Sample viewer

vx.netlux.org/Virus.DOS.Bobby.513

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:13.8875692Z	44	PC: 12baa \| Get time 0x12baa: cmp ch, 0x15 0x12bad: jne 0x12bb6 0x12baf: lea bx, word ptr [0x100] 0x12bb3: popf 0x12bb4: jmp bx 0x12bb6: mov ah, 0x1a 0x12bb8: mov dx, 0x365 0x12bbb: add dx, si 0x12bbd: int 0x21 0x12bbf: push si 0x12bc0: mov ah, 0x47 0x12bc2: mov dx, 0x391 0x12bc5: add si, dx 0x12bc7: mov dl, 0 0x12bc9: int 0x21 0x12bcb: pop si 0x12bcc: mov di, 0x2ae 0x12bcf: add di, si 0x12bd1: mov cx, 0xb7 0x12bd4: inc byte ptr [di]
2018-12-17T22:43:13.889314889Z	26	PC: 12bbf \| Set disk transfer address
2018-12-17T22:43:13.890929942Z	71	PC: 12bcb \| Get current directory
2018-12-17T22:43:13.893358824Z	42	PC: 12bdd \| Get date 0x12bdd: cmp al, 5 0x12bdf: jne 0x12bea 0x12be1: mov ah, 9 0x12be3: mov dx, 0x2b4 0x12be6: add dx, si 0x12be8: int 0x21 0x12bea: mov ah, 0x4e 0x12bec: lea dx, word ptr [0x2ae] 0x12bf0: mov cx, 0x27 0x12bf3: add dx, si 0x12bf5: int 0x21 0x12bf7: jb 0x12bfc 0x12bf9: jmp 0x12c19 0x12bfb: nop 0x12bfc: mov ah, 0x3b 0x12bfe: lea dx, word ptr [0x2ab] 0x12c02: add dx, si 0x12c04: int 0x21 0x12c06: jae 0x12bea 0x12c08: jmp 0x12d01
2018-12-17T22:43:13.895101077Z	78	PC: 12bf7 \| Find first file
2018-12-17T22:43:13.90023532Z	61	PC: 12c44 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:43:13.909455156Z	66	PC: 12c5f \| Move file pointer
2018-12-17T22:43:13.910845217Z	63	PC: 12c71 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:43:13.922239657Z	66	PC: 12cbf \| Move file pointer
2018-12-17T22:43:13.923379338Z	64	PC: 12cd0 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:43:13.925349288Z	66	PC: 12ce3 \| Move file pointer
2018-12-17T22:43:13.927130603Z	64	PC: 12cf6 \| Write file or device (Write 613 bytes on handle 5)
2018-12-17T22:43:13.941940369Z	62	PC: 12d01 \| Close file
2018-12-17T22:43:13.950814125Z	26	PC: 12d08 \| Set disk transfer address
2018-12-17T22:43:13.952762335Z	59	PC: 12d17 \| Change current directory
2018-12-17T22:43:13.973318382Z	59	PC: 12d21 \| Change current directory
2018-12-17T22:43:13.975358604Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:43:13.979769328Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7806,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:41.901552506Z	44	PC: 12baa \| Get time 0x12baa: cmp ch, 0x15 0x12bad: jne 0x12bb6 0x12baf: lea bx, word ptr [0x100] 0x12bb3: popf 0x12bb4: jmp bx 0x12bb6: mov ah, 0x1a 0x12bb8: mov dx, 0x365 0x12bbb: add dx, si 0x12bbd: int 0x21 0x12bbf: push si 0x12bc0: mov ah, 0x47 0x12bc2: mov dx, 0x391 0x12bc5: add si, dx 0x12bc7: mov dl, 0 0x12bc9: int 0x21 0x12bcb: pop si 0x12bcc: mov di, 0x2ae 0x12bcf: add di, si 0x12bd1: mov cx, 0xb7 0x12bd4: inc byte ptr [di]
2018-12-25T12:02:41.904668184Z	26	PC: 12bbf \| Set disk transfer address
2018-12-25T12:02:41.905657198Z	71	PC: 12bcb \| Get current directory
2018-12-25T12:02:41.908500027Z	42	PC: 12bdd \| Get date 0x12bdd: cmp al, 5 0x12bdf: jne 0x12bea 0x12be1: mov ah, 9 0x12be3: mov dx, 0x2b4 0x12be6: add dx, si 0x12be8: int 0x21 0x12bea: mov ah, 0x4e 0x12bec: lea dx, word ptr [0x2ae] 0x12bf0: mov cx, 0x27 0x12bf3: add dx, si 0x12bf5: int 0x21 0x12bf7: jb 0x12bfc 0x12bf9: jmp 0x12c19 0x12bfb: nop 0x12bfc: mov ah, 0x3b 0x12bfe: lea dx, word ptr [0x2ab] 0x12c02: add dx, si 0x12c04: int 0x21 0x12c06: jae 0x12bea 0x12c08: jmp 0x12d01
2018-12-25T12:02:41.911105705Z	78	PC: 12bf7 \| Find first file
2018-12-25T12:02:41.916911055Z	61	PC: 12c44 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:41.923694284Z	66	PC: 12c5f \| Move file pointer
2018-12-25T12:02:41.925201597Z	63	PC: 12c71 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:02:41.931532259Z	66	PC: 12cbf \| Move file pointer
2018-12-25T12:02:41.932782868Z	64	PC: 12cd0 \| Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:02:41.935480071Z	66	PC: 12ce3 \| Move file pointer
2018-12-25T12:02:41.937195918Z	64	PC: 12cf6 \| Write file or device (Write 613 bytes on handle 5)
2018-12-25T12:02:41.951634455Z	62	PC: 12d01 \| Close file
2018-12-25T12:02:41.959211164Z	26	PC: 12d08 \| Set disk transfer address
2018-12-25T12:02:41.960560051Z	59	PC: 12d17 \| Change current directory
2018-12-25T12:02:41.964604648Z	59	PC: 12d21 \| Change current directory
2018-12-25T12:02:41.968026423Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:02:41.974437861Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7806,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:43.381212312Z	44	PC: 12baa \| Get time 0x12baa: cmp ch, 0x15 0x12bad: jne 0x12bb6 0x12baf: lea bx, word ptr [0x100] 0x12bb3: popf 0x12bb4: jmp bx 0x12bb6: mov ah, 0x1a 0x12bb8: mov dx, 0x365 0x12bbb: add dx, si 0x12bbd: int 0x21 0x12bbf: push si 0x12bc0: mov ah, 0x47 0x12bc2: mov dx, 0x391 0x12bc5: add si, dx 0x12bc7: mov dl, 0 0x12bc9: int 0x21 0x12bcb: pop si 0x12bcc: mov di, 0x2ae 0x12bcf: add di, si 0x12bd1: mov cx, 0xb7 0x12bd4: inc byte ptr [di]
2018-12-25T12:02:43.382993603Z	26	PC: 12bbf \| Set disk transfer address
2018-12-25T12:02:43.383719697Z	71	PC: 12bcb \| Get current directory
2018-12-25T12:02:43.385577938Z	42	PC: 12bdd \| Get date 0x12bdd: cmp al, 5 0x12bdf: jne 0x12bea 0x12be1: mov ah, 9 0x12be3: mov dx, 0x2b4 0x12be6: add dx, si 0x12be8: int 0x21 0x12bea: mov ah, 0x4e 0x12bec: lea dx, word ptr [0x2ae] 0x12bf0: mov cx, 0x27 0x12bf3: add dx, si 0x12bf5: int 0x21 0x12bf7: jb 0x12bfc 0x12bf9: jmp 0x12c19 0x12bfb: nop 0x12bfc: mov ah, 0x3b 0x12bfe: lea dx, word ptr [0x2ab] 0x12c02: add dx, si 0x12c04: int 0x21 0x12c06: jae 0x12bea 0x12c08: jmp 0x12d01
2018-12-25T12:02:43.387614169Z	78	PC: 12bf7 \| Find first file
2018-12-25T12:02:43.391370576Z	61	PC: 12c44 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:43.398359877Z	66	PC: 12c5f \| Move file pointer
2018-12-25T12:02:43.400644027Z	63	PC: 12c71 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:02:43.407038214Z	66	PC: 12cbf \| Move file pointer
2018-12-25T12:02:43.408502346Z	64	PC: 12cd0 \| Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:02:43.41157528Z	66	PC: 12ce3 \| Move file pointer
2018-12-25T12:02:43.413002298Z	64	PC: 12cf6 \| Write file or device (Write 613 bytes on handle 5)
2018-12-25T12:02:43.427188401Z	62	PC: 12d01 \| Close file
2018-12-25T12:02:43.436335824Z	26	PC: 12d08 \| Set disk transfer address
2018-12-25T12:02:43.437939191Z	59	PC: 12d17 \| Change current directory
2018-12-25T12:02:43.442472726Z	59	PC: 12d21 \| Change current directory
2018-12-25T12:02:43.444736294Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:02:43.451905289Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":21,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7806,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:43.554479841Z	44	PC: 12baa \| Get time 0x12baa: cmp ch, 0x15 0x12bad: jne 0x12bb6 0x12baf: lea bx, word ptr [0x100] 0x12bb3: popf 0x12bb4: jmp bx 0x12bb6: mov ah, 0x1a 0x12bb8: mov dx, 0x365 0x12bbb: add dx, si 0x12bbd: int 0x21 0x12bbf: push si 0x12bc0: mov ah, 0x47 0x12bc2: mov dx, 0x391 0x12bc5: add si, dx 0x12bc7: mov dl, 0 0x12bc9: int 0x21 0x12bcb: pop si 0x12bcc: mov di, 0x2ae 0x12bcf: add di, si 0x12bd1: mov cx, 0xb7 0x12bd4: inc byte ptr [di]
2018-12-25T12:02:43.557381499Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:02:43.565065907Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":21,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7806,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:44.067380972Z	44	PC: 12baa \| Get time 0x12baa: cmp ch, 0x15 0x12bad: jne 0x12bb6 0x12baf: lea bx, word ptr [0x100] 0x12bb3: popf 0x12bb4: jmp bx 0x12bb6: mov ah, 0x1a 0x12bb8: mov dx, 0x365 0x12bbb: add dx, si 0x12bbd: int 0x21 0x12bbf: push si 0x12bc0: mov ah, 0x47 0x12bc2: mov dx, 0x391 0x12bc5: add si, dx 0x12bc7: mov dl, 0 0x12bc9: int 0x21 0x12bcb: pop si 0x12bcc: mov di, 0x2ae 0x12bcf: add di, si 0x12bd1: mov cx, 0xb7 0x12bd4: inc byte ptr [di]
2018-12-25T12:02:44.070427136Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:02:44.0766509Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')