Sample viewer

vx.netlux.org/Virus.DOS.ADT.1778

Time	Syscall Op	Syscall Name
2018-12-17T22:58:32.5018786Z	42	PC: 14742 \| Get date 0x14742: xor ax, ax 0x14744: mov ds, ax 0x14746: mov ax, word ptr [0x84] 0x14749: mov word ptr cs:[bp + 0x296], ax 0x1474e: mov ax, word ptr [0x86] 0x14751: mov word ptr cs:[bp + 0x298], ax 0x14756: mov word ptr [0x84], 0x3a2 0x1475c: mov word ptr [0x86], es 0x14760: cmp dl, 0x13 0x14763: jne 0x1477f 0x14765: mov ax, word ptr [0x24] 0x14768: mov word ptr cs:[bp + 0x29a], ax 0x1476d: mov ax, word ptr [0x26] 0x14770: mov word ptr cs:[bp + 0x29c], ax 0x14775: mov word ptr [0x24], 0x3ce 0x1477b: mov word ptr [0x26], es 0x1477f: sti 0x14780: push cs 0x14781: pop ds 0x14782: mov cx, 0x6f2
2018-12-17T22:58:32.505887895Z	48	PC: 12a63 \| Get DOS version
2018-12-17T22:58:32.507706974Z	9	PC: 12a7a \| Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-17T22:58:32.517522384Z	61	PC: 12cb7 \| Open file (Filename = '')
2018-12-17T22:58:32.526431769Z	9	PC: 12a88 \| Display string (String= 'Self test: ')
2018-12-17T22:58:32.52959226Z	93	PC: 12b24 \| File sharing functions
2018-12-17T22:58:32.532315188Z	9	PC: 12b03 \| Display string (String= 'Size change=+06F2h/01778d. Virus might be activ? ')
2018-12-17T22:58:32.539632131Z	76	PC: 12b09 \| Terminate with return code (Return code = '1')