Sample viewer

vx.netlux.org/Virus.DOS.VGOL.1884

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:44:03.894997547Z	67	PC: 13fb2 \| Get or set file attributes
2018-12-17T22:44:03.901900101Z	61	PC: 13fb2 \| Open file (Filename = '')
2018-12-17T22:44:03.910238893Z	87	PC: 13fb2 \| Get or set file date and time
2018-12-17T22:44:03.912163447Z	63	PC: 13fb2 \| Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:44:03.915429852Z	66	PC: 13fb2 \| Move file pointer
2018-12-17T22:44:03.918454503Z	66	PC: 14157 \| Move file pointer
2018-12-17T22:44:03.920671166Z	63	PC: 14161 \| Read file or device (Read 7 bytes on handle 5)
2018-12-17T22:44:03.924442269Z	66	PC: 13fb2 \| Move file pointer
2018-12-17T22:44:03.927374156Z	64	PC: 13fb2 \| Write file or device (Write 1884 bytes on handle 5)
2018-12-17T22:44:04.275087678Z	64	PC: 14262 \| Write file or device (Write 7 bytes on handle 5)
2018-12-17T22:44:04.278205373Z	66	PC: 13fb2 \| Move file pointer
2018-12-17T22:44:04.280177467Z	64	PC: 13fb2 \| Write file or device (Write 28 bytes on handle 5)
2018-12-17T22:44:04.283796484Z	87	PC: 13fb2 \| Get or set file date and time
2018-12-17T22:44:04.285450752Z	62	PC: 13fb2 \| Close file
2018-12-17T22:44:04.293679796Z	65	PC: 13fb2 \| Delete file (Filename = '��LPT2 ')
2018-12-17T22:44:04.300852228Z	75	PC: 13ebc \| Execute program
2018-12-17T22:44:04.305812745Z	74	PC: 13edc \| Reallocate memory
2018-12-17T22:44:04.307352587Z	82	PC: 13ee1 \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:44:04.309810853Z	53	PC: 13f3c \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:44:04.311307404Z	37	PC: 13f53 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:44:04.312643303Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T22:44:04.318942674Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8087,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:20.243977358Z	67	PC: 13fb2 \| Get or set file attributes
2018-12-25T12:03:20.250411546Z	61	PC: 13fb2 \| Open file (See above)
2018-12-25T12:03:20.257313849Z	87	PC: 13fb2 \| Get or set file date and time (See above)
2018-12-25T12:03:20.258767171Z	63	PC: 13fb2 \| Read file or device (See above)
2018-12-25T12:03:20.261558997Z	66	PC: 13fb2 \| Move file pointer (See above)
2018-12-25T12:03:20.263288333Z	66	PC: 14157 \| Move file pointer
2018-12-25T12:03:20.265018364Z	63	PC: 14161 \| Read file or device (Read 7 bytes on handle 5)
2018-12-25T12:03:20.268624124Z	66	PC: 13fb2 \| Move file pointer (See above)
2018-12-25T12:03:20.271258154Z	64	PC: 13fb2 \| Write file or device (See above)
2018-12-25T12:03:20.626799146Z	64	PC: 14262 \| Write file or device (Write 7 bytes on handle 5)
2018-12-25T12:03:20.629695125Z	66	PC: 13fb2 \| Move file pointer (See above)
2018-12-25T12:03:20.631788547Z	64	PC: 13fb2 \| Write file or device (See above)
2018-12-25T12:03:20.635059153Z	87	PC: 13fb2 \| Get or set file date and time (See above)
2018-12-25T12:03:20.636865002Z	62	PC: 13fb2 \| Close file (See above)
2018-12-25T12:03:20.646432965Z	65	PC: 13fb2 \| Delete file (See above)
2018-12-25T12:03:20.6529772Z	75	PC: 13ebc \| Execute program
2018-12-25T12:03:20.65806895Z	74	PC: 13edc \| Reallocate memory
2018-12-25T12:03:20.659558591Z	82	PC: 13ee1 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:03:20.661288815Z	53	PC: 13f3c \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:20.662585915Z	37	PC: 13f53 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:20.663891225Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:03:20.670308056Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8087,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:20.564624014Z	67	PC: 13fb2 \| Get or set file attributes
2018-12-25T12:03:20.571203905Z	61	PC: 13fb2 \| Open file (See above)
2018-12-25T12:03:20.578275309Z	87	PC: 13fb2 \| Get or set file date and time (See above)
2018-12-25T12:03:20.580106117Z	63	PC: 13fb2 \| Read file or device (See above)
2018-12-25T12:03:20.583326644Z	66	PC: 13fb2 \| Move file pointer (See above)
2018-12-25T12:03:20.585898377Z	66	PC: 14157 \| Move file pointer
2018-12-25T12:03:20.58828885Z	63	PC: 14161 \| Read file or device (Read 7 bytes on handle 5)
2018-12-25T12:03:20.592015545Z	66	PC: 13fb2 \| Move file pointer (See above)
2018-12-25T12:03:20.594976648Z	64	PC: 13fb2 \| Write file or device (See above)
2018-12-25T12:03:21.157279005Z	64	PC: 14262 \| Write file or device (Write 7 bytes on handle 5)
2018-12-25T12:03:21.162861049Z	66	PC: 13fb2 \| Move file pointer (See above)
2018-12-25T12:03:21.165023815Z	64	PC: 13fb2 \| Write file or device (See above)
2018-12-25T12:03:21.168347033Z	87	PC: 13fb2 \| Get or set file date and time (See above)
2018-12-25T12:03:21.170388445Z	62	PC: 13fb2 \| Close file (See above)
2018-12-25T12:03:21.178582128Z	65	PC: 13fb2 \| Delete file (See above)
2018-12-25T12:03:21.184528265Z	75	PC: 13ebc \| Execute program
2018-12-25T12:03:21.189505846Z	74	PC: 13edc \| Reallocate memory
2018-12-25T12:03:21.200993448Z	82	PC: 13ee1 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:03:21.202559203Z	53	PC: 13f3c \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:21.203918857Z	37	PC: 13f53 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:21.206342286Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:03:21.211718503Z	0	PC: 12a89 \| Program terminate