Sample viewer

vx.netlux.org/Virus.DOS.HappyEnd.1536

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:00:00.875573475Z	171	PC: 12e8b \| UNKNOWN!
2018-12-17T23:00:00.87694359Z	74	PC: 12e9a \| Reallocate memory
2018-12-17T23:00:00.879723333Z	74	PC: 12ea2 \| Reallocate memory
2018-12-17T23:00:00.882244421Z	72	PC: 12ea9 \| Allocate memory
2018-12-17T23:00:00.885763815Z	42	PC: 9f008 \| Get date 0x9f008: cmp dh, 5 0x9f00b: jne 0x9f001 0x9f00d: cmp dl, 0x13 0x9f010: je 0x9f029 0x9f012: cmp dl, 0x14 0x9f015: je 0x9f029 0x9f017: cmp dl, 0x15 0x9f01a: je 0x9f029 0x9f01c: cmp dl, 0x16 0x9f01f: je 0x9f029 0x9f021: cmp dl, 0x17 0x9f024: je 0x9f029 0x9f026: jmp 0x9f095 0x9f029: mov ah, 9 0x9f02b: mov dx, 0x27b 0x9f02e: int 0x21 0x9f030: mov dh, 0xff 0x9f032: mov dl, 0x80 0x9f034: add dh, 1 0x9f037: mov ah, 5
2018-12-17T23:00:00.896242657Z	53	PC: 9f09a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:00:00.899667123Z	37	PC: 9f0aa \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:00:00.904982231Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=000003E8h/0000001000d bytes. ')
2018-12-17T23:00:00.910524657Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":22,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13401,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:09.879090206Z	171	PC: 12e8b \| UNKNOWN!
2018-12-25T12:38:09.880586617Z	74	PC: 12e9a \| Reallocate memory
2018-12-25T12:38:09.882714172Z	74	PC: 12ea2 \| Reallocate memory
2018-12-25T12:38:09.884424718Z	72	PC: 12ea9 \| Allocate memory
2018-12-25T12:38:09.885852267Z	42	PC: 9f008 \| Get date 0x9f008: cmp dh, 5 0x9f00b: jne 0x9f001 0x9f00d: cmp dl, 0x13 0x9f010: je 0x9f029 0x9f012: cmp dl, 0x14 0x9f015: je 0x9f029 0x9f017: cmp dl, 0x15 0x9f01a: je 0x9f029 0x9f01c: cmp dl, 0x16 0x9f01f: je 0x9f029 0x9f021: cmp dl, 0x17 0x9f024: je 0x9f029 0x9f026: jmp 0x9f095 0x9f029: mov ah, 9 0x9f02b: mov dx, 0x27b 0x9f02e: int 0x21 0x9f030: mov dh, 0xff 0x9f032: mov dl, 0x80 0x9f034: add dh, 1 0x9f037: mov ah, 5
2018-12-25T12:38:09.888030342Z	9	PC: 9f030 \| Display string (String= 'Decryption Defence... This is Happy End. Please turn off your computer.')

{"DateBased":true,"Day":23,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13401,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:09.960432495Z	171	PC: 12e8b \| UNKNOWN!
2018-12-25T12:38:09.961840254Z	74	PC: 12e9a \| Reallocate memory
2018-12-25T12:38:09.963599734Z	74	PC: 12ea2 \| Reallocate memory
2018-12-25T12:38:09.964962013Z	72	PC: 12ea9 \| Allocate memory
2018-12-25T12:38:09.966611145Z	42	PC: 9f008 \| Get date 0x9f008: cmp dh, 5 0x9f00b: jne 0x9f001 0x9f00d: cmp dl, 0x13 0x9f010: je 0x9f029 0x9f012: cmp dl, 0x14 0x9f015: je 0x9f029 0x9f017: cmp dl, 0x15 0x9f01a: je 0x9f029 0x9f01c: cmp dl, 0x16 0x9f01f: je 0x9f029 0x9f021: cmp dl, 0x17 0x9f024: je 0x9f029 0x9f026: jmp 0x9f095 0x9f029: mov ah, 9 0x9f02b: mov dx, 0x27b 0x9f02e: int 0x21 0x9f030: mov dh, 0xff 0x9f032: mov dl, 0x80 0x9f034: add dh, 1 0x9f037: mov ah, 5
2018-12-25T12:38:09.968240187Z	9	PC: 9f030 \| Display string (String= 'Decryption Defence... This is Happy End. Please turn off your computer.')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13401,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:10.096284774Z	171	PC: 12e8b \| UNKNOWN!
2018-12-25T12:38:10.098042824Z	74	PC: 12e9a \| Reallocate memory
2018-12-25T12:38:10.099358987Z	74	PC: 12ea2 \| Reallocate memory
2018-12-25T12:38:10.100732395Z	72	PC: 12ea9 \| Allocate memory
2018-12-25T12:38:10.102682806Z	42	PC: 9f008 \| Get date 0x9f008: cmp dh, 5 0x9f00b: jne 0x9f001 0x9f00d: cmp dl, 0x13 0x9f010: je 0x9f029 0x9f012: cmp dl, 0x14 0x9f015: je 0x9f029 0x9f017: cmp dl, 0x15 0x9f01a: je 0x9f029 0x9f01c: cmp dl, 0x16 0x9f01f: je 0x9f029 0x9f021: cmp dl, 0x17 0x9f024: je 0x9f029 0x9f026: jmp 0x9f095 0x9f029: mov ah, 9 0x9f02b: mov dx, 0x27b 0x9f02e: int 0x21 0x9f030: mov dh, 0xff 0x9f032: mov dl, 0x80 0x9f034: add dh, 1 0x9f037: mov ah, 5
2018-12-25T12:38:10.1049792Z	53	PC: 9f09a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:10.106211153Z	37	PC: 9f0aa \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:10.10750603Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=000003E8h/0000001000d bytes. ')
2018-12-25T12:38:10.114055923Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13401,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:10.305271298Z	171	PC: 12e8b \| UNKNOWN!
2018-12-25T12:38:10.306529257Z	74	PC: 12e9a \| Reallocate memory
2018-12-25T12:38:10.3075589Z	74	PC: 12ea2 \| Reallocate memory
2018-12-25T12:38:10.308413545Z	72	PC: 12ea9 \| Allocate memory
2018-12-25T12:38:10.310015436Z	42	PC: 9f008 \| Get date 0x9f008: cmp dh, 5 0x9f00b: jne 0x9f001 0x9f00d: cmp dl, 0x13 0x9f010: je 0x9f029 0x9f012: cmp dl, 0x14 0x9f015: je 0x9f029 0x9f017: cmp dl, 0x15 0x9f01a: je 0x9f029 0x9f01c: cmp dl, 0x16 0x9f01f: je 0x9f029 0x9f021: cmp dl, 0x17 0x9f024: je 0x9f029 0x9f026: jmp 0x9f095 0x9f029: mov ah, 9 0x9f02b: mov dx, 0x27b 0x9f02e: int 0x21 0x9f030: mov dh, 0xff 0x9f032: mov dl, 0x80 0x9f034: add dh, 1 0x9f037: mov ah, 5
2018-12-25T12:38:10.311775208Z	53	PC: 9f09a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:10.312504072Z	37	PC: 9f0aa \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:10.313781972Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=000003E8h/0000001000d bytes. ')
2018-12-25T12:38:10.316944357Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":19,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13401,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:10.404297994Z	171	PC: 12e8b \| UNKNOWN!
2018-12-25T12:38:10.405811571Z	74	PC: 12e9a \| Reallocate memory
2018-12-25T12:38:10.407202615Z	74	PC: 12ea2 \| Reallocate memory
2018-12-25T12:38:10.408356714Z	72	PC: 12ea9 \| Allocate memory
2018-12-25T12:38:10.410256754Z	42	PC: 9f008 \| Get date 0x9f008: cmp dh, 5 0x9f00b: jne 0x9f001 0x9f00d: cmp dl, 0x13 0x9f010: je 0x9f029 0x9f012: cmp dl, 0x14 0x9f015: je 0x9f029 0x9f017: cmp dl, 0x15 0x9f01a: je 0x9f029 0x9f01c: cmp dl, 0x16 0x9f01f: je 0x9f029 0x9f021: cmp dl, 0x17 0x9f024: je 0x9f029 0x9f026: jmp 0x9f095 0x9f029: mov ah, 9 0x9f02b: mov dx, 0x27b 0x9f02e: int 0x21 0x9f030: mov dh, 0xff 0x9f032: mov dl, 0x80 0x9f034: add dh, 1 0x9f037: mov ah, 5
2018-12-25T12:38:10.412239563Z	9	PC: 9f030 \| Display string (String= 'Decryption Defence... This is Happy End. Please turn off your computer.')

{"DateBased":true,"Day":20,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13401,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:10.489901075Z	171	PC: 12e8b \| UNKNOWN!
2018-12-25T12:38:10.490962089Z	74	PC: 12e9a \| Reallocate memory
2018-12-25T12:38:10.494526518Z	74	PC: 12ea2 \| Reallocate memory
2018-12-25T12:38:10.496141726Z	72	PC: 12ea9 \| Allocate memory
2018-12-25T12:38:10.497965941Z	42	PC: 9f008 \| Get date 0x9f008: cmp dh, 5 0x9f00b: jne 0x9f001 0x9f00d: cmp dl, 0x13 0x9f010: je 0x9f029 0x9f012: cmp dl, 0x14 0x9f015: je 0x9f029 0x9f017: cmp dl, 0x15 0x9f01a: je 0x9f029 0x9f01c: cmp dl, 0x16 0x9f01f: je 0x9f029 0x9f021: cmp dl, 0x17 0x9f024: je 0x9f029 0x9f026: jmp 0x9f095 0x9f029: mov ah, 9 0x9f02b: mov dx, 0x27b 0x9f02e: int 0x21 0x9f030: mov dh, 0xff 0x9f032: mov dl, 0x80 0x9f034: add dh, 1 0x9f037: mov ah, 5
2018-12-25T12:38:10.501083928Z	9	PC: 9f030 \| Display string (String= 'Decryption Defence... This is Happy End. Please turn off your computer.')

{"DateBased":true,"Day":21,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13401,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:10.489191672Z	171	PC: 12e8b \| UNKNOWN!
2018-12-25T12:38:10.490353886Z	74	PC: 12e9a \| Reallocate memory
2018-12-25T12:38:10.492165139Z	74	PC: 12ea2 \| Reallocate memory
2018-12-25T12:38:10.493552458Z	72	PC: 12ea9 \| Allocate memory
2018-12-25T12:38:10.495191445Z	42	PC: 9f008 \| Get date 0x9f008: cmp dh, 5 0x9f00b: jne 0x9f001 0x9f00d: cmp dl, 0x13 0x9f010: je 0x9f029 0x9f012: cmp dl, 0x14 0x9f015: je 0x9f029 0x9f017: cmp dl, 0x15 0x9f01a: je 0x9f029 0x9f01c: cmp dl, 0x16 0x9f01f: je 0x9f029 0x9f021: cmp dl, 0x17 0x9f024: je 0x9f029 0x9f026: jmp 0x9f095 0x9f029: mov ah, 9 0x9f02b: mov dx, 0x27b 0x9f02e: int 0x21 0x9f030: mov dh, 0xff 0x9f032: mov dl, 0x80 0x9f034: add dh, 1 0x9f037: mov ah, 5
2018-12-25T12:38:10.497898841Z	9	PC: 9f030 \| Display string (String= 'Decryption Defence... This is Happy End. Please turn off your computer.')