Sample viewer

vx.netlux.org/Virus.DOS.BetaBoys.Maz.459.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:44:25.658935731Z	26	PC: 13eaa \| Set disk transfer address
2018-12-17T22:44:25.662538858Z	78	PC: 13eb5 \| Find first file
2018-12-17T22:44:25.668884816Z	61	PC: 13edb \| Open file (Filename = 'C:\Command.Com')
2018-12-17T22:44:25.675517801Z	66	PC: 13ee9 \| Move file pointer
2018-12-17T22:44:25.677932977Z	66	PC: 13ef8 \| Move file pointer
2018-12-17T22:44:25.679838518Z	63	PC: 13f03 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:44:25.683065741Z	66	PC: 13f1d \| Move file pointer
2018-12-17T22:44:25.68507926Z	63	PC: 13f2c \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:44:25.688098085Z	66	PC: 13f37 \| Move file pointer
2018-12-17T22:44:25.689493595Z	64	PC: 13f4e \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:44:25.692297077Z	66	PC: 13f59 \| Move file pointer
2018-12-17T22:44:25.698504846Z	64	PC: 13f65 \| Write file or device (Write 456 bytes on handle 5)
2018-12-17T22:44:26.018987742Z	64	PC: 13f74 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:44:26.028050947Z	62	PC: 13f7b \| Close file
2018-12-17T22:44:26.035561315Z	65	PC: 13f83 \| Delete file (Filename = '\windows\win.com')
2018-12-17T22:44:26.039920145Z	42	PC: 13f87 \| Get date 0x13f87: cmp dh, 2 0x13f8a: jne 0x13fca 0x13f8c: cmp dl, 0x17 0x13f8f: je 0x13f9e 0x13f91: cmp dl, 0x18 0x13f94: je 0x13fac 0x13f96: cmp dl, 0x19 0x13f99: je 0x13fba 0x13f9b: jmp 0x13fca 0x13f9d: nop 0x13f9e: mov ah, 0x3c 0x13fa0: lea dx, word ptr [si + 0x119] 0x13fa4: mov cx, 1 0x13fa7: int 0x21 0x13fa9: jmp 0x13fca 0x13fab: nop 0x13fac: mov ah, 0x3c 0x13fae: lea dx, word ptr [si + 0x129] 0x13fb2: mov cx, 1 0x13fb5: int 0x21
2018-12-17T22:44:26.041820284Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T22:44:26.045581033Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8207,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:50.609175715Z	26	PC: 13eaa \| Set disk transfer address
2018-12-25T12:03:50.611332238Z	78	PC: 13eb5 \| Find first file
2018-12-25T12:03:50.617492441Z	61	PC: 13edb \| Open file (Filename = 'C:\Command.Com')
2018-12-25T12:03:50.623629263Z	66	PC: 13ee9 \| Move file pointer
2018-12-25T12:03:50.625862478Z	66	PC: 13ef8 \| Move file pointer
2018-12-25T12:03:50.627128397Z	63	PC: 13f03 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:03:50.629999729Z	66	PC: 13f1d \| Move file pointer
2018-12-25T12:03:50.632502266Z	63	PC: 13f2c \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:03:50.635306235Z	66	PC: 13f37 \| Move file pointer
2018-12-25T12:03:50.636861222Z	64	PC: 13f4e \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:03:50.639979534Z	66	PC: 13f59 \| Move file pointer
2018-12-25T12:03:50.642403581Z	64	PC: 13f65 \| Write file or device (Write 456 bytes on handle 5)
2018-12-25T12:03:51.298342952Z	64	PC: 13f74 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:03:51.301463134Z	62	PC: 13f7b \| Close file
2018-12-25T12:03:51.61794948Z	65	PC: 13f83 \| Delete file (Filename = '\windows\win.com')
2018-12-25T12:03:51.624969885Z	42	PC: 13f87 \| Get date 0x13f87: cmp dh, 2 0x13f8a: jne 0x13fca 0x13f8c: cmp dl, 0x17 0x13f8f: je 0x13f9e 0x13f91: cmp dl, 0x18 0x13f94: je 0x13fac 0x13f96: cmp dl, 0x19 0x13f99: je 0x13fba 0x13f9b: jmp 0x13fca 0x13f9d: nop 0x13f9e: mov ah, 0x3c 0x13fa0: lea dx, word ptr [si + 0x119] 0x13fa4: mov cx, 1 0x13fa7: int 0x21 0x13fa9: jmp 0x13fca 0x13fab: nop 0x13fac: mov ah, 0x3c 0x13fae: lea dx, word ptr [si + 0x129] 0x13fb2: mov cx, 1 0x13fb5: int 0x21
2018-12-25T12:03:51.627535503Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:03:51.636141593Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8207,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:50.669019304Z	26	PC: 13eaa \| Set disk transfer address
2018-12-25T12:03:50.671256433Z	78	PC: 13eb5 \| Find first file
2018-12-25T12:03:50.677730187Z	61	PC: 13edb \| Open file (Filename = 'C:\Command.Com')
2018-12-25T12:03:50.683762754Z	66	PC: 13ee9 \| Move file pointer
2018-12-25T12:03:50.68977121Z	66	PC: 13ef8 \| Move file pointer
2018-12-25T12:03:50.692154014Z	63	PC: 13f03 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:03:50.695950084Z	66	PC: 13f1d \| Move file pointer
2018-12-25T12:03:50.698976078Z	63	PC: 13f2c \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:03:50.701869731Z	66	PC: 13f37 \| Move file pointer
2018-12-25T12:03:50.703559843Z	64	PC: 13f4e \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:03:50.706294845Z	66	PC: 13f59 \| Move file pointer
2018-12-25T12:03:50.715433422Z	64	PC: 13f65 \| Write file or device (Write 456 bytes on handle 5)
2018-12-25T12:03:51.295873649Z	64	PC: 13f74 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:03:51.298990348Z	62	PC: 13f7b \| Close file
2018-12-25T12:03:51.509109107Z	65	PC: 13f83 \| Delete file (Filename = '\windows\win.com')
2018-12-25T12:03:51.515317462Z	42	PC: 13f87 \| Get date 0x13f87: cmp dh, 2 0x13f8a: jne 0x13fca 0x13f8c: cmp dl, 0x17 0x13f8f: je 0x13f9e 0x13f91: cmp dl, 0x18 0x13f94: je 0x13fac 0x13f96: cmp dl, 0x19 0x13f99: je 0x13fba 0x13f9b: jmp 0x13fca 0x13f9d: nop 0x13f9e: mov ah, 0x3c 0x13fa0: lea dx, word ptr [si + 0x119] 0x13fa4: mov cx, 1 0x13fa7: int 0x21 0x13fa9: jmp 0x13fca 0x13fab: nop 0x13fac: mov ah, 0x3c 0x13fae: lea dx, word ptr [si + 0x129] 0x13fb2: mov cx, 1 0x13fb5: int 0x21
2018-12-25T12:03:51.517810463Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:03:51.523301231Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":23,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8207,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:50.796455805Z	26	PC: 13eaa \| Set disk transfer address
2018-12-25T12:03:50.798149454Z	78	PC: 13eb5 \| Find first file
2018-12-25T12:03:50.803488366Z	61	PC: 13edb \| Open file (Filename = 'C:\Command.Com')
2018-12-25T12:03:50.808851866Z	66	PC: 13ee9 \| Move file pointer
2018-12-25T12:03:50.810528473Z	66	PC: 13ef8 \| Move file pointer
2018-12-25T12:03:50.812622206Z	63	PC: 13f03 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:03:50.816760398Z	66	PC: 13f1d \| Move file pointer
2018-12-25T12:03:50.818945433Z	63	PC: 13f2c \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:03:50.821998784Z	66	PC: 13f37 \| Move file pointer
2018-12-25T12:03:50.823447561Z	64	PC: 13f4e \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:03:50.826142392Z	66	PC: 13f59 \| Move file pointer
2018-12-25T12:03:50.828128065Z	64	PC: 13f65 \| Write file or device (Write 456 bytes on handle 5)
2018-12-25T12:03:51.166517561Z	64	PC: 13f74 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:03:51.169473088Z	62	PC: 13f7b \| Close file
2018-12-25T12:03:51.17842527Z	65	PC: 13f83 \| Delete file (Filename = '\windows\win.com')
2018-12-25T12:03:51.184900599Z	42	PC: 13f87 \| Get date 0x13f87: cmp dh, 2 0x13f8a: jne 0x13fca 0x13f8c: cmp dl, 0x17 0x13f8f: je 0x13f9e 0x13f91: cmp dl, 0x18 0x13f94: je 0x13fac 0x13f96: cmp dl, 0x19 0x13f99: je 0x13fba 0x13f9b: jmp 0x13fca 0x13f9d: nop 0x13f9e: mov ah, 0x3c 0x13fa0: lea dx, word ptr [si + 0x119] 0x13fa4: mov cx, 1 0x13fa7: int 0x21 0x13fa9: jmp 0x13fca 0x13fab: nop 0x13fac: mov ah, 0x3c 0x13fae: lea dx, word ptr [si + 0x129] 0x13fb2: mov cx, 1 0x13fb5: int 0x21
2018-12-25T12:03:51.187217416Z	60	PC: 13fa9 \| Create or truncate file
2018-12-25T12:03:51.200980182Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:03:51.20700491Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":24,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8207,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:51.24889536Z	26	PC: 13eaa \| Set disk transfer address
2018-12-25T12:03:51.250778582Z	78	PC: 13eb5 \| Find first file
2018-12-25T12:03:51.25454117Z	61	PC: 13edb \| Open file (Filename = 'C:\Command.Com')
2018-12-25T12:03:51.26101557Z	66	PC: 13ee9 \| Move file pointer
2018-12-25T12:03:51.263750278Z	66	PC: 13ef8 \| Move file pointer
2018-12-25T12:03:51.265320191Z	63	PC: 13f03 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:03:51.26843621Z	66	PC: 13f1d \| Move file pointer
2018-12-25T12:03:51.270293807Z	63	PC: 13f2c \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:03:51.273547129Z	66	PC: 13f37 \| Move file pointer
2018-12-25T12:03:51.275717446Z	64	PC: 13f4e \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:03:51.280294963Z	66	PC: 13f59 \| Move file pointer
2018-12-25T12:03:51.292159557Z	64	PC: 13f65 \| Write file or device (Write 456 bytes on handle 5)
2018-12-25T12:03:51.618542786Z	64	PC: 13f74 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:03:51.621540664Z	62	PC: 13f7b \| Close file
2018-12-25T12:03:51.629622512Z	65	PC: 13f83 \| Delete file (Filename = '\windows\win.com')
2018-12-25T12:03:51.635623782Z	42	PC: 13f87 \| Get date 0x13f87: cmp dh, 2 0x13f8a: jne 0x13fca 0x13f8c: cmp dl, 0x17 0x13f8f: je 0x13f9e 0x13f91: cmp dl, 0x18 0x13f94: je 0x13fac 0x13f96: cmp dl, 0x19 0x13f99: je 0x13fba 0x13f9b: jmp 0x13fca 0x13f9d: nop 0x13f9e: mov ah, 0x3c 0x13fa0: lea dx, word ptr [si + 0x119] 0x13fa4: mov cx, 1 0x13fa7: int 0x21 0x13fa9: jmp 0x13fca 0x13fab: nop 0x13fac: mov ah, 0x3c 0x13fae: lea dx, word ptr [si + 0x129] 0x13fb2: mov cx, 1 0x13fb5: int 0x21
2018-12-25T12:03:51.637752472Z	60	PC: 13fb7 \| Create or truncate file
2018-12-25T12:03:51.650756038Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:03:51.656456139Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":25,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8207,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:51.725136094Z	26	PC: 13eaa \| Set disk transfer address
2018-12-25T12:03:51.736101152Z	78	PC: 13eb5 \| Find first file
2018-12-25T12:03:51.742866018Z	61	PC: 13edb \| Open file (Filename = 'C:\Command.Com')
2018-12-25T12:03:51.749947797Z	66	PC: 13ee9 \| Move file pointer
2018-12-25T12:03:51.751896365Z	66	PC: 13ef8 \| Move file pointer
2018-12-25T12:03:51.753718985Z	63	PC: 13f03 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:03:51.757306063Z	66	PC: 13f1d \| Move file pointer
2018-12-25T12:03:51.758950578Z	63	PC: 13f2c \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:03:51.762962485Z	66	PC: 13f37 \| Move file pointer
2018-12-25T12:03:51.764502241Z	64	PC: 13f4e \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:03:51.767450399Z	66	PC: 13f59 \| Move file pointer
2018-12-25T12:03:51.769622381Z	64	PC: 13f65 \| Write file or device (Write 456 bytes on handle 5)
2018-12-25T12:03:52.103646298Z	64	PC: 13f74 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:03:52.107060335Z	62	PC: 13f7b \| Close file
2018-12-25T12:03:52.116567846Z	65	PC: 13f83 \| Delete file (Filename = '\windows\win.com')
2018-12-25T12:03:52.124575833Z	42	PC: 13f87 \| Get date 0x13f87: cmp dh, 2 0x13f8a: jne 0x13fca 0x13f8c: cmp dl, 0x17 0x13f8f: je 0x13f9e 0x13f91: cmp dl, 0x18 0x13f94: je 0x13fac 0x13f96: cmp dl, 0x19 0x13f99: je 0x13fba 0x13f9b: jmp 0x13fca 0x13f9d: nop 0x13f9e: mov ah, 0x3c 0x13fa0: lea dx, word ptr [si + 0x119] 0x13fa4: mov cx, 1 0x13fa7: int 0x21 0x13fa9: jmp 0x13fca 0x13fab: nop 0x13fac: mov ah, 0x3c 0x13fae: lea dx, word ptr [si + 0x129] 0x13fb2: mov cx, 1 0x13fb5: int 0x21