Sample viewer

vx.netlux.org/Virus.DOS.Aiwedr.678

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:16:04.314565301Z	222	PC: 12c48 \| UNKNOWN!
2018-12-17T23:16:04.315784906Z	44	PC: 12ec5 \| Get time 0x12ec5: cmp ch, 1 0x12ec8: jne 0x12ecd 0x12eca: call 0x22e9d 0x12ecd: cmp ch, 8 0x12ed0: jne 0x12ed5 0x12ed2: call 0x22e9d 0x12ed5: ret 0x12ed6: adc cl, ch 0x12ed8: xchg ax, bp
2018-12-17T23:16:04.318552315Z	53	PC: 12c74 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:16:04.319856651Z	37	PC: 12c95 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:16:04.322279786Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-17T23:16:04.326932384Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14621,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:10.231345072Z	222	PC: 12c48 \| UNKNOWN!
2018-12-25T12:41:10.232327184Z	44	PC: 12ec5 \| Get time 0x12ec5: cmp ch, 1 0x12ec8: jne 0x12ecd 0x12eca: call 0x22e9d 0x12ecd: cmp ch, 8 0x12ed0: jne 0x12ed5 0x12ed2: call 0x22e9d 0x12ed5: ret 0x12ed6: adc cl, ch 0x12ed8: xchg ax, bp
2018-12-25T12:41:10.235090706Z	53	PC: 12c74 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:10.23661035Z	37	PC: 12c95 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:10.238175967Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T12:41:10.247857264Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14621,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:10.935434928Z	222	PC: 12c48 \| UNKNOWN!
2018-12-25T12:41:10.936180402Z	44	PC: 12ec5 \| Get time 0x12ec5: cmp ch, 1 0x12ec8: jne 0x12ecd 0x12eca: call 0x22e9d 0x12ecd: cmp ch, 8 0x12ed0: jne 0x12ed5 0x12ed2: call 0x22e9d 0x12ed5: ret 0x12ed6: adc cl, ch 0x12ed8: xchg ax, bp
2018-12-25T12:41:10.94189118Z	53	PC: 12c74 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:10.942905349Z	37	PC: 12c95 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:10.943923448Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T12:41:10.947854197Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":8,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14621,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:11.020592577Z	222	PC: 12c48 \| UNKNOWN!
2018-12-25T12:41:11.021646653Z	44	PC: 12ec5 \| Get time 0x12ec5: cmp ch, 1 0x12ec8: jne 0x12ecd 0x12eca: call 0x22e9d 0x12ecd: cmp ch, 8 0x12ed0: jne 0x12ed5 0x12ed2: call 0x22e9d 0x12ed5: ret 0x12ed6: adc cl, ch 0x12ed8: xchg ax, bp
2018-12-25T12:41:11.024784288Z	53	PC: 12c74 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:11.025846063Z	37	PC: 12c95 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:11.027204409Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T12:41:11.03072319Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')