Sample viewer

vx.netlux.org/Virus.DOS.Vnu.422

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:58:06.264691216Z 78 PC: 13ea4 | Find first file
2018-12-17T21:58:06.271592107Z 61 PC: 13ec8 | Open file (Filename = 'SLEEP.COM')
2018-12-17T21:58:06.278001938Z 63 PC: 13ee0 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T21:58:06.284514027Z 66 PC: 13ef8 | Move file pointer
2018-12-17T21:58:06.285874109Z 66 PC: 13f19 | Move file pointer
2018-12-17T21:58:06.287876491Z 64 PC: 13f24 | Write file or device (Write 6 bytes on handle 5)
2018-12-17T21:58:06.290358428Z 66 PC: 13f2d | Move file pointer
2018-12-17T21:58:06.291530665Z 64 PC: 13f38 | Write file or device (Write 32 bytes on handle 5)
2018-12-17T21:58:06.294068969Z 64 PC: 13f60 | Write file or device (Write 390 bytes on handle 5)
2018-12-17T21:58:06.305524379Z 62 PC: 13f64 | Close file
2018-12-17T21:58:06.313281447Z 79 PC: 13ea4 | Find next file
2018-12-17T21:58:06.316533833Z 61 PC: 13ec8 | Open file (Filename = 'PRINT.COM')
2018-12-17T21:58:06.32278517Z 63 PC: 13ee0 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T21:58:06.329123921Z 66 PC: 13ef8 | Move file pointer
2018-12-17T21:58:06.331631762Z 62 PC: 13f64 | Close file
2018-12-17T21:58:06.33351465Z 79 PC: 13ea4 | Find next file
2018-12-17T21:58:06.336848397Z 61 PC: 13ec8 | Open file (Filename = 'HELLO.COM')
2018-12-17T21:58:06.343727708Z 63 PC: 13ee0 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T21:58:06.350451699Z 66 PC: 13ef8 | Move file pointer
2018-12-17T21:58:06.352356081Z 62 PC: 13f64 | Close file
2018-12-17T21:58:06.355550928Z 79 PC: 13ea4 | Find next file
2018-12-17T21:58:06.35864052Z 61 PC: 13ec8 | Open file (Filename = 'PHANG.COM')
2018-12-17T21:58:06.365009626Z 63 PC: 13ee0 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T21:58:06.371876267Z 66 PC: 13ef8 | Move file pointer
2018-12-17T21:58:06.374137941Z 62 PC: 13f64 | Close file
2018-12-17T21:58:06.376176943Z 79 PC: 13ea4 | Find next file
2018-12-17T21:58:06.379439689Z 61 PC: 13ec8 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T21:58:06.385541988Z 63 PC: 13ee0 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T21:58:06.391323923Z 66 PC: 13ef8 | Move file pointer
2018-12-17T21:58:06.39315163Z 62 PC: 13f64 | Close file
2018-12-17T21:58:06.394653596Z 79 PC: 13ea4 | Find next file
2018-12-17T21:58:06.396615986Z 61 PC: 13ec8 | Open file (Filename = 'MANDEL.COM')
2018-12-17T21:58:06.401195902Z 63 PC: 13ee0 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T21:58:06.409198191Z 66 PC: 13ef8 | Move file pointer
2018-12-17T21:58:06.410911793Z 66 PC: 13f19 | Move file pointer
2018-12-17T21:58:06.413062127Z 64 PC: 13f24 | Write file or device (Write 6 bytes on handle 5)
2018-12-17T21:58:06.416178972Z 66 PC: 13f2d | Move file pointer
2018-12-17T21:58:06.418126315Z 64 PC: 13f38 | Write file or device (Write 32 bytes on handle 5)
2018-12-17T21:58:06.428767147Z 64 PC: 13f60 | Write file or device (Write 390 bytes on handle 5)
2018-12-17T21:58:06.431674453Z 62 PC: 13f64 | Close file
2018-12-17T21:58:06.441292878Z 79 PC: 13ea4 | Find next file
2018-12-17T21:58:06.448174416Z 61 PC: 13ec8 | Open file (Filename = 'PAH.COM')
2018-12-17T21:58:06.455994782Z 63 PC: 13ee0 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T21:58:06.462389159Z 66 PC: 13ef8 | Move file pointer
2018-12-17T21:58:06.46429923Z 62 PC: 13f64 | Close file
2018-12-17T21:58:06.46658659Z 79 PC: 13ea4 | Find next file
2018-12-17T21:58:06.469294157Z 61 PC: 13ec8 | Open file (Filename = 'TEST.COM')
2018-12-17T21:58:06.476187871Z 63 PC: 13ee0 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T21:58:06.480038757Z 62 PC: 13f64 | Close file
2018-12-17T21:58:06.481717859Z 79 PC: 13ea4 | Find next file
2018-12-17T21:58:06.484240235Z 44 PC: 13f78 | Get time 0x13f78: cmp ch, 9
0x13f7b: je 0x13f82
0x13f7d: mov ax, 0x100
0x13f80: jmp ax
0x13f82: mov ah, 0x3c
0x13f84: mov cx, 0x20
0x13f87: lea dx, word ptr [bp + 0x28b]
0x13f8b: int 0x21
0x13f8d: jb 0x13f92
0x13f8f: jmp 0x13f9c
0x13f91: nop
0x13f92: mov al, byte ptr [0x28b]
0x13f95: inc al
0x13f97: mov byte ptr [0x28b], al
0x13f9a: jmp 0x13f82
0x13f9c: xchg ax, bx
0x13f9d: mov ah, 0x40
0x13f9f: lea dx, word ptr [bp + 0x140]
0x13fa3: mov cx, 0x2d
0x13fa6: int 0x21
2018-12-17T21:58:06.487381414Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T21:58:06.492720274Z 0 PC: 12a89 | Program terminate

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":896,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:57.30612556Z 78 PC: 13ea4 | Find first file
2018-12-25T11:41:57.313499874Z 61 PC: 13ec8 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:57.322274782Z 63 PC: 13ee0 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T11:41:57.329051848Z 66 PC: 13ef8 | Move file pointer
2018-12-25T11:41:57.33084607Z 66 PC: 13f19 | Move file pointer
2018-12-25T11:41:57.334041097Z 64 PC: 13f24 | Write file or device (Write 6 bytes on handle 5)
2018-12-25T11:41:57.337069967Z 66 PC: 13f2d | Move file pointer
2018-12-25T11:41:57.338684383Z 64 PC: 13f38 | Write file or device (Write 32 bytes on handle 5)
2018-12-25T11:41:57.342557965Z 64 PC: 13f60 | Write file or device (Write 390 bytes on handle 5)
2018-12-25T11:41:57.358370211Z 62 PC: 13f64 | Close file
2018-12-25T11:41:57.374881953Z 79 PC: 13ea4 | Find next file (See above)
2018-12-25T11:41:57.380058094Z 61 PC: 13ec8 | Open file (See above)
2018-12-25T11:41:57.396031625Z 63 PC: 13ee0 | Read file or device (See above)
2018-12-25T11:41:57.404643979Z 66 PC: 13ef8 | Move file pointer (See above)
2018-12-25T11:41:57.40699398Z 62 PC: 13f64 | Close file (See above)
2018-12-25T11:41:57.410828117Z 79 PC: 13ea4 | Find next file (See above)
2018-12-25T11:41:57.416306434Z 61 PC: 13ec8 | Open file (See above)
2018-12-25T11:41:57.426320629Z 63 PC: 13ee0 | Read file or device (See above)
2018-12-25T11:41:57.436851877Z 66 PC: 13ef8 | Move file pointer (See above)
2018-12-25T11:41:57.439489378Z 62 PC: 13f64 | Close file (See above)
2018-12-25T11:41:57.442495805Z 79 PC: 13ea4 | Find next file (See above)
2018-12-25T11:41:57.449581869Z 61 PC: 13ec8 | Open file (See above)
2018-12-25T11:41:57.457835462Z 63 PC: 13ee0 | Read file or device (See above)
2018-12-25T11:41:57.465382948Z 66 PC: 13ef8 | Move file pointer (See above)
2018-12-25T11:41:57.468112842Z 62 PC: 13f64 | Close file (See above)
2018-12-25T11:41:57.477153104Z 79 PC: 13ea4 | Find next file (See above)
2018-12-25T11:41:57.480303575Z 61 PC: 13ec8 | Open file (See above)
2018-12-25T11:41:57.488390865Z 63 PC: 13ee0 | Read file or device (See above)
2018-12-25T11:41:57.495731871Z 66 PC: 13ef8 | Move file pointer (See above)
2018-12-25T11:41:57.497367095Z 62 PC: 13f64 | Close file (See above)
2018-12-25T11:41:57.500132481Z 79 PC: 13ea4 | Find next file (See above)
2018-12-25T11:41:57.50334786Z 61 PC: 13ec8 | Open file (See above)
2018-12-25T11:41:57.510952332Z 63 PC: 13ee0 | Read file or device (See above)
2018-12-25T11:41:57.520235215Z 66 PC: 13ef8 | Move file pointer (See above)
2018-12-25T11:41:57.522489827Z 66 PC: 13f19 | Move file pointer (See above)
2018-12-25T11:41:57.524461491Z 64 PC: 13f24 | Write file or device (See above)
2018-12-25T11:41:57.527786384Z 66 PC: 13f2d | Move file pointer (See above)
2018-12-25T11:41:57.533186254Z 64 PC: 13f38 | Write file or device (See above)
2018-12-25T11:41:57.542949475Z 64 PC: 13f60 | Write file or device (See above)
2018-12-25T11:41:57.546306834Z 62 PC: 13f64 | Close file (See above)
2018-12-25T11:41:57.555253014Z 79 PC: 13ea4 | Find next file (See above)
2018-12-25T11:41:57.558120448Z 61 PC: 13ec8 | Open file (See above)
2018-12-25T11:41:57.565363744Z 63 PC: 13ee0 | Read file or device (See above)
2018-12-25T11:41:57.57285693Z 66 PC: 13ef8 | Move file pointer (See above)
2018-12-25T11:41:57.574650241Z 62 PC: 13f64 | Close file (See above)
2018-12-25T11:41:57.576739095Z 79 PC: 13ea4 | Find next file (See above)
2018-12-25T11:41:57.580329632Z 61 PC: 13ec8 | Open file (See above)
2018-12-25T11:41:57.588521848Z 63 PC: 13ee0 | Read file or device (See above)
2018-12-25T11:41:57.591365611Z 62 PC: 13f64 | Close file (See above)
2018-12-25T11:41:57.593779616Z 79 PC: 13ea4 | Find next file (See above)
2018-12-25T11:41:57.596437314Z 44 PC: 13f78 | Get time 0x13f78: cmp ch, 9
0x13f7b: je 0x13f82
0x13f7d: mov ax, 0x100
0x13f80: jmp ax
0x13f82: mov ah, 0x3c
0x13f84: mov cx, 0x20
0x13f87: lea dx, word ptr [bp + 0x28b]
0x13f8b: int 0x21
0x13f8d: jb 0x13f92
0x13f8f: jmp 0x13f9c
0x13f91: nop
0x13f92: mov al, byte ptr [0x28b]
0x13f95: inc al
0x13f97: mov byte ptr [0x28b], al
0x13f9a: jmp 0x13f82
0x13f9c: xchg ax, bx
0x13f9d: mov ah, 0x40
0x13f9f: lea dx, word ptr [bp + 0x140]
0x13fa3: mov cx, 0x2d
0x13fa6: int 0x21
2018-12-25T11:41:57.598980148Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T11:41:57.605857777Z 0 PC: 12a89 | Program terminate

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":9,"Min":0,"Second":0,"TimeBased":true,"OriginalID":896,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:57.374078756Z 78 PC: 13ea4 | Find first file
2018-12-25T11:41:57.380234728Z 61 PC: 13ec8 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:57.38426532Z 63 PC: 13ee0 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T11:41:57.38859366Z 66 PC: 13ef8 | Move file pointer
2018-12-25T11:41:57.39026896Z 66 PC: 13f19 | Move file pointer
2018-12-25T11:41:57.392331845Z 64 PC: 13f24 | Write file or device (Write 6 bytes on handle 5)
2018-12-25T11:41:57.394860145Z 66 PC: 13f2d | Move file pointer
2018-12-25T11:41:57.396198082Z 64 PC: 13f38 | Write file or device (Write 32 bytes on handle 5)
2018-12-25T11:41:57.399509339Z 64 PC: 13f60 | Write file or device (Write 390 bytes on handle 5)
2018-12-25T11:41:57.412725637Z 62 PC: 13f64 | Close file
2018-12-25T11:41:57.420677887Z 79 PC: 13ea4 | Find next file (See above)
2018-12-25T11:41:57.424256462Z 61 PC: 13ec8 | Open file (See above)
2018-12-25T11:41:57.431344556Z 63 PC: 13ee0 | Read file or device (See above)
2018-12-25T11:41:57.437643572Z 66 PC: 13ef8 | Move file pointer (See above)
2018-12-25T11:41:57.43972063Z 62 PC: 13f64 | Close file (See above)
2018-12-25T11:41:57.441330576Z 79 PC: 13ea4 | Find next file (See above)
2018-12-25T11:41:57.444614548Z 61 PC: 13ec8 | Open file (See above)
2018-12-25T11:41:57.451205347Z 63 PC: 13ee0 | Read file or device (See above)
2018-12-25T11:41:57.455248351Z 66 PC: 13ef8 | Move file pointer (See above)
2018-12-25T11:41:57.456258848Z 62 PC: 13f64 | Close file (See above)
2018-12-25T11:41:57.457832973Z 79 PC: 13ea4 | Find next file (See above)
2018-12-25T11:41:57.459717167Z 61 PC: 13ec8 | Open file (See above)
2018-12-25T11:41:57.463650208Z 63 PC: 13ee0 | Read file or device (See above)
2018-12-25T11:41:57.467868839Z 66 PC: 13ef8 | Move file pointer (See above)
2018-12-25T11:41:57.469062169Z 62 PC: 13f64 | Close file (See above)
2018-12-25T11:41:57.470187996Z 79 PC: 13ea4 | Find next file (See above)
2018-12-25T11:41:57.472225507Z 61 PC: 13ec8 | Open file (See above)
2018-12-25T11:41:57.476317396Z 63 PC: 13ee0 | Read file or device (See above)
2018-12-25T11:41:57.482515608Z 66 PC: 13ef8 | Move file pointer (See above)
2018-12-25T11:41:57.483921303Z 62 PC: 13f64 | Close file (See above)
2018-12-25T11:41:57.490562991Z 79 PC: 13ea4 | Find next file (See above)
2018-12-25T11:41:57.492986604Z 61 PC: 13ec8 | Open file (See above)
2018-12-25T11:41:57.499994895Z 63 PC: 13ee0 | Read file or device (See above)
2018-12-25T11:41:57.506230585Z 66 PC: 13ef8 | Move file pointer (See above)
2018-12-25T11:41:57.5071871Z 66 PC: 13f19 | Move file pointer (See above)
2018-12-25T11:41:57.508264605Z 64 PC: 13f24 | Write file or device (See above)
2018-12-25T11:41:57.511836066Z 66 PC: 13f2d | Move file pointer (See above)
2018-12-25T11:41:57.51345071Z 64 PC: 13f38 | Write file or device (See above)
2018-12-25T11:41:57.521772502Z 64 PC: 13f60 | Write file or device (See above)
2018-12-25T11:41:57.525117832Z 62 PC: 13f64 | Close file (See above)
2018-12-25T11:41:57.533294362Z 79 PC: 13ea4 | Find next file (See above)
2018-12-25T11:41:57.536129119Z 61 PC: 13ec8 | Open file (See above)
2018-12-25T11:41:57.542856579Z 63 PC: 13ee0 | Read file or device (See above)
2018-12-25T11:41:57.549161705Z 66 PC: 13ef8 | Move file pointer (See above)
2018-12-25T11:41:57.550701276Z 62 PC: 13f64 | Close file (See above)
2018-12-25T11:41:57.55288026Z 79 PC: 13ea4 | Find next file (See above)
2018-12-25T11:41:57.55586434Z 61 PC: 13ec8 | Open file (See above)
2018-12-25T11:41:57.562522551Z 63 PC: 13ee0 | Read file or device (See above)
2018-12-25T11:41:57.566504573Z 62 PC: 13f64 | Close file (See above)
2018-12-25T11:41:57.568351782Z 79 PC: 13ea4 | Find next file (See above)
2018-12-25T11:41:57.570629642Z 44 PC: 13f78 | Get time 0x13f78: cmp ch, 9
0x13f7b: je 0x13f82
0x13f7d: mov ax, 0x100
0x13f80: jmp ax
0x13f82: mov ah, 0x3c
0x13f84: mov cx, 0x20
0x13f87: lea dx, word ptr [bp + 0x28b]
0x13f8b: int 0x21
0x13f8d: jb 0x13f92
0x13f8f: jmp 0x13f9c
0x13f91: nop
0x13f92: mov al, byte ptr [0x28b]
0x13f95: inc al
0x13f97: mov byte ptr [0x28b], al
0x13f9a: jmp 0x13f82
0x13f9c: xchg ax, bx
0x13f9d: mov ah, 0x40
0x13f9f: lea dx, word ptr [bp + 0x140]
0x13fa3: mov cx, 0x2d
0x13fa6: int 0x21
2018-12-25T11:41:57.573285598Z 60 PC: 13f8d | Create or truncate file
2018-12-25T11:41:57.922481397Z 64 PC: 13fa8 | Write file or device (Write 45 bytes on handle 5)
2018-12-25T11:41:57.930509177Z 61 PC: 13fac | Open file (Filename = 'Dedicated to Goofy��')
2018-12-25T11:41:57.936018862Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T11:41:57.942722226Z 0 PC: 12a89 | Program terminate