Sample viewer

vx.netlux.org/Virus.DOS.Three6.666

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:54:53.931468398Z	6	PC: 12bb9 \| Direct console I/O
2018-12-17T21:54:53.934673216Z	42	PC: 12bbd \| Get date 0x12bbd: cmp cx, 0x7cc 0x12bc1: jne 0x12bd6 0x12bc3: cmp dx, 0xc0d 0x12bc7: jl 0x12bd6 0x12bc9: mov al, 0x80 0x12bcb: mov bx, 0 0x12bce: mov dx, 2 0x12bd1: mov cx, 0x190 0x12bd4: int 0x26 0x12bd6: mov bx, 0x101 0x12bd9: mov ax, word ptr [bx] 0x12bdb: push ax 0x12bdc: add ax, 0x125 0x12bdf: mov si, ax 0x12be1: pop ax 0x12be2: add ax, 0x105 0x12be5: mov bx, ax 0x12be7: mov al, byte ptr [bx] 0x12be9: mov ah, byte ptr [bx + 1] 0x12bec: mov cl, byte ptr [bx + 2]
2018-12-17T21:54:53.937168161Z	61	PC: 12c16 \| Open file (Filename = 'c:\command.com')
2018-12-17T21:54:53.943804018Z	66	PC: 12c2f \| Move file pointer
2018-12-17T21:54:53.946349044Z	66	PC: 12c3d \| Move file pointer
2018-12-17T21:54:53.949112126Z	63	PC: 12c48 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:54:53.955226692Z	66	PC: 12c6f \| Move file pointer
2018-12-17T21:54:53.957507513Z	63	PC: 12c77 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:54:53.961685891Z	66	PC: 12c87 \| Move file pointer
2018-12-17T21:54:53.963401934Z	66	PC: 12c9f \| Move file pointer
2018-12-17T21:54:53.965034183Z	64	PC: 12ca7 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:54:53.96907653Z	66	PC: 12cb4 \| Move file pointer
2018-12-17T21:54:53.97047773Z	64	PC: 12ccf \| Write file or device (Write 666 bytes on handle 5)
2018-12-17T21:54:54.322916446Z	62	PC: 12cd5 \| Close file
2018-12-17T21:54:54.331348086Z	78	PC: 12d13 \| Find first file
2018-12-17T21:54:54.339969151Z	61	PC: 12d32 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T21:54:54.346548044Z	66	PC: 12d40 \| Move file pointer
2018-12-17T21:54:54.348917596Z	66	PC: 12d56 \| Move file pointer
2018-12-17T21:54:54.350276305Z	63	PC: 12d61 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:54:54.356573395Z	66	PC: 12d92 \| Move file pointer
2018-12-17T21:54:54.359406985Z	63	PC: 12d9a \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:54:54.362001744Z	66	PC: 12daa \| Move file pointer
2018-12-17T21:54:54.363445733Z	66	PC: 12dc2 \| Move file pointer
2018-12-17T21:54:54.364995292Z	64	PC: 12dca \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:54:54.368658105Z	66	PC: 12dd6 \| Move file pointer
2018-12-17T21:54:54.370194334Z	64	PC: 12df2 \| Write file or device (Write 666 bytes on handle 5)
2018-12-17T21:54:54.384433752Z	62	PC: 12df6 \| Close file
2018-12-17T21:54:54.397554935Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T21:54:54.402150189Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":530,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:12.611956687Z	6	PC: 12bb9 \| Direct console I/O
2018-12-25T11:41:12.614551687Z	42	PC: 12bbd \| Get date 0x12bbd: cmp cx, 0x7cc 0x12bc1: jne 0x12bd6 0x12bc3: cmp dx, 0xc0d 0x12bc7: jl 0x12bd6 0x12bc9: mov al, 0x80 0x12bcb: mov bx, 0 0x12bce: mov dx, 2 0x12bd1: mov cx, 0x190 0x12bd4: int 0x26 0x12bd6: mov bx, 0x101 0x12bd9: mov ax, word ptr [bx] 0x12bdb: push ax 0x12bdc: add ax, 0x125 0x12bdf: mov si, ax 0x12be1: pop ax 0x12be2: add ax, 0x105 0x12be5: mov bx, ax 0x12be7: mov al, byte ptr [bx] 0x12be9: mov ah, byte ptr [bx + 1] 0x12bec: mov cl, byte ptr [bx + 2]
2018-12-25T11:41:12.616037716Z	61	PC: 12c16 \| Open file (Filename = 'c:\command.com')
2018-12-25T11:41:12.620303914Z	66	PC: 12c2f \| Move file pointer
2018-12-25T11:41:12.621641966Z	66	PC: 12c3d \| Move file pointer
2018-12-25T11:41:12.622856668Z	63	PC: 12c48 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:12.624825746Z	66	PC: 12c6f \| Move file pointer
2018-12-25T11:41:12.626335611Z	63	PC: 12c77 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:12.628705047Z	66	PC: 12c87 \| Move file pointer
2018-12-25T11:41:12.629872129Z	66	PC: 12c9f \| Move file pointer
2018-12-25T11:41:12.631246236Z	64	PC: 12ca7 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:12.633000862Z	66	PC: 12cb4 \| Move file pointer
2018-12-25T11:41:12.633871561Z	64	PC: 12ccf \| Write file or device (Write 666 bytes on handle 5)
2018-12-25T11:41:15.065152006Z	62	PC: 12cd5 \| Close file
2018-12-25T11:41:15.159143358Z	78	PC: 12d13 \| Find first file
2018-12-25T11:41:15.164950604Z	61	PC: 12d32 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:15.171331145Z	66	PC: 12d40 \| Move file pointer
2018-12-25T11:41:15.172774401Z	66	PC: 12d56 \| Move file pointer
2018-12-25T11:41:15.173981902Z	63	PC: 12d61 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:15.180243433Z	66	PC: 12d92 \| Move file pointer
2018-12-25T11:41:15.181780761Z	63	PC: 12d9a \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:15.184389337Z	66	PC: 12daa \| Move file pointer
2018-12-25T11:41:15.185998331Z	66	PC: 12dc2 \| Move file pointer
2018-12-25T11:41:15.192735867Z	64	PC: 12dca \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:15.195308984Z	66	PC: 12dd6 \| Move file pointer
2018-12-25T11:41:15.196832732Z	64	PC: 12df2 \| Write file or device (Write 666 bytes on handle 5)
2018-12-25T11:41:17.137230612Z	62	PC: 12df6 \| Close file
2018-12-25T11:41:17.302461265Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:41:17.308394117Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1996,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":530,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:12.630346137Z	6	PC: 12bb9 \| Direct console I/O
2018-12-25T11:41:12.632973166Z	42	PC: 12bbd \| Get date 0x12bbd: cmp cx, 0x7cc 0x12bc1: jne 0x12bd6 0x12bc3: cmp dx, 0xc0d 0x12bc7: jl 0x12bd6 0x12bc9: mov al, 0x80 0x12bcb: mov bx, 0 0x12bce: mov dx, 2 0x12bd1: mov cx, 0x190 0x12bd4: int 0x26 0x12bd6: mov bx, 0x101 0x12bd9: mov ax, word ptr [bx] 0x12bdb: push ax 0x12bdc: add ax, 0x125 0x12bdf: mov si, ax 0x12be1: pop ax 0x12be2: add ax, 0x105 0x12be5: mov bx, ax 0x12be7: mov al, byte ptr [bx] 0x12be9: mov ah, byte ptr [bx + 1] 0x12bec: mov cl, byte ptr [bx + 2]
2018-12-25T11:41:12.634986482Z	61	PC: 12c16 \| Open file (Filename = 'c:\command.com')
2018-12-25T11:41:12.640813741Z	66	PC: 12c2f \| Move file pointer
2018-12-25T11:41:12.642397422Z	66	PC: 12c3d \| Move file pointer
2018-12-25T11:41:12.643543931Z	63	PC: 12c48 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:12.646188794Z	66	PC: 12c6f \| Move file pointer
2018-12-25T11:41:12.647896348Z	63	PC: 12c77 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:12.650290524Z	66	PC: 12c87 \| Move file pointer
2018-12-25T11:41:12.651508096Z	66	PC: 12c9f \| Move file pointer
2018-12-25T11:41:12.653068076Z	64	PC: 12ca7 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:12.65549328Z	66	PC: 12cb4 \| Move file pointer
2018-12-25T11:41:12.656687858Z	64	PC: 12ccf \| Write file or device (Write 666 bytes on handle 5)
2018-12-25T11:41:15.071141318Z	62	PC: 12cd5 \| Close file
2018-12-25T11:41:15.183950809Z	78	PC: 12d13 \| Find first file
2018-12-25T11:41:15.190424189Z	61	PC: 12d32 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:15.196780788Z	66	PC: 12d40 \| Move file pointer
2018-12-25T11:41:15.198277545Z	66	PC: 12d56 \| Move file pointer
2018-12-25T11:41:15.199545746Z	63	PC: 12d61 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:15.206271669Z	66	PC: 12d92 \| Move file pointer
2018-12-25T11:41:15.208823379Z	63	PC: 12d9a \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:15.211112321Z	66	PC: 12daa \| Move file pointer
2018-12-25T11:41:15.212357142Z	66	PC: 12dc2 \| Move file pointer
2018-12-25T11:41:15.214133761Z	64	PC: 12dca \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:15.216594442Z	66	PC: 12dd6 \| Move file pointer
2018-12-25T11:41:15.217837216Z	64	PC: 12df2 \| Write file or device (Write 666 bytes on handle 5)
2018-12-25T11:41:17.137983922Z	62	PC: 12df6 \| Close file
2018-12-25T11:41:17.30812906Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:41:17.313626884Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":13,"Month":12,"Year":1996,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":530,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:15.403066986Z	6	PC: 12bb9 \| Direct console I/O
2018-12-25T11:41:15.406302415Z	42	PC: 12bbd \| Get date 0x12bbd: cmp cx, 0x7cc 0x12bc1: jne 0x12bd6 0x12bc3: cmp dx, 0xc0d 0x12bc7: jl 0x12bd6 0x12bc9: mov al, 0x80 0x12bcb: mov bx, 0 0x12bce: mov dx, 2 0x12bd1: mov cx, 0x190 0x12bd4: int 0x26 0x12bd6: mov bx, 0x101 0x12bd9: mov ax, word ptr [bx] 0x12bdb: push ax 0x12bdc: add ax, 0x125 0x12bdf: mov si, ax 0x12be1: pop ax 0x12be2: add ax, 0x105 0x12be5: mov bx, ax 0x12be7: mov al, byte ptr [bx] 0x12be9: mov ah, byte ptr [bx + 1] 0x12bec: mov cl, byte ptr [bx + 2]
2018-12-25T11:41:15.409293338Z	61	PC: 12c16 \| Open file (Filename = 'c:\command.com')
2018-12-25T11:41:15.416179909Z	66	PC: 12c2f \| Move file pointer
2018-12-25T11:41:15.418162843Z	66	PC: 12c3d \| Move file pointer
2018-12-25T11:41:15.420099398Z	63	PC: 12c48 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:15.423672949Z	66	PC: 12c6f \| Move file pointer
2018-12-25T11:41:15.425491397Z	63	PC: 12c77 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:15.429097277Z	66	PC: 12c87 \| Move file pointer
2018-12-25T11:41:15.430624238Z	66	PC: 12c9f \| Move file pointer
2018-12-25T11:41:15.432101357Z	64	PC: 12ca7 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:15.436158625Z	66	PC: 12cb4 \| Move file pointer
2018-12-25T11:41:15.437775411Z	64	PC: 12ccf \| Write file or device (Write 666 bytes on handle 5)
2018-12-25T11:41:15.796923044Z	62	PC: 12cd5 \| Close file
2018-12-25T11:41:15.805882798Z	78	PC: 12d13 \| Find first file
2018-12-25T11:41:15.813125813Z	61	PC: 12d32 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:15.821527388Z	66	PC: 12d40 \| Move file pointer
2018-12-25T11:41:15.823874409Z	66	PC: 12d56 \| Move file pointer
2018-12-25T11:41:15.826130578Z	63	PC: 12d61 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:15.833229691Z	66	PC: 12d92 \| Move file pointer
2018-12-25T11:41:15.834876051Z	63	PC: 12d9a \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:15.838502033Z	66	PC: 12daa \| Move file pointer
2018-12-25T11:41:15.840076472Z	66	PC: 12dc2 \| Move file pointer
2018-12-25T11:41:15.84183783Z	64	PC: 12dca \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:15.846196413Z	66	PC: 12dd6 \| Move file pointer
2018-12-25T11:41:15.848151668Z	64	PC: 12df2 \| Write file or device (Write 666 bytes on handle 5)
2018-12-25T11:41:15.862881083Z	62	PC: 12df6 \| Close file
2018-12-25T11:41:15.873020003Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:41:15.879240365Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')