15:20.542900479Z 64 PC: 13eba | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T22:15:20.557591498Z 66 PC: 13ed7 | Move file pointer
2018-12-17T22:15:20.559433163Z 64 PC: 13ee5 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:15:20.569883108Z 62 PC: 13eeb | Close file
2018-12-17T22:15:20.577913499Z 44 PC: 13f1f | Get time 0x13f1f: cmp ch, 0
0x13f22: jne 0x13f43
0x13f24: mov dx, si
0x13f26: add dx, 0x1d1
0x13f2a: mov bx, 0xc
0x13f2d: mov ah, 9
0x13f2f: int 0x21
0x13f31: push dx
0x13f32: mov dx, si
0x13f34: add dx, 0x1ce
0x13f38: mov ah, 9
0x13f3a: int 0x21
0x13f3c: pop dx
0x13f3d: add dx, 0x2c
0x13f40: dec bx
0x13f41: jne 0x13f2d
0x13f43: mov ah, 0x4e
0x13f45: mov dx, si
0x13f47: add dx, 0x1c7
0x13f4b: mov cx, 0x20
2018-12-17T22:15:20.580007373Z 9 PC: 13f31 | Display string (String= '�����������������������������������������ͻ')
2018-12-17T22:15:20.582517906Z 9 PC: 13f3c | Display string (String= ' ')
2018-12-17T22:15:20.58632218Z 9 PC: 13f31 | Display string (String= '������ (350681), � � ⥡� �� ࠢ����襭 ! �')
2018-12-17T22:15:20.590130303Z 9 PC: 13f3c | Display string (String= ' ')
2018-12-17T22:15:20.594939615Z 9 PC: 13f31 | Display string (String= '� 250681, �� (250281) ��� ���� ! �')
2018-12-17T22:15:20.598816095Z 9 PC: 13f3c | Display string (String= ' ')
2018-12-17T22:15:20.602677861Z 9 PC: 13f31 | Display string (String= '� �㫃� 1999 ��� �')
2018-12-17T22:15:20.605736435Z 9 PC: 13f3c | Display string (String= ' ')
2018-12-17T22:15:20.614745168Z 9 PC: 13f31 | Display string (String= '�����������������������������������������ͼ')
2018-12-17T22:15:20.618687896Z 9 PC: 13f3c | Display string (String= ' ')
2018-12-17T22:15:20.624085382Z 9 PC: 13f31 | Display string (String= '�����������������������������������������ͻ')
2018-12-17T22:15:20.630935087Z 9 PC: 13f3c | Display string (String= ' ')
2018-12-17T22:15:20.635193303Z 9 PC: 13f31 | Display string (String= '��, �����, �� �� �������᪮� ���⥺')
2018-12-17T22:15:20.639836666Z 9 PC: 13f3c | Display string (String= ' ')
2018-12-17T22:15:20.643749213Z 9 PC: 13f31 | Display string (String= '� ���, ���� ��த�� ��� ��������� - �')
2018-12-17T22:15:20.645975027Z 9 PC: 13f3c | Display string (String= ' ')
2018-12-17T22:15:20.664495551Z 9 PC: 13f31 | Display string (String= '� �������� �')
2018-12-17T22:15:20.668999559Z 9 PC: 13f3c | Display string (String= ' ')
2018-12-17T22:15:20.673490684Z 9 PC: 13f31 | Display string (String= '�����������������������������������������͹')
2018-12-17T22:15:20.677600271Z 9 PC: 13f3c | Display string (String= ' ')
2018-12-17T22:15:20.685014545Z 9 PC: 13f31 | Display string (String= '� *** Billy Bons *** �')
2018-12-17T22:15:20.687485247Z 9 PC: 13f3c | Display string (String= ' ')
2018-12-17T22:15:20.701558157Z 9 PC: 13f31 | Display string (String= '�����������������������������������������ͼ')
2018-12-17T22:15:20.70773192Z 9 PC: 13f3c | Display string (String= ' ')
2018-12-17T22:15:20.711837057Z 78 PC: 13f50 | Find first file
2018-12-17T22:15:20.718729252Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T22:15:20.72665707Z 0 PC: 12a89 | Program terminate

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2817,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:33.847754521Z 26 PC: 13e69 | Set disk transfer address
2018-12-25T11:46:33.850053546Z 78 PC: 13e76 | Find first file
2018-12-25T11:46:33.85673627Z 61 PC: 13e86 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:33.863003847Z 63 PC: 13e97 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:46:33.870152147Z 66 PC: 13eab | Move file pointer
2018-12-25T11:46:33.872193127Z 64 PC: 13eba | Write file or device (Write 1024 bytes on handle 5)
2018-12-25T11:46:34.055474895Z 66 PC: 13ed7 | Move file pointer
2018-12-25T11:46:34.058608701Z 64 PC: 13ee5 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:34.065789426Z 62 PC: 13eeb | Close file
2018-12-25T11:46:34.07412084Z 44 PC: 13f1f | Get time 0x13f1f: cmp ch, 0
0x13f22: jne 0x13f43
0x13f24: mov dx, si
0x13f26: add dx, 0x1d1
0x13f2a: mov bx, 0xc
0x13f2d: mov ah, 9
0x13f2f: int 0x21
0x13f31: push dx
0x13f32: mov dx, si
0x13f34: add dx, 0x1ce
0x13f38: mov ah, 9
0x13f3a: int 0x21
0x13f3c: pop dx
0x13f3d: add dx, 0x2c
0x13f40: dec bx
0x13f41: jne 0x13f2d
0x13f43: mov ah, 0x4e
0x13f45: mov dx, si
0x13f47: add dx, 0x1c7
0x13f4b: mov cx, 0x20
2018-12-25T11:46:34.076579797Z 9 PC: 13f31 | Display string (String= '�����������������������������������������ͻ')
2018-12-25T11:46:34.08024457Z 9 PC: 13f3c | Display string (String= ' ')
2018-12-25T11:46:34.084156432Z 9 PC: 13f31 | Display string (See above)
2018-12-25T11:46:34.088066276Z 9 PC: 13f3c | Display string (See above)
2018-12-25T11:46:34.092479806Z 9 PC: 13f31 | Display string (See above)
2018-12-25T11:46:34.096339883Z 9 PC: 13f3c | Display string (See above)
2018-12-25T11:46:34.100051902Z 9 PC: 13f31 | Display string (See above)
2018-12-25T11:46:34.104112179Z 9 PC: 13f3c | Display string (See above)
2018-12-25T11:46:34.107762623Z 9 PC: 13f31 | Display string (See above)
2018-12-25T11:46:34.110068812Z 9 PC: 13f3c | Display string (See above)
2018-12-25T11:46:34.114844466Z 9 PC: 13f31 | Display string (See above)
2018-12-25T11:46:34.118612515Z 9 PC: 13f3c | Display string (See above)
2018-12-25T11:46:34.123378917Z 9 PC: 13f31 | Display string (See above)
2018-12-25T11:46:34.128776241Z 9 PC: 13f3c | Display string (See above)
2018-12-25T11:46:34.132827368Z 9 PC: 13f31 | Display string (See above)
2018-12-25T11:46:34.135414279Z 9 PC: 13f3c | Display string (See above)
2018-12-25T11:46:34.140105493Z 9 PC: 13f31 | Display string (See above)
2018-12-25T11:46:34.144054712Z 9 PC: 13f3c | Display string (See above)
2018-12-25T11:46:34.147948773Z 9 PC: 13f31 | Display string (See above)
2018-12-25T11:46:34.15385751Z 9 PC: 13f3c | Display string (See above)
2018-12-25T11:46:34.16186968Z 9 PC: 13f31 | Display string (See above)
2018-12-25T11:46:34.164619219Z 9 PC: 13f3c | Display string (See above)
2018-12-25T11:46:34.168346616Z 9 PC: 13f31 | Display string (See above)
2018-12-25T11:46:34.172295338Z 9 PC: 13f3c | Display string (See above)
2018-12-25T11:46:34.175856457Z 78 PC: 13f50 | Find first file
2018-12-25T11:46:34.182383867Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T11:46:34.188476685Z 0 PC: 12a89 | Program terminate

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2817,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:33.973474681Z 26 PC: 13e69 | Set disk transfer address
2018-12-25T11:46:33.974737828Z 78 PC: 13e76 | Find first file
2018-12-25T11:46:33.981301443Z 61 PC: 13e86 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:33.988341427Z 63 PC: 13e97 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:46:33.995639615Z 66 PC: 13eab | Move file pointer
2018-12-25T11:46:33.997121058Z 64 PC: 13eba | Write file or device (Write 1024 bytes on handle 5)
2018-12-25T11:46:34.484437278Z 66 PC: 13ed7 | Move file pointer
2018-12-25T11:46:34.486927303Z 64 PC: 13ee5 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:34.496491602Z 62 PC: 13eeb | Close file
2018-12-25T11:46:34.505322812Z 44 PC: 13f1f | Get time 0x13f1f: cmp ch, 0
0x13f22: jne 0x13f43
0x13f24: mov dx, si
0x13f26: add dx, 0x1d1
0x13f2a: mov bx, 0xc
0x13f2d: mov ah, 9
0x13f2f: int 0x21
0x13f31: push dx
0x13f32: mov dx, si
0x13f34: add dx, 0x1ce
0x13f38: mov ah, 9
0x13f3a: int 0x21
0x13f3c: pop dx
0x13f3d: add dx, 0x2c
0x13f40: dec bx
0x13f41: jne 0x13f2d
0x13f43: mov ah, 0x4e
0x13f45: mov dx, si
0x13f47: add dx, 0x1c7
0x13f4b: mov cx, 0x20
2018-12-25T11:46:34.50779302Z 78 PC: 13f50 | Find first file
2018-12-25T11:46:34.514510929Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T11:46:34.520649688Z 0 PC: 12a89 | Program terminate