Sample viewer

vx.netlux.org/Virus.DOS.Spanska.1474

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:04:15.6168115Z	71	PC: 12c76 \| Get current directory
2018-12-17T22:04:15.620398094Z	26	PC: 12c87 \| Set disk transfer address
2018-12-17T22:04:15.621403824Z	78	PC: 12c93 \| Find first file
2018-12-17T22:04:15.625864845Z	78	PC: 12d1d \| Find first file
2018-12-17T22:04:15.630229869Z	59	PC: 12e8a \| Change current directory
2018-12-17T22:04:15.634691228Z	78	PC: 12e9a \| Find first file
2018-12-17T22:04:15.643942148Z	44	PC: 12e0a \| Get time 0x12e0a: cmp cl, 0x1e 0x12e0d: jne 0x12e17 0x12e0f: cmp dh, 0x1e 0x12e12: ja 0x12e17 0x12e14: jmp 0x12fb3 0x12e17: push ax 0x12e18: push bp 0x12e19: mov bp, sp 0x12e1b: mov word ptr [bp + 2], 0x1a00 0x12e20: pop bp 0x12e21: pop ax 0x12e22: mov dx, 0x80 0x12e25: int 0x21 0x12e27: lea dx, word ptr [bp + 0x706] 0x12e2b: mov ax, 0x3b00 0x12e2e: int 0x21 0x12e30: cmp byte ptr cs:[0], 0xcd 0x12e36: je 0x12e66 0x12e38: pop ds 0x12e39: push ds
2018-12-17T22:04:15.64544903Z	26	PC: 12e27 \| Set disk transfer address
2018-12-17T22:04:15.64689458Z	59	PC: 12e30 \| Change current directory
2018-12-17T22:04:15.648579237Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-17T22:04:15.652327747Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":30,"Second":31,"TimeBased":true,"OriginalID":1593,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:56.966926179Z	71	PC: 12c76 \| Get current directory
2018-12-25T11:43:56.971482215Z	26	PC: 12c87 \| Set disk transfer address
2018-12-25T11:43:56.973324436Z	78	PC: 12c93 \| Find first file
2018-12-25T11:43:56.97857387Z	78	PC: 12d1d \| Find first file
2018-12-25T11:43:56.983826531Z	59	PC: 12e8a \| Change current directory
2018-12-25T11:43:56.989311103Z	78	PC: 12e9a \| Find first file
2018-12-25T11:43:56.999804619Z	44	PC: 12e0a \| Get time 0x12e0a: cmp cl, 0x1e 0x12e0d: jne 0x12e17 0x12e0f: cmp dh, 0x1e 0x12e12: ja 0x12e17 0x12e14: jmp 0x12fb3 0x12e17: push ax 0x12e18: push bp 0x12e19: mov bp, sp 0x12e1b: mov word ptr [bp + 2], 0x1a00 0x12e20: pop bp 0x12e21: pop ax 0x12e22: mov dx, 0x80 0x12e25: int 0x21 0x12e27: lea dx, word ptr [bp + 0x706] 0x12e2b: mov ax, 0x3b00 0x12e2e: int 0x21 0x12e30: cmp byte ptr cs:[0], 0xcd 0x12e36: je 0x12e66 0x12e38: pop ds 0x12e39: push ds
2018-12-25T11:43:57.002606875Z	26	PC: 12e27 \| Set disk transfer address
2018-12-25T11:43:57.004628699Z	59	PC: 12e30 \| Change current directory
2018-12-25T11:43:57.00687521Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T11:43:57.012981205Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1593,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:57.158055746Z	71	PC: 12c76 \| Get current directory
2018-12-25T11:43:57.161000257Z	26	PC: 12c87 \| Set disk transfer address
2018-12-25T11:43:57.163200145Z	78	PC: 12c93 \| Find first file
2018-12-25T11:43:57.167680269Z	78	PC: 12d1d \| Find first file
2018-12-25T11:43:57.172173832Z	59	PC: 12e8a \| Change current directory
2018-12-25T11:43:57.177585427Z	78	PC: 12e9a \| Find first file
2018-12-25T11:43:57.185402215Z	44	PC: 12e0a \| Get time 0x12e0a: cmp cl, 0x1e 0x12e0d: jne 0x12e17 0x12e0f: cmp dh, 0x1e 0x12e12: ja 0x12e17 0x12e14: jmp 0x12fb3 0x12e17: push ax 0x12e18: push bp 0x12e19: mov bp, sp 0x12e1b: mov word ptr [bp + 2], 0x1a00 0x12e20: pop bp 0x12e21: pop ax 0x12e22: mov dx, 0x80 0x12e25: int 0x21 0x12e27: lea dx, word ptr [bp + 0x706] 0x12e2b: mov ax, 0x3b00 0x12e2e: int 0x21 0x12e30: cmp byte ptr cs:[0], 0xcd 0x12e36: je 0x12e66 0x12e38: pop ds 0x12e39: push ds
2018-12-25T11:43:57.187045377Z	26	PC: 12e27 \| Set disk transfer address
2018-12-25T11:43:57.188461735Z	59	PC: 12e30 \| Change current directory
2018-12-25T11:43:57.190445915Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T11:43:57.196281072Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":30,"Second":0,"TimeBased":true,"OriginalID":1593,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:57.202772568Z	71	PC: 12c76 \| Get current directory
2018-12-25T11:43:57.207305684Z	26	PC: 12c87 \| Set disk transfer address
2018-12-25T11:43:57.208600272Z	78	PC: 12c93 \| Find first file
2018-12-25T11:43:57.213025866Z	78	PC: 12d1d \| Find first file
2018-12-25T11:43:57.218096362Z	59	PC: 12e8a \| Change current directory
2018-12-25T11:43:57.223885833Z	78	PC: 12e9a \| Find first file
2018-12-25T11:43:57.233581442Z	44	PC: 12e0a \| Get time 0x12e0a: cmp cl, 0x1e 0x12e0d: jne 0x12e17 0x12e0f: cmp dh, 0x1e 0x12e12: ja 0x12e17 0x12e14: jmp 0x12fb3 0x12e17: push ax 0x12e18: push bp 0x12e19: mov bp, sp 0x12e1b: mov word ptr [bp + 2], 0x1a00 0x12e20: pop bp 0x12e21: pop ax 0x12e22: mov dx, 0x80 0x12e25: int 0x21 0x12e27: lea dx, word ptr [bp + 0x706] 0x12e2b: mov ax, 0x3b00 0x12e2e: int 0x21 0x12e30: cmp byte ptr cs:[0], 0xcd 0x12e36: je 0x12e66 0x12e38: pop ds 0x12e39: push ds