Sample viewer

vx.netlux.org/Virus.DOS.Mandra.664.669

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:53:22.967842439Z	48	PC: 12d34 \| Get DOS version
2018-12-17T22:53:22.970116719Z	74	PC: 12d57 \| Reallocate memory
2018-12-17T22:53:22.97141963Z	72	PC: 12d5e \| Allocate memory
2018-12-17T22:53:22.972967829Z	44	PC: 12d9f \| Get time 0x12d9f: cmp dh, 0x10 0x12da2: ja 0x12dbb 0x12da4: lea dx, word ptr [bp + 0x36f] 0x12da8: mov ah, 9 0x12daa: int 0x21 0x12dac: xor ax, ax 0x12dae: mov ds, ax 0x12db0: in al, 0x21 0x12db2: mov si, 0x46c 0x12db5: xor al, byte ptr [si] 0x12db7: and al, 0xfd 0x12db9: out 0x21, al 0x12dbb: push cs 0x12dbc: push cs 0x12dbd: pop ds 0x12dbe: pop es 0x12dbf: mov ah, 0xf6 0x12dc1: int 0x16 0x12dc3: lea si, word ptr [bp + 0x125] 0x12dc7: mov di, 0x101
2018-12-17T22:53:22.975753906Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:53:22.979874884Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11195,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:06.062802792Z	48	PC: 12d34 \| Get DOS version
2018-12-25T12:30:06.064829659Z	74	PC: 12d57 \| Reallocate memory
2018-12-25T12:30:06.066134693Z	72	PC: 12d5e \| Allocate memory
2018-12-25T12:30:06.067672011Z	44	PC: 12d9f \| Get time 0x12d9f: cmp dh, 0x10 0x12da2: ja 0x12dbb 0x12da4: lea dx, word ptr [bp + 0x36f] 0x12da8: mov ah, 9 0x12daa: int 0x21 0x12dac: xor ax, ax 0x12dae: mov ds, ax 0x12db0: in al, 0x21 0x12db2: mov si, 0x46c 0x12db5: xor al, byte ptr [si] 0x12db7: and al, 0xfd 0x12db9: out 0x21, al 0x12dbb: push cs 0x12dbc: push cs 0x12dbd: pop ds 0x12dbe: pop es 0x12dbf: mov ah, 0xf6 0x12dc1: int 0x16 0x12dc3: lea si, word ptr [bp + 0x125] 0x12dc7: mov di, 0x101
2018-12-25T12:30:06.070363692Z	9	PC: 12dac \| Display string (Could not find end pointer)
2018-12-25T12:30:06.075882957Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:30:06.081332517Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":17,"TimeBased":true,"OriginalID":11195,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:07.658772054Z	48	PC: 12d34 \| Get DOS version
2018-12-25T12:30:07.661967333Z	74	PC: 12d57 \| Reallocate memory
2018-12-25T12:30:07.663302054Z	72	PC: 12d5e \| Allocate memory
2018-12-25T12:30:07.665144233Z	44	PC: 12d9f \| Get time 0x12d9f: cmp dh, 0x10 0x12da2: ja 0x12dbb 0x12da4: lea dx, word ptr [bp + 0x36f] 0x12da8: mov ah, 9 0x12daa: int 0x21 0x12dac: xor ax, ax 0x12dae: mov ds, ax 0x12db0: in al, 0x21 0x12db2: mov si, 0x46c 0x12db5: xor al, byte ptr [si] 0x12db7: and al, 0xfd 0x12db9: out 0x21, al 0x12dbb: push cs 0x12dbc: push cs 0x12dbd: pop ds 0x12dbe: pop es 0x12dbf: mov ah, 0xf6 0x12dc1: int 0x16 0x12dc3: lea si, word ptr [bp + 0x125] 0x12dc7: mov di, 0x101
2018-12-25T12:30:07.668197419Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:30:07.67373922Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11195,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:07.774844426Z	48	PC: 12d34 \| Get DOS version
2018-12-25T12:30:07.777818676Z	74	PC: 12d57 \| Reallocate memory
2018-12-25T12:30:07.779526281Z	72	PC: 12d5e \| Allocate memory
2018-12-25T12:30:07.781494491Z	44	PC: 12d9f \| Get time 0x12d9f: cmp dh, 0x10 0x12da2: ja 0x12dbb 0x12da4: lea dx, word ptr [bp + 0x36f] 0x12da8: mov ah, 9 0x12daa: int 0x21 0x12dac: xor ax, ax 0x12dae: mov ds, ax 0x12db0: in al, 0x21 0x12db2: mov si, 0x46c 0x12db5: xor al, byte ptr [si] 0x12db7: and al, 0xfd 0x12db9: out 0x21, al 0x12dbb: push cs 0x12dbc: push cs 0x12dbd: pop ds 0x12dbe: pop es 0x12dbf: mov ah, 0xf6 0x12dc1: int 0x16 0x12dc3: lea si, word ptr [bp + 0x125] 0x12dc7: mov di, 0x101
2018-12-25T12:30:07.785045767Z	9	PC: 12dac \| Display string (Could not find end pointer)
2018-12-25T12:30:07.789617452Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:30:07.796141613Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":6,"TimeBased":true,"OriginalID":11195,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:07.764557097Z	48	PC: 12d34 \| Get DOS version
2018-12-25T12:30:07.766082183Z	74	PC: 12d57 \| Reallocate memory
2018-12-25T12:30:07.767172944Z	72	PC: 12d5e \| Allocate memory
2018-12-25T12:30:07.768256966Z	44	PC: 12d9f \| Get time 0x12d9f: cmp dh, 0x10 0x12da2: ja 0x12dbb 0x12da4: lea dx, word ptr [bp + 0x36f] 0x12da8: mov ah, 9 0x12daa: int 0x21 0x12dac: xor ax, ax 0x12dae: mov ds, ax 0x12db0: in al, 0x21 0x12db2: mov si, 0x46c 0x12db5: xor al, byte ptr [si] 0x12db7: and al, 0xfd 0x12db9: out 0x21, al 0x12dbb: push cs 0x12dbc: push cs 0x12dbd: pop ds 0x12dbe: pop es 0x12dbf: mov ah, 0xf6 0x12dc1: int 0x16 0x12dc3: lea si, word ptr [bp + 0x125] 0x12dc7: mov di, 0x101
2018-12-25T12:30:07.777440044Z	9	PC: 12dac \| Display string (Could not find end pointer)
2018-12-25T12:30:07.782610308Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:30:07.788488358Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')