Sample viewer

vx.netlux.org/Virus.DOS.Dwbomk.607

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:57:29.108383288Z	222	PC: 152e4 \| UNKNOWN!
2018-12-17T22:57:29.111046147Z	42	PC: 15369 \| Get date 0x15369: cmp dh, 1 0x1536c: jne 0x153a6 0x1536e: nop 0x1536f: nop 0x15370: cmp dl, 0x11 0x15373: jne 0x153a6 0x15375: nop 0x15376: nop 0x15377: mov ah, 9 0x15379: lea dx, word ptr [si + 0x120] 0x1537d: int 0x21 0x1537f: mov ch, 0 0x15381: mov dh, 0 0x15383: mov ah, 3 0x15385: mov al, 8 0x15387: mov cl, 1 0x15389: mov dl, 0x80 0x1538b: mov bx, 0xb800 0x1538e: mov es, bx 0x15390: xor bx, bx
2018-12-17T22:57:29.120922255Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=00002710h/0000010000d bytes. ')
2018-12-17T22:57:29.126559779Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12565,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:35:40.29082278Z	222	PC: 152e4 \| UNKNOWN!
2018-12-25T12:35:40.29284532Z	42	PC: 15369 \| Get date 0x15369: cmp dh, 1 0x1536c: jne 0x153a6 0x1536e: nop 0x1536f: nop 0x15370: cmp dl, 0x11 0x15373: jne 0x153a6 0x15375: nop 0x15376: nop 0x15377: mov ah, 9 0x15379: lea dx, word ptr [si + 0x120] 0x1537d: int 0x21 0x1537f: mov ch, 0 0x15381: mov dh, 0 0x15383: mov ah, 3 0x15385: mov al, 8 0x15387: mov cl, 1 0x15389: mov dl, 0x80 0x1538b: mov bx, 0xb800 0x1538e: mov es, bx 0x15390: xor bx, bx
2018-12-25T12:35:40.294691269Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=00002710h/0000010000d bytes. ')
2018-12-25T12:35:40.29889259Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":17,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12565,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:35:40.381599346Z	222	PC: 152e4 \| UNKNOWN!
2018-12-25T12:35:40.383718585Z	42	PC: 15369 \| Get date 0x15369: cmp dh, 1 0x1536c: jne 0x153a6 0x1536e: nop 0x1536f: nop 0x15370: cmp dl, 0x11 0x15373: jne 0x153a6 0x15375: nop 0x15376: nop 0x15377: mov ah, 9 0x15379: lea dx, word ptr [si + 0x120] 0x1537d: int 0x21 0x1537f: mov ch, 0 0x15381: mov dh, 0 0x15383: mov ah, 3 0x15385: mov al, 8 0x15387: mov cl, 1 0x15389: mov dl, 0x80 0x1538b: mov bx, 0xb800 0x1538e: mov es, bx 0x15390: xor bx, bx
2018-12-25T12:35:40.385963807Z	9	PC: 1537f \| Display string (String= '�� "DWBoMK" ��,��,��-96-1 ')

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12565,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:35:40.921784513Z	222	PC: 152e4 \| UNKNOWN!
2018-12-25T12:35:40.924265257Z	42	PC: 15369 \| Get date 0x15369: cmp dh, 1 0x1536c: jne 0x153a6 0x1536e: nop 0x1536f: nop 0x15370: cmp dl, 0x11 0x15373: jne 0x153a6 0x15375: nop 0x15376: nop 0x15377: mov ah, 9 0x15379: lea dx, word ptr [si + 0x120] 0x1537d: int 0x21 0x1537f: mov ch, 0 0x15381: mov dh, 0 0x15383: mov ah, 3 0x15385: mov al, 8 0x15387: mov cl, 1 0x15389: mov dl, 0x80 0x1538b: mov bx, 0xb800 0x1538e: mov es, bx 0x15390: xor bx, bx
2018-12-25T12:35:40.928159194Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=00002710h/0000010000d bytes. ')
2018-12-25T12:35:40.934935024Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')