Sample viewer

vx.netlux.org/Virus.DOS.Flavour.847

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:55:22.482871391Z 42 PC: 1445f | Get date 0x1445f: cmp dx, 0x909
0x14463: jne 0x14470
0x14465: mov ah, 9
0x14467: lea dx, word ptr [si + 0x140]
0x1446b: int 0x21
0x1446d: cli
0x1446e: jmp 0x1446d
0x14470: mov ax, 0x8f00
0x14473: int 0x21
0x14475: cmp ax, 0x8f
0x14478: jne 0x14489
0x1447a: add si, 0x11c
0x1447e: mov di, 0x100
0x14481: push ss
0x14482: push di
0x14483: cld
0x14484: movsw word ptr es:[di], word ptr [si]
0x14485: movsw word ptr es:[di], word ptr [si]
0x14486: push ss
0x14487: pop ds
2018-12-17T22:55:22.485740927Z 143 PC: 14475 | UNKNOWN!
2018-12-17T22:55:22.486565819Z 82 PC: 1448f | Get DOS internal pointers (SYSVARS)
2018-12-17T22:55:22.487896842Z 82 PC: 9f974 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:55:22.489923294Z 9 PC: 13252 | Display string (String= 'Goat file (COM). Size=00001A0Ah/0000006666d bytes. ')
2018-12-17T22:55:22.493449176Z 76 PC: 13256 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":9,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11873,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:27.675491847Z 42 PC: 1445f | Get date 0x1445f: cmp dx, 0x909
0x14463: jne 0x14470
0x14465: mov ah, 9
0x14467: lea dx, word ptr [si + 0x140]
0x1446b: int 0x21
0x1446d: cli
0x1446e: jmp 0x1446d
0x14470: mov ax, 0x8f00
0x14473: int 0x21
0x14475: cmp ax, 0x8f
0x14478: jne 0x14489
0x1447a: add si, 0x11c
0x1447e: mov di, 0x100
0x14481: push ss
0x14482: push di
0x14483: cld
0x14484: movsw word ptr es:[di], word ptr [si]
0x14485: movsw word ptr es:[di], word ptr [si]
0x14486: push ss
0x14487: pop ds
2018-12-25T12:31:27.677714664Z 9 PC: 1446d | Display string (String= 'Hello !! I am [Flavour V1.1] By Dark Killer ... At Taiwan Power Virus Organization ! 1995/07/01/Saturday ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11873,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:27.760109157Z 42 PC: 1445f | Get date 0x1445f: cmp dx, 0x909
0x14463: jne 0x14470
0x14465: mov ah, 9
0x14467: lea dx, word ptr [si + 0x140]
0x1446b: int 0x21
0x1446d: cli
0x1446e: jmp 0x1446d
0x14470: mov ax, 0x8f00
0x14473: int 0x21
0x14475: cmp ax, 0x8f
0x14478: jne 0x14489
0x1447a: add si, 0x11c
0x1447e: mov di, 0x100
0x14481: push ss
0x14482: push di
0x14483: cld
0x14484: movsw word ptr es:[di], word ptr [si]
0x14485: movsw word ptr es:[di], word ptr [si]
0x14486: push ss
0x14487: pop ds
2018-12-25T12:31:27.773095742Z 143 PC: 14475 | UNKNOWN!
2018-12-25T12:31:27.77397095Z 82 PC: 1448f | Get DOS internal pointers (SYSVARS)
2018-12-25T12:31:27.775682778Z 82 PC: 9f974 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:31:27.779100234Z 9 PC: 13252 | Display string (String= 'Goat file (COM). Size=00001A0Ah/0000006666d bytes. ')
2018-12-25T12:31:27.785060812Z 76 PC: 13256 | Terminate with return code (Return code = '36')