Sample viewer

vx.netlux.org/Virus.DOS.Voronezh.650

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:31:00.627362283Z	172	PC: 12a54 \| UNKNOWN!
2018-12-17T22:31:00.629115383Z	53	PC: 12abb \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:31:00.630230771Z	37	PC: 12adc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:31:00.631311069Z	44	PC: 13405 \| Get time 0x13405: cmp cl, 3 0x13408: jne 0x1341c 0x1340a: mov ax, 1 0x1340d: int 0x10 0x1340f: mov ah, 9 0x13411: push cs 0x13412: pop ds 0x13413: call 0x13416 0x13416: pop dx 0x13417: add dx, 7 0x1341a: int 0x21 0x1341c: ret 0x1341d: push si 0x1341e: imul sp, word ptr [si + 0x65], 0x206f 0x13423: insw word ptr es:[di], dx 0x13424: outsw dx, word ptr [si] 0x13425: and byte ptr gs:[bx + si], bh 0x13429: xor byte ptr [bx + si + 0x32], bh 0x1342c: xor ax, 0x6e20 0x1342f: outsw dx, word ptr [si]
2018-12-17T22:31:00.633469008Z	2	PC: 12de9 \| Character output (Char = '0d')
2018-12-17T22:31:00.635753543Z	2	PC: 12ded \| Character output (Char = '0a')
2018-12-17T22:31:00.638431989Z	9	PC: 12dde \| Display string (String= ' PC TIMER 1.23 ')
2018-12-17T22:31:00.640449407Z	2	PC: 12de9 \| Character output (Char = '0d')
2018-12-17T22:31:00.642316992Z	2	PC: 12ded \| Character output (Char = '0a')
2018-12-17T22:31:00.644992815Z	2	PC: 12de9 \| Character output (Char = '0d')
2018-12-17T22:31:00.646417598Z	2	PC: 12ded \| Character output (Char = '0a')
2018-12-17T22:31:00.64891075Z	2	PC: 12de9 \| Character output (Char = '0d')
2018-12-17T22:31:00.651350393Z	2	PC: 12ded \| Character output (Char = '0a')
2018-12-17T22:31:00.653660139Z	2	PC: 12de9 \| Character output (Char = '0d')
2018-12-17T22:31:00.655083488Z	2	PC: 12ded \| Character output (Char = '0a')
2018-12-17T22:31:00.657744425Z	9	PC: 12dde \| Display string (String= '�� ')
2018-12-17T22:31:00.664974016Z	2	PC: 12de9 \| Character output (Char = '0d')
2018-12-17T22:31:00.667667971Z	2	PC: 12ded \| Character output (Char = '0a')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5540,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:44.571497352Z	26	PC: 14113 \| Set disk transfer address
2018-12-25T11:54:44.573472564Z	78	PC: 14127 \| Find first file
2018-12-25T11:54:44.579488295Z	61	PC: 14134 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:44.585800804Z	66	PC: 14206 \| Move file pointer
2018-12-25T11:54:44.587511622Z	62	PC: 1415b \| Close file
2018-12-25T11:54:44.589532854Z	79	PC: 14127 \| Find next file (See above)
2018-12-25T11:54:44.592309957Z	61	PC: 14134 \| Open file (See above)
2018-12-25T11:54:44.599615306Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:44.601751405Z	62	PC: 1415b \| Close file (See above)
2018-12-25T11:54:44.603455485Z	79	PC: 14127 \| Find next file (See above)
2018-12-25T11:54:44.606349764Z	61	PC: 14134 \| Open file (See above)
2018-12-25T11:54:44.616759885Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:44.618077988Z	62	PC: 1415b \| Close file (See above)
2018-12-25T11:54:44.619817812Z	79	PC: 14127 \| Find next file (See above)
2018-12-25T11:54:44.622349633Z	61	PC: 14134 \| Open file (See above)
2018-12-25T11:54:44.629547079Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:44.631176307Z	62	PC: 1415b \| Close file (See above)
2018-12-25T11:54:44.633130524Z	79	PC: 14127 \| Find next file (See above)
2018-12-25T11:54:44.636801995Z	61	PC: 14134 \| Open file (See above)
2018-12-25T11:54:44.643390485Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:44.644976707Z	62	PC: 1415b \| Close file (See above)
2018-12-25T11:54:44.647890014Z	79	PC: 14127 \| Find next file (See above)
2018-12-25T11:54:44.650543656Z	61	PC: 14134 \| Open file (See above)
2018-12-25T11:54:44.657095991Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:44.66010436Z	62	PC: 1415b \| Close file (See above)
2018-12-25T11:54:44.661887841Z	79	PC: 14127 \| Find next file (See above)
2018-12-25T11:54:44.664158852Z	61	PC: 14134 \| Open file (See above)
2018-12-25T11:54:44.671382079Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:44.673086864Z	62	PC: 1415b \| Close file (See above)
2018-12-25T11:54:44.675975864Z	79	PC: 14127 \| Find next file (See above)
2018-12-25T11:54:44.686017221Z	61	PC: 14134 \| Open file (See above)
2018-12-25T11:54:44.692878137Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:44.694542635Z	87	PC: 1414b \| Get or set file date and time
2018-12-25T11:54:44.695790926Z	44	PC: 1416b \| Get time 0x1416b: or dx, dx 0x1416d: je 0x14167 0x1416f: mov word ptr [bp + 0x289], dx 0x14173: mov ax, 0x4200 0x14176: call 0x14200 0x14179: mov ah, 0x3f 0x1417b: lea dx, word ptr [bp + 0x22b] 0x1417f: mov cx, 3 0x14182: int 0x21 0x14184: cmp byte ptr [bp + 0x22b], 0x4d 0x14189: je 0x14157 0x1418b: cmp byte ptr [bp + 0x22b], 0x5a 0x14190: je 0x14157 0x14192: mov ax, 0x4202 0x14195: call 0x14200 0x14198: sub ax, 3 0x1419b: mov word ptr cs:[bp + 0x229], ax 0x141a0: lea si, word ptr [bp + 0x106] 0x141a4: mov di, 0xfb90 0x141a7: mov cx, 0x186
2018-12-25T11:54:44.698467181Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:44.699776472Z	63	PC: 14184 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:54:44.702194522Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:44.704116135Z	64	PC: 141bd \| Write file or device (Write 390 bytes on handle 5)
2018-12-25T11:54:44.707210945Z	66	PC: 14206 \| Move file pointer (See above)
2018-12-25T11:54:44.70838831Z	64	PC: 141ce \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:54:44.711596397Z	87	PC: 141d5 \| Get or set file date and time
2018-12-25T11:54:44.712945159Z	62	PC: 141d9 \| Close file
2018-12-25T11:54:44.726625921Z	42	PC: 141dd \| Get date 0x141dd: cmp dh, dl 0x141df: jne 0x141f4 0x141e1: mov ah, 0x2c 0x141e3: int 0x21 0x141e5: and dh, 7 0x141e8: jne 0x141f4 0x141ea: mov ah, 9 0x141ec: lea dx, word ptr [bp + 0x234] 0x141f0: int 0x21 0x141f2: cli 0x141f3: hlt 0x141f4: mov ah, 0x1a 0x141f6: mov dx, 0x80 0x141f9: int 0x21 0x141fb: mov ax, 0x100 0x141fe: push ax 0x141ff: ret 0x14200: xor cx, cx 0x14202: xor dx, dx 0x14204: int 0x21
2018-12-25T11:54:44.729480299Z	26	PC: 141fb \| Set disk transfer address
2018-12-25T11:54:44.730858471Z	48	PC: 12a63 \| Get DOS version
2018-12-25T11:54:44.732124371Z	9	PC: 12a7a \| Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-25T11:54:44.741816544Z	61	PC: 12cb7 \| Open file (Filename = '')
2018-12-25T11:54:44.748770641Z	9	PC: 12a88 \| Display string (String= 'Self test: ')
2018-12-25T11:54:44.750820316Z	93	PC: 12b24 \| File sharing functions
2018-12-25T11:54:44.753105442Z	9	PC: 12b03 \| Display string (String= 'Size change=+030Ch/00780d. Virus might be activ? ')
2018-12-25T11:54:44.758291756Z	76	PC: 12b09 \| Terminate with return code (Return code = '1')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":3,"Second":0,"TimeBased":true,"OriginalID":5540,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:44.182878241Z	172	PC: 12a54 \| UNKNOWN!
2018-12-25T11:54:44.183925749Z	53	PC: 12abb \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:44.186523658Z	37	PC: 12adc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:44.188090488Z	44	PC: 13405 \| Get time 0x13405: cmp cl, 3 0x13408: jne 0x1341c 0x1340a: mov ax, 1 0x1340d: int 0x10 0x1340f: mov ah, 9 0x13411: push cs 0x13412: pop ds 0x13413: call 0x13416 0x13416: pop dx 0x13417: add dx, 7 0x1341a: int 0x21 0x1341c: ret 0x1341d: push si 0x1341e: imul sp, word ptr [si + 0x65], 0x206f 0x13423: insw word ptr es:[di], dx 0x13424: outsw dx, word ptr [si] 0x13425: and byte ptr gs:[bx + si], bh 0x13429: xor byte ptr [bx + si + 0x32], bh 0x1342c: xor ax, 0x6e20 0x1342f: outsw dx, word ptr [si]
2018-12-25T11:54:44.199184532Z	9	PC: 1341c \| Display string (String= 'Video mode 80x25 not supported ')
2018-12-25T11:54:44.211334061Z	2	PC: 12de9 \| Character output (Char = '0d')
2018-12-25T11:54:44.213686737Z	2	PC: 12ded \| Character output (Char = '0a')
2018-12-25T11:54:44.215971175Z	9	PC: 12dde \| Display string (String= ' PC TIMER 1.23 ')
2018-12-25T11:54:44.220725401Z	2	PC: 12de9 \| Character output (See above)
2018-12-25T11:54:44.22295049Z	2	PC: 12ded \| Character output (See above)
2018-12-25T11:54:44.225216657Z	2	PC: 12de9 \| Character output (See above)
2018-12-25T11:54:44.227984699Z	2	PC: 12ded \| Character output (See above)
2018-12-25T11:54:44.230606328Z	2	PC: 12de9 \| Character output (See above)
2018-12-25T11:54:44.233149297Z	2	PC: 12ded \| Character output (See above)
2018-12-25T11:54:44.235670602Z	2	PC: 12de9 \| Character output (See above)
2018-12-25T11:54:44.238422855Z	2	PC: 12ded \| Character output (See above)
2018-12-25T11:54:44.240831268Z	9	PC: 12dde \| Display string (See above)
2018-12-25T11:54:44.243331276Z	2	PC: 12de9 \| Character output (See above)
2018-12-25T11:54:44.246267598Z	2	PC: 12ded \| Character output (See above)