Sample viewer

vx.netlux.org/Virus.DOS.Snark.819

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:41:53.192150361Z	53	PC: 12cc9 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:53.193135732Z	37	PC: 12cfb \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:53.195097121Z	74	PC: 12d07 \| Reallocate memory
2018-12-17T22:41:53.196284831Z	53	PC: 12b6b \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:53.197293177Z	37	PC: 12b7d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:53.200436656Z	67	PC: 12ae3 \| Get or set file attributes
2018-12-17T22:41:53.204349018Z	67	PC: 12af0 \| Get or set file attributes
2018-12-17T22:41:53.221683817Z	61	PC: 12af5 \| Open file (Filename = '')
2018-12-17T22:41:53.235660108Z	66	PC: 12ac7 \| Move file pointer
2018-12-17T22:41:53.237972329Z	63	PC: 12ad3 \| Read file or device (Read 7 bytes on handle 5)
2018-12-17T22:41:53.244861134Z	87	PC: 12b47 \| Get or set file date and time
2018-12-17T22:41:53.248213927Z	66	PC: 12bbe \| Move file pointer
2018-12-17T22:41:53.262645988Z	66	PC: 12bd9 \| Move file pointer
2018-12-17T22:41:53.263836735Z	63	PC: 12be3 \| Read file or device (Read 819 bytes on handle 5)
2018-12-17T22:41:53.26886207Z	66	PC: 12bed \| Move file pointer
2018-12-17T22:41:53.270871537Z	64	PC: 12bf5 \| Write file or device (Write 819 bytes on handle 5)
2018-12-17T22:41:53.275957614Z	66	PC: 12c0c \| Move file pointer
2018-12-17T22:41:53.277403886Z	64	PC: 12c12 \| Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:41:53.285844699Z	87	PC: 12b61 \| Get or set file date and time
2018-12-17T22:41:53.288032641Z	62	PC: 12b37 \| Close file
2018-12-17T22:41:53.296231689Z	67	PC: 12b41 \| Get or set file attributes
2018-12-17T22:41:53.308270576Z	37	PC: 12b8a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:53.309862516Z	75	PC: 12a90 \| Execute program
2018-12-17T22:41:53.326445959Z	9	PC: 13325 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T22:41:53.334168175Z	0	PC: 13329 \| Program terminate
2018-12-17T22:41:53.337890484Z	53	PC: 12b6b \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:53.339701916Z	37	PC: 12b7d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:53.342003031Z	67	PC: 12ae3 \| Get or set file attributes
2018-12-17T22:41:53.348815662Z	67	PC: 12af0 \| Get or set file attributes
2018-12-17T22:41:53.360170304Z	61	PC: 12af5 \| Open file (Filename = '')
2018-12-17T22:41:53.367795687Z	66	PC: 12ac7 \| Move file pointer
2018-12-17T22:41:53.369797866Z	63	PC: 12ad3 \| Read file or device (Read 7 bytes on handle 5)
2018-12-17T22:41:53.373116267Z	66	PC: 12b00 \| Move file pointer
2018-12-17T22:41:53.37459197Z	63	PC: 12b0c \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:41:53.37773999Z	66	PC: 12b1b \| Move file pointer
2018-12-17T22:41:53.379498549Z	63	PC: 12b27 \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:41:53.381717932Z	87	PC: 12b47 \| Get or set file date and time
2018-12-17T22:41:53.384560398Z	66	PC: 12c58 \| Move file pointer
2018-12-17T22:41:53.386056376Z	63	PC: 12c62 \| Read file or device (Read 819 bytes on handle 5)
2018-12-17T22:41:53.393867501Z	66	PC: 12c71 \| Move file pointer
2018-12-17T22:41:53.396876284Z	64	PC: 12c7c \| Write file or device (Write 819 bytes on handle 5)
2018-12-17T22:41:53.404732366Z	66	PC: 12c9b \| Move file pointer
2018-12-17T22:41:53.405933605Z	64	PC: 12ca5 \| Write file or device (Write 32 bytes on handle 5)
2018-12-17T22:41:53.409177962Z	64	PC: 12caf \| Write file or device (Write 787 bytes on handle 5)
2018-12-17T22:41:53.412143123Z	87	PC: 12b61 \| Get or set file date and time
2018-12-17T22:41:53.413454296Z	62	PC: 12b37 \| Close file
2018-12-17T22:41:53.419114935Z	67	PC: 12b41 \| Get or set file attributes
2018-12-17T22:41:53.427172383Z	37	PC: 12b8a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:53.428191232Z	49	PC: 12d4c \| Terminate and stay resident (Return code = '0' \| Memory size = '132')