Sample viewer

vx.netlux.org/Virus.DOS.Piolin.1176

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:52:44.136260475Z	222	PC: 12c98 \| UNKNOWN!
2018-12-17T22:52:44.137803141Z	42	PC: 12d6c \| Get date 0x12d6c: cmp cx, 0x7cc 0x12d70: jbe 0x12d89 0x12d72: cmp dx, 0xa08 0x12d76: jne 0x12d7e 0x12d78: mov byte ptr es:[0x103], 0xc0 0x12d7e: cmp dl, 0x1f 0x12d81: jne 0x12d89 0x12d83: mov byte ptr es:[0x103], 0xca 0x12d89: xor ax, ax 0x12d8b: mov es, ax 0x12d8d: mov di, 0x2a5 0x12d90: mov word ptr es:[0x84], di 0x12d95: mov word ptr es:[0x86], ds 0x12d9a: cmp byte ptr cs:[si + 1], 5 0x12d9f: je 0x12db3 0x12da1: push cs 0x12da2: push cs 0x12da3: pop ds 0x12da4: pop es 0x12da5: add si, 6
2018-12-17T22:52:44.140454619Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-17T22:52:44.14474631Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10993,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:44.78944272Z	222	PC: 12c98 \| UNKNOWN!
2018-12-25T12:29:44.800030126Z	42	PC: 12d6c \| Get date 0x12d6c: cmp cx, 0x7cc 0x12d70: jbe 0x12d89 0x12d72: cmp dx, 0xa08 0x12d76: jne 0x12d7e 0x12d78: mov byte ptr es:[0x103], 0xc0 0x12d7e: cmp dl, 0x1f 0x12d81: jne 0x12d89 0x12d83: mov byte ptr es:[0x103], 0xca 0x12d89: xor ax, ax 0x12d8b: mov es, ax 0x12d8d: mov di, 0x2a5 0x12d90: mov word ptr es:[0x84], di 0x12d95: mov word ptr es:[0x86], ds 0x12d9a: cmp byte ptr cs:[si + 1], 5 0x12d9f: je 0x12db3 0x12da1: push cs 0x12da2: push cs 0x12da3: pop ds 0x12da4: pop es 0x12da5: add si, 6
2018-12-25T12:29:44.802322791Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T12:29:44.807839888Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":31,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10993,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:44.825118188Z	222	PC: 12c98 \| UNKNOWN!
2018-12-25T12:29:44.826624636Z	42	PC: 12d6c \| Get date 0x12d6c: cmp cx, 0x7cc 0x12d70: jbe 0x12d89 0x12d72: cmp dx, 0xa08 0x12d76: jne 0x12d7e 0x12d78: mov byte ptr es:[0x103], 0xc0 0x12d7e: cmp dl, 0x1f 0x12d81: jne 0x12d89 0x12d83: mov byte ptr es:[0x103], 0xca 0x12d89: xor ax, ax 0x12d8b: mov es, ax 0x12d8d: mov di, 0x2a5 0x12d90: mov word ptr es:[0x84], di 0x12d95: mov word ptr es:[0x86], ds 0x12d9a: cmp byte ptr cs:[si + 1], 5 0x12d9f: je 0x12db3 0x12da1: push cs 0x12da2: push cs 0x12da3: pop ds 0x12da4: pop es 0x12da5: add si, 6
2018-12-25T12:29:44.829103436Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T12:29:44.835156704Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":8,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10993,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:44.854568619Z	222	PC: 12c98 \| UNKNOWN!
2018-12-25T12:29:44.856416845Z	42	PC: 12d6c \| Get date 0x12d6c: cmp cx, 0x7cc 0x12d70: jbe 0x12d89 0x12d72: cmp dx, 0xa08 0x12d76: jne 0x12d7e 0x12d78: mov byte ptr es:[0x103], 0xc0 0x12d7e: cmp dl, 0x1f 0x12d81: jne 0x12d89 0x12d83: mov byte ptr es:[0x103], 0xca 0x12d89: xor ax, ax 0x12d8b: mov es, ax 0x12d8d: mov di, 0x2a5 0x12d90: mov word ptr es:[0x84], di 0x12d95: mov word ptr es:[0x86], ds 0x12d9a: cmp byte ptr cs:[si + 1], 5 0x12d9f: je 0x12db3 0x12da1: push cs 0x12da2: push cs 0x12da3: pop ds 0x12da4: pop es 0x12da5: add si, 6
2018-12-25T12:29:44.858798075Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T12:29:44.864362847Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1996,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10993,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:45.058173021Z	222	PC: 12c98 \| UNKNOWN!
2018-12-25T12:29:45.059995337Z	42	PC: 12d6c \| Get date 0x12d6c: cmp cx, 0x7cc 0x12d70: jbe 0x12d89 0x12d72: cmp dx, 0xa08 0x12d76: jne 0x12d7e 0x12d78: mov byte ptr es:[0x103], 0xc0 0x12d7e: cmp dl, 0x1f 0x12d81: jne 0x12d89 0x12d83: mov byte ptr es:[0x103], 0xca 0x12d89: xor ax, ax 0x12d8b: mov es, ax 0x12d8d: mov di, 0x2a5 0x12d90: mov word ptr es:[0x84], di 0x12d95: mov word ptr es:[0x86], ds 0x12d9a: cmp byte ptr cs:[si + 1], 5 0x12d9f: je 0x12db3 0x12da1: push cs 0x12da2: push cs 0x12da3: pop ds 0x12da4: pop es 0x12da5: add si, 6
2018-12-25T12:29:45.06235022Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T12:29:45.067706971Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')