Sample viewer

vx.netlux.org/Virus.DOS.Accept.3773

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:47:21.346014427Z	53	PC: 14c12 \| Get interrupt vector (Interrupt = '126' AKA 'UNKNOWN!')
2018-12-17T22:47:21.348953178Z	53	PC: 12ad0 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:47:21.352550487Z	53	PC: 12aeb \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:47:21.356421159Z	51	PC: 133b3 \| Get or set Ctrl-Break
2018-12-17T22:47:21.358182117Z	74	PC: 12b21 \| Reallocate memory
2018-12-17T22:47:21.360942093Z	82	PC: 1349d \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:47:21.362849156Z	75	PC: 1386e \| Execute program
2018-12-17T22:47:21.379042979Z	53	PC: 16cc2 \| Get interrupt vector (Interrupt = '126' AKA 'UNKNOWN!')
2018-12-17T22:47:21.385647508Z	9	PC: 14b35 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T22:47:21.391802542Z	0	PC: 14b39 \| Program terminate
2018-12-17T22:47:21.39535733Z	49	PC: 12b74 \| Terminate and stay resident (Return code = '0' \| Memory size = '517')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9193,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:41.502826085Z	53	PC: 14c12 \| Get interrupt vector (Interrupt = '126' AKA 'UNKNOWN!')
2018-12-25T12:22:41.513615137Z	53	PC: 12ad0 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:22:41.516059333Z	53	PC: 12aeb \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:41.51736948Z	51	PC: 133b3 \| Get or set Ctrl-Break
2018-12-25T12:22:41.518577182Z	74	PC: 12b21 \| Reallocate memory
2018-12-25T12:22:41.521205568Z	82	PC: 1349d \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:22:41.523366355Z	75	PC: 1386e \| Execute program
2018-12-25T12:22:41.550089441Z	53	PC: 16cc2 \| Get interrupt vector (Interrupt = '126' AKA 'UNKNOWN!')
2018-12-25T12:22:41.552022853Z	9	PC: 14b35 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:22:41.557591391Z	0	PC: 14b39 \| Program terminate
2018-12-25T12:22:41.560793976Z	49	PC: 12b74 \| Terminate and stay resident (Return code = '0' \| Memory size = '517')

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9193,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:41.48410956Z	53	PC: 14c12 \| Get interrupt vector (Interrupt = '126' AKA 'UNKNOWN!')
2018-12-25T12:22:41.487850221Z	53	PC: 12ad0 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:22:41.490909915Z	53	PC: 12aeb \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:41.492807897Z	51	PC: 133b3 \| Get or set Ctrl-Break
2018-12-25T12:22:41.494582582Z	74	PC: 12b21 \| Reallocate memory
2018-12-25T12:22:41.49856803Z	82	PC: 1349d \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:22:41.500286537Z	75	PC: 1386e \| Execute program
2018-12-25T12:22:41.517054473Z	53	PC: 16cc2 \| Get interrupt vector (Interrupt = '126' AKA 'UNKNOWN!')
2018-12-25T12:22:41.518554442Z	9	PC: 14b35 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:22:41.524749105Z	0	PC: 14b39 \| Program terminate
2018-12-25T12:22:41.52800745Z	49	PC: 12b74 \| Terminate and stay resident (Return code = '0' \| Memory size = '517')

{"DateBased":true,"Day":28,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9193,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:41.579525103Z	53	PC: 14c12 \| Get interrupt vector (Interrupt = '126' AKA 'UNKNOWN!')
2018-12-25T12:22:41.582458351Z	53	PC: 12ad0 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:22:41.584872349Z	53	PC: 12aeb \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:41.58613961Z	51	PC: 133b3 \| Get or set Ctrl-Break
2018-12-25T12:22:41.587331564Z	74	PC: 12b21 \| Reallocate memory
2018-12-25T12:22:41.588994895Z	82	PC: 1349d \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:22:41.590419554Z	75	PC: 1386e \| Execute program
2018-12-25T12:22:41.602459856Z	53	PC: 16cc2 \| Get interrupt vector (Interrupt = '126' AKA 'UNKNOWN!')
2018-12-25T12:22:41.604652556Z	9	PC: 14b35 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:22:41.610174336Z	0	PC: 14b39 \| Program terminate
2018-12-25T12:22:41.613355805Z	49	PC: 12b74 \| Terminate and stay resident (Return code = '0' \| Memory size = '517')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9193,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:41.609606468Z	53	PC: 14c12 \| Get interrupt vector (Interrupt = '126' AKA 'UNKNOWN!')
2018-12-25T12:22:41.613139356Z	53	PC: 12ad0 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:22:41.615909319Z	53	PC: 12aeb \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:41.617823383Z	51	PC: 133b3 \| Get or set Ctrl-Break
2018-12-25T12:22:41.619342907Z	74	PC: 12b21 \| Reallocate memory
2018-12-25T12:22:41.622375034Z	82	PC: 1349d \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:22:41.624501076Z	75	PC: 1386e \| Execute program
2018-12-25T12:22:41.641378158Z	53	PC: 16cc2 \| Get interrupt vector (Interrupt = '126' AKA 'UNKNOWN!')
2018-12-25T12:22:41.643793329Z	9	PC: 14b35 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:22:41.650962869Z	0	PC: 14b39 \| Program terminate
2018-12-25T12:22:41.654286446Z	49	PC: 12b74 \| Terminate and stay resident (Return code = '0' \| Memory size = '517')

{"DateBased":true,"Day":20,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9193,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:41.672751081Z	53	PC: 14c12 \| Get interrupt vector (Interrupt = '126' AKA 'UNKNOWN!')
2018-12-25T12:22:41.6766161Z	53	PC: 12ad0 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:22:41.67967078Z	53	PC: 12aeb \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:41.681607227Z	51	PC: 133b3 \| Get or set Ctrl-Break
2018-12-25T12:22:41.683603895Z	74	PC: 12b21 \| Reallocate memory
2018-12-25T12:22:41.687728373Z	82	PC: 1349d \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:22:41.689685033Z	75	PC: 1386e \| Execute program
2018-12-25T12:22:41.706365335Z	53	PC: 16cc2 \| Get interrupt vector (Interrupt = '126' AKA 'UNKNOWN!')
2018-12-25T12:22:41.70824773Z	9	PC: 14b35 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:22:41.714528127Z	0	PC: 14b39 \| Program terminate
2018-12-25T12:22:41.718502369Z	49	PC: 12b74 \| Terminate and stay resident (Return code = '0' \| Memory size = '517')