Sample viewer

vx.netlux.org/Virus.DOS.Sanga.1171

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:56:46.531215372Z	74	PC: 17c55 \| Reallocate memory
2018-12-17T22:56:46.533691898Z	72	PC: 17c5e \| Allocate memory
2018-12-17T22:56:46.536769705Z	255	PC: 18eb4 \| UNKNOWN!
2018-12-17T22:56:46.537907614Z	42	PC: 18ebd \| Get date 0x18ebd: and dl, 3 0x18ec0: jne 0x18eca 0x18ec2: mov al, 1 0x18ec4: mov byte ptr cs:[0x44d], al 0x18ec8: jmp 0x18ed0 0x18eca: xor al, al 0x18ecc: mov byte ptr cs:[0x44d], al 0x18ed0: mov cx, 0x1a3 0x18ed3: mov bx, 0x18e 0x18ed6: mov al, byte ptr cs:[bx] 0x18ed9: xor al, 0x64 0x18edb: mov byte ptr cs:[bx], al 0x18ede: inc bx 0x18edf: loop 0x18ed6 0x18ee1: call 0x191df 0x18ee4: jb 0x18f02 0x18ee6: push es 0x18ee7: pop ds 0x18ee8: mov ax, 0x3521 0x18eeb: int 0x21
2018-12-17T22:56:46.54081992Z	88	PC: 191e4 \| case 0xGet or set allocation strateg:
2018-12-17T22:56:46.543212469Z	88	PC: 191ea \| case 0xGet or set allocation strateg:
2018-12-17T22:56:46.544822656Z	88	PC: 191f3 \| case 0xGet or set allocation strateg:
2018-12-17T22:56:46.546789915Z	88	PC: 191fb \| case 0xGet or set allocation strateg:
2018-12-17T22:56:46.554211749Z	72	PC: 19202 \| Allocate memory
2018-12-17T22:56:46.556189898Z	88	PC: 1920c \| case 0xGet or set allocation strateg:
2018-12-17T22:56:46.557841764Z	88	PC: 19214 \| case 0xGet or set allocation strateg:
2018-12-17T22:56:46.561660794Z	53	PC: 18eed \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:56:46.563698225Z	37	PC: 18eff \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:56:46.565266684Z	73	PC: 17c8d \| Release memory
2018-12-17T22:56:46.567502287Z	74	PC: 17c9b \| Reallocate memory
2018-12-17T22:56:46.570616973Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000053DDh/0000021469d bytes. ')
2018-12-17T22:56:46.575531112Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12335,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:29.522370053Z	74	PC: 17c55 \| Reallocate memory
2018-12-25T12:32:29.524644613Z	72	PC: 17c5e \| Allocate memory
2018-12-25T12:32:29.5265115Z	255	PC: 18eb4 \| UNKNOWN!
2018-12-25T12:32:29.527397055Z	42	PC: 18ebd \| Get date 0x18ebd: and dl, 3 0x18ec0: jne 0x18eca 0x18ec2: mov al, 1 0x18ec4: mov byte ptr cs:[0x44d], al 0x18ec8: jmp 0x18ed0 0x18eca: xor al, al 0x18ecc: mov byte ptr cs:[0x44d], al 0x18ed0: mov cx, 0x1a3 0x18ed3: mov bx, 0x18e 0x18ed6: mov al, byte ptr cs:[bx] 0x18ed9: xor al, 0x64 0x18edb: mov byte ptr cs:[bx], al 0x18ede: inc bx 0x18edf: loop 0x18ed6 0x18ee1: call 0x191df 0x18ee4: jb 0x18f02 0x18ee6: push es 0x18ee7: pop ds 0x18ee8: mov ax, 0x3521 0x18eeb: int 0x21
2018-12-25T12:32:29.530694526Z	88	PC: 191e4 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:29.531799806Z	88	PC: 191ea \| case 0xGet or set allocation strateg:
2018-12-25T12:32:29.533067322Z	88	PC: 191f3 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:29.535175309Z	88	PC: 191fb \| case 0xGet or set allocation strateg:
2018-12-25T12:32:29.542441615Z	72	PC: 19202 \| Allocate memory
2018-12-25T12:32:29.543810766Z	88	PC: 1920c \| case 0xGet or set allocation strateg:
2018-12-25T12:32:29.545825267Z	88	PC: 19214 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:29.547733611Z	53	PC: 18eed \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:32:29.549483632Z	37	PC: 18eff \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:32:29.551337253Z	73	PC: 17c8d \| Release memory
2018-12-25T12:32:29.553069816Z	74	PC: 17c9b \| Reallocate memory
2018-12-25T12:32:29.554878638Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000053DDh/0000021469d bytes. ')
2018-12-25T12:32:29.560614248Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12335,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:29.758942884Z	74	PC: 17c55 \| Reallocate memory
2018-12-25T12:32:29.764775018Z	72	PC: 17c5e \| Allocate memory
2018-12-25T12:32:29.766517918Z	255	PC: 18eb4 \| UNKNOWN!
2018-12-25T12:32:29.767265393Z	42	PC: 18ebd \| Get date 0x18ebd: and dl, 3 0x18ec0: jne 0x18eca 0x18ec2: mov al, 1 0x18ec4: mov byte ptr cs:[0x44d], al 0x18ec8: jmp 0x18ed0 0x18eca: xor al, al 0x18ecc: mov byte ptr cs:[0x44d], al 0x18ed0: mov cx, 0x1a3 0x18ed3: mov bx, 0x18e 0x18ed6: mov al, byte ptr cs:[bx] 0x18ed9: xor al, 0x64 0x18edb: mov byte ptr cs:[bx], al 0x18ede: inc bx 0x18edf: loop 0x18ed6 0x18ee1: call 0x191df 0x18ee4: jb 0x18f02 0x18ee6: push es 0x18ee7: pop ds 0x18ee8: mov ax, 0x3521 0x18eeb: int 0x21
2018-12-25T12:32:29.769976928Z	88	PC: 191e4 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:29.771975661Z	88	PC: 191ea \| case 0xGet or set allocation strateg:
2018-12-25T12:32:29.773138182Z	88	PC: 191f3 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:29.78395274Z	88	PC: 191fb \| case 0xGet or set allocation strateg:
2018-12-25T12:32:29.785372383Z	72	PC: 19202 \| Allocate memory
2018-12-25T12:32:29.787014547Z	88	PC: 1920c \| case 0xGet or set allocation strateg:
2018-12-25T12:32:29.788545571Z	88	PC: 19214 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:29.790743301Z	53	PC: 18eed \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:32:29.792259731Z	37	PC: 18eff \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:32:29.793690851Z	73	PC: 17c8d \| Release memory
2018-12-25T12:32:29.795823371Z	74	PC: 17c9b \| Reallocate memory
2018-12-25T12:32:29.798297573Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000053DDh/0000021469d bytes. ')
2018-12-25T12:32:29.803274447Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')