Sample viewer

vx.netlux.org/Virus.DOS.Vnu.412

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:58:30.715747557Z 78 PC: 13ea2 | Find first file
2018-12-17T21:58:30.722566668Z 61 PC: 13ec4 | Open file (Filename = 'SLEEP.COM')
2018-12-17T21:58:30.730717249Z 63 PC: 13edb | Read file or device (Read 6 bytes on handle 5)
2018-12-17T21:58:30.73690121Z 66 PC: 13ef3 | Move file pointer
2018-12-17T21:58:30.739179288Z 66 PC: 13f13 | Move file pointer
2018-12-17T21:58:30.740627783Z 64 PC: 13f1e | Write file or device (Write 6 bytes on handle 5)
2018-12-17T21:58:30.743987307Z 66 PC: 13f27 | Move file pointer
2018-12-17T21:58:30.749134165Z 64 PC: 13f32 | Write file or device (Write 30 bytes on handle 5)
2018-12-17T21:58:30.751846103Z 64 PC: 13f57 | Write file or device (Write 382 bytes on handle 5)
2018-12-17T21:58:30.76556258Z 62 PC: 13f5b | Close file
2018-12-17T21:58:30.774181656Z 79 PC: 13ea2 | Find next file
2018-12-17T21:58:30.777050741Z 61 PC: 13ec4 | Open file (Filename = 'PRINT.COM')
2018-12-17T21:58:30.783776138Z 63 PC: 13edb | Read file or device (Read 6 bytes on handle 5)
2018-12-17T21:58:30.790327477Z 66 PC: 13ef3 | Move file pointer
2018-12-17T21:58:30.792329946Z 62 PC: 13f5b | Close file
2018-12-17T21:58:30.794195764Z 79 PC: 13ea2 | Find next file
2018-12-17T21:58:30.796966157Z 61 PC: 13ec4 | Open file (Filename = 'HELLO.COM')
2018-12-17T21:58:30.805431324Z 63 PC: 13edb | Read file or device (Read 6 bytes on handle 5)
2018-12-17T21:58:30.812845497Z 66 PC: 13ef3 | Move file pointer
2018-12-17T21:58:30.814514198Z 62 PC: 13f5b | Close file
2018-12-17T21:58:30.816817439Z 79 PC: 13ea2 | Find next file
2018-12-17T21:58:30.818915288Z 61 PC: 13ec4 | Open file (Filename = 'PHANG.COM')
2018-12-17T21:58:30.826057052Z 63 PC: 13edb | Read file or device (Read 6 bytes on handle 5)
2018-12-17T21:58:30.834669033Z 66 PC: 13ef3 | Move file pointer
2018-12-17T21:58:30.836419259Z 62 PC: 13f5b | Close file
2018-12-17T21:58:30.838527143Z 79 PC: 13ea2 | Find next file
2018-12-17T21:58:30.843124304Z 61 PC: 13ec4 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T21:58:30.850320194Z 63 PC: 13edb | Read file or device (Read 6 bytes on handle 5)
2018-12-17T21:58:30.856809609Z 66 PC: 13ef3 | Move file pointer
2018-12-17T21:58:30.858943688Z 62 PC: 13f5b | Close file
2018-12-17T21:58:30.861083841Z 79 PC: 13ea2 | Find next file
2018-12-17T21:58:30.863782378Z 61 PC: 13ec4 | Open file (Filename = 'MANDEL.COM')
2018-12-17T21:58:30.871126212Z 63 PC: 13edb | Read file or device (Read 6 bytes on handle 5)
2018-12-17T21:58:30.878478991Z 66 PC: 13ef3 | Move file pointer
2018-12-17T21:58:30.880219926Z 66 PC: 13f13 | Move file pointer
2018-12-17T21:58:30.882734022Z 64 PC: 13f1e | Write file or device (Write 6 bytes on handle 5)
2018-12-17T21:58:30.885817433Z 66 PC: 13f27 | Move file pointer
2018-12-17T21:58:30.887564575Z 64 PC: 13f32 | Write file or device (Write 30 bytes on handle 5)
2018-12-17T21:58:30.897156385Z 64 PC: 13f57 | Write file or device (Write 382 bytes on handle 5)
2018-12-17T21:58:30.900144986Z 62 PC: 13f5b | Close file
2018-12-17T21:58:30.923729505Z 79 PC: 13ea2 | Find next file
2018-12-17T21:58:30.927483179Z 61 PC: 13ec4 | Open file (Filename = 'PAH.COM')
2018-12-17T21:58:30.933910477Z 63 PC: 13edb | Read file or device (Read 6 bytes on handle 5)
2018-12-17T21:58:30.940321781Z 66 PC: 13ef3 | Move file pointer
2018-12-17T21:58:30.942710917Z 62 PC: 13f5b | Close file
2018-12-17T21:58:30.944742369Z 79 PC: 13ea2 | Find next file
2018-12-17T21:58:30.947647719Z 61 PC: 13ec4 | Open file (Filename = 'TEST.COM')
2018-12-17T21:58:30.955090012Z 63 PC: 13edb | Read file or device (Read 6 bytes on handle 5)
2018-12-17T21:58:30.959049009Z 62 PC: 13f5b | Close file
2018-12-17T21:58:30.961068187Z 79 PC: 13ea2 | Find next file
2018-12-17T21:58:30.963967964Z 44 PC: 13f6f | Get time 0x13f6f: cmp ch, 9
0x13f72: je 0x13f79
0x13f74: mov ax, 0x100
0x13f77: jmp ax
0x13f79: mov ah, 0x3c
0x13f7b: mov cx, 0x20
0x13f7e: lea dx, word ptr [bp + 0x280]
0x13f82: int 0x21
0x13f84: jb 0x13f88
0x13f86: jmp 0x13f92
0x13f88: mov al, byte ptr [0x280]
0x13f8b: inc al
0x13f8d: mov byte ptr [0x280], al
0x13f90: jmp 0x13f79
0x13f92: xchg ax, bx
0x13f93: mov ah, 0x40
0x13f95: lea dx, word ptr [bp + 0x13d]
0x13f99: mov cx, 0x2d
0x13f9c: int 0x21
0x13f9e: mov ah, 0x3d
2018-12-17T21:58:30.967207916Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T21:58:30.972754421Z 0 PC: 12a89 | Program terminate

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":942,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:42:18.456146796Z 78 PC: 13ea2 | Find first file
2018-12-25T11:42:18.466571226Z 61 PC: 13ec4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:42:18.474478437Z 63 PC: 13edb | Read file or device (Read 6 bytes on handle 5)
2018-12-25T11:42:18.481355533Z 66 PC: 13ef3 | Move file pointer
2018-12-25T11:42:18.48317573Z 66 PC: 13f13 | Move file pointer
2018-12-25T11:42:18.485025739Z 64 PC: 13f1e | Write file or device (Write 6 bytes on handle 5)
2018-12-25T11:42:18.487862761Z 66 PC: 13f27 | Move file pointer
2018-12-25T11:42:18.489366947Z 64 PC: 13f32 | Write file or device (Write 30 bytes on handle 5)
2018-12-25T11:42:18.492721262Z 64 PC: 13f57 | Write file or device (Write 382 bytes on handle 5)
2018-12-25T11:42:18.508268041Z 62 PC: 13f5b | Close file
2018-12-25T11:42:18.517161772Z 79 PC: 13ea2 | Find next file (See above)
2018-12-25T11:42:18.520762184Z 61 PC: 13ec4 | Open file (See above)
2018-12-25T11:42:18.528224901Z 63 PC: 13edb | Read file or device (See above)
2018-12-25T11:42:18.535448714Z 66 PC: 13ef3 | Move file pointer (See above)
2018-12-25T11:42:18.537919405Z 62 PC: 13f5b | Close file (See above)
2018-12-25T11:42:18.540081593Z 79 PC: 13ea2 | Find next file (See above)
2018-12-25T11:42:18.54358036Z 61 PC: 13ec4 | Open file (See above)
2018-12-25T11:42:18.552596855Z 63 PC: 13edb | Read file or device (See above)
2018-12-25T11:42:18.559634967Z 66 PC: 13ef3 | Move file pointer (See above)
2018-12-25T11:42:18.56115351Z 62 PC: 13f5b | Close file (See above)
2018-12-25T11:42:18.563573976Z 79 PC: 13ea2 | Find next file (See above)
2018-12-25T11:42:18.566583059Z 61 PC: 13ec4 | Open file (See above)
2018-12-25T11:42:18.574176746Z 63 PC: 13edb | Read file or device (See above)
2018-12-25T11:42:18.582254576Z 66 PC: 13ef3 | Move file pointer (See above)
2018-12-25T11:42:18.583851074Z 62 PC: 13f5b | Close file (See above)
2018-12-25T11:42:18.585836608Z 79 PC: 13ea2 | Find next file (See above)
2018-12-25T11:42:18.589052191Z 61 PC: 13ec4 | Open file (See above)
2018-12-25T11:42:18.597511041Z 63 PC: 13edb | Read file or device (See above)
2018-12-25T11:42:18.604656752Z 66 PC: 13ef3 | Move file pointer (See above)
2018-12-25T11:42:18.6059763Z 62 PC: 13f5b | Close file (See above)
2018-12-25T11:42:18.60856804Z 79 PC: 13ea2 | Find next file (See above)
2018-12-25T11:42:18.612372658Z 61 PC: 13ec4 | Open file (See above)
2018-12-25T11:42:18.616692364Z 63 PC: 13edb | Read file or device (See above)
2018-12-25T11:42:18.621631871Z 66 PC: 13ef3 | Move file pointer (See above)
2018-12-25T11:42:18.622942406Z 66 PC: 13f13 | Move file pointer (See above)
2018-12-25T11:42:18.624251148Z 64 PC: 13f1e | Write file or device (See above)
2018-12-25T11:42:18.627380321Z 66 PC: 13f27 | Move file pointer (See above)
2018-12-25T11:42:18.628654608Z 64 PC: 13f32 | Write file or device (See above)
2018-12-25T11:42:18.634001144Z 64 PC: 13f57 | Write file or device (See above)
2018-12-25T11:42:18.636922532Z 62 PC: 13f5b | Close file (See above)
2018-12-25T11:42:18.64256534Z 79 PC: 13ea2 | Find next file (See above)
2018-12-25T11:42:18.644649419Z 61 PC: 13ec4 | Open file (See above)
2018-12-25T11:42:18.64929134Z 63 PC: 13edb | Read file or device (See above)
2018-12-25T11:42:18.653701306Z 66 PC: 13ef3 | Move file pointer (See above)
2018-12-25T11:42:18.655230048Z 62 PC: 13f5b | Close file (See above)
2018-12-25T11:42:18.657341715Z 79 PC: 13ea2 | Find next file (See above)
2018-12-25T11:42:18.661034874Z 61 PC: 13ec4 | Open file (See above)
2018-12-25T11:42:18.669005032Z 63 PC: 13edb | Read file or device (See above)
2018-12-25T11:42:18.672282078Z 62 PC: 13f5b | Close file (See above)
2018-12-25T11:42:18.674699373Z 79 PC: 13ea2 | Find next file (See above)
2018-12-25T11:42:18.677843898Z 44 PC: 13f6f | Get time 0x13f6f: cmp ch, 9
0x13f72: je 0x13f79
0x13f74: mov ax, 0x100
0x13f77: jmp ax
0x13f79: mov ah, 0x3c
0x13f7b: mov cx, 0x20
0x13f7e: lea dx, word ptr [bp + 0x280]
0x13f82: int 0x21
0x13f84: jb 0x13f88
0x13f86: jmp 0x13f92
0x13f88: mov al, byte ptr [0x280]
0x13f8b: inc al
0x13f8d: mov byte ptr [0x280], al
0x13f90: jmp 0x13f79
0x13f92: xchg ax, bx
0x13f93: mov ah, 0x40
0x13f95: lea dx, word ptr [bp + 0x13d]
0x13f99: mov cx, 0x2d
0x13f9c: int 0x21
0x13f9e: mov ah, 0x3d
2018-12-25T11:42:18.680682633Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T11:42:18.687827039Z 0 PC: 12a89 | Program terminate

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":9,"Min":0,"Second":0,"TimeBased":true,"OriginalID":942,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:42:19.652619402Z 78 PC: 13ea2 | Find first file
2018-12-25T11:42:19.65956102Z 61 PC: 13ec4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:42:19.667201246Z 63 PC: 13edb | Read file or device (Read 6 bytes on handle 5)
2018-12-25T11:42:19.674193382Z 66 PC: 13ef3 | Move file pointer
2018-12-25T11:42:19.675821663Z 66 PC: 13f13 | Move file pointer
2018-12-25T11:42:19.681296738Z 64 PC: 13f1e | Write file or device (Write 6 bytes on handle 5)
2018-12-25T11:42:19.684724497Z 66 PC: 13f27 | Move file pointer
2018-12-25T11:42:19.686738316Z 64 PC: 13f32 | Write file or device (Write 30 bytes on handle 5)
2018-12-25T11:42:19.700515252Z 64 PC: 13f57 | Write file or device (Write 382 bytes on handle 5)
2018-12-25T11:42:19.728763245Z 62 PC: 13f5b | Close file
2018-12-25T11:42:19.737915136Z 79 PC: 13ea2 | Find next file (See above)
2018-12-25T11:42:19.74149769Z 61 PC: 13ec4 | Open file (See above)
2018-12-25T11:42:19.748809529Z 63 PC: 13edb | Read file or device (See above)
2018-12-25T11:42:19.755912853Z 66 PC: 13ef3 | Move file pointer (See above)
2018-12-25T11:42:19.758654234Z 62 PC: 13f5b | Close file (See above)
2018-12-25T11:42:19.76103725Z 79 PC: 13ea2 | Find next file (See above)
2018-12-25T11:42:19.764403718Z 61 PC: 13ec4 | Open file (See above)
2018-12-25T11:42:19.773079046Z 63 PC: 13edb | Read file or device (See above)
2018-12-25T11:42:19.78040399Z 66 PC: 13ef3 | Move file pointer (See above)
2018-12-25T11:42:19.781975893Z 62 PC: 13f5b | Close file (See above)
2018-12-25T11:42:19.784197123Z 79 PC: 13ea2 | Find next file (See above)
2018-12-25T11:42:19.787680174Z 61 PC: 13ec4 | Open file (See above)
2018-12-25T11:42:19.794842878Z 63 PC: 13edb | Read file or device (See above)
2018-12-25T11:42:19.801790759Z 66 PC: 13ef3 | Move file pointer (See above)
2018-12-25T11:42:19.804243877Z 62 PC: 13f5b | Close file (See above)
2018-12-25T11:42:19.807418653Z 79 PC: 13ea2 | Find next file (See above)
2018-12-25T11:42:19.810791588Z 61 PC: 13ec4 | Open file (See above)
2018-12-25T11:42:19.818764379Z 63 PC: 13edb | Read file or device (See above)
2018-12-25T11:42:19.8261968Z 66 PC: 13ef3 | Move file pointer (See above)
2018-12-25T11:42:19.828151407Z 62 PC: 13f5b | Close file (See above)
2018-12-25T11:42:19.831406309Z 79 PC: 13ea2 | Find next file (See above)
2018-12-25T11:42:19.839138651Z 61 PC: 13ec4 | Open file (See above)
2018-12-25T11:42:19.846451968Z 63 PC: 13edb | Read file or device (See above)
2018-12-25T11:42:19.854276942Z 66 PC: 13ef3 | Move file pointer (See above)
2018-12-25T11:42:19.855818587Z 66 PC: 13f13 | Move file pointer (See above)
2018-12-25T11:42:19.857277704Z 64 PC: 13f1e | Write file or device (See above)
2018-12-25T11:42:19.860566128Z 66 PC: 13f27 | Move file pointer (See above)
2018-12-25T11:42:19.862085565Z 64 PC: 13f32 | Write file or device (See above)
2018-12-25T11:42:19.870724204Z 64 PC: 13f57 | Write file or device (See above)
2018-12-25T11:42:19.873656978Z 62 PC: 13f5b | Close file (See above)
2018-12-25T11:42:19.882755292Z 79 PC: 13ea2 | Find next file (See above)
2018-12-25T11:42:19.885594934Z 61 PC: 13ec4 | Open file (See above)
2018-12-25T11:42:19.892597232Z 63 PC: 13edb | Read file or device (See above)
2018-12-25T11:42:19.905149881Z 66 PC: 13ef3 | Move file pointer (See above)
2018-12-25T11:42:19.908688217Z 62 PC: 13f5b | Close file (See above)
2018-12-25T11:42:19.911027621Z 79 PC: 13ea2 | Find next file (See above)
2018-12-25T11:42:19.914777305Z 61 PC: 13ec4 | Open file (See above)
2018-12-25T11:42:19.922422799Z 63 PC: 13edb | Read file or device (See above)
2018-12-25T11:42:19.925577824Z 62 PC: 13f5b | Close file (See above)
2018-12-25T11:42:19.928383496Z 79 PC: 13ea2 | Find next file (See above)
2018-12-25T11:42:19.931358018Z 44 PC: 13f6f | Get time 0x13f6f: cmp ch, 9
0x13f72: je 0x13f79
0x13f74: mov ax, 0x100
0x13f77: jmp ax
0x13f79: mov ah, 0x3c
0x13f7b: mov cx, 0x20
0x13f7e: lea dx, word ptr [bp + 0x280]
0x13f82: int 0x21
0x13f84: jb 0x13f88
0x13f86: jmp 0x13f92
0x13f88: mov al, byte ptr [0x280]
0x13f8b: inc al
0x13f8d: mov byte ptr [0x280], al
0x13f90: jmp 0x13f79
0x13f92: xchg ax, bx
0x13f93: mov ah, 0x40
0x13f95: lea dx, word ptr [bp + 0x13d]
0x13f99: mov cx, 0x2d
0x13f9c: int 0x21
0x13f9e: mov ah, 0x3d
2018-12-25T11:42:19.933683713Z 60 PC: 13f84 | Create or truncate file
2018-12-25T11:42:20.290550211Z 64 PC: 13f9e | Write file or device (Write 45 bytes on handle 5)
2018-12-25T11:42:20.29949016Z 61 PC: 13fa2 | Open file (Filename = 'Dedicated to Goofy��')
2018-12-25T11:42:20.305739472Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T11:42:20.312216296Z 0 PC: 12a89 | Program terminate