Sample viewer

vx.netlux.org/Virus.DOS.V.1259

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:22:50.368735603Z 47 PC: 12c20 | Get disk transfer address
2018-12-17T22:22:50.371733949Z 26 PC: 12c7f | Set disk transfer address
2018-12-17T22:22:50.37408031Z 65 PC: 12c10 | Delete file (Filename = 'CHKLIST.CPS')
2018-12-17T22:22:50.383538233Z 65 PC: 12c10 | Delete file (Filename = '\SENTRY.LOG')
2018-12-17T22:22:50.390873965Z 67 PC: 12c1b | Get or set file attributes
2018-12-17T22:22:50.397975865Z 65 PC: 12c10 | Delete file (Filename = '\NAV_._NO')
2018-12-17T22:22:50.405297212Z 78 PC: 12d3a | Find first file
2018-12-17T22:22:50.422426196Z 67 PC: 12d76 | Get or set file attributes
2018-12-17T22:22:50.429547918Z 67 PC: 12d87 | Get or set file attributes
2018-12-17T22:22:50.44592405Z 61 PC: 12d93 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:22:50.450733004Z 87 PC: 12da0 | Get or set file date and time
2018-12-17T22:22:50.4531202Z 66 PC: 12dba | Move file pointer
2018-12-17T22:22:50.459685055Z 66 PC: 12de6 | Move file pointer
2018-12-17T22:22:50.461682435Z 63 PC: 12df5 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:22:50.469571135Z 66 PC: 12e19 | Move file pointer
2018-12-17T22:22:50.471399908Z 64 PC: 12e34 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:22:50.473506943Z 44 PC: 12fc4 | Get time 0x12fc4: ret
0x12fc5: sbb dx, sp
0x12fc7: add bl, ah
0x12fc9: cmp ah, byte ptr [bp + di + 0x36]
0x12fcc: sbb byte ptr [bp + di + 4], dl
0x12fcf: pop es
0x12fd0: mov word ptr [0x3210], ax
0x12fd3: das
0x12fd4: add al, 0x63
0x12fd6: cmp al, byte ptr [bp + di]
0x12fd8: cli
0x12fd9: add byte ptr [bx + si], al
0x12fdb: inc byte ptr [bx + si]
0x12fdd: add byte ptr [bp + si - 0x64fa], dh
2018-12-17T22:22:50.476041501Z 44 PC: 12fc4 | Get time 0x12fc4: ret
0x12fc5: sbb dx, sp
0x12fc7: add bl, ah
0x12fc9: cmp ah, byte ptr [bp + di + 0x36]
0x12fcc: sbb byte ptr [bp + di + 4], dl
0x12fcf: pop es
0x12fd0: mov word ptr [0x3210], ax
0x12fd3: das
0x12fd4: add al, 0x63
0x12fd6: cmp al, byte ptr [bp + di]
0x12fd8: cli
0x12fd9: add byte ptr [bx + si], al
0x12fdb: inc byte ptr [bx + si]
0x12fdd: add byte ptr [bp + si - 0x64fa], dh
2018-12-17T22:22:50.477862553Z 44 PC: 12fc4 | Get time 0x12fc4: ret
0x12fc5: sbb dx, sp
0x12fc7: add bl, ah
0x12fc9: cmp ah, byte ptr [bp + di + 0x36]
0x12fcc: sbb byte ptr [bp + di + 4], dl
0x12fcf: pop es
0x12fd0: mov word ptr [0x3210], ax
0x12fd3: das
0x12fd4: add al, 0x63
0x12fd6: cmp al, byte ptr [bp + di]
0x12fd8: cli
0x12fd9: add byte ptr [bx + si], al
0x12fdb: inc byte ptr [bx + si]
0x12fdd: add byte ptr [bp + si - 0x64fa], dh
2018-12-17T22:22:50.479649679Z 44 PC: 12fc4 | Get time 0x12fc4: ret
0x12fc5: sbb dx, sp
0x12fc7: add bl, ah
0x12fc9: cmp ah, byte ptr [bp + di + 0x36]
0x12fcc: sbb byte ptr [bp + di + 4], dl
0x12fcf: pop es
0x12fd0: mov word ptr [0x3210], ax
0x12fd3: das
0x12fd4: add al, 0x63
0x12fd6: cmp al, byte ptr [bp + di]
0x12fd8: cli
0x12fd9: add byte ptr [bx + si], al
0x12fdb: inc byte ptr [bx + si]
0x12fdd: add byte ptr [bp + si - 0x64fa], dh
2018-12-17T22:22:50.486360522Z 66 PC: 12ee0 | Move file pointer
2018-12-17T22:22:50.489835758Z 64 PC: 12ef6 | Write file or device (Write 1259 bytes on handle 5)
2018-12-17T22:22:50.497204666Z 44 PC: 12fc4 | Get time 0x12fc4: ret
0x12fc5: xor al, ch
0x12fc7: add bh, al
0x12fc9: je 0x12f91
0x12fcb: insb byte ptr es:[di], dx
0x12fcc: xor byte ptr [bp + 0xe08], ah
0x12fd0: inc di
0x12fd1: and byte ptr [si + 0x5e], ah
0x12fd4: or dh, al
0x12fd6: je 0x12fde
0x12fd8: cmc
0x12fd9: add byte ptr [bx + si], al
0x12fdb: std
0x12fdc: add byte ptr [bx + si], al
0x12fde: or al, 0x37
2018-12-17T22:22:50.505330553Z 44 PC: 12fc4 | Get time 0x12fc4: ret
0x12fc5: xor al, ch
0x12fc7: add bh, al
0x12fc9: je 0x12f91
0x12fcb: insb byte ptr es:[di], dx
0x12fcc: xor byte ptr [bp + 0xe08], ah
0x12fd0: inc di
0x12fd1: and byte ptr [si + 0x5e], ah
0x12fd4: or dh, al
0x12fd6: je 0x12fde
0x12fd8: cmc
0x12fd9: add byte ptr [bx + si], al
0x12fdb: std
0x12fdc: add byte ptr [bx + si], al
0x12fde: or al, 0x37
2018-12-17T22:22:50.508797429Z 64 PC: 12f0e | Write file or device (Write 150 bytes on handle 5)
2018-12-17T22:22:50.511876208Z 87 PC: 12fac | Get or set file date and time
2018-12-17T22:22:50.513399781Z 62 PC: 12fb0 | Close file
2018-12-17T22:22:50.522319591Z 67 PC: 12fbf | Get or set file attributes
2018-12-17T22:22:50.527960977Z 42 PC: 12f16 | Get date 0x12f16: cmp cx, 0x7cc
0x12f1a: jb 0x12f37
0x12f1c: add al, dl
0x12f1e: cmp al, 0x18
0x12f20: jne 0x12f37
0x12f22: mov di, 0x542
0x12f25: call 0x12f51
0x12f28: mov al, byte ptr [di]
0x12f2a: cmp al, 0x46
0x12f2c: je 0x12f34
0x12f2e: call 0x1305c
0x12f31: jmp 0x12f22
0x12f34: jmp 0x1303a
0x12f37: mov ah, 0x1a
0x12f39: mov di, 0x136
0x12f3c: call 0x12f51
0x12f3f: mov dx, word ptr [di]
0x12f41: int 0x21
0x12f43: pop bp
0x12f44: pop di
2018-12-17T22:22:50.530858995Z 26 PC: 12f43 | Set disk transfer address
2018-12-17T22:22:50.533169717Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:22:50.537946922Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4006,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:48.053414473Z 47 PC: 12c20 | Get disk transfer address
2018-12-25T11:50:48.056376984Z 26 PC: 12c7f | Set disk transfer address
2018-12-25T11:50:48.057652729Z 65 PC: 12c10 | Delete file (Filename = 'CHKLIST.CPS')
2018-12-25T11:50:48.063477631Z 65 PC: 12c10 | Delete file (See above)
2018-12-25T11:50:48.069892563Z 67 PC: 12c1b | Get or set file attributes
2018-12-25T11:50:48.076046327Z 65 PC: 12c10 | Delete file (See above)
2018-12-25T11:50:48.082179412Z 78 PC: 12d3a | Find first file
2018-12-25T11:50:48.094297258Z 67 PC: 12d76 | Get or set file attributes
2018-12-25T11:50:48.105766709Z 67 PC: 12d87 | Get or set file attributes
2018-12-25T11:50:48.12125593Z 61 PC: 12d93 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:48.127969294Z 87 PC: 12da0 | Get or set file date and time
2018-12-25T11:50:48.13013215Z 66 PC: 12dba | Move file pointer
2018-12-25T11:50:48.131818865Z 66 PC: 12de6 | Move file pointer
2018-12-25T11:50:48.133410744Z 63 PC: 12df5 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:50:48.140060633Z 66 PC: 12e19 | Move file pointer
2018-12-25T11:50:48.141685265Z 64 PC: 12e34 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:50:48.144930838Z 44 PC: 12fc4 | Get time 0x12fc4: ret
0x12fc5: sbb dx, sp
0x12fc7: add bl, ah
0x12fc9: cmp ah, byte ptr [bp + di + 0x36]
0x12fcc: sbb byte ptr [bp + di + 4], dl
0x12fcf: pop es
0x12fd0: mov word ptr [0x3210], ax
0x12fd3: das
0x12fd4: add al, 0x63
0x12fd6: cmp al, byte ptr [bp + di]
0x12fd8: cli
0x12fd9: add byte ptr [bx + si], al
0x12fdb: inc byte ptr [bx + si]
0x12fdd: add byte ptr [bp + si - 0x64fa], dh
2018-12-25T11:50:48.151928394Z 44 PC: 12fc4 | Get time (See above)
2018-12-25T11:50:48.154100668Z 44 PC: 12fc4 | Get time (See above)
2018-12-25T11:50:48.156240953Z 44 PC: 12fc4 | Get time (See above)
2018-12-25T11:50:48.166603212Z 66 PC: 12ee0 | Move file pointer
2018-12-25T11:50:48.168443482Z 64 PC: 12ef6 | Write file or device (Write 1259 bytes on handle 5)
2018-12-25T11:50:48.176884181Z 44 PC: 12fc4 | Get time (See above)
2018-12-25T11:50:48.179713471Z 44 PC: 12fc4 | Get time (See above)
2018-12-25T11:50:48.181913561Z 64 PC: 12f0e | Write file or device (Write 156 bytes on handle 5)
2018-12-25T11:50:48.184902276Z 87 PC: 12fac | Get or set file date and time
2018-12-25T11:50:48.18725631Z 62 PC: 12fb0 | Close file
2018-12-25T11:50:48.19577272Z 67 PC: 12fbf | Get or set file attributes
2018-12-25T11:50:48.200298553Z 42 PC: 12f16 | Get date 0x12f16: cmp cx, 0x7cc
0x12f1a: jb 0x12f37
0x12f1c: add al, dl
0x12f1e: cmp al, 0x18
0x12f20: jne 0x12f37
0x12f22: mov di, 0x542
0x12f25: call 0x12f51
0x12f28: mov al, byte ptr [di]
0x12f2a: cmp al, 0x46
0x12f2c: je 0x12f34
0x12f2e: call 0x1305c
0x12f31: jmp 0x12f22
0x12f34: jmp 0x1303a
0x12f37: mov ah, 0x1a
0x12f39: mov di, 0x136
0x12f3c: call 0x12f51
0x12f3f: mov dx, word ptr [di]
0x12f41: int 0x21
0x12f43: pop bp
0x12f44: pop di
2018-12-25T11:50:48.202800106Z 26 PC: 12f43 | Set disk transfer address
2018-12-25T11:50:48.203866449Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:50:48.207385561Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1996,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4006,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:48.474432441Z 47 PC: 12c20 | Get disk transfer address
2018-12-25T11:50:48.476355721Z 26 PC: 12c7f | Set disk transfer address
2018-12-25T11:50:48.477545065Z 65 PC: 12c10 | Delete file (Filename = 'CHKLIST.CPS')
2018-12-25T11:50:48.483099292Z 65 PC: 12c10 | Delete file (See above)
2018-12-25T11:50:48.48915468Z 67 PC: 12c1b | Get or set file attributes
2018-12-25T11:50:48.494912698Z 65 PC: 12c10 | Delete file (See above)
2018-12-25T11:50:48.500818428Z 78 PC: 12d3a | Find first file
2018-12-25T11:50:48.512056575Z 67 PC: 12d76 | Get or set file attributes
2018-12-25T11:50:48.522546348Z 67 PC: 12d87 | Get or set file attributes
2018-12-25T11:50:48.540717792Z 61 PC: 12d93 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:48.547923855Z 87 PC: 12da0 | Get or set file date and time
2018-12-25T11:50:48.549302714Z 66 PC: 12dba | Move file pointer
2018-12-25T11:50:48.550618543Z 66 PC: 12de6 | Move file pointer
2018-12-25T11:50:48.552048027Z 63 PC: 12df5 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:50:48.558971488Z 66 PC: 12e19 | Move file pointer
2018-12-25T11:50:48.560333725Z 64 PC: 12e34 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:50:48.563025002Z 44 PC: 12fc4 | Get time 0x12fc4: ret
0x12fc5: sbb dx, sp
0x12fc7: add bl, ah
0x12fc9: cmp ah, byte ptr [bp + di + 0x36]
0x12fcc: sbb byte ptr [bp + di + 4], dl
0x12fcf: pop es
0x12fd0: mov word ptr [0x3210], ax
0x12fd3: das
0x12fd4: add al, 0x63
0x12fd6: cmp al, byte ptr [bp + di]
0x12fd8: cli
0x12fd9: add byte ptr [bx + si], al
0x12fdb: inc byte ptr [bx + si]
0x12fdd: add byte ptr [bp + si - 0x64fa], dh
2018-12-25T11:50:48.565506048Z 44 PC: 12fc4 | Get time (See above)
2018-12-25T11:50:48.567451758Z 44 PC: 12fc4 | Get time (See above)
2018-12-25T11:50:48.569527234Z 44 PC: 12fc4 | Get time (See above)
2018-12-25T11:50:48.572633399Z 66 PC: 12ee0 | Move file pointer
2018-12-25T11:50:48.574043906Z 64 PC: 12ef6 | Write file or device (Write 1259 bytes on handle 5)
2018-12-25T11:50:48.582364593Z 44 PC: 12fc4 | Get time (See above)
2018-12-25T11:50:48.58525152Z 44 PC: 12fc4 | Get time (See above)
2018-12-25T11:50:48.587305743Z 64 PC: 12f0e | Write file or device (Write 156 bytes on handle 5)
2018-12-25T11:50:48.58983021Z 87 PC: 12fac | Get or set file date and time
2018-12-25T11:50:48.591663938Z 62 PC: 12fb0 | Close file
2018-12-25T11:50:48.600723468Z 67 PC: 12fbf | Get or set file attributes
2018-12-25T11:50:48.605832414Z 42 PC: 12f16 | Get date 0x12f16: cmp cx, 0x7cc
0x12f1a: jb 0x12f37
0x12f1c: add al, dl
0x12f1e: cmp al, 0x18
0x12f20: jne 0x12f37
0x12f22: mov di, 0x542
0x12f25: call 0x12f51
0x12f28: mov al, byte ptr [di]
0x12f2a: cmp al, 0x46
0x12f2c: je 0x12f34
0x12f2e: call 0x1305c
0x12f31: jmp 0x12f22
0x12f34: jmp 0x1303a
0x12f37: mov ah, 0x1a
0x12f39: mov di, 0x136
0x12f3c: call 0x12f51
0x12f3f: mov dx, word ptr [di]
0x12f41: int 0x21
0x12f43: pop bp
0x12f44: pop di
2018-12-25T11:50:48.609025884Z 26 PC: 12f43 | Set disk transfer address
2018-12-25T11:50:48.610141382Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:50:48.61552138Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":19,"Month":1,"Year":1996,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4006,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:48.358520151Z 47 PC: 12c20 | Get disk transfer address
2018-12-25T11:50:48.360473799Z 26 PC: 12c7f | Set disk transfer address
2018-12-25T11:50:48.361704409Z 65 PC: 12c10 | Delete file (Filename = 'CHKLIST.CPS')
2018-12-25T11:50:48.368289649Z 65 PC: 12c10 | Delete file (See above)
2018-12-25T11:50:48.372528314Z 67 PC: 12c1b | Get or set file attributes
2018-12-25T11:50:48.378830471Z 65 PC: 12c10 | Delete file (See above)
2018-12-25T11:50:48.385084254Z 78 PC: 12d3a | Find first file
2018-12-25T11:50:48.397209048Z 67 PC: 12d76 | Get or set file attributes
2018-12-25T11:50:48.409026866Z 67 PC: 12d87 | Get or set file attributes
2018-12-25T11:50:49.504727609Z 61 PC: 12d93 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:49.512274708Z 87 PC: 12da0 | Get or set file date and time
2018-12-25T11:50:49.514740945Z 66 PC: 12dba | Move file pointer
2018-12-25T11:50:49.516403953Z 66 PC: 12de6 | Move file pointer
2018-12-25T11:50:49.518588687Z 63 PC: 12df5 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:50:50.123077257Z 66 PC: 12e19 | Move file pointer
2018-12-25T11:50:50.124315221Z 64 PC: 12e34 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:50:50.12621931Z 44 PC: 12fc4 | Get time 0x12fc4: ret
0x12fc5: sbb dx, sp
0x12fc7: add bl, ah
0x12fc9: cmp ah, byte ptr [bp + di + 0x36]
0x12fcc: sbb byte ptr [bp + di + 4], dl
0x12fcf: pop es
0x12fd0: mov word ptr [0x3210], ax
0x12fd3: das
0x12fd4: add al, 0x63
0x12fd6: cmp al, byte ptr [bp + di]
0x12fd8: cli
0x12fd9: add byte ptr [bx + si], al
0x12fdb: inc byte ptr [bx + si]
0x12fdd: add byte ptr [bp + si - 0x64fa], dh
2018-12-25T11:50:50.128181416Z 44 PC: 12fc4 | Get time (See above)
2018-12-25T11:50:50.129870442Z 44 PC: 12fc4 | Get time (See above)
2018-12-25T11:50:50.131365108Z 44 PC: 12fc4 | Get time (See above)
2018-12-25T11:50:50.133473162Z 66 PC: 12ee0 | Move file pointer
2018-12-25T11:50:50.134504877Z 64 PC: 12ef6 | Write file or device (Write 1259 bytes on handle 5)
2018-12-25T11:50:52.802898108Z 44 PC: 12fc4 | Get time (See above)
2018-12-25T11:50:52.805914114Z 44 PC: 12fc4 | Get time (See above)
2018-12-25T11:50:52.808396974Z 64 PC: 12f0e | Write file or device (Write 168 bytes on handle 5)
2018-12-25T11:50:52.811263181Z 87 PC: 12fac | Get or set file date and time
2018-12-25T11:50:52.813090277Z 62 PC: 12fb0 | Close file
2018-12-25T11:50:54.816482676Z 67 PC: 12fbf | Get or set file attributes
2018-12-25T11:50:54.821828811Z 42 PC: 12f16 | Get date 0x12f16: cmp cx, 0x7cc
0x12f1a: jb 0x12f37
0x12f1c: add al, dl
0x12f1e: cmp al, 0x18
0x12f20: jne 0x12f37
0x12f22: mov di, 0x542
0x12f25: call 0x12f51
0x12f28: mov al, byte ptr [di]
0x12f2a: cmp al, 0x46
0x12f2c: je 0x12f34
0x12f2e: call 0x1305c
0x12f31: jmp 0x12f22
0x12f34: jmp 0x1303a
0x12f37: mov ah, 0x1a
0x12f39: mov di, 0x136
0x12f3c: call 0x12f51
0x12f3f: mov dx, word ptr [di]
0x12f41: int 0x21
0x12f43: pop bp
0x12f44: pop di