Sample viewer

vx.netlux.org/Virus.DOS.Nado.Rabin.807

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:05:22.034846705Z 136 PC: 12b9e | UNKNOWN!
2018-12-17T23:05:22.036749177Z 74 PC: 12bab | Reallocate memory
2018-12-17T23:05:22.038534476Z 74 PC: 12bb3 | Reallocate memory
2018-12-17T23:05:22.040145452Z 72 PC: 12bba | Allocate memory
2018-12-17T23:05:22.042821994Z 44 PC: 12bdf | Get time 0x12bdf: cmp cl, 0xa
0x12be2: jbe 0x12c0a
0x12be4: cmp cl, 0x37
0x12be7: jge 0x12be9
0x12be9: xor ax, ax
0x12beb: mov ds, ax
0x12bed: push ds
0x12bee: lds ax, ptr [0x98]
0x12bf2: mov word ptr es:[0x2fb], ax
0x12bf6: mov word ptr es:[0x2fd], ds
0x12bfb: pop ds
0x12bfc: mov word ptr [0x98], 0x29a
0x12c02: mov bx, es
0x12c04: mov word ptr [0x9a], bx
0x12c08: jmp 0x12c29
0x12c0a: xor ax, ax
0x12c0c: mov ds, ax
0x12c0e: push ds
0x12c0f: lds ax, ptr [0x24]
0x12c13: mov word ptr es:[0x2f3], ax
2018-12-17T23:05:22.045182918Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T23:05:22.048869341Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15171,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:46.586702821Z 136 PC: 12b9e | UNKNOWN!
2018-12-25T12:42:46.588126441Z 74 PC: 12bab | Reallocate memory
2018-12-25T12:42:46.591217789Z 74 PC: 12bb3 | Reallocate memory
2018-12-25T12:42:46.593116773Z 72 PC: 12bba | Allocate memory
2018-12-25T12:42:46.595268504Z 44 PC: 12bdf | Get time 0x12bdf: cmp cl, 0xa
0x12be2: jbe 0x12c0a
0x12be4: cmp cl, 0x37
0x12be7: jge 0x12be9
0x12be9: xor ax, ax
0x12beb: mov ds, ax
0x12bed: push ds
0x12bee: lds ax, ptr [0x98]
0x12bf2: mov word ptr es:[0x2fb], ax
0x12bf6: mov word ptr es:[0x2fd], ds
0x12bfb: pop ds
0x12bfc: mov word ptr [0x98], 0x29a
0x12c02: mov bx, es
0x12c04: mov word ptr [0x9a], bx
0x12c08: jmp 0x12c29
0x12c0a: xor ax, ax
0x12c0c: mov ds, ax
0x12c0e: push ds
0x12c0f: lds ax, ptr [0x24]
0x12c13: mov word ptr es:[0x2f3], ax
2018-12-25T12:42:46.598483032Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:42:46.604802313Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":10,"Second":0,"TimeBased":true,"OriginalID":15171,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:46.823794841Z 136 PC: 12b9e | UNKNOWN!
2018-12-25T12:42:46.825185692Z 74 PC: 12bab | Reallocate memory
2018-12-25T12:42:46.826633594Z 74 PC: 12bb3 | Reallocate memory
2018-12-25T12:42:46.827818492Z 72 PC: 12bba | Allocate memory
2018-12-25T12:42:46.829813312Z 44 PC: 12bdf | Get time 0x12bdf: cmp cl, 0xa
0x12be2: jbe 0x12c0a
0x12be4: cmp cl, 0x37
0x12be7: jge 0x12be9
0x12be9: xor ax, ax
0x12beb: mov ds, ax
0x12bed: push ds
0x12bee: lds ax, ptr [0x98]
0x12bf2: mov word ptr es:[0x2fb], ax
0x12bf6: mov word ptr es:[0x2fd], ds
0x12bfb: pop ds
0x12bfc: mov word ptr [0x98], 0x29a
0x12c02: mov bx, es
0x12c04: mov word ptr [0x9a], bx
0x12c08: jmp 0x12c29
0x12c0a: xor ax, ax
0x12c0c: mov ds, ax
0x12c0e: push ds
0x12c0f: lds ax, ptr [0x24]
0x12c13: mov word ptr es:[0x2f3], ax
2018-12-25T12:42:46.83205249Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:42:46.837285504Z 76 PC: 12a86 | Terminate with return code (Return code = '36')