Sample viewer

vx.netlux.org/Virus.DOS.Mind.1758

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:05:51.24456345Z	48	PC: 12dbc \| Get DOS version
2018-12-17T23:05:51.246382285Z	98	PC: 12bfb \| Get current PSP
2018-12-17T23:05:51.248268868Z	74	PC: 12c58 \| Reallocate memory
2018-12-17T23:05:51.249684346Z	53	PC: 12c7e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:51.251771666Z	37	PC: 12c98 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:51.25421763Z	75	PC: 12b1d \| Execute program
2018-12-17T23:05:51.271539768Z	48	PC: 12cb1 \| Get DOS version
2018-12-17T23:05:51.272673053Z	42	PC: 13a3f \| Get date 0x13a3f: or al, al 0x13a41: jne 0x13a6e 0x13a45: mov ah, 0x2c 0x13a47: int 0x21 0x13a49: cmp ch, 2 0x13a4c: jne 0x13a6e 0x13a50: mov dx, si 0x13a52: mov si, 0x762 0x13a55: add si, bp 0x13a57: mov ah, 0xe 0x13a59: mov al, byte ptr cs:[si] 0x13a5c: inc si 0x13a5d: or al, al 0x13a5f: je 0x13a68 0x13a63: int 0x10 0x13a65: jmp 0x13a59 0x13a68: mov si, dx 0x13a6a: mov ah, 0 0x13a6c: int 0x16 0x13a6e: ret
2018-12-17T23:05:51.277482738Z	42	PC: 13acc \| Get date 0x13acc: cmp dx, 0x50f 0x13ad0: jne 0x13ae5 0x13ad4: mov al, 0x80 0x13ad6: mov dx, 0x70 0x13ad9: dec al 0x13adb: out dx, al 0x13adc: inc dx 0x13add: out dx, al 0x13ade: dec dx 0x13adf: or al, al 0x13ae1: jne 0x13ad9 0x13ae5: ret 0x13ae6: add cx, bp 0x13ae8: add byte ptr [bx + si], al 0x13aea: call 0x1af4e 0x13aed: arpl word ptr [bx + si + 0x20], bp 0x13af0: jo 0x13b64 0x13af2: outsw dx, word ptr [si] 0x13af3: jb 0x13b57 0x13af6: insw word ptr es:[di], dx
2018-12-17T23:05:51.28002932Z	9	PC: 13302 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T23:05:51.284604759Z	76	PC: 13306 \| Terminate with return code (Return code = '36')
2018-12-17T23:05:51.28862903Z	49	PC: 12c68 \| Terminate and stay resident (Return code = '0' \| Memory size = '130')

{"DateBased":true,"Day":15,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15337,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:13.722468942Z	48	PC: 12dbc \| Get DOS version
2018-12-25T12:43:13.723891447Z	98	PC: 12bfb \| Get current PSP
2018-12-25T12:43:13.725100891Z	74	PC: 12c58 \| Reallocate memory
2018-12-25T12:43:13.729392124Z	53	PC: 12c7e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:13.730615905Z	37	PC: 12c98 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:13.732709836Z	75	PC: 12b1d \| Execute program
2018-12-25T12:43:13.751243936Z	48	PC: 12cb1 \| Get DOS version
2018-12-25T12:43:13.754216398Z	42	PC: 13a3f \| Get date 0x13a3f: or al, al 0x13a41: jne 0x13a6e 0x13a45: mov ah, 0x2c 0x13a47: int 0x21 0x13a49: cmp ch, 2 0x13a4c: jne 0x13a6e 0x13a50: mov dx, si 0x13a52: mov si, 0x762 0x13a55: add si, bp 0x13a57: mov ah, 0xe 0x13a59: mov al, byte ptr cs:[si] 0x13a5c: inc si 0x13a5d: or al, al 0x13a5f: je 0x13a68 0x13a63: int 0x10 0x13a65: jmp 0x13a59 0x13a68: mov si, dx 0x13a6a: mov ah, 0 0x13a6c: int 0x16 0x13a6e: ret
2018-12-25T12:43:13.757052251Z	42	PC: 13acc \| Get date 0x13acc: cmp dx, 0x50f 0x13ad0: jne 0x13ae5 0x13ad4: mov al, 0x80 0x13ad6: mov dx, 0x70 0x13ad9: dec al 0x13adb: out dx, al 0x13adc: inc dx 0x13add: out dx, al 0x13ade: dec dx 0x13adf: or al, al 0x13ae1: jne 0x13ad9 0x13ae5: ret 0x13ae6: add cx, bp 0x13ae8: add byte ptr [bx + si], al 0x13aea: call 0x1af4e 0x13aed: arpl word ptr [bx + si + 0x20], bp 0x13af0: jo 0x13b64 0x13af2: outsw dx, word ptr [si] 0x13af3: jb 0x13b57 0x13af6: insw word ptr es:[di], dx
2018-12-25T12:43:13.761633326Z	9	PC: 13302 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:43:13.765195536Z	76	PC: 13306 \| Terminate with return code (Return code = '36')
2018-12-25T12:43:13.768708097Z	49	PC: 12c68 \| Terminate and stay resident (Return code = '0' \| Memory size = '130')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15337,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:13.775347816Z	48	PC: 12dbc \| Get DOS version
2018-12-25T12:43:13.778133423Z	98	PC: 12bfb \| Get current PSP
2018-12-25T12:43:13.77946221Z	74	PC: 12c58 \| Reallocate memory
2018-12-25T12:43:13.780821823Z	53	PC: 12c7e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:13.782368178Z	37	PC: 12c98 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:13.784051145Z	75	PC: 12b1d \| Execute program
2018-12-25T12:43:13.798450462Z	48	PC: 12cb1 \| Get DOS version
2018-12-25T12:43:13.799808055Z	42	PC: 13a3f \| Get date 0x13a3f: or al, al 0x13a41: jne 0x13a6e 0x13a45: mov ah, 0x2c 0x13a47: int 0x21 0x13a49: cmp ch, 2 0x13a4c: jne 0x13a6e 0x13a50: mov dx, si 0x13a52: mov si, 0x762 0x13a55: add si, bp 0x13a57: mov ah, 0xe 0x13a59: mov al, byte ptr cs:[si] 0x13a5c: inc si 0x13a5d: or al, al 0x13a5f: je 0x13a68 0x13a63: int 0x10 0x13a65: jmp 0x13a59 0x13a68: mov si, dx 0x13a6a: mov ah, 0 0x13a6c: int 0x16 0x13a6e: ret
2018-12-25T12:43:13.802963227Z	42	PC: 13acc \| Get date 0x13acc: cmp dx, 0x50f 0x13ad0: jne 0x13ae5 0x13ad4: mov al, 0x80 0x13ad6: mov dx, 0x70 0x13ad9: dec al 0x13adb: out dx, al 0x13adc: inc dx 0x13add: out dx, al 0x13ade: dec dx 0x13adf: or al, al 0x13ae1: jne 0x13ad9 0x13ae5: ret 0x13ae6: add cx, bp 0x13ae8: add byte ptr [bx + si], al 0x13aea: call 0x1af4e 0x13aed: arpl word ptr [bx + si + 0x20], bp 0x13af0: jo 0x13b64 0x13af2: outsw dx, word ptr [si] 0x13af3: jb 0x13b57 0x13af6: insw word ptr es:[di], dx
2018-12-25T12:43:13.805199651Z	9	PC: 13302 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:43:13.810579334Z	76	PC: 13306 \| Terminate with return code (Return code = '36')
2018-12-25T12:43:13.813791864Z	49	PC: 12c68 \| Terminate and stay resident (Return code = '0' \| Memory size = '130')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15337,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:13.771330255Z	48	PC: 12dbc \| Get DOS version
2018-12-25T12:43:13.772988403Z	98	PC: 12bfb \| Get current PSP
2018-12-25T12:43:13.774092136Z	74	PC: 12c58 \| Reallocate memory
2018-12-25T12:43:13.775532657Z	53	PC: 12c7e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:13.77763175Z	37	PC: 12c98 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:13.778598255Z	75	PC: 12b1d \| Execute program
2018-12-25T12:43:13.787854006Z	48	PC: 12cb1 \| Get DOS version
2018-12-25T12:43:13.788866094Z	42	PC: 13a3f \| Get date 0x13a3f: or al, al 0x13a41: jne 0x13a6e 0x13a45: mov ah, 0x2c 0x13a47: int 0x21 0x13a49: cmp ch, 2 0x13a4c: jne 0x13a6e 0x13a50: mov dx, si 0x13a52: mov si, 0x762 0x13a55: add si, bp 0x13a57: mov ah, 0xe 0x13a59: mov al, byte ptr cs:[si] 0x13a5c: inc si 0x13a5d: or al, al 0x13a5f: je 0x13a68 0x13a63: int 0x10 0x13a65: jmp 0x13a59 0x13a68: mov si, dx 0x13a6a: mov ah, 0 0x13a6c: int 0x16 0x13a6e: ret
2018-12-25T12:43:13.790947394Z	42	PC: 13acc \| Get date 0x13acc: cmp dx, 0x50f 0x13ad0: jne 0x13ae5 0x13ad4: mov al, 0x80 0x13ad6: mov dx, 0x70 0x13ad9: dec al 0x13adb: out dx, al 0x13adc: inc dx 0x13add: out dx, al 0x13ade: dec dx 0x13adf: or al, al 0x13ae1: jne 0x13ad9 0x13ae5: ret 0x13ae6: add cx, bp 0x13ae8: add byte ptr [bx + si], al 0x13aea: call 0x1af4e 0x13aed: arpl word ptr [bx + si + 0x20], bp 0x13af0: jo 0x13b64 0x13af2: outsw dx, word ptr [si] 0x13af3: jb 0x13b57 0x13af6: insw word ptr es:[di], dx
2018-12-25T12:43:13.794333811Z	9	PC: 13302 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:43:13.797511432Z	76	PC: 13306 \| Terminate with return code (Return code = '36')
2018-12-25T12:43:13.800162043Z	49	PC: 12c68 \| Terminate and stay resident (Return code = '0' \| Memory size = '130')

{"DateBased":true,"Day":15,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15337,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:13.781640387Z	48	PC: 12dbc \| Get DOS version
2018-12-25T12:43:13.783757406Z	98	PC: 12bfb \| Get current PSP
2018-12-25T12:43:13.784823452Z	74	PC: 12c58 \| Reallocate memory
2018-12-25T12:43:13.78591916Z	53	PC: 12c7e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:13.787421932Z	37	PC: 12c98 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:13.788695137Z	75	PC: 12b1d \| Execute program
2018-12-25T12:43:13.797818719Z	48	PC: 12cb1 \| Get DOS version
2018-12-25T12:43:13.799236803Z	42	PC: 13a3f \| Get date 0x13a3f: or al, al 0x13a41: jne 0x13a6e 0x13a45: mov ah, 0x2c 0x13a47: int 0x21 0x13a49: cmp ch, 2 0x13a4c: jne 0x13a6e 0x13a50: mov dx, si 0x13a52: mov si, 0x762 0x13a55: add si, bp 0x13a57: mov ah, 0xe 0x13a59: mov al, byte ptr cs:[si] 0x13a5c: inc si 0x13a5d: or al, al 0x13a5f: je 0x13a68 0x13a63: int 0x10 0x13a65: jmp 0x13a59 0x13a68: mov si, dx 0x13a6a: mov ah, 0 0x13a6c: int 0x16 0x13a6e: ret
2018-12-25T12:43:13.801141074Z	42	PC: 13acc \| Get date 0x13acc: cmp dx, 0x50f 0x13ad0: jne 0x13ae5 0x13ad4: mov al, 0x80 0x13ad6: mov dx, 0x70 0x13ad9: dec al 0x13adb: out dx, al 0x13adc: inc dx 0x13add: out dx, al 0x13ade: dec dx 0x13adf: or al, al 0x13ae1: jne 0x13ad9 0x13ae5: ret 0x13ae6: add cx, bp 0x13ae8: add byte ptr [bx + si], al 0x13aea: call 0x1af4e 0x13aed: arpl word ptr [bx + si + 0x20], bp 0x13af0: jo 0x13b64 0x13af2: outsw dx, word ptr [si] 0x13af3: jb 0x13b57 0x13af6: insw word ptr es:[di], dx
2018-12-25T12:43:13.803259923Z	9	PC: 13302 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:43:13.806930132Z	76	PC: 13306 \| Terminate with return code (Return code = '36')
2018-12-25T12:43:13.810909357Z	49	PC: 12c68 \| Terminate and stay resident (Return code = '0' \| Memory size = '130')