Sample viewer

vx.netlux.org/Virus.DOS.Letter_H.665

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:58:39.323762821Z 53 PC: 12c8d | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:39.32740836Z 37 PC: 12c96 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:39.32852161Z 37 PC: 12cb2 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:39.32958219Z 42 PC: 12cba | Get date 0x12cba: cmp dl, 7
0x12cbd: je 0x12cc2
0x12cbf: jmp 0x12d83
0x12cc2: mov ax, 0x13
0x12cc5: int 0x10
0x12cc7: mov ah, 0xf
0x12cc9: int 0x10
0x12ccb: push cs
0x12ccc: pop es
0x12ccd: mov dx, 0x70c
0x12cd0: mov bp, 0x266
0x12cd3: add bp, si
0x12cd5: mov bl, 0x33
0x12cd7: mov ax, 0x1301
0x12cda: mov cx, 0x10
0x12cdd: push bx
0x12cde: int 0x10
0x12ce0: pop bx
0x12ce1: dec byte ptr [si + 0x265]
0x12ce5: je 0x12cf0
2018-12-17T22:58:39.337304006Z 91 PC: 12daa | Create new file
2018-12-17T22:58:39.341465432Z 53 PC: 12df2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:39.342692108Z 37 PC: 12e02 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:39.344611657Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:58:39.348131119Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12945,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:59.331071648Z 53 PC: 12c8d | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:36:59.332563858Z 37 PC: 12c96 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:36:59.333894795Z 37 PC: 12cb2 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:36:59.334851068Z 42 PC: 12cba | Get date 0x12cba: cmp dl, 7
0x12cbd: je 0x12cc2
0x12cbf: jmp 0x12d83
0x12cc2: mov ax, 0x13
0x12cc5: int 0x10
0x12cc7: mov ah, 0xf
0x12cc9: int 0x10
0x12ccb: push cs
0x12ccc: pop es
0x12ccd: mov dx, 0x70c
0x12cd0: mov bp, 0x266
0x12cd3: add bp, si
0x12cd5: mov bl, 0x33
0x12cd7: mov ax, 0x1301
0x12cda: mov cx, 0x10
0x12cdd: push bx
0x12cde: int 0x10
0x12ce0: pop bx
0x12ce1: dec byte ptr [si + 0x265]
0x12ce5: je 0x12cf0
2018-12-25T12:36:59.337287848Z 91 PC: 12daa | Create new file
2018-12-25T12:36:59.340307207Z 53 PC: 12df2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:59.341543929Z 37 PC: 12e02 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:59.342860245Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:36:59.349570273Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12945,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:00.132576288Z 53 PC: 12c8d | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:37:00.135655924Z 37 PC: 12c96 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:37:00.137355347Z 37 PC: 12cb2 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:37:00.13848311Z 42 PC: 12cba | Get date 0x12cba: cmp dl, 7
0x12cbd: je 0x12cc2
0x12cbf: jmp 0x12d83
0x12cc2: mov ax, 0x13
0x12cc5: int 0x10
0x12cc7: mov ah, 0xf
0x12cc9: int 0x10
0x12ccb: push cs
0x12ccc: pop es
0x12ccd: mov dx, 0x70c
0x12cd0: mov bp, 0x266
0x12cd3: add bp, si
0x12cd5: mov bl, 0x33
0x12cd7: mov ax, 0x1301
0x12cda: mov cx, 0x10
0x12cdd: push bx
0x12cde: int 0x10
0x12ce0: pop bx
0x12ce1: dec byte ptr [si + 0x265]
0x12ce5: je 0x12cf0