Sample viewer

vx.netlux.org/Virus.DOS.TPVO.Glacier.1180

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:58:36.943082966Z 131 PC: 135a3 | UNKNOWN!
2018-12-17T22:58:36.944992225Z 53 PC: 13649 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:36.946667243Z 37 PC: 13658 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:36.948247954Z 53 PC: 1365d | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:58:36.950135803Z 37 PC: 1366c | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:58:36.958514881Z 42 PC: 135ac | Get date 0x135ac: cmp dx, 0x40d
0x135b0: jne 0x135e5
0x135b2: add si, 0x3b6
0x135b6: push si
0x135b7: push si
0x135b8: pop di
0x135b9: mov cx, 0xc2
0x135bc: lodsb al, byte ptr [si]
0x135bd: xor al, 0x45
0x135bf: stosb byte ptr es:[di], al
0x135c0: loop 0x135bc
0x135c2: pop si
0x135c3: xor bx, bx
0x135c5: mov ax, 0x9100
0x135c8: int 0x10
0x135ca: or bx, bx
0x135cc: je 0x135db
0x135ce: test dh, 0x80
0x135d1: jne 0x135db
0x135d3: add si, 0x64
2018-12-17T22:58:36.9614562Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=00002710h/0000010000d bytes. ')
2018-12-17T22:58:36.966908047Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":13,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12930,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:57.836036162Z 131 PC: 135a3 | UNKNOWN!
2018-12-25T12:36:57.838173802Z 53 PC: 13649 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:57.839269391Z 37 PC: 13658 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:57.840331321Z 53 PC: 1365d | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:36:57.841977915Z 37 PC: 1366c | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:36:57.843439734Z 42 PC: 135ac | Get date 0x135ac: cmp dx, 0x40d
0x135b0: jne 0x135e5
0x135b2: add si, 0x3b6
0x135b6: push si
0x135b7: push si
0x135b8: pop di
0x135b9: mov cx, 0xc2
0x135bc: lodsb al, byte ptr [si]
0x135bd: xor al, 0x45
0x135bf: stosb byte ptr es:[di], al
0x135c0: loop 0x135bc
0x135c2: pop si
0x135c3: xor bx, bx
0x135c5: mov ax, 0x9100
0x135c8: int 0x10
0x135ca: or bx, bx
0x135cc: je 0x135db
0x135ce: test dh, 0x80
0x135d1: jne 0x135db
0x135d3: add si, 0x64

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12930,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:58.362072294Z 131 PC: 135a3 | UNKNOWN!
2018-12-25T12:36:58.366294166Z 53 PC: 13649 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:58.368933277Z 37 PC: 13658 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:58.371138065Z 53 PC: 1365d | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:36:58.373916923Z 37 PC: 1366c | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:36:58.375716758Z 42 PC: 135ac | Get date 0x135ac: cmp dx, 0x40d
0x135b0: jne 0x135e5
0x135b2: add si, 0x3b6
0x135b6: push si
0x135b7: push si
0x135b8: pop di
0x135b9: mov cx, 0xc2
0x135bc: lodsb al, byte ptr [si]
0x135bd: xor al, 0x45
0x135bf: stosb byte ptr es:[di], al
0x135c0: loop 0x135bc
0x135c2: pop si
0x135c3: xor bx, bx
0x135c5: mov ax, 0x9100
0x135c8: int 0x10
0x135ca: or bx, bx
0x135cc: je 0x135db
0x135ce: test dh, 0x80
0x135d1: jne 0x135db
0x135d3: add si, 0x64
2018-12-25T12:36:58.378789839Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=00002710h/0000010000d bytes. ')
2018-12-25T12:36:58.386237749Z 76 PC: 12a86 | Terminate with return code (Return code = '36')