Sample viewer

vx.netlux.org/Virus.DOS.Difteria.826

Time	Syscall Op	Syscall Name
2018-12-17T22:54:03.276770266Z	195	PC: 17c3d \| UNKNOWN!
2018-12-17T22:54:03.279045274Z	202	PC: 17c64 \| UNKNOWN!
2018-12-17T22:54:03.279905864Z	53	PC: 17c6e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:03.281348139Z	74	PC: 17c90 \| Reallocate memory
2018-12-17T22:54:03.29087674Z	72	PC: 17c96 \| Allocate memory
2018-12-17T22:54:03.302500901Z	37	PC: 17cc8 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:03.304171638Z	42	PC: 17ccc \| Get date 0x17ccc: cmp dx, 0x819 0x17cd0: jne 0x17cfe 0x17cd2: push cs 0x17cd3: pop ds 0x17cd4: lea dx, word ptr [bp + 0x1b3] 0x17cd8: mov ah, 9 0x17cda: int 0x21 0x17cdc: mov ah, 0x4c 0x17cde: int 0x21 0x17ce0: pop bx 0x17ce1: inc sp 0x17ce2: imul sp, word ptr [bp + 0x74], 0x7265 0x17ce7: imul sp, word ptr [bx + di + 0x5d], 0x3020 0x17cec: xor word ptr [bx + si], sp 0x17cee: bound di, dword ptr [bx + di + 0x20] 0x17cf1: push bx 0x17cf2: jbe 0x17d59 0x17cf4: outsb dx, byte ptr [si] 0x17cf5: and byte ptr [bp + di + 0x75], cl 0x17cf8: bound si, dword ptr [bp + si + 0x69]
2018-12-17T22:54:03.307039484Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000053DDh/0000021469d bytes. ')
2018-12-17T22:54:03.313520551Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

Time	Syscall Op	Syscall Name
2018-12-25T12:30:30.947877467Z	195	PC: 17c3d \| UNKNOWN!
2018-12-25T12:30:30.949903218Z	202	PC: 17c64 \| UNKNOWN!
2018-12-25T12:30:30.951232977Z	53	PC: 17c6e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:30.952969573Z	74	PC: 17c90 \| Reallocate memory
2018-12-25T12:30:30.955299656Z	72	PC: 17c96 \| Allocate memory
2018-12-25T12:30:30.957530873Z	37	PC: 17cc8 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:30.958917235Z	42	PC: 17ccc \| Get date 0x17ccc: cmp dx, 0x819 0x17cd0: jne 0x17cfe 0x17cd2: push cs 0x17cd3: pop ds 0x17cd4: lea dx, word ptr [bp + 0x1b3] 0x17cd8: mov ah, 9 0x17cda: int 0x21 0x17cdc: mov ah, 0x4c 0x17cde: int 0x21 0x17ce0: pop bx 0x17ce1: inc sp 0x17ce2: imul sp, word ptr [bp + 0x74], 0x7265 0x17ce7: imul sp, word ptr [bx + di + 0x5d], 0x3020 0x17cec: xor word ptr [bx + si], sp 0x17cee: bound di, dword ptr [bx + di + 0x20] 0x17cf1: push bx 0x17cf2: jbe 0x17d59 0x17cf4: outsb dx, byte ptr [si] 0x17cf5: and byte ptr [bp + di + 0x75], cl 0x17cf8: bound si, dword ptr [bp + si + 0x69]
2018-12-25T12:30:30.961897411Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000053DDh/0000021469d bytes. ')
2018-12-25T12:30:30.968719973Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

Time	Syscall Op	Syscall Name
2018-12-25T12:30:32.04092419Z	195	PC: 17c3d \| UNKNOWN!
2018-12-25T12:30:32.043088299Z	202	PC: 17c64 \| UNKNOWN!
2018-12-25T12:30:32.043938223Z	53	PC: 17c6e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:32.045174836Z	74	PC: 17c90 \| Reallocate memory
2018-12-25T12:30:32.048873469Z	72	PC: 17c96 \| Allocate memory
2018-12-25T12:30:32.050579354Z	37	PC: 17cc8 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:32.051911998Z	42	PC: 17ccc \| Get date 0x17ccc: cmp dx, 0x819 0x17cd0: jne 0x17cfe 0x17cd2: push cs 0x17cd3: pop ds 0x17cd4: lea dx, word ptr [bp + 0x1b3] 0x17cd8: mov ah, 9 0x17cda: int 0x21 0x17cdc: mov ah, 0x4c 0x17cde: int 0x21 0x17ce0: pop bx 0x17ce1: inc sp 0x17ce2: imul sp, word ptr [bp + 0x74], 0x7265 0x17ce7: imul sp, word ptr [bx + di + 0x5d], 0x3020 0x17cec: xor word ptr [bx + si], sp 0x17cee: bound di, dword ptr [bx + di + 0x20] 0x17cf1: push bx 0x17cf2: jbe 0x17d59 0x17cf4: outsb dx, byte ptr [si] 0x17cf5: and byte ptr [bp + di + 0x75], cl 0x17cf8: bound si, dword ptr [bp + si + 0x69]
2018-12-25T12:30:32.054784264Z	9	PC: 17cdc \| Display string (Could not find end pointer)
2018-12-25T12:30:32.057544478Z	76	PC: 17ce0 \| Terminate with return code (Return code = '36')