Sample viewer

vx.netlux.org/Virus.DOS.BMF.533

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:27:53.208084808Z	26	PC: 12cf2 \| Set disk transfer address
2018-12-17T22:27:53.210289176Z	78	PC: 12c76 \| Find first file
2018-12-17T22:27:53.217520458Z	61	PC: 12ce5 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:27:53.224920563Z	63	PC: 12cb1 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:27:53.232627545Z	66	PC: 12cbc \| Move file pointer
2018-12-17T22:27:53.236085184Z	44	PC: 12cca \| Get time 0x12cca: mov byte ptr [bp + 0x19f], dh 0x12cce: mov byte ptr [bp + 0x1a0], dl 0x12cd2: mov byte ptr [bp + 0x1a1], cl 0x12cd6: mov byte ptr [bp + 0x1a2], ch 0x12cda: ret 0x12cdb: mov ah, 0x3d 0x12cdd: mov al, 2 0x12cdf: lea dx, word ptr [bp + 0x314] 0x12ce3: int 0x21 0x12ce5: mov word ptr [bp + 0x2bf], ax 0x12ce9: ret 0x12cea: mov ah, 0x1a 0x12cec: lea dx, word ptr [bp + 0x2f6] 0x12cf0: int 0x21 0x12cf2: ret 0x12cf3: push ds 0x12cf4: push es 0x12cf5: mov ah, 0x2a 0x12cf7: int 0x21 0x12cf9: cmp dl, 9
2018-12-17T22:27:53.239510501Z	63	PC: 12bed \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:27:53.243258507Z	66	PC: 12bf8 \| Move file pointer
2018-12-17T22:27:53.246148631Z	64	PC: 12c03 \| Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:27:53.249411701Z	64	PC: 12c0e \| Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:27:53.254434451Z	66	PC: 12c1c \| Move file pointer
2018-12-17T22:27:53.257211168Z	64	PC: 12c28 \| Write file or device (Write 533 bytes on handle 5)
2018-12-17T22:27:53.273670653Z	62	PC: 12cc5 \| Close file
2018-12-17T22:27:53.282776963Z	42	PC: 12cf9 \| Get date 0x12cf9: cmp dl, 9 0x12cfc: jne 0x12d34 0x12cfe: mov ah, 0x2c 0x12d00: int 0x21 0x12d02: cmp ch, 1 0x12d05: je 0x12d0a 0x12d07: jmp 0x12d17 0x12d09: nop 0x12d0a: mov ah, 9 0x12d0c: lea dx, word ptr [bp + 0x2c8] 0x12d10: int 0x21 0x12d12: mov ax, 0x4c00 0x12d15: int 0x21 0x12d17: mov ax, 0 0x12d1a: mov es, ax 0x12d1c: mov cx, 0xf 0x12d1f: nop 0x12d20: mov di, 0x200 0x12d23: lea si, word ptr [bp + 0x2aa] 0x12d27: cld
2018-12-17T22:27:53.286204895Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:27:53.296154599Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4965,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:18.597803471Z	26	PC: 12cf2 \| Set disk transfer address
2018-12-25T11:53:18.599141061Z	78	PC: 12c76 \| Find first file
2018-12-25T11:53:18.605826789Z	61	PC: 12ce5 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:53:18.612986633Z	63	PC: 12cb1 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:53:18.619839151Z	66	PC: 12cbc \| Move file pointer
2018-12-25T11:53:18.640760658Z	44	PC: 12cca \| Get time 0x12cca: mov byte ptr [bp + 0x19f], dh 0x12cce: mov byte ptr [bp + 0x1a0], dl 0x12cd2: mov byte ptr [bp + 0x1a1], cl 0x12cd6: mov byte ptr [bp + 0x1a2], ch 0x12cda: ret 0x12cdb: mov ah, 0x3d 0x12cdd: mov al, 2 0x12cdf: lea dx, word ptr [bp + 0x314] 0x12ce3: int 0x21 0x12ce5: mov word ptr [bp + 0x2bf], ax 0x12ce9: ret 0x12cea: mov ah, 0x1a 0x12cec: lea dx, word ptr [bp + 0x2f6] 0x12cf0: int 0x21 0x12cf2: ret 0x12cf3: push ds 0x12cf4: push es 0x12cf5: mov ah, 0x2a 0x12cf7: int 0x21 0x12cf9: cmp dl, 9
2018-12-25T11:53:18.643288309Z	63	PC: 12bed \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:53:18.64588991Z	66	PC: 12bf8 \| Move file pointer
2018-12-25T11:53:18.647893096Z	64	PC: 12c03 \| Write file or device (Write 1 bytes on handle 5)
2018-12-25T11:53:18.651167247Z	64	PC: 12c0e \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:53:18.655007761Z	66	PC: 12c1c \| Move file pointer
2018-12-25T11:53:18.65829664Z	64	PC: 12c28 \| Write file or device (Write 533 bytes on handle 5)
2018-12-25T11:53:18.753815381Z	62	PC: 12cc5 \| Close file
2018-12-25T11:53:18.759533816Z	42	PC: 12cf9 \| Get date 0x12cf9: cmp dl, 9 0x12cfc: jne 0x12d34 0x12cfe: mov ah, 0x2c 0x12d00: int 0x21 0x12d02: cmp ch, 1 0x12d05: je 0x12d0a 0x12d07: jmp 0x12d17 0x12d09: nop 0x12d0a: mov ah, 9 0x12d0c: lea dx, word ptr [bp + 0x2c8] 0x12d10: int 0x21 0x12d12: mov ax, 0x4c00 0x12d15: int 0x21 0x12d17: mov ax, 0 0x12d1a: mov es, ax 0x12d1c: mov cx, 0xf 0x12d1f: nop 0x12d20: mov di, 0x200 0x12d23: lea si, word ptr [bp + 0x2aa] 0x12d27: cld
2018-12-25T11:53:18.761628303Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:53:18.76609218Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":9,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4965,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:18.572535263Z	26	PC: 12cf2 \| Set disk transfer address
2018-12-25T11:53:18.574714816Z	78	PC: 12c76 \| Find first file
2018-12-25T11:53:18.580566381Z	61	PC: 12ce5 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:53:18.586139124Z	63	PC: 12cb1 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:53:18.590704934Z	66	PC: 12cbc \| Move file pointer
2018-12-25T11:53:18.591957799Z	44	PC: 12cca \| Get time 0x12cca: mov byte ptr [bp + 0x19f], dh 0x12cce: mov byte ptr [bp + 0x1a0], dl 0x12cd2: mov byte ptr [bp + 0x1a1], cl 0x12cd6: mov byte ptr [bp + 0x1a2], ch 0x12cda: ret 0x12cdb: mov ah, 0x3d 0x12cdd: mov al, 2 0x12cdf: lea dx, word ptr [bp + 0x314] 0x12ce3: int 0x21 0x12ce5: mov word ptr [bp + 0x2bf], ax 0x12ce9: ret 0x12cea: mov ah, 0x1a 0x12cec: lea dx, word ptr [bp + 0x2f6] 0x12cf0: int 0x21 0x12cf2: ret 0x12cf3: push ds 0x12cf4: push es 0x12cf5: mov ah, 0x2a 0x12cf7: int 0x21 0x12cf9: cmp dl, 9
2018-12-25T11:53:18.594013145Z	63	PC: 12bed \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:53:18.596704902Z	66	PC: 12bf8 \| Move file pointer
2018-12-25T11:53:18.59812091Z	64	PC: 12c03 \| Write file or device (Write 1 bytes on handle 5)
2018-12-25T11:53:18.600580408Z	64	PC: 12c0e \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:53:18.603668142Z	66	PC: 12c1c \| Move file pointer
2018-12-25T11:53:18.605561886Z	64	PC: 12c28 \| Write file or device (Write 533 bytes on handle 5)
2018-12-25T11:53:19.476168902Z	62	PC: 12cc5 \| Close file
2018-12-25T11:53:19.484698782Z	42	PC: 12cf9 \| Get date 0x12cf9: cmp dl, 9 0x12cfc: jne 0x12d34 0x12cfe: mov ah, 0x2c 0x12d00: int 0x21 0x12d02: cmp ch, 1 0x12d05: je 0x12d0a 0x12d07: jmp 0x12d17 0x12d09: nop 0x12d0a: mov ah, 9 0x12d0c: lea dx, word ptr [bp + 0x2c8] 0x12d10: int 0x21 0x12d12: mov ax, 0x4c00 0x12d15: int 0x21 0x12d17: mov ax, 0 0x12d1a: mov es, ax 0x12d1c: mov cx, 0xf 0x12d1f: nop 0x12d20: mov di, 0x200 0x12d23: lea si, word ptr [bp + 0x2aa] 0x12d27: cld
2018-12-25T11:53:19.488368207Z	44	PC: 12d02 \| Get time 0x12d02: cmp ch, 1 0x12d05: je 0x12d0a 0x12d07: jmp 0x12d17 0x12d09: nop 0x12d0a: mov ah, 9 0x12d0c: lea dx, word ptr [bp + 0x2c8] 0x12d10: int 0x21 0x12d12: mov ax, 0x4c00 0x12d15: int 0x21 0x12d17: mov ax, 0 0x12d1a: mov es, ax 0x12d1c: mov cx, 0xf 0x12d1f: nop 0x12d20: mov di, 0x200 0x12d23: lea si, word ptr [bp + 0x2aa] 0x12d27: cld 0x12d28: rep movsb byte ptr es:[di], byte ptr [si] 0x12d2a: mov ds, ax 0x12d2c: mov ax, 0x251c 0x12d2f: mov dx, 0x200
2018-12-25T11:53:19.490824037Z	37	PC: 12d34 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:53:19.492260444Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:53:19.498454271Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')