Sample viewer

vx.netlux.org/Virus.DOS.Barrotes.1461

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:52:10.021166908Z 240 PC: 13574 | UNKNOWN!
2018-12-17T22:52:10.022964906Z 53 PC: 13582 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:52:10.025256741Z 54 PC: 9f63d | Get free disk space
2018-12-17T22:52:10.065596049Z 53 PC: 9f65e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:10.067419615Z 67 PC: 9f68e | Get or set file attributes
2018-12-17T22:52:10.077081655Z 67 PC: 9f69a | Get or set file attributes
2018-12-17T22:52:10.432260024Z 61 PC: 9f6a4 | Open file (Filename = '�S�')
2018-12-17T22:52:10.439964016Z 87 PC: 9f6b4 | Get or set file date and time
2018-12-17T22:52:10.44287777Z 66 PC: 9f91f | Move file pointer
2018-12-17T22:52:10.446250205Z 63 PC: 9f910 | Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:52:10.453808863Z 66 PC: 9f6f8 | Move file pointer
2018-12-17T22:52:10.45694803Z 63 PC: 9f910 | Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:52:10.464664436Z 66 PC: 9f91f | Move file pointer
2018-12-17T22:52:10.466596866Z 63 PC: 9f734 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:52:10.47143286Z 66 PC: 9f92e | Move file pointer
2018-12-17T22:52:10.473860651Z 64 PC: 9f755 | Write file or device (Write 1461 bytes on handle 5)
2018-12-17T22:52:10.484898767Z 66 PC: 9f91f | Move file pointer
2018-12-17T22:52:10.486793606Z 64 PC: 9f77b | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:52:10.491346168Z 87 PC: 9f8c9 | Get or set file date and time
2018-12-17T22:52:10.493317851Z 62 PC: 9f8cd | Close file
2018-12-17T22:52:10.501260782Z 67 PC: 9f8e1 | Get or set file attributes
2018-12-17T22:52:10.512766216Z 42 PC: 13639 | Get date 0x13639: cmp dx, 0x303
0x1363d: je 0x13642
0x1363f: jmp 0x13711
0x13642: cli
0x13643: mov ah, 8
0x13645: mov dl, 0x80
0x13647: int 0x13
0x13649: mov byte ptr cs:[si + 0x436], dh
0x1364e: mov word ptr cs:[si + 0x437], cx
0x13653: xor ax, ax
0x13655: mov es, ax
0x13657: mov cx, 1
0x1365a: mov dh, 0
0x1365c: mov ax, si
0x1365e: add ax, 0x420
0x13661: call ax
0x13663: mov cx, word ptr es:[0x7dc0]
0x13668: mov dh, byte ptr es:[0x7dbf]
0x1366d: mov ax, si
0x1366f: add ax, 0x420
2018-12-17T22:52:10.515400795Z 9 PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-17T22:52:10.519956012Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10801,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:18.601734851Z 240 PC: 13574 | UNKNOWN!
2018-12-25T12:29:18.604235617Z 53 PC: 13582 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:18.606261718Z 54 PC: 9f63d | Get free disk space
2018-12-25T12:29:18.658528682Z 53 PC: 9f65e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:18.660750955Z 67 PC: 9f68e | Get or set file attributes
2018-12-25T12:29:18.671212755Z 67 PC: 9f69a | Get or set file attributes
2018-12-25T12:29:19.026615439Z 61 PC: 9f6a4 | Open file (Filename = '�S�')
2018-12-25T12:29:19.035826963Z 87 PC: 9f6b4 | Get or set file date and time
2018-12-25T12:29:19.039384223Z 66 PC: 9f91f | Move file pointer
2018-12-25T12:29:19.041545305Z 63 PC: 9f910 | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:29:19.048257892Z 66 PC: 9f6f8 | Move file pointer
2018-12-25T12:29:19.050818703Z 63 PC: 9f910 | Read file or device (See above)
2018-12-25T12:29:19.071061309Z 66 PC: 9f91f | Move file pointer (See above)
2018-12-25T12:29:19.073129856Z 63 PC: 9f734 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:19.077655327Z 66 PC: 9f92e | Move file pointer
2018-12-25T12:29:19.079287334Z 64 PC: 9f755 | Write file or device (Write 1461 bytes on handle 5)
2018-12-25T12:29:19.091065238Z 66 PC: 9f91f | Move file pointer (See above)
2018-12-25T12:29:19.094364771Z 64 PC: 9f77b | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:19.09857907Z 87 PC: 9f8c9 | Get or set file date and time
2018-12-25T12:29:19.100800773Z 62 PC: 9f8cd | Close file
2018-12-25T12:29:19.110098058Z 67 PC: 9f8e1 | Get or set file attributes
2018-12-25T12:29:19.135099194Z 42 PC: 13639 | Get date 0x13639: cmp dx, 0x303
0x1363d: je 0x13642
0x1363f: jmp 0x13711
0x13642: cli
0x13643: mov ah, 8
0x13645: mov dl, 0x80
0x13647: int 0x13
0x13649: mov byte ptr cs:[si + 0x436], dh
0x1364e: mov word ptr cs:[si + 0x437], cx
0x13653: xor ax, ax
0x13655: mov es, ax
0x13657: mov cx, 1
0x1365a: mov dh, 0
0x1365c: mov ax, si
0x1365e: add ax, 0x420
0x13661: call ax
0x13663: mov cx, word ptr es:[0x7dc0]
0x13668: mov dh, byte ptr es:[0x7dbf]
0x1366d: mov ax, si
0x1366f: add ax, 0x420
2018-12-25T12:29:19.138122776Z 9 PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T12:29:19.145715406Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":3,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10801,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:18.62028805Z 240 PC: 13574 | UNKNOWN!
2018-12-25T12:29:18.634703678Z 53 PC: 13582 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:18.636128199Z 54 PC: 9f63d | Get free disk space
2018-12-25T12:29:18.674728821Z 53 PC: 9f65e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:18.677357541Z 67 PC: 9f68e | Get or set file attributes
2018-12-25T12:29:18.688075537Z 67 PC: 9f69a | Get or set file attributes
2018-12-25T12:29:19.022476861Z 61 PC: 9f6a4 | Open file (Filename = '�S�')
2018-12-25T12:29:19.030502313Z 87 PC: 9f6b4 | Get or set file date and time
2018-12-25T12:29:19.032096328Z 66 PC: 9f91f | Move file pointer
2018-12-25T12:29:19.03345126Z 63 PC: 9f910 | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:29:19.039100746Z 66 PC: 9f6f8 | Move file pointer
2018-12-25T12:29:19.040964918Z 63 PC: 9f910 | Read file or device (See above)
2018-12-25T12:29:19.047005018Z 66 PC: 9f91f | Move file pointer (See above)
2018-12-25T12:29:19.048468493Z 63 PC: 9f734 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:19.051703491Z 66 PC: 9f92e | Move file pointer
2018-12-25T12:29:19.053042418Z 64 PC: 9f755 | Write file or device (Write 1461 bytes on handle 5)
2018-12-25T12:29:19.063187954Z 66 PC: 9f91f | Move file pointer (See above)
2018-12-25T12:29:19.065419929Z 64 PC: 9f77b | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:19.068375148Z 87 PC: 9f8c9 | Get or set file date and time
2018-12-25T12:29:19.070050679Z 62 PC: 9f8cd | Close file
2018-12-25T12:29:19.090608161Z 67 PC: 9f8e1 | Get or set file attributes
2018-12-25T12:29:19.100608819Z 42 PC: 13639 | Get date 0x13639: cmp dx, 0x303
0x1363d: je 0x13642
0x1363f: jmp 0x13711
0x13642: cli
0x13643: mov ah, 8
0x13645: mov dl, 0x80
0x13647: int 0x13
0x13649: mov byte ptr cs:[si + 0x436], dh
0x1364e: mov word ptr cs:[si + 0x437], cx
0x13653: xor ax, ax
0x13655: mov es, ax
0x13657: mov cx, 1
0x1365a: mov dh, 0
0x1365c: mov ax, si
0x1365e: add ax, 0x420
0x13661: call ax
0x13663: mov cx, word ptr es:[0x7dc0]
0x13668: mov dh, byte ptr es:[0x7dbf]
0x1366d: mov ax, si
0x1366f: add ax, 0x420
2018-12-25T12:29:19.153648531Z 9 PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T12:29:19.158615417Z 76 PC: 12a86 | Terminate with return code (Return code = '36')