Sample viewer

vx.netlux.org/Virus.DOS.Pamp.688

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:49:48.229821979Z	78	PC: 12bb9 \| Find first file
2018-12-17T22:49:48.234922733Z	53	PC: 9f9d2 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:48.236277204Z	37	PC: 9f9e4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:48.237436659Z	53	PC: 9f9e9 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:49:48.238653579Z	37	PC: 9f9fb \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:49:48.239998992Z	52	PC: 9fa00 \| Get InDOS flag pointer
2018-12-17T22:49:48.241116474Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:49:48.245034725Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10015,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:03.14876333Z	78	PC: 12bb9 \| Find first file
2018-12-25T12:27:03.153859012Z	53	PC: 9f9d2 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:03.15609664Z	37	PC: 9f9e4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:03.158475325Z	53	PC: 9f9e9 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:27:03.160212941Z	37	PC: 9f9fb \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:27:03.17086102Z	52	PC: 9fa00 \| Get InDOS flag pointer
2018-12-25T12:27:03.172265224Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:27:03.178364495Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10015,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:04.720855712Z	78	PC: 12bb9 \| Find first file
2018-12-25T12:27:04.731222929Z	53	PC: 9f9d2 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:04.73310534Z	37	PC: 9f9e4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:04.734828665Z	53	PC: 9f9e9 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:27:04.736667475Z	37	PC: 9f9fb \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:27:04.738819541Z	52	PC: 9fa00 \| Get InDOS flag pointer
2018-12-25T12:27:04.740493544Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:27:04.745916454Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10015,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:04.875268595Z	78	PC: 12bb9 \| Find first file
2018-12-25T12:27:04.880010538Z	53	PC: 9f9d2 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:04.881652886Z	37	PC: 9f9e4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:04.883174417Z	53	PC: 9f9e9 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:27:04.885727625Z	37	PC: 9f9fb \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:27:04.886912673Z	52	PC: 9fa00 \| Get InDOS flag pointer
2018-12-25T12:27:04.888070529Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:27:04.893858162Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":10015,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:05.098696537Z	78	PC: 12bb9 \| Find first file
2018-12-25T12:27:05.103332301Z	53	PC: 9f9d2 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:05.104527581Z	37	PC: 9f9e4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:05.10570991Z	53	PC: 9f9e9 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:27:05.107314223Z	37	PC: 9f9fb \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:27:05.108784663Z	52	PC: 9fa00 \| Get InDOS flag pointer
2018-12-25T12:27:05.110037719Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:27:05.12548298Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":10015,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:05.23845184Z	78	PC: 12bb9 \| Find first file
2018-12-25T12:27:05.244130273Z	53	PC: 9f9d2 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:05.245582912Z	37	PC: 9f9e4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:05.246970039Z	53	PC: 9f9e9 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:27:05.248435203Z	37	PC: 9f9fb \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:27:05.25099887Z	52	PC: 9fa00 \| Get InDOS flag pointer
2018-12-25T12:27:05.252635688Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:27:05.259343971Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":10015,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:05.569272835Z	78	PC: 12bb9 \| Find first file
2018-12-25T12:27:05.573953448Z	53	PC: 9f9d2 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:05.575148901Z	37	PC: 9f9e4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:05.576308093Z	53	PC: 9f9e9 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:27:05.577904711Z	37	PC: 9f9fb \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:27:05.578960977Z	52	PC: 9fa00 \| Get InDOS flag pointer
2018-12-25T12:27:05.580062299Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:27:05.585780868Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":3,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10015,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:06.076700278Z	78	PC: 12bb9 \| Find first file
2018-12-25T12:27:06.082049139Z	53	PC: 9f9d2 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:06.083487813Z	37	PC: 9f9e4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:06.084819362Z	53	PC: 9f9e9 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:27:06.086716149Z	37	PC: 9f9fb \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:27:06.087973989Z	52	PC: 9fa00 \| Get InDOS flag pointer
2018-12-25T12:27:06.089308707Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:27:06.09531175Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":3,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10015,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T13:07:16.229779365Z	78	PC: 12bb9 \| Find first file
2018-12-25T13:07:16.234876402Z	53	PC: 9f9d2 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T13:07:16.236056309Z	37	PC: 9f9e4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T13:07:16.237264785Z	53	PC: 9f9e9 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T13:07:16.239841842Z	37	PC: 9f9fb \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T13:07:16.241251008Z	52	PC: 9fa00 \| Get InDOS flag pointer
2018-12-25T13:07:16.242815378Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T13:07:16.248903917Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":3,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10015,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:06.592323414Z	78	PC: 12bb9 \| Find first file
2018-12-25T12:27:06.597483583Z	53	PC: 9f9d2 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:06.598851619Z	37	PC: 9f9e4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:06.599890225Z	53	PC: 9f9e9 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:27:06.605825215Z	37	PC: 9f9fb \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:27:06.608479835Z	42	PC: 9fa3f \| Get date 0x9fa3f: cmp al, 1 0x9fa41: je 0x9fa4b 0x9fa43: cmp al, 3 0x9fa45: je 0x9fa4b 0x9fa47: cmp al, 5 0x9fa49: jne 0x9fa75 0x9fa4b: mov ah, 0x2c 0x9fa4d: int 0x21 0x9fa4f: cmp cl, 0 0x9fa52: jne 0x9fa75 0x9fa54: and ch, 3 0x9fa57: cmp ch, 3 0x9fa5a: jne 0x9fa75 0x9fa5c: push es 0x9fa5d: mov ax, 0xb000 0x9fa60: push ax 0x9fa61: pop es 0x9fa62: mov bx, 0 0x9fa65: mov ax, 0x8055 0x9fa68: mov word ptr es:[bx], ax
2018-12-25T12:27:06.611958358Z	52	PC: 9fa00 \| Get InDOS flag pointer
2018-12-25T12:27:06.613309442Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:27:06.627868998Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')