Sample viewer

vx.netlux.org/Virus.DOS.Deviant.720

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:44:30.04130128Z 47 PC: 12bad | Get disk transfer address
2018-12-17T22:44:30.043739831Z 26 PC: 12bb9 | Set disk transfer address
2018-12-17T22:44:30.045374371Z 78 PC: 12bc4 | Find first file
2018-12-17T22:44:30.052324053Z 67 PC: 12bd2 | Get or set file attributes
2018-12-17T22:44:30.060110437Z 67 PC: 12be2 | Get or set file attributes
2018-12-17T22:44:30.080481076Z 61 PC: 12bf2 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:44:30.087932742Z 63 PC: 12c0c | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:44:30.098116749Z 66 PC: 12c53 | Move file pointer
2018-12-17T22:44:30.10011929Z 64 PC: 12c5e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:44:30.103285857Z 66 PC: 12c67 | Move file pointer
2018-12-17T22:44:30.105615162Z 64 PC: 12c72 | Write file or device (Write 720 bytes on handle 5)
2018-12-17T22:44:30.126591349Z 87 PC: 12c7f | Get or set file date and time
2018-12-17T22:44:30.129995923Z 62 PC: 12c83 | Close file
2018-12-17T22:44:30.139594591Z 67 PC: 12c92 | Get or set file attributes
2018-12-17T22:44:30.154766817Z 42 PC: 12c96 | Get date 0x12c96: cmp dl, 1
0x12c99: jne 0x12cc3
0x12c9b: mov cx, 0x131
0x12c9e: lea di, word ptr [bp + 0x2a8]
0x12ca2: xor ax, ax
0x12ca4: mov ah, byte ptr [bp + 0x3da]
0x12ca8: inc di
0x12ca9: mov al, byte ptr [di]
0x12cab: xor al, ah
0x12cad: mov byte ptr [di], al
0x12caf: loop 0x12ca8
0x12cb1: mov ah, 9
0x12cb3: lea dx, word ptr [bp + 0x2a9]
0x12cb7: int 0x21
0x12cb9: lea dx, word ptr [bp + 0x3bb]
0x12cbd: int 0x21
0x12cbf: mov ah, 8
0x12cc1: int 0x21
0x12cc3: cmp word ptr [0x100], 0x1f0e
0x12cc9: jne 0x12ccf
2018-12-17T22:44:30.158402956Z 26 PC: 12cd7 | Set disk transfer address
2018-12-17T22:44:30.160475509Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:44:30.16853238Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8238,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:58.678489393Z 47 PC: 12bad | Get disk transfer address
2018-12-25T12:03:58.687708536Z 26 PC: 12bb9 | Set disk transfer address
2018-12-25T12:03:58.689005189Z 78 PC: 12bc4 | Find first file
2018-12-25T12:03:58.695125623Z 67 PC: 12bd2 | Get or set file attributes
2018-12-25T12:03:58.701571718Z 67 PC: 12be2 | Get or set file attributes
2018-12-25T12:03:58.720238481Z 61 PC: 12bf2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:58.726762063Z 63 PC: 12c0c | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:03:58.732966576Z 66 PC: 12c53 | Move file pointer
2018-12-25T12:03:58.735062687Z 64 PC: 12c5e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:03:58.737939236Z 66 PC: 12c67 | Move file pointer
2018-12-25T12:03:58.739487492Z 64 PC: 12c72 | Write file or device (Write 720 bytes on handle 5)
2018-12-25T12:03:58.752366419Z 87 PC: 12c7f | Get or set file date and time
2018-12-25T12:03:58.754109178Z 62 PC: 12c83 | Close file
2018-12-25T12:03:58.761775763Z 67 PC: 12c92 | Get or set file attributes
2018-12-25T12:03:58.772136634Z 42 PC: 12c96 | Get date 0x12c96: cmp dl, 1
0x12c99: jne 0x12cc3
0x12c9b: mov cx, 0x131
0x12c9e: lea di, word ptr [bp + 0x2a8]
0x12ca2: xor ax, ax
0x12ca4: mov ah, byte ptr [bp + 0x3da]
0x12ca8: inc di
0x12ca9: mov al, byte ptr [di]
0x12cab: xor al, ah
0x12cad: mov byte ptr [di], al
0x12caf: loop 0x12ca8
0x12cb1: mov ah, 9
0x12cb3: lea dx, word ptr [bp + 0x2a9]
0x12cb7: int 0x21
0x12cb9: lea dx, word ptr [bp + 0x3bb]
0x12cbd: int 0x21
0x12cbf: mov ah, 8
0x12cc1: int 0x21
0x12cc3: cmp word ptr [0x100], 0x1f0e
0x12cc9: jne 0x12ccf
2018-12-25T12:03:58.774303318Z 26 PC: 12cd7 | Set disk transfer address
2018-12-25T12:03:58.77537018Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:03:58.781319036Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8238,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:59.362463107Z 47 PC: 12bad | Get disk transfer address
2018-12-25T12:03:59.364362562Z 26 PC: 12bb9 | Set disk transfer address
2018-12-25T12:03:59.3655808Z 78 PC: 12bc4 | Find first file
2018-12-25T12:03:59.371609201Z 67 PC: 12bd2 | Get or set file attributes
2018-12-25T12:03:59.378272848Z 67 PC: 12be2 | Get or set file attributes
2018-12-25T12:03:59.936076309Z 61 PC: 12bf2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:59.943412074Z 63 PC: 12c0c | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:03:59.950764093Z 66 PC: 12c53 | Move file pointer
2018-12-25T12:03:59.952459416Z 64 PC: 12c5e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:03:59.955301845Z 66 PC: 12c67 | Move file pointer
2018-12-25T12:03:59.956838928Z 64 PC: 12c72 | Write file or device (Write 720 bytes on handle 5)
2018-12-25T12:03:59.965281079Z 87 PC: 12c7f | Get or set file date and time
2018-12-25T12:03:59.966606068Z 62 PC: 12c83 | Close file
2018-12-25T12:03:59.973965609Z 67 PC: 12c92 | Get or set file attributes
2018-12-25T12:03:59.983997787Z 42 PC: 12c96 | Get date 0x12c96: cmp dl, 1
0x12c99: jne 0x12cc3
0x12c9b: mov cx, 0x131
0x12c9e: lea di, word ptr [bp + 0x2a8]
0x12ca2: xor ax, ax
0x12ca4: mov ah, byte ptr [bp + 0x3da]
0x12ca8: inc di
0x12ca9: mov al, byte ptr [di]
0x12cab: xor al, ah
0x12cad: mov byte ptr [di], al
0x12caf: loop 0x12ca8
0x12cb1: mov ah, 9
0x12cb3: lea dx, word ptr [bp + 0x2a9]
0x12cb7: int 0x21
0x12cb9: lea dx, word ptr [bp + 0x3bb]
0x12cbd: int 0x21
0x12cbf: mov ah, 8
0x12cc1: int 0x21
0x12cc3: cmp word ptr [0x100], 0x1f0e
0x12cc9: jne 0x12ccf
2018-12-25T12:03:59.986050356Z 9 PC: 12cb9 | Display string (Could not find end pointer)
2018-12-25T12:04:00.001218717Z 9 PC: 12cbf | Display string (String= ' Punch a key to continue... ')
2018-12-25T12:04:00.008699239Z 8 PC: 12cc3 | Console input without echo