Sample viewer

vx.netlux.org/Virus.DOS.Gollum.664

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:41:31.064414828Z	48	PC: 13e65 \| Get DOS version
2018-12-17T22:41:31.080786983Z	42	PC: 13e8a \| Get date 0x13e8a: cmp dx, 0x704 0x13e8e: jne 0x13eb9 0x13e90: push ds 0x13e91: mov ax, 0x40 0x13e94: mov ds, ax 0x13e96: mov ax, word ptr [0x6c] 0x13e99: pop ds 0x13e9a: test al, 0xf 0x13e9c: jne 0x13eb9 0x13e9e: push si 0x13e9f: lea si, word ptr [si + 0x74] 0x13ea3: mov di, si 0x13ea5: mov cx, 0x4a 0x13ea8: lodsb al, byte ptr [si] 0x13ea9: xor al, 0xe1 0x13eab: stosb byte ptr es:[di], al 0x13eac: loop 0x13ea8 0x13eae: pop si 0x13eaf: mov ah, 9 0x13eb1: lea dx, word ptr [si + 0x74]
2018-12-17T22:41:31.083321334Z	26	PC: 13ec1 \| Set disk transfer address
2018-12-17T22:41:31.084619496Z	78	PC: 13ecc \| Find first file
2018-12-17T22:41:31.092545187Z	67	PC: 13f27 \| Get or set file attributes
2018-12-17T22:41:31.111631836Z	61	PC: 13f35 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:41:31.126891979Z	63	PC: 13f47 \| Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:41:31.138854324Z	66	PC: 13f64 \| Move file pointer
2018-12-17T22:41:31.142301309Z	64	PC: 13f6f \| Write file or device (Write 28 bytes on handle 5)
2018-12-17T22:41:31.151243295Z	66	PC: 13f7c \| Move file pointer
2018-12-17T22:41:31.157354255Z	64	PC: 13f98 \| Write file or device (Write 651 bytes on handle 5)
2018-12-17T22:41:31.169678004Z	64	PC: 13fb7 \| Write file or device (Write 14 bytes on handle 5)
2018-12-17T22:41:31.173262515Z	87	PC: 13fc4 \| Get or set file date and time
2018-12-17T22:41:31.175411689Z	62	PC: 13fc8 \| Close file
2018-12-17T22:41:31.19041485Z	67	PC: 13fd7 \| Get or set file attributes
2018-12-17T22:41:31.204393998Z	26	PC: 13fde \| Set disk transfer address
2018-12-17T22:41:31.206040246Z	9	PC: 12a85 \| Display string (String= ' icial COM goat 1400H bytes long ')
2018-12-17T22:41:31.212947572Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7239,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:13.695537541Z	48	PC: 13e65 \| Get DOS version
2018-12-25T12:01:13.700996237Z	42	PC: 13e8a \| Get date 0x13e8a: cmp dx, 0x704 0x13e8e: jne 0x13eb9 0x13e90: push ds 0x13e91: mov ax, 0x40 0x13e94: mov ds, ax 0x13e96: mov ax, word ptr [0x6c] 0x13e99: pop ds 0x13e9a: test al, 0xf 0x13e9c: jne 0x13eb9 0x13e9e: push si 0x13e9f: lea si, word ptr [si + 0x74] 0x13ea3: mov di, si 0x13ea5: mov cx, 0x4a 0x13ea8: lodsb al, byte ptr [si] 0x13ea9: xor al, 0xe1 0x13eab: stosb byte ptr es:[di], al 0x13eac: loop 0x13ea8 0x13eae: pop si 0x13eaf: mov ah, 9 0x13eb1: lea dx, word ptr [si + 0x74]
2018-12-25T12:01:13.703046443Z	26	PC: 13ec1 \| Set disk transfer address
2018-12-25T12:01:13.704099053Z	78	PC: 13ecc \| Find first file
2018-12-25T12:01:13.710976002Z	67	PC: 13f27 \| Get or set file attributes
2018-12-25T12:01:13.885001824Z	61	PC: 13f35 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:01:13.898162696Z	63	PC: 13f47 \| Read file or device (Read 28 bytes on handle 5)
2018-12-25T12:01:13.908110133Z	66	PC: 13f64 \| Move file pointer
2018-12-25T12:01:13.909840843Z	64	PC: 13f6f \| Write file or device (Write 28 bytes on handle 5)
2018-12-25T12:01:13.914991647Z	66	PC: 13f7c \| Move file pointer
2018-12-25T12:01:13.91832033Z	64	PC: 13f98 \| Write file or device (Write 651 bytes on handle 5)
2018-12-25T12:01:13.928082798Z	64	PC: 13fb7 \| Write file or device (Write 14 bytes on handle 5)
2018-12-25T12:01:13.930770101Z	87	PC: 13fc4 \| Get or set file date and time
2018-12-25T12:01:13.93370545Z	62	PC: 13fc8 \| Close file
2018-12-25T12:01:13.941728676Z	67	PC: 13fd7 \| Get or set file attributes
2018-12-25T12:01:13.952495605Z	26	PC: 13fde \| Set disk transfer address
2018-12-25T12:01:13.953864569Z	9	PC: 12a85 \| Display string (String= ' icial COM goat 1400H bytes long ')
2018-12-25T12:01:13.960210267Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":4,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7239,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:13.746844081Z	48	PC: 13e65 \| Get DOS version
2018-12-25T12:01:13.749493238Z	42	PC: 13e8a \| Get date 0x13e8a: cmp dx, 0x704 0x13e8e: jne 0x13eb9 0x13e90: push ds 0x13e91: mov ax, 0x40 0x13e94: mov ds, ax 0x13e96: mov ax, word ptr [0x6c] 0x13e99: pop ds 0x13e9a: test al, 0xf 0x13e9c: jne 0x13eb9 0x13e9e: push si 0x13e9f: lea si, word ptr [si + 0x74] 0x13ea3: mov di, si 0x13ea5: mov cx, 0x4a 0x13ea8: lodsb al, byte ptr [si] 0x13ea9: xor al, 0xe1 0x13eab: stosb byte ptr es:[di], al 0x13eac: loop 0x13ea8 0x13eae: pop si 0x13eaf: mov ah, 9 0x13eb1: lea dx, word ptr [si + 0x74]
2018-12-25T12:01:13.752124827Z	26	PC: 13ec1 \| Set disk transfer address
2018-12-25T12:01:13.753146306Z	78	PC: 13ecc \| Find first file
2018-12-25T12:01:13.760050954Z	67	PC: 13f27 \| Get or set file attributes
2018-12-25T12:01:13.884005272Z	61	PC: 13f35 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:01:13.890852213Z	63	PC: 13f47 \| Read file or device (Read 28 bytes on handle 5)
2018-12-25T12:01:13.897740141Z	66	PC: 13f64 \| Move file pointer
2018-12-25T12:01:13.900135497Z	64	PC: 13f6f \| Write file or device (Write 28 bytes on handle 5)
2018-12-25T12:01:13.903137774Z	66	PC: 13f7c \| Move file pointer
2018-12-25T12:01:13.905002626Z	64	PC: 13f98 \| Write file or device (Write 651 bytes on handle 5)
2018-12-25T12:01:13.923442959Z	64	PC: 13fb7 \| Write file or device (Write 14 bytes on handle 5)
2018-12-25T12:01:13.926093575Z	87	PC: 13fc4 \| Get or set file date and time
2018-12-25T12:01:13.927694589Z	62	PC: 13fc8 \| Close file
2018-12-25T12:01:13.93611512Z	67	PC: 13fd7 \| Get or set file attributes
2018-12-25T12:01:13.946199626Z	26	PC: 13fde \| Set disk transfer address
2018-12-25T12:01:13.947392084Z	9	PC: 12a85 \| Display string (String= ' icial COM goat 1400H bytes long ')
2018-12-25T12:01:13.95357539Z	0	PC: 12a89 \| Program terminate