Sample viewer

vx.netlux.org/Virus.DOS.SillyC.411.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:57:25.511605816Z 42 PC: 160ff | Get date 0x160ff: cmp dx, 0xa08
0x16103: jne 0x16159
0x16105: mov ax, 0x3d02
0x16108: lea dx, word ptr [bp + 0x291]
0x1610c: int 0x21
0x1610e: mov bx, ax
0x16110: mov ax, 0x4200
0x16113: xor cx, cx
0x16115: mov dx, cx
0x16117: int 0x21
0x16119: mov ah, 0x40
0x1611b: mov cx, 3
0x1611e: lea dx, word ptr [bp + 0x28e]
0x16122: int 0x21
0x16124: mov ax, 0x4202
0x16127: xor cx, cx
0x16129: mov dx, cx
0x1612b: int 0x21
0x1612d: sub ax, 0x19b
0x16130: mov dx, ax
2018-12-17T21:57:25.514391322Z 78 PC: 1617b | Find first file
2018-12-17T21:57:25.520268445Z 61 PC: 16194 | Open file (Filename = 'SLEEP.COM')
2018-12-17T21:57:25.52658476Z 66 PC: 1619b | Move file pointer
2018-12-17T21:57:25.528976188Z 66 PC: 161a0 | Move file pointer
2018-12-17T21:57:25.539964124Z 66 PC: 161aa | Move file pointer
2018-12-17T21:57:25.541310857Z 63 PC: 161b6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:57:25.543517915Z 66 PC: 161e3 | Move file pointer
2018-12-17T21:57:25.546004557Z 63 PC: 161ef | Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:57:25.553408907Z 66 PC: 16202 | Move file pointer
2018-12-17T21:57:25.565229241Z 64 PC: 1620d | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:57:25.567885551Z 66 PC: 16216 | Move file pointer
2018-12-17T21:57:25.569682498Z 64 PC: 16221 | Write file or device (Write 411 bytes on handle 5)
2018-12-17T21:57:25.583523237Z 62 PC: 16225 | Close file
2018-12-17T21:57:25.592979246Z 9 PC: 12a47 | Display string (String= '�THIS IS A GOAT FILE�-D11nmdc-  [13.03.2002] D11N009.COM > 14.000 (36B0h) ... ')

{"DateBased":true,"Day":8,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":816,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:54.758858715Z 42 PC: 160ff | Get date 0x160ff: cmp dx, 0xa08
0x16103: jne 0x16159
0x16105: mov ax, 0x3d02
0x16108: lea dx, word ptr [bp + 0x291]
0x1610c: int 0x21
0x1610e: mov bx, ax
0x16110: mov ax, 0x4200
0x16113: xor cx, cx
0x16115: mov dx, cx
0x16117: int 0x21
0x16119: mov ah, 0x40
0x1611b: mov cx, 3
0x1611e: lea dx, word ptr [bp + 0x28e]
0x16122: int 0x21
0x16124: mov ax, 0x4202
0x16127: xor cx, cx
0x16129: mov dx, cx
0x1612b: int 0x21
0x1612d: sub ax, 0x19b
0x16130: mov dx, ax
2018-12-25T11:41:54.764819582Z 61 PC: 1610e | Open file (Filename = '4C0EBF06.COM�^� ���t�����=�!r�ظ')
2018-12-25T11:41:54.769329167Z 66 PC: 16119 | Move file pointer
2018-12-25T11:41:54.770640773Z 64 PC: 16124 | Write file or device (Write 3 bytes on handle 2)
2018-12-25T11:41:54.773793484Z 66 PC: 1612d | Move file pointer
2018-12-25T11:41:54.775224743Z 66 PC: 16137 | Move file pointer
2018-12-25T11:41:54.77657047Z 64 PC: 16146 | Write file or device (Write 3 bytes on handle 2)
2018-12-25T11:41:54.779722544Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.782719099Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.785731555Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.789422129Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.792873724Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.795508059Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.79805397Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.801335794Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.805173954Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.807800457Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.811326226Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.813914341Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.817204092Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.820709116Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.822772646Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.825484524Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.842626227Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.845206242Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.847721044Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.850665369Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.853670821Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.856664819Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.860275933Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.864422881Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.867120544Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.870113421Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.872699944Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.875602233Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.879387536Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.882493862Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.886320817Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.889180849Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.891807009Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.899703884Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.904698914Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.908010556Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.910976307Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.91470339Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.917869039Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.920670401Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.923265891Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.926373517Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.929027464Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.932054087Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.93504436Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.93759805Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.939463494Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.94195379Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.944629653Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.947632661Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.952229903Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.956039213Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.961403306Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.969000313Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.971610259Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.974306883Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.97787954Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.98045357Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.983172979Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.986407321Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.989083567Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.99191481Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.99466228Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.997235293Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:54.999913173Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.002854475Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.005385884Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.008012284Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.010677481Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.01313031Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.015799972Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.017977019Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.020551967Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.023199573Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.02596633Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.028477301Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.032711533Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.035470785Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.038040496Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.040697764Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.043686146Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.047774103Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.051121257Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.053797867Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.056924635Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.059742059Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.062814172Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.065487164Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.06806469Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.070951066Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.073520906Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.07607519Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.079506638Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.082073465Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.085887169Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.089238155Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.092235618Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.095196686Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.09861862Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.101129148Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.103610683Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.106790888Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.109469193Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.11364944Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.117757579Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.120390119Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.122980519Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.126510781Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.12910104Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.131782222Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.139729432Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.142342011Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.144453116Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.152567402Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.155163013Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.158890621Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.169438099Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.17221159Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.174767156Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.177715601Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.180308142Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.183236599Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.186310132Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.188993134Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.191547005Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.194650688Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.19735704Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.199874965Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.203828114Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.206333829Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.21041032Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.21321407Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.21569562Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.218315533Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.221174295Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.223793953Z 64 PC: 16146 | Write file or device (See above)
2018-12-25T11:41:55.231637001Z 62 PC: 16154 | Close file
2018-12-25T11:41:55.233189954Z 76 PC: 16159 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":816,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:55.488782464Z 42 PC: 160ff | Get date 0x160ff: cmp dx, 0xa08
0x16103: jne 0x16159
0x16105: mov ax, 0x3d02
0x16108: lea dx, word ptr [bp + 0x291]
0x1610c: int 0x21
0x1610e: mov bx, ax
0x16110: mov ax, 0x4200
0x16113: xor cx, cx
0x16115: mov dx, cx
0x16117: int 0x21
0x16119: mov ah, 0x40
0x1611b: mov cx, 3
0x1611e: lea dx, word ptr [bp + 0x28e]
0x16122: int 0x21
0x16124: mov ax, 0x4202
0x16127: xor cx, cx
0x16129: mov dx, cx
0x1612b: int 0x21
0x1612d: sub ax, 0x19b
0x16130: mov dx, ax
2018-12-25T11:41:55.491298821Z 78 PC: 1617b | Find first file
2018-12-25T11:41:55.496974324Z 61 PC: 16194 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:55.503097168Z 66 PC: 1619b | Move file pointer
2018-12-25T11:41:55.50525986Z 66 PC: 161a0 | Move file pointer
2018-12-25T11:41:55.506480873Z 66 PC: 161aa | Move file pointer
2018-12-25T11:41:55.507649902Z 63 PC: 161b6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:55.509661027Z 66 PC: 161e3 | Move file pointer
2018-12-25T11:41:55.510877035Z 63 PC: 161ef | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:55.516857569Z 66 PC: 16202 | Move file pointer
2018-12-25T11:41:55.518473639Z 64 PC: 1620d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:55.521099798Z 66 PC: 16216 | Move file pointer
2018-12-25T11:41:55.522360219Z 64 PC: 16221 | Write file or device (Write 411 bytes on handle 5)
2018-12-25T11:41:55.537549454Z 62 PC: 16225 | Close file
2018-12-25T11:41:55.545606621Z 9 PC: 12a47 | Display string (String= '�THIS IS A GOAT FILE�-D11nmdc-  [13.03.2002] D11N009.COM > 14.000 (36B0h) ... ')