Sample viewer

vx.netlux.org/Virus.DOS.Codedfox.1035

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:40:06.48295348Z 26 PC: 12a6f | Set disk transfer address
2018-12-17T22:40:06.485082397Z 78 PC: 12a79 | Find first file
2018-12-17T22:40:06.492797351Z 61 PC: 12a83 | Open file (Filename = '')
2018-12-17T22:40:06.500439685Z 63 PC: 12a94 | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:40:06.508120821Z 62 PC: 12acd | Close file
2018-12-17T22:40:06.510827568Z 79 PC: 12ad6 | Find next file
2018-12-17T22:40:06.514179428Z 61 PC: 12a83 | Open file (Filename = '')
2018-12-17T22:40:06.521821573Z 63 PC: 12a94 | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:40:06.529527752Z 66 PC: 12ab1 | Move file pointer
2018-12-17T22:40:06.531073258Z 64 PC: 12ac4 | Write file or device (Write 1062 bytes on handle 5)
2018-12-17T22:40:06.546496807Z 62 PC: 12acd | Close file
2018-12-17T22:40:06.556315149Z 79 PC: 12ad6 | Find next file
2018-12-17T22:40:06.560224965Z 61 PC: 12a83 | Open file (Filename = '')
2018-12-17T22:40:06.56854768Z 63 PC: 12a94 | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:40:06.576402147Z 62 PC: 12acd | Close file
2018-12-17T22:40:06.578689327Z 79 PC: 12ad6 | Find next file
2018-12-17T22:40:06.581732965Z 61 PC: 12a83 | Open file (Filename = '')
2018-12-17T22:40:06.589640774Z 63 PC: 12a94 | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:40:06.600977883Z 66 PC: 12ab1 | Move file pointer
2018-12-17T22:40:06.602649496Z 64 PC: 12ac4 | Write file or device (Write 1064 bytes on handle 5)
2018-12-17T22:40:06.612276169Z 62 PC: 12acd | Close file
2018-12-17T22:40:06.623695583Z 79 PC: 12ad6 | Find next file
2018-12-17T22:40:06.629729584Z 61 PC: 12a83 | Open file (Filename = '')
2018-12-17T22:40:06.646766946Z 63 PC: 12a94 | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:40:06.668996464Z 66 PC: 12ab1 | Move file pointer
2018-12-17T22:40:06.670676433Z 64 PC: 12ac4 | Write file or device (Write 1064 bytes on handle 5)
2018-12-17T22:40:06.686481444Z 62 PC: 12acd | Close file
2018-12-17T22:40:06.717962667Z 79 PC: 12ad6 | Find next file
2018-12-17T22:40:06.72496845Z 61 PC: 12a83 | Open file (Filename = '')
2018-12-17T22:40:06.739797797Z 63 PC: 12a94 | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:40:06.748215021Z 66 PC: 12ab1 | Move file pointer
2018-12-17T22:40:06.750172506Z 64 PC: 12ac4 | Write file or device (Write 1536 bytes on handle 5)
2018-12-17T22:40:06.759782654Z 62 PC: 12acd | Close file
2018-12-17T22:40:06.769534608Z 79 PC: 12ad6 | Find next file
2018-12-17T22:40:06.772681823Z 61 PC: 12a83 | Open file (Filename = '')
2018-12-17T22:40:06.780735281Z 63 PC: 12a94 | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:40:06.788535242Z 66 PC: 12ab1 | Move file pointer
2018-12-17T22:40:06.790304712Z 64 PC: 12ac4 | Write file or device (Write 1064 bytes on handle 5)
2018-12-17T22:40:06.799823222Z 62 PC: 12acd | Close file
2018-12-17T22:40:06.810849168Z 79 PC: 12ad6 | Find next file
2018-12-17T22:40:06.81483925Z 61 PC: 12a83 | Open file (Filename = '')
2018-12-17T22:40:06.822162719Z 63 PC: 12a94 | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:40:06.831210508Z 62 PC: 12acd | Close file
2018-12-17T22:40:06.833679502Z 79 PC: 12ad6 | Find next file
2018-12-17T22:40:06.836858108Z 59 PC: 12ae1 | Change current directory
2018-12-17T22:40:06.842798533Z 26 PC: 12aea | Set disk transfer address
2018-12-17T22:40:06.844819842Z 44 PC: 12aee | Get time 0x12aee: cmp cl, 6
0x12af1: je 0x12afb
0x12af3: cmp dh, 6
0x12af6: je 0x12b0e
0x12af8: jmp 0x12c03
0x12afb: mov si, 0x298
0x12afe: mov al, byte ptr [si]
0x12b00: inc al
0x12b02: cmp al, 1
0x12b04: je 0x12b0b
0x12b06: int 0x29
0x12b08: inc si
0x12b09: jmp 0x12afe
0x12b0b: jmp 0x12c03
0x12b0e: mov al, byte ptr [0x2c1]
0x12b11: mov byte ptr [0x2c2], 0
0x12b16: nop
0x12b17: call 0x12b27
0x12b1a: cmp byte ptr [0x2c1], 0x19
0x12b1f: je 0x12b41
2018-12-17T22:40:06.84913264Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T22:40:06.856387823Z 0 PC: 12a89 | Program terminate

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6921,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:37.634914596Z 26 PC: 12a6f | Set disk transfer address
2018-12-25T12:00:37.636459007Z 78 PC: 12a79 | Find first file
2018-12-25T12:00:37.64154919Z 61 PC: 12a83 | Open file (Filename = '')
2018-12-25T12:00:37.645759784Z 63 PC: 12a94 | Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:00:37.652112397Z 62 PC: 12acd | Close file
2018-12-25T12:00:37.654300152Z 79 PC: 12ad6 | Find next file
2018-12-25T12:00:37.657171241Z 61 PC: 12a83 | Open file (See above)
2018-12-25T12:00:37.670762608Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:00:37.678026865Z 66 PC: 12ab1 | Move file pointer
2018-12-25T12:00:37.679509479Z 64 PC: 12ac4 | Write file or device (Write 1062 bytes on handle 5)
2018-12-25T12:00:37.696502691Z 62 PC: 12acd | Close file (See above)
2018-12-25T12:00:37.70506918Z 79 PC: 12ad6 | Find next file (See above)
2018-12-25T12:00:37.708300967Z 61 PC: 12a83 | Open file (See above)
2018-12-25T12:00:37.716223191Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:00:37.726164764Z 62 PC: 12acd | Close file (See above)
2018-12-25T12:00:37.728136629Z 79 PC: 12ad6 | Find next file (See above)
2018-12-25T12:00:37.730982316Z 61 PC: 12a83 | Open file (See above)
2018-12-25T12:00:37.738814889Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:00:37.74671166Z 66 PC: 12ab1 | Move file pointer (See above)
2018-12-25T12:00:37.748860079Z 64 PC: 12ac4 | Write file or device (See above)
2018-12-25T12:00:37.763915419Z 62 PC: 12acd | Close file (See above)
2018-12-25T12:00:37.77446996Z 79 PC: 12ad6 | Find next file (See above)
2018-12-25T12:00:37.777859151Z 61 PC: 12a83 | Open file (See above)
2018-12-25T12:00:37.785873971Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:00:37.792742324Z 66 PC: 12ab1 | Move file pointer (See above)
2018-12-25T12:00:37.794304596Z 64 PC: 12ac4 | Write file or device (See above)
2018-12-25T12:00:37.803463278Z 62 PC: 12acd | Close file (See above)
2018-12-25T12:00:37.813658238Z 79 PC: 12ad6 | Find next file (See above)
2018-12-25T12:00:37.816790195Z 61 PC: 12a83 | Open file (See above)
2018-12-25T12:00:37.824375926Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:00:37.832255751Z 66 PC: 12ab1 | Move file pointer (See above)
2018-12-25T12:00:37.833663828Z 64 PC: 12ac4 | Write file or device (See above)
2018-12-25T12:00:37.84228494Z 62 PC: 12acd | Close file (See above)
2018-12-25T12:00:37.851060561Z 79 PC: 12ad6 | Find next file (See above)
2018-12-25T12:00:37.853799653Z 61 PC: 12a83 | Open file (See above)
2018-12-25T12:00:37.860766754Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:00:37.868064804Z 66 PC: 12ab1 | Move file pointer (See above)
2018-12-25T12:00:37.869606688Z 64 PC: 12ac4 | Write file or device (See above)
2018-12-25T12:00:37.879256128Z 62 PC: 12acd | Close file (See above)
2018-12-25T12:00:37.889684322Z 79 PC: 12ad6 | Find next file (See above)
2018-12-25T12:00:37.892558215Z 61 PC: 12a83 | Open file (See above)
2018-12-25T12:00:37.899503018Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:00:37.908172127Z 62 PC: 12acd | Close file (See above)
2018-12-25T12:00:37.91034028Z 79 PC: 12ad6 | Find next file (See above)
2018-12-25T12:00:37.913029116Z 59 PC: 12ae1 | Change current directory
2018-12-25T12:00:37.917779233Z 26 PC: 12aea | Set disk transfer address
2018-12-25T12:00:37.919459911Z 44 PC: 12aee | Get time 0x12aee: cmp cl, 6
0x12af1: je 0x12afb
0x12af3: cmp dh, 6
0x12af6: je 0x12b0e
0x12af8: jmp 0x12c03
0x12afb: mov si, 0x298
0x12afe: mov al, byte ptr [si]
0x12b00: inc al
0x12b02: cmp al, 1
0x12b04: je 0x12b0b
0x12b06: int 0x29
0x12b08: inc si
0x12b09: jmp 0x12afe
0x12b0b: jmp 0x12c03
0x12b0e: mov al, byte ptr [0x2c1]
0x12b11: mov byte ptr [0x2c2], 0
0x12b16: nop
0x12b17: call 0x12b27
0x12b1a: cmp byte ptr [0x2c1], 0x19
0x12b1f: je 0x12b41
2018-12-25T12:00:37.923186364Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:00:37.929320191Z 0 PC: 12a89 | Program terminate

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":6,"TimeBased":true,"OriginalID":6921,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:37.690312565Z 26 PC: 12a6f | Set disk transfer address
2018-12-25T12:00:37.691818751Z 78 PC: 12a79 | Find first file
2018-12-25T12:00:37.697482993Z 61 PC: 12a83 | Open file (Filename = '')
2018-12-25T12:00:37.703834765Z 63 PC: 12a94 | Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:00:37.718754226Z 62 PC: 12acd | Close file
2018-12-25T12:00:37.72078938Z 79 PC: 12ad6 | Find next file
2018-12-25T12:00:37.723287719Z 61 PC: 12a83 | Open file (See above)
2018-12-25T12:00:37.7361938Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:00:37.743170232Z 66 PC: 12ab1 | Move file pointer
2018-12-25T12:00:37.744386568Z 64 PC: 12ac4 | Write file or device (Write 1062 bytes on handle 5)
2018-12-25T12:00:37.759798283Z 62 PC: 12acd | Close file (See above)
2018-12-25T12:00:37.767756971Z 79 PC: 12ad6 | Find next file (See above)
2018-12-25T12:00:37.770286305Z 61 PC: 12a83 | Open file (See above)
2018-12-25T12:00:37.77652932Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:00:37.78279112Z 62 PC: 12acd | Close file (See above)
2018-12-25T12:00:37.78453977Z 79 PC: 12ad6 | Find next file (See above)
2018-12-25T12:00:37.787123707Z 61 PC: 12a83 | Open file (See above)
2018-12-25T12:00:37.794607513Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:00:37.801101407Z 66 PC: 12ab1 | Move file pointer (See above)
2018-12-25T12:00:37.803387729Z 64 PC: 12ac4 | Write file or device (See above)
2018-12-25T12:00:37.812749687Z 62 PC: 12acd | Close file (See above)
2018-12-25T12:00:37.820780399Z 79 PC: 12ad6 | Find next file (See above)
2018-12-25T12:00:37.823424034Z 61 PC: 12a83 | Open file (See above)
2018-12-25T12:00:37.830271009Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:00:37.836372857Z 66 PC: 12ab1 | Move file pointer (See above)
2018-12-25T12:00:37.837712926Z 64 PC: 12ac4 | Write file or device (See above)
2018-12-25T12:00:37.846626227Z 62 PC: 12acd | Close file (See above)
2018-12-25T12:00:37.854365058Z 79 PC: 12ad6 | Find next file (See above)
2018-12-25T12:00:37.856837129Z 61 PC: 12a83 | Open file (See above)
2018-12-25T12:00:37.863443349Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:00:37.86979145Z 66 PC: 12ab1 | Move file pointer (See above)
2018-12-25T12:00:37.871053429Z 64 PC: 12ac4 | Write file or device (See above)
2018-12-25T12:00:37.880022734Z 62 PC: 12acd | Close file (See above)
2018-12-25T12:00:37.887829704Z 79 PC: 12ad6 | Find next file (See above)
2018-12-25T12:00:37.890315929Z 61 PC: 12a83 | Open file (See above)
2018-12-25T12:00:37.897189612Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:00:37.903803322Z 66 PC: 12ab1 | Move file pointer (See above)
2018-12-25T12:00:37.905122051Z 64 PC: 12ac4 | Write file or device (See above)
2018-12-25T12:00:37.914554445Z 62 PC: 12acd | Close file (See above)
2018-12-25T12:00:37.922828501Z 79 PC: 12ad6 | Find next file (See above)
2018-12-25T12:00:37.925351879Z 61 PC: 12a83 | Open file (See above)
2018-12-25T12:00:37.934342572Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:00:37.942026548Z 62 PC: 12acd | Close file (See above)
2018-12-25T12:00:37.943688241Z 79 PC: 12ad6 | Find next file (See above)
2018-12-25T12:00:37.946609112Z 59 PC: 12ae1 | Change current directory
2018-12-25T12:00:37.95031871Z 26 PC: 12aea | Set disk transfer address
2018-12-25T12:00:37.951225767Z 44 PC: 12aee | Get time 0x12aee: cmp cl, 6
0x12af1: je 0x12afb
0x12af3: cmp dh, 6
0x12af6: je 0x12b0e
0x12af8: jmp 0x12c03
0x12afb: mov si, 0x298
0x12afe: mov al, byte ptr [si]
0x12b00: inc al
0x12b02: cmp al, 1
0x12b04: je 0x12b0b
0x12b06: int 0x29
0x12b08: inc si
0x12b09: jmp 0x12afe
0x12b0b: jmp 0x12c03
0x12b0e: mov al, byte ptr [0x2c1]
0x12b11: mov byte ptr [0x2c2], 0
0x12b16: nop
0x12b17: call 0x12b27
0x12b1a: cmp byte ptr [0x2c1], 0x19
0x12b1f: je 0x12b41
2018-12-25T12:00:37.954943749Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:00:37.960101292Z 0 PC: 12a89 | Program terminate

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":6,"Second":0,"TimeBased":true,"OriginalID":6921,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:37.745469983Z 26 PC: 12a6f | Set disk transfer address
2018-12-25T12:00:37.746714245Z 78 PC: 12a79 | Find first file
2018-12-25T12:00:37.752285115Z 61 PC: 12a83 | Open file (Filename = '')
2018-12-25T12:00:37.759200182Z 63 PC: 12a94 | Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:00:37.765765036Z 62 PC: 12acd | Close file
2018-12-25T12:00:37.767862389Z 79 PC: 12ad6 | Find next file
2018-12-25T12:00:37.770835805Z 61 PC: 12a83 | Open file (See above)
2018-12-25T12:00:37.777453725Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:00:37.783515236Z 66 PC: 12ab1 | Move file pointer
2018-12-25T12:00:37.784929324Z 64 PC: 12ac4 | Write file or device (Write 1062 bytes on handle 5)
2018-12-25T12:00:37.797653568Z 62 PC: 12acd | Close file (See above)
2018-12-25T12:00:37.803017133Z 79 PC: 12ad6 | Find next file (See above)
2018-12-25T12:00:37.805863993Z 61 PC: 12a83 | Open file (See above)
2018-12-25T12:00:37.811915815Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:00:37.817840909Z 62 PC: 12acd | Close file (See above)
2018-12-25T12:00:37.819866543Z 79 PC: 12ad6 | Find next file (See above)
2018-12-25T12:00:37.821671693Z 61 PC: 12a83 | Open file (See above)
2018-12-25T12:00:37.825712393Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:00:37.830295464Z 66 PC: 12ab1 | Move file pointer (See above)
2018-12-25T12:00:37.831270141Z 64 PC: 12ac4 | Write file or device (See above)
2018-12-25T12:00:37.83641894Z 62 PC: 12acd | Close file (See above)
2018-12-25T12:00:37.842051986Z 79 PC: 12ad6 | Find next file (See above)
2018-12-25T12:00:37.844731365Z 61 PC: 12a83 | Open file (See above)
2018-12-25T12:00:37.848987069Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:00:37.854066487Z 66 PC: 12ab1 | Move file pointer (See above)
2018-12-25T12:00:37.855081741Z 64 PC: 12ac4 | Write file or device (See above)
2018-12-25T12:00:37.860959159Z 62 PC: 12acd | Close file (See above)
2018-12-25T12:00:37.869334729Z 79 PC: 12ad6 | Find next file (See above)
2018-12-25T12:00:37.871899486Z 61 PC: 12a83 | Open file (See above)
2018-12-25T12:00:37.878112415Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:00:37.885417415Z 66 PC: 12ab1 | Move file pointer (See above)
2018-12-25T12:00:37.887070244Z 64 PC: 12ac4 | Write file or device (See above)
2018-12-25T12:00:37.894991802Z 62 PC: 12acd | Close file (See above)
2018-12-25T12:00:37.903818931Z 79 PC: 12ad6 | Find next file (See above)
2018-12-25T12:00:37.906354146Z 61 PC: 12a83 | Open file (See above)
2018-12-25T12:00:37.91231973Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:00:37.919178531Z 66 PC: 12ab1 | Move file pointer (See above)
2018-12-25T12:00:37.920509169Z 64 PC: 12ac4 | Write file or device (See above)
2018-12-25T12:00:37.928583173Z 62 PC: 12acd | Close file (See above)
2018-12-25T12:00:37.936437831Z 79 PC: 12ad6 | Find next file (See above)
2018-12-25T12:00:37.938976086Z 61 PC: 12a83 | Open file (See above)
2018-12-25T12:00:37.945171653Z 63 PC: 12a94 | Read file or device (See above)
2018-12-25T12:00:37.952299195Z 62 PC: 12acd | Close file (See above)
2018-12-25T12:00:37.954033682Z 79 PC: 12ad6 | Find next file (See above)
2018-12-25T12:00:37.955863764Z 59 PC: 12ae1 | Change current directory
2018-12-25T12:00:37.959882909Z 26 PC: 12aea | Set disk transfer address
2018-12-25T12:00:37.961504881Z 44 PC: 12aee | Get time 0x12aee: cmp cl, 6
0x12af1: je 0x12afb
0x12af3: cmp dh, 6
0x12af6: je 0x12b0e
0x12af8: jmp 0x12c03
0x12afb: mov si, 0x298
0x12afe: mov al, byte ptr [si]
0x12b00: inc al
0x12b02: cmp al, 1
0x12b04: je 0x12b0b
0x12b06: int 0x29
0x12b08: inc si
0x12b09: jmp 0x12afe
0x12b0b: jmp 0x12c03
0x12b0e: mov al, byte ptr [0x2c1]
0x12b11: mov byte ptr [0x2c2], 0
0x12b16: nop
0x12b17: call 0x12b27
0x12b1a: cmp byte ptr [0x2c1], 0x19
0x12b1f: je 0x12b41
2018-12-25T12:00:37.964887378Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:00:37.969983085Z 0 PC: 12a89 | Program terminate