Sample viewer

vx.netlux.org/Virus.DOS.I13.Paraguay.2867.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:52:19.079362863Z 219 PC: 12ccf | UNKNOWN!
2018-12-17T22:52:19.081010844Z 205 PC: 12cdb | UNKNOWN!
2018-12-17T22:52:19.081648113Z 53 PC: 12ce9 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:52:19.082662194Z 53 PC: 12d02 | Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-17T22:52:19.08425645Z 74 PC: 12d57 | Reallocate memory
2018-12-17T22:52:19.085455338Z 72 PC: 12d5e | Allocate memory
2018-12-17T22:52:19.08706764Z 42 PC: 12da6 | Get date 0x12da6: cmp dh, 5
0x12da9: jne 0x12dec
0x12dab: in ax, 0x40
0x12dad: cmp al, 0xc8
0x12daf: jb 0x12dec
0x12db1: push cs
0x12db2: pop ds
0x12db3: mov ah, 0x3b
0x12db5: lea dx, word ptr [bp + 0x6dc]
0x12db9: int 0x21
0x12dbb: jb 0x12dd2
0x12dbd: lea ax, word ptr [bp + 0x1b6]
0x12dc1: push ax
0x12dc2: push cs
0x12dc3: pushf
0x12dc4: mov cl, 0x13
0x12dc6: lea dx, word ptr [bp + 0x6ef]
0x12dca: sub ax, ax
0x12dcc: push ax
0x12dcd: mov ax, 0xc0
2018-12-17T22:52:19.089645052Z 9 PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-17T22:52:19.094101013Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10848,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:22.066254976Z 219 PC: 12ccf | UNKNOWN!
2018-12-25T12:29:22.067746807Z 205 PC: 12cdb | UNKNOWN!
2018-12-25T12:29:22.068616532Z 53 PC: 12ce9 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:22.070006013Z 53 PC: 12d02 | Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:29:22.071956937Z 74 PC: 12d57 | Reallocate memory
2018-12-25T12:29:22.073747067Z 72 PC: 12d5e | Allocate memory
2018-12-25T12:29:22.075646486Z 42 PC: 12da6 | Get date 0x12da6: cmp dh, 5
0x12da9: jne 0x12dec
0x12dab: in ax, 0x40
0x12dad: cmp al, 0xc8
0x12daf: jb 0x12dec
0x12db1: push cs
0x12db2: pop ds
0x12db3: mov ah, 0x3b
0x12db5: lea dx, word ptr [bp + 0x6dc]
0x12db9: int 0x21
0x12dbb: jb 0x12dd2
0x12dbd: lea ax, word ptr [bp + 0x1b6]
0x12dc1: push ax
0x12dc2: push cs
0x12dc3: pushf
0x12dc4: mov cl, 0x13
0x12dc6: lea dx, word ptr [bp + 0x6ef]
0x12dca: sub ax, ax
0x12dcc: push ax
0x12dcd: mov ax, 0xc0
2018-12-25T12:29:22.078188383Z 9 PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T12:29:22.085012305Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10848,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:22.38636123Z 219 PC: 12ccf | UNKNOWN!
2018-12-25T12:29:22.388168534Z 205 PC: 12cdb | UNKNOWN!
2018-12-25T12:29:22.389216725Z 53 PC: 12ce9 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:22.390582005Z 53 PC: 12d02 | Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:29:22.391894563Z 74 PC: 12d57 | Reallocate memory
2018-12-25T12:29:22.393399572Z 72 PC: 12d5e | Allocate memory
2018-12-25T12:29:22.395773299Z 42 PC: 12da6 | Get date 0x12da6: cmp dh, 5
0x12da9: jne 0x12dec
0x12dab: in ax, 0x40
0x12dad: cmp al, 0xc8
0x12daf: jb 0x12dec
0x12db1: push cs
0x12db2: pop ds
0x12db3: mov ah, 0x3b
0x12db5: lea dx, word ptr [bp + 0x6dc]
0x12db9: int 0x21
0x12dbb: jb 0x12dd2
0x12dbd: lea ax, word ptr [bp + 0x1b6]
0x12dc1: push ax
0x12dc2: push cs
0x12dc3: pushf
0x12dc4: mov cl, 0x13
0x12dc6: lea dx, word ptr [bp + 0x6ef]
0x12dca: sub ax, ax
0x12dcc: push ax
0x12dcd: mov ax, 0xc0
2018-12-25T12:29:22.398381328Z 9 PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T12:29:22.406397322Z 76 PC: 12a86 | Terminate with return code (Return code = '36')