Sample viewer

vx.netlux.org/Virus.DOS.Garfio.1000.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:15:33.476217961Z	250	PC: 12e42 \| UNKNOWN!
2018-12-17T22:15:33.47764382Z	42	PC: 12e46 \| Get date 0x12e46: cmp dh, 4 0x12e49: jne 0x12e4e 0x12e4b: jmp 0x130da 0x12e4e: mov word ptr [0x1eb], 0 0x12e54: mov ah, 0x47 0x12e56: mov dl, 0 0x12e58: lea si, word ptr [bp + 0x1a8] 0x12e5c: int 0x21 0x12e5e: mov si, 0x80 0x12e61: lea di, word ptr [bp + 0x178] 0x12e65: mov cx, 0x2b 0x12e68: rep movsb byte ptr es:[di], byte ptr [si] 0x12e6a: cld 0x12e6b: mov cx, 4 0x12e6e: lea si, word ptr [bp + 0x16d] 0x12e72: mov di, 0x100 0x12e75: rep movsb byte ptr es:[di], byte ptr [si] 0x12e77: call 0x13014 0x12e7a: lea dx, word ptr [bp + 0x1e8] 0x12e7e: mov ah, 0x3b
2018-12-17T22:15:33.480358206Z	71	PC: 12e5e \| Get current directory
2018-12-17T22:15:33.483622976Z	78	PC: 1301f \| Find first file
2018-12-17T22:15:33.490969502Z	61	PC: 1302a \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:15:33.497788373Z	63	PC: 13038 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:15:33.504496855Z	66	PC: 1307a \| Move file pointer
2018-12-17T22:15:33.506291424Z	64	PC: 13087 \| Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:15:33.510135738Z	64	PC: 130a8 \| Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:15:33.512958649Z	64	PC: 130b3 \| Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:15:33.515765122Z	66	PC: 130c0 \| Move file pointer
2018-12-17T22:15:33.52240611Z	64	PC: 130d3 \| Write file or device (Write 1000 bytes on handle 5)
2018-12-17T22:15:33.537165974Z	62	PC: 13045 \| Close file
2018-12-17T22:15:33.545458577Z	79	PC: 13050 \| Find next file
2018-12-17T22:15:33.549070043Z	61	PC: 1302a \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:15:33.555557175Z	63	PC: 13038 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:15:33.561957306Z	66	PC: 1307a \| Move file pointer
2018-12-17T22:15:33.564197085Z	64	PC: 13087 \| Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:15:33.56693435Z	64	PC: 130a8 \| Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:15:33.570111838Z	64	PC: 130b3 \| Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:15:33.589353509Z	66	PC: 130c0 \| Move file pointer
2018-12-17T22:15:33.590792623Z	64	PC: 130d3 \| Write file or device (Write 1000 bytes on handle 5)
2018-12-17T22:15:33.599417567Z	62	PC: 13045 \| Close file
2018-12-17T22:15:33.608212128Z	79	PC: 13050 \| Find next file
2018-12-17T22:15:33.615300578Z	61	PC: 1302a \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:15:33.622201595Z	63	PC: 13038 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:15:33.630070472Z	66	PC: 1307a \| Move file pointer
2018-12-17T22:15:33.631500759Z	64	PC: 13087 \| Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:15:33.634399468Z	64	PC: 130a8 \| Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:15:33.637891841Z	64	PC: 130b3 \| Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:15:33.640658022Z	66	PC: 130c0 \| Move file pointer
2018-12-17T22:15:33.642402955Z	64	PC: 130d3 \| Write file or device (Write 1000 bytes on handle 5)
2018-12-17T22:15:33.652213107Z	62	PC: 13045 \| Close file
2018-12-17T22:15:33.661000681Z	59	PC: 13069 \| Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2841,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:20.887634353Z	250	PC: 12e42 \| UNKNOWN!
2018-12-25T11:47:20.891048335Z	42	PC: 12e46 \| Get date 0x12e46: cmp dh, 4 0x12e49: jne 0x12e4e 0x12e4b: jmp 0x130da 0x12e4e: mov word ptr [0x1eb], 0 0x12e54: mov ah, 0x47 0x12e56: mov dl, 0 0x12e58: lea si, word ptr [bp + 0x1a8] 0x12e5c: int 0x21 0x12e5e: mov si, 0x80 0x12e61: lea di, word ptr [bp + 0x178] 0x12e65: mov cx, 0x2b 0x12e68: rep movsb byte ptr es:[di], byte ptr [si] 0x12e6a: cld 0x12e6b: mov cx, 4 0x12e6e: lea si, word ptr [bp + 0x16d] 0x12e72: mov di, 0x100 0x12e75: rep movsb byte ptr es:[di], byte ptr [si] 0x12e77: call 0x13014 0x12e7a: lea dx, word ptr [bp + 0x1e8] 0x12e7e: mov ah, 0x3b
2018-12-25T11:47:20.893353631Z	71	PC: 12e5e \| Get current directory
2018-12-25T11:47:20.896404385Z	78	PC: 1301f \| Find first file
2018-12-25T11:47:20.903501076Z	61	PC: 1302a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:47:20.914831255Z	63	PC: 13038 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:47:20.921308573Z	66	PC: 1307a \| Move file pointer
2018-12-25T11:47:20.922697378Z	64	PC: 13087 \| Write file or device (Write 1 bytes on handle 5)
2018-12-25T11:47:20.928822657Z	64	PC: 130a8 \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:47:20.931438724Z	64	PC: 130b3 \| Write file or device (Write 1 bytes on handle 5)
2018-12-25T11:47:20.934184674Z	66	PC: 130c0 \| Move file pointer
2018-12-25T11:47:20.936287811Z	64	PC: 130d3 \| Write file or device (Write 1000 bytes on handle 5)
2018-12-25T11:47:20.949845567Z	62	PC: 13045 \| Close file
2018-12-25T11:47:20.957541211Z	79	PC: 13050 \| Find next file
2018-12-25T11:47:20.960783558Z	61	PC: 1302a \| Open file (See above)
2018-12-25T11:47:20.967173352Z	63	PC: 13038 \| Read file or device (See above)
2018-12-25T11:47:20.973435729Z	66	PC: 1307a \| Move file pointer (See above)
2018-12-25T11:47:20.975481161Z	64	PC: 13087 \| Write file or device (See above)
2018-12-25T11:47:20.978033999Z	64	PC: 130a8 \| Write file or device (See above)
2018-12-25T11:47:20.980518221Z	64	PC: 130b3 \| Write file or device (See above)
2018-12-25T11:47:20.984033076Z	66	PC: 130c0 \| Move file pointer (See above)
2018-12-25T11:47:20.985423961Z	64	PC: 130d3 \| Write file or device (See above)
2018-12-25T11:47:20.993889261Z	62	PC: 13045 \| Close file (See above)
2018-12-25T11:47:21.002270519Z	79	PC: 13050 \| Find next file (See above)
2018-12-25T11:47:21.004777315Z	61	PC: 1302a \| Open file (See above)
2018-12-25T11:47:21.010900834Z	63	PC: 13038 \| Read file or device (See above)
2018-12-25T11:47:21.017466047Z	66	PC: 1307a \| Move file pointer (See above)
2018-12-25T11:47:21.018731451Z	64	PC: 13087 \| Write file or device (See above)
2018-12-25T11:47:21.021176173Z	64	PC: 130a8 \| Write file or device (See above)
2018-12-25T11:47:21.024061365Z	64	PC: 130b3 \| Write file or device (See above)
2018-12-25T11:47:21.025877043Z	66	PC: 130c0 \| Move file pointer (See above)
2018-12-25T11:47:21.026805744Z	64	PC: 130d3 \| Write file or device (See above)
2018-12-25T11:47:21.042992307Z	62	PC: 13045 \| Close file (See above)
2018-12-25T11:47:21.061749615Z	59	PC: 13069 \| Change current directory

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2841,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:21.058481364Z	250	PC: 12e42 \| UNKNOWN!
2018-12-25T11:47:21.059830127Z	42	PC: 12e46 \| Get date 0x12e46: cmp dh, 4 0x12e49: jne 0x12e4e 0x12e4b: jmp 0x130da 0x12e4e: mov word ptr [0x1eb], 0 0x12e54: mov ah, 0x47 0x12e56: mov dl, 0 0x12e58: lea si, word ptr [bp + 0x1a8] 0x12e5c: int 0x21 0x12e5e: mov si, 0x80 0x12e61: lea di, word ptr [bp + 0x178] 0x12e65: mov cx, 0x2b 0x12e68: rep movsb byte ptr es:[di], byte ptr [si] 0x12e6a: cld 0x12e6b: mov cx, 4 0x12e6e: lea si, word ptr [bp + 0x16d] 0x12e72: mov di, 0x100 0x12e75: rep movsb byte ptr es:[di], byte ptr [si] 0x12e77: call 0x13014 0x12e7a: lea dx, word ptr [bp + 0x1e8] 0x12e7e: mov ah, 0x3b
2018-12-25T11:47:21.06229202Z	9	PC: 130e2 \| Display string (Could not find end pointer)
2018-12-25T11:47:21.08334159Z	76	PC: 130e6 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2841,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:21.299505028Z	250	PC: 12e42 \| UNKNOWN!
2018-12-25T11:47:21.300812833Z	42	PC: 12e46 \| Get date 0x12e46: cmp dh, 4 0x12e49: jne 0x12e4e 0x12e4b: jmp 0x130da 0x12e4e: mov word ptr [0x1eb], 0 0x12e54: mov ah, 0x47 0x12e56: mov dl, 0 0x12e58: lea si, word ptr [bp + 0x1a8] 0x12e5c: int 0x21 0x12e5e: mov si, 0x80 0x12e61: lea di, word ptr [bp + 0x178] 0x12e65: mov cx, 0x2b 0x12e68: rep movsb byte ptr es:[di], byte ptr [si] 0x12e6a: cld 0x12e6b: mov cx, 4 0x12e6e: lea si, word ptr [bp + 0x16d] 0x12e72: mov di, 0x100 0x12e75: rep movsb byte ptr es:[di], byte ptr [si] 0x12e77: call 0x13014 0x12e7a: lea dx, word ptr [bp + 0x1e8] 0x12e7e: mov ah, 0x3b
2018-12-25T11:47:21.302837125Z	71	PC: 12e5e \| Get current directory
2018-12-25T11:47:21.305539223Z	78	PC: 1301f \| Find first file
2018-12-25T11:47:21.311589095Z	61	PC: 1302a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:47:21.318006088Z	63	PC: 13038 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:47:21.324592818Z	66	PC: 1307a \| Move file pointer
2018-12-25T11:47:21.326650072Z	64	PC: 13087 \| Write file or device (Write 1 bytes on handle 5)
2018-12-25T11:47:21.330520134Z	64	PC: 130a8 \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:47:21.332996453Z	64	PC: 130b3 \| Write file or device (Write 1 bytes on handle 5)
2018-12-25T11:47:21.335507898Z	66	PC: 130c0 \| Move file pointer
2018-12-25T11:47:21.337865605Z	64	PC: 130d3 \| Write file or device (Write 1000 bytes on handle 5)
2018-12-25T11:47:21.352485021Z	62	PC: 13045 \| Close file
2018-12-25T11:47:21.360184625Z	79	PC: 13050 \| Find next file
2018-12-25T11:47:21.364081299Z	61	PC: 1302a \| Open file (See above)
2018-12-25T11:47:21.370986022Z	63	PC: 13038 \| Read file or device (See above)
2018-12-25T11:47:21.377113719Z	66	PC: 1307a \| Move file pointer (See above)
2018-12-25T11:47:21.378643325Z	64	PC: 13087 \| Write file or device (See above)
2018-12-25T11:47:21.38164268Z	64	PC: 130a8 \| Write file or device (See above)
2018-12-25T11:47:21.384169149Z	64	PC: 130b3 \| Write file or device (See above)
2018-12-25T11:47:21.386923316Z	66	PC: 130c0 \| Move file pointer (See above)
2018-12-25T11:47:21.388845019Z	64	PC: 130d3 \| Write file or device (See above)
2018-12-25T11:47:21.397363359Z	62	PC: 13045 \| Close file (See above)
2018-12-25T11:47:21.405732025Z	79	PC: 13050 \| Find next file (See above)
2018-12-25T11:47:21.408924562Z	61	PC: 1302a \| Open file (See above)
2018-12-25T11:47:21.415768702Z	63	PC: 13038 \| Read file or device (See above)
2018-12-25T11:47:21.423078705Z	66	PC: 1307a \| Move file pointer (See above)
2018-12-25T11:47:21.429949282Z	64	PC: 13087 \| Write file or device (See above)
2018-12-25T11:47:21.432774156Z	64	PC: 130a8 \| Write file or device (See above)
2018-12-25T11:47:21.436621602Z	64	PC: 130b3 \| Write file or device (See above)
2018-12-25T11:47:21.439337966Z	66	PC: 130c0 \| Move file pointer (See above)
2018-12-25T11:47:21.44056189Z	64	PC: 130d3 \| Write file or device (See above)
2018-12-25T11:47:21.449755209Z	62	PC: 13045 \| Close file (See above)
2018-12-25T11:47:21.466981479Z	59	PC: 13069 \| Change current directory

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2841,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:21.804596299Z	250	PC: 12e42 \| UNKNOWN!
2018-12-25T11:47:21.806091258Z	42	PC: 12e46 \| Get date 0x12e46: cmp dh, 4 0x12e49: jne 0x12e4e 0x12e4b: jmp 0x130da 0x12e4e: mov word ptr [0x1eb], 0 0x12e54: mov ah, 0x47 0x12e56: mov dl, 0 0x12e58: lea si, word ptr [bp + 0x1a8] 0x12e5c: int 0x21 0x12e5e: mov si, 0x80 0x12e61: lea di, word ptr [bp + 0x178] 0x12e65: mov cx, 0x2b 0x12e68: rep movsb byte ptr es:[di], byte ptr [si] 0x12e6a: cld 0x12e6b: mov cx, 4 0x12e6e: lea si, word ptr [bp + 0x16d] 0x12e72: mov di, 0x100 0x12e75: rep movsb byte ptr es:[di], byte ptr [si] 0x12e77: call 0x13014 0x12e7a: lea dx, word ptr [bp + 0x1e8] 0x12e7e: mov ah, 0x3b
2018-12-25T11:47:21.808382182Z	9	PC: 130e2 \| Display string (Could not find end pointer)
2018-12-25T11:47:21.819034097Z	76	PC: 130e6 \| Terminate with return code (Return code = '36')