Sample viewer

vx.netlux.org/Virus.DOS.LosLobos.535

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:25:50.223080727Z	11	PC: 13e5f \| Get input status
2018-12-17T22:25:50.22676577Z	42	PC: 13e75 \| Get date 0x13e75: cmp al, 0 0x13e77: jne 0x13ea1 0x13e79: mov ah, 0x2b 0x13e7b: mov cx, 0x1979 0x13e7e: mov dh, 0x12 0x13e80: mov dl, 2 0x13e82: int 0x21 0x13e84: jmp 0x13e99 0x13e86: bound sp, dword ptr [bx + di + 0x69] 0x13e89: insb byte ptr es:[di], dx 0x13e8a: outsw dx, word ptr [si] 0x13e8b: jae 0x13ead 0x13e8d: insb byte ptr es:[di], dx 0x13e8e: outsw dx, word ptr [si] 0x13e8f: jae 0x13eb1 0x13e91: insb byte ptr es:[di], dx 0x13e92: outsw dx, word ptr [si] 0x13e93: bound bp, dword ptr [bx + 0x73] 0x13e96: or ax, 0x240a 0x13e99: mov ah, 9
2018-12-17T22:25:50.229366833Z	71	PC: 13eab \| Get current directory
2018-12-17T22:25:50.232515341Z	59	PC: 13eb3 \| Change current directory
2018-12-17T22:25:50.234743821Z	59	PC: 13ebb \| Change current directory
2018-12-17T22:25:50.240490166Z	26	PC: 13ed9 \| Set disk transfer address
2018-12-17T22:25:50.242045178Z	78	PC: 13ef6 \| Find first file
2018-12-17T22:25:50.248650334Z	79	PC: 13f16 \| Find next file
2018-12-17T22:25:50.251688291Z	79	PC: 13f16 \| Find next file
2018-12-17T22:25:50.253551462Z	79	PC: 13f16 \| Find next file
2018-12-17T22:25:50.255424016Z	79	PC: 13f16 \| Find next file
2018-12-17T22:25:50.257882074Z	79	PC: 13f16 \| Find next file
2018-12-17T22:25:50.259757804Z	79	PC: 13f16 \| Find next file
2018-12-17T22:25:50.261676805Z	79	PC: 13f16 \| Find next file
2018-12-17T22:25:50.264320068Z	61	PC: 13f49 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:25:50.268793302Z	63	PC: 13f61 \| Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:25:50.274460189Z	79	PC: 13f16 \| Find next file
2018-12-17T22:25:50.277988728Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T22:25:50.28172491Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4573,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:11.159923492Z	11	PC: 13e5f \| Get input status
2018-12-25T11:52:11.162994521Z	42	PC: 13e75 \| Get date 0x13e75: cmp al, 0 0x13e77: jne 0x13ea1 0x13e79: mov ah, 0x2b 0x13e7b: mov cx, 0x1979 0x13e7e: mov dh, 0x12 0x13e80: mov dl, 2 0x13e82: int 0x21 0x13e84: jmp 0x13e99 0x13e86: bound sp, dword ptr [bx + di + 0x69] 0x13e89: insb byte ptr es:[di], dx 0x13e8a: outsw dx, word ptr [si] 0x13e8b: jae 0x13ead 0x13e8d: insb byte ptr es:[di], dx 0x13e8e: outsw dx, word ptr [si] 0x13e8f: jae 0x13eb1 0x13e91: insb byte ptr es:[di], dx 0x13e92: outsw dx, word ptr [si] 0x13e93: bound bp, dword ptr [bx + 0x73] 0x13e96: or ax, 0x240a 0x13e99: mov ah, 9
2018-12-25T11:52:11.165050435Z	71	PC: 13eab \| Get current directory
2018-12-25T11:52:11.16779465Z	59	PC: 13eb3 \| Change current directory
2018-12-25T11:52:11.170820959Z	59	PC: 13ebb \| Change current directory
2018-12-25T11:52:11.175342148Z	26	PC: 13ed9 \| Set disk transfer address
2018-12-25T11:52:11.176670707Z	78	PC: 13ef6 \| Find first file
2018-12-25T11:52:11.188619986Z	79	PC: 13f16 \| Find next file
2018-12-25T11:52:11.191531375Z	79	PC: 13f16 \| Find next file (See above)
2018-12-25T11:52:11.194319825Z	79	PC: 13f16 \| Find next file (See above)
2018-12-25T11:52:11.197142419Z	79	PC: 13f16 \| Find next file (See above)
2018-12-25T11:52:11.200951344Z	79	PC: 13f16 \| Find next file (See above)
2018-12-25T11:52:11.204485506Z	79	PC: 13f16 \| Find next file (See above)
2018-12-25T11:52:11.207262606Z	79	PC: 13f16 \| Find next file (See above)
2018-12-25T11:52:11.211020035Z	61	PC: 13f49 \| Open file (Filename = 'TEST.COM')
2018-12-25T11:52:11.217697208Z	63	PC: 13f61 \| Read file or device (Read 65535 bytes on handle 5)
2018-12-25T11:52:11.225330361Z	79	PC: 13f16 \| Find next file (See above)
2018-12-25T11:52:11.229147409Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T11:52:11.234842401Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4573,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:11.207142525Z	11	PC: 13e5f \| Get input status
2018-12-25T11:52:11.210197147Z	42	PC: 13e75 \| Get date 0x13e75: cmp al, 0 0x13e77: jne 0x13ea1 0x13e79: mov ah, 0x2b 0x13e7b: mov cx, 0x1979 0x13e7e: mov dh, 0x12 0x13e80: mov dl, 2 0x13e82: int 0x21 0x13e84: jmp 0x13e99 0x13e86: bound sp, dword ptr [bx + di + 0x69] 0x13e89: insb byte ptr es:[di], dx 0x13e8a: outsw dx, word ptr [si] 0x13e8b: jae 0x13ead 0x13e8d: insb byte ptr es:[di], dx 0x13e8e: outsw dx, word ptr [si] 0x13e8f: jae 0x13eb1 0x13e91: insb byte ptr es:[di], dx 0x13e92: outsw dx, word ptr [si] 0x13e93: bound bp, dword ptr [bx + 0x73] 0x13e96: or ax, 0x240a 0x13e99: mov ah, 9
2018-12-25T11:52:11.212857757Z	43	PC: 13e84 \| Set date
2018-12-25T11:52:11.214143567Z	9	PC: 13ea1 \| Display string (String= 'bailos los lobos ')
2018-12-25T11:52:11.218341433Z	71	PC: 13eab \| Get current directory
2018-12-25T11:52:11.221813133Z	59	PC: 13eb3 \| Change current directory
2018-12-25T11:52:11.224000792Z	59	PC: 13ebb \| Change current directory
2018-12-25T11:52:11.228491075Z	26	PC: 13ed9 \| Set disk transfer address
2018-12-25T11:52:11.235479412Z	78	PC: 13ef6 \| Find first file
2018-12-25T11:52:11.241745724Z	79	PC: 13f16 \| Find next file
2018-12-25T11:52:11.24464816Z	79	PC: 13f16 \| Find next file (See above)
2018-12-25T11:52:11.248631567Z	79	PC: 13f16 \| Find next file (See above)
2018-12-25T11:52:11.251323505Z	79	PC: 13f16 \| Find next file (See above)
2018-12-25T11:52:11.254044851Z	79	PC: 13f16 \| Find next file (See above)
2018-12-25T11:52:11.258610813Z	79	PC: 13f16 \| Find next file (See above)
2018-12-25T11:52:11.261267084Z	79	PC: 13f16 \| Find next file (See above)
2018-12-25T11:52:11.263834916Z	61	PC: 13f49 \| Open file (Filename = 'TEST.COM')
2018-12-25T11:52:11.271139776Z	63	PC: 13f61 \| Read file or device (Read 65535 bytes on handle 5)
2018-12-25T11:52:11.278854153Z	79	PC: 13f16 \| Find next file (See above)
2018-12-25T11:52:11.28161492Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T11:52:11.287932232Z	0	PC: 12a89 \| Program terminate