Sample viewer

vx.netlux.org/Virus.DOS.Tedy.4350

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:04:25.631813795Z	53	PC: 151bb \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:04:25.63425005Z	37	PC: 151ea \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:04:25.66602689Z	37	PC: 1523a \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:04:25.667431726Z	240	PC: 1524e \| UNKNOWN!
2018-12-17T23:04:25.677611883Z	74	PC: 12b3a \| Reallocate memory
2018-12-17T23:04:25.680532515Z	42	PC: 13aa7 \| Get date 0x13aa7: cmp dx, 0xb0c 0x13aab: jne 0x13af3 0x13aad: mov ah, 0x48 0x13aaf: mov bx, 0x20 0x13ab2: int 0x21 0x13ab4: jb 0x13af3 0x13ab6: mov es, ax 0x13ab8: xor bx, bx 0x13aba: mov dx, 0x80 0x13abd: mov cx, 1 0x13ac0: mov ax, 0x201 0x13ac3: int 0x13 0x13ac5: cmp word ptr es:[bx], 0xc033 0x13aca: jne 0x13ad4 0x13acc: cmp word ptr es:[bx + 2], 0xd88e 0x13ad2: je 0x13aef 0x13ad4: mov ax, 0x301 0x13ad7: mov cl, 7 0x13ad9: int 0x13 0x13adb: push cs
2018-12-17T23:04:25.683061615Z	52	PC: 12b41 \| Get InDOS flag pointer
2018-12-17T23:04:25.68525015Z	53	PC: 12b50 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:25.687166917Z	37	PC: 12b64 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:25.688762215Z	75	PC: 12ba1 \| Execute program
2018-12-17T23:04:25.708399309Z	53	PC: 1661b \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:04:25.714927697Z	37	PC: 1664a \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:04:25.726367232Z	37	PC: 1669a \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:04:25.727642734Z	9	PC: 13ee2 \| Display string (String= 'Goat file (EXE). Size=00002968h/0000010600d bytes. ')
2018-12-17T23:04:25.73266759Z	76	PC: 13ee6 \| Terminate with return code (Return code = '36')
2018-12-17T23:04:25.735481791Z	77	PC: 12bba \| Get program return code
2018-12-17T23:04:25.73703059Z	49	PC: 12bcd \| Terminate and stay resident (Return code = '36' \| Memory size = '320')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14867,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:50.580771701Z	53	PC: 151bb \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:41:50.583352295Z	37	PC: 151ea \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:41:50.619876344Z	37	PC: 1523a \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:41:50.621052464Z	240	PC: 1524e \| UNKNOWN!
2018-12-25T12:41:50.623720172Z	74	PC: 12b3a \| Reallocate memory
2018-12-25T12:41:50.625713965Z	42	PC: 13aa7 \| Get date 0x13aa7: cmp dx, 0xb0c 0x13aab: jne 0x13af3 0x13aad: mov ah, 0x48 0x13aaf: mov bx, 0x20 0x13ab2: int 0x21 0x13ab4: jb 0x13af3 0x13ab6: mov es, ax 0x13ab8: xor bx, bx 0x13aba: mov dx, 0x80 0x13abd: mov cx, 1 0x13ac0: mov ax, 0x201 0x13ac3: int 0x13 0x13ac5: cmp word ptr es:[bx], 0xc033 0x13aca: jne 0x13ad4 0x13acc: cmp word ptr es:[bx + 2], 0xd88e 0x13ad2: je 0x13aef 0x13ad4: mov ax, 0x301 0x13ad7: mov cl, 7 0x13ad9: int 0x13 0x13adb: push cs
2018-12-25T12:41:50.628067505Z	52	PC: 12b41 \| Get InDOS flag pointer
2018-12-25T12:41:50.629384894Z	53	PC: 12b50 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:50.631771045Z	37	PC: 12b64 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:50.633167743Z	75	PC: 12ba1 \| Execute program
2018-12-25T12:41:50.64808105Z	53	PC: 1661b \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:41:50.650025434Z	37	PC: 1664a \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:41:50.681040424Z	37	PC: 1669a \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:41:50.682506691Z	9	PC: 13ee2 \| Display string (String= 'Goat file (EXE). Size=00002968h/0000010600d bytes. ')
2018-12-25T12:41:50.689199825Z	76	PC: 13ee6 \| Terminate with return code (Return code = '36')
2018-12-25T12:41:50.693273353Z	77	PC: 12bba \| Get program return code
2018-12-25T12:41:50.695295579Z	49	PC: 12bcd \| Terminate and stay resident (Return code = '36' \| Memory size = '320')

{"DateBased":true,"Day":12,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14867,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:50.612444276Z	53	PC: 151bb \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:41:50.614113837Z	37	PC: 151ea \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:41:50.645330316Z	37	PC: 1523a \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:41:50.646417255Z	240	PC: 1524e \| UNKNOWN!
2018-12-25T12:41:50.649962454Z	74	PC: 12b3a \| Reallocate memory
2018-12-25T12:41:50.651402205Z	42	PC: 13aa7 \| Get date 0x13aa7: cmp dx, 0xb0c 0x13aab: jne 0x13af3 0x13aad: mov ah, 0x48 0x13aaf: mov bx, 0x20 0x13ab2: int 0x21 0x13ab4: jb 0x13af3 0x13ab6: mov es, ax 0x13ab8: xor bx, bx 0x13aba: mov dx, 0x80 0x13abd: mov cx, 1 0x13ac0: mov ax, 0x201 0x13ac3: int 0x13 0x13ac5: cmp word ptr es:[bx], 0xc033 0x13aca: jne 0x13ad4 0x13acc: cmp word ptr es:[bx + 2], 0xd88e 0x13ad2: je 0x13aef 0x13ad4: mov ax, 0x301 0x13ad7: mov cl, 7 0x13ad9: int 0x13 0x13adb: push cs
2018-12-25T12:41:50.653493917Z	72	PC: 13ab4 \| Allocate memory
2018-12-25T12:41:50.997291378Z	73	PC: 13af3 \| Release memory
2018-12-25T12:41:50.999193506Z	52	PC: 12b41 \| Get InDOS flag pointer
2018-12-25T12:41:51.000593109Z	53	PC: 12b50 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:51.002297906Z	37	PC: 12b64 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:51.004091367Z	75	PC: 12ba1 \| Execute program
2018-12-25T12:41:51.01907065Z	53	PC: 1661b \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:41:51.020617112Z	37	PC: 1664a \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:41:51.049622149Z	37	PC: 1669a \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:41:51.051163275Z	9	PC: 13ee2 \| Display string (String= 'Goat file (EXE). Size=00002968h/0000010600d bytes. ')
2018-12-25T12:41:51.056779212Z	76	PC: 13ee6 \| Terminate with return code (Return code = '36')
2018-12-25T12:41:51.060748258Z	77	PC: 12bba \| Get program return code
2018-12-25T12:41:51.062648421Z	49	PC: 12bcd \| Terminate and stay resident (Return code = '36' \| Memory size = '320')