Sample viewer

vx.netlux.org/Virus.DOS.SE.1853

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:08:04.005051079Z	171	PC: 12b9a \| UNKNOWN!
2018-12-17T23:08:04.007363051Z	53	PC: 12c15 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:04.010296555Z	53	PC: 9f609 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:04.014203466Z	37	PC: 9f620 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:04.015704999Z	47	PC: 9f625 \| Get disk transfer address
2018-12-17T23:08:04.020166669Z	26	PC: 9f63c \| Set disk transfer address
2018-12-17T23:08:04.021938102Z	78	PC: 9f647 \| Find first file
2018-12-17T23:08:04.028650293Z	67	PC: 9f64e \| Get or set file attributes
2018-12-17T23:08:04.376019703Z	61	PC: 9f658 \| Open file (Filename = 'ï¿½;ï¿½7Û…ï¿½ï¿½Zï¿½Â¸ï¿½ï¿½,aï¿½Csï¿½ï¿½iï¿½ï¿½ï¿½vm(uï¿½ï¿½0ï¿½gï¿½Hï¿½ï¿½ï¿½,ï¿½ï¿½ bï¿½yï¿½ï¿½ï¿½Y{vï¿½ï¿½T_ï¿½ï¿½ï¿½<ï¿½Eï¿½)ï¿½ï¿½<ï¿½)L[#Zï¿½ï¿½ï¿½1ï¿½5/ï¿½ï¿½Oï¿½ï¿½ï¿½6Ù¯Vï¿½~`TÐ¸ï¿½ï¿½ï¿½')
2018-12-17T23:08:04.383843452Z	63	PC: 9f66b \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:08:04.3876971Z	66	PC: 9f78d \| Move file pointer
2018-12-17T23:08:04.390299396Z	64	PC: 9f796 \| Write file or device (Write 1853 bytes on handle 5)
2018-12-17T23:08:04.401987813Z	66	PC: 9f79f \| Move file pointer
2018-12-17T23:08:04.403933169Z	64	PC: 9f7b7 \| Write file or device (Write 26 bytes on handle 5)
2018-12-17T23:08:04.413239827Z	87	PC: 9f7c4 \| Get or set file date and time
2018-12-17T23:08:04.416035905Z	62	PC: 9f7c8 \| Close file
2018-12-17T23:08:04.425171629Z	67	PC: 9f7d6 \| Get or set file attributes
2018-12-17T23:08:04.435950364Z	26	PC: 9f7e4 \| Set disk transfer address
2018-12-17T23:08:04.437912885Z	37	PC: 9f7f3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:04.439777124Z	171	PC: 12c94 \| UNKNOWN!
2018-12-17T23:08:04.441185285Z	42	PC: 12ba7 \| Get date 0x12ba7: cmp dx, 0x203 0x12bab: jne 0x12bda 0x12bad: mov ah, 0x2b 0x12baf: inc dl 0x12bb1: int 0x21 0x12bb3: push es 0x12bb4: push cs 0x12bb5: pop ax 0x12bb6: mov ds, ax 0x12bb8: mov es, ax 0x12bba: mov ah, 9 0x12bbc: lea dx, word ptr [bp + 0x49c] 0x12bc0: int 0x21 0x12bc2: mov ax, 0x1100 0x12bc5: mov bx, 0x1000 0x12bc8: mov cx, 1 0x12bcb: mov dx, 0x64 0x12bce: lea bp, word ptr [bp + 0x677] 0x12bd2: int 0x10 0x12bd4: pop es
2018-12-17T23:08:04.444288515Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T23:08:04.45002495Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16071,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:16.494046058Z	171	PC: 12b9a \| UNKNOWN!
2018-12-25T12:45:16.495984274Z	53	PC: 12c15 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:16.497555784Z	53	PC: 9f609 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:16.498937065Z	37	PC: 9f620 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:16.500742252Z	47	PC: 9f625 \| Get disk transfer address
2018-12-25T12:45:16.501892879Z	26	PC: 9f63c \| Set disk transfer address
2018-12-25T12:45:16.506690881Z	78	PC: 9f647 \| Find first file
2018-12-25T12:45:16.512669121Z	67	PC: 9f64e \| Get or set file attributes
2018-12-25T12:45:17.514355796Z	61	PC: 9f658 \| Open file (Filename = 'ï¿½;ï¿½7Û…ï¿½ï¿½Zï¿½Â¸ï¿½ï¿½,aï¿½Csï¿½ï¿½iï¿½ï¿½ï¿½vm(uï¿½ï¿½0ï¿½gï¿½Hï¿½ï¿½ï¿½,ï¿½ï¿½ bï¿½yï¿½ï¿½ï¿½Y{vï¿½ï¿½T_ï¿½ï¿½ï¿½<ï¿½Eï¿½)ï¿½ï¿½<ï¿½)L[#Zï¿½ï¿½ï¿½1ï¿½5/ï¿½ï¿½Oï¿½ï¿½ï¿½6Ù¯Vï¿½~`TÐ¸ï¿½ï¿½ï¿½')
2018-12-25T12:45:17.529334329Z	63	PC: 9f66b \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:45:17.533812759Z	66	PC: 9f78d \| Move file pointer
2018-12-25T12:45:17.535467811Z	64	PC: 9f796 \| Write file or device (Write 1853 bytes on handle 5)
2018-12-25T12:45:17.546298047Z	66	PC: 9f79f \| Move file pointer
2018-12-25T12:45:17.549530077Z	64	PC: 9f7b7 \| Write file or device (Write 26 bytes on handle 5)
2018-12-25T12:45:17.552814334Z	87	PC: 9f7c4 \| Get or set file date and time
2018-12-25T12:45:17.554833222Z	62	PC: 9f7c8 \| Close file
2018-12-25T12:45:17.56612983Z	67	PC: 9f7d6 \| Get or set file attributes
2018-12-25T12:45:17.576298416Z	26	PC: 9f7e4 \| Set disk transfer address
2018-12-25T12:45:17.577691071Z	37	PC: 9f7f3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:17.579117602Z	171	PC: 12c94 \| UNKNOWN!
2018-12-25T12:45:17.580941677Z	42	PC: 12ba7 \| Get date 0x12ba7: cmp dx, 0x203 0x12bab: jne 0x12bda 0x12bad: mov ah, 0x2b 0x12baf: inc dl 0x12bb1: int 0x21 0x12bb3: push es 0x12bb4: push cs 0x12bb5: pop ax 0x12bb6: mov ds, ax 0x12bb8: mov es, ax 0x12bba: mov ah, 9 0x12bbc: lea dx, word ptr [bp + 0x49c] 0x12bc0: int 0x21 0x12bc2: mov ax, 0x1100 0x12bc5: mov bx, 0x1000 0x12bc8: mov cx, 1 0x12bcb: mov dx, 0x64 0x12bce: lea bp, word ptr [bp + 0x677] 0x12bd2: int 0x10 0x12bd4: pop es
2018-12-25T12:45:17.583140891Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:45:17.588641185Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":3,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16071,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:16.511517637Z	171	PC: 12b9a \| UNKNOWN!
2018-12-25T12:45:16.513261633Z	53	PC: 12c15 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:16.520619188Z	53	PC: 9f609 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:16.521790065Z	37	PC: 9f620 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:16.52432365Z	47	PC: 9f625 \| Get disk transfer address
2018-12-25T12:45:16.525334993Z	26	PC: 9f63c \| Set disk transfer address
2018-12-25T12:45:16.526310154Z	78	PC: 9f647 \| Find first file
2018-12-25T12:45:16.533105677Z	67	PC: 9f64e \| Get or set file attributes
2018-12-25T12:45:17.51223573Z	61	PC: 9f658 \| Open file (Filename = 'ï¿½;ï¿½7Û…ï¿½ï¿½Zï¿½Â¸ï¿½ï¿½,aï¿½Csï¿½ï¿½iï¿½ï¿½ï¿½vm(uï¿½ï¿½0ï¿½gï¿½Hï¿½ï¿½ï¿½,ï¿½ï¿½ bï¿½yï¿½ï¿½ï¿½Y{vï¿½ï¿½T_ï¿½ï¿½ï¿½<ï¿½Eï¿½)ï¿½ï¿½<ï¿½)L[#Zï¿½ï¿½ï¿½1ï¿½5/ï¿½ï¿½Oï¿½ï¿½ï¿½6Ù¯Vï¿½~`TÐ¸ï¿½ï¿½ï¿½')
2018-12-25T12:45:17.519212138Z	63	PC: 9f66b \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:45:17.525471543Z	66	PC: 9f78d \| Move file pointer
2018-12-25T12:45:17.527219376Z	64	PC: 9f796 \| Write file or device (Write 1853 bytes on handle 5)
2018-12-25T12:45:17.537490468Z	66	PC: 9f79f \| Move file pointer
2018-12-25T12:45:17.540385658Z	64	PC: 9f7b7 \| Write file or device (Write 26 bytes on handle 5)
2018-12-25T12:45:17.544245054Z	87	PC: 9f7c4 \| Get or set file date and time
2018-12-25T12:45:17.546746008Z	62	PC: 9f7c8 \| Close file
2018-12-25T12:45:17.554632688Z	67	PC: 9f7d6 \| Get or set file attributes
2018-12-25T12:45:17.564769294Z	26	PC: 9f7e4 \| Set disk transfer address
2018-12-25T12:45:17.565997404Z	37	PC: 9f7f3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:17.567240025Z	171	PC: 12c94 \| UNKNOWN!
2018-12-25T12:45:17.56843041Z	42	PC: 12ba7 \| Get date 0x12ba7: cmp dx, 0x203 0x12bab: jne 0x12bda 0x12bad: mov ah, 0x2b 0x12baf: inc dl 0x12bb1: int 0x21 0x12bb3: push es 0x12bb4: push cs 0x12bb5: pop ax 0x12bb6: mov ds, ax 0x12bb8: mov es, ax 0x12bba: mov ah, 9 0x12bbc: lea dx, word ptr [bp + 0x49c] 0x12bc0: int 0x21 0x12bc2: mov ax, 0x1100 0x12bc5: mov bx, 0x1000 0x12bc8: mov cx, 1 0x12bcb: mov dx, 0x64 0x12bce: lea bp, word ptr [bp + 0x677] 0x12bd2: int 0x10 0x12bd4: pop es
2018-12-25T12:45:17.571106621Z	43	PC: 12bb3 \| Set date
2018-12-25T12:45:17.574556756Z	9	PC: 12bc2 \| Display string (Could not find end pointer)
2018-12-25T12:45:17.595411416Z	76	PC: 12bda \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16071,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:16.592693349Z	171	PC: 12b9a \| UNKNOWN!
2018-12-25T12:45:16.593882056Z	53	PC: 12c15 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:16.595357116Z	53	PC: 9f609 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:16.59653149Z	37	PC: 9f620 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:16.598037935Z	47	PC: 9f625 \| Get disk transfer address
2018-12-25T12:45:16.599314473Z	26	PC: 9f63c \| Set disk transfer address
2018-12-25T12:45:16.600846611Z	78	PC: 9f647 \| Find first file
2018-12-25T12:45:16.60737678Z	67	PC: 9f64e \| Get or set file attributes
2018-12-25T12:45:17.453917021Z	61	PC: 9f658 \| Open file (Filename = 'ï¿½;ï¿½7Û…ï¿½ï¿½Zï¿½Â¸ï¿½ï¿½,aï¿½Csï¿½ï¿½iï¿½ï¿½ï¿½vm(uï¿½ï¿½0ï¿½gï¿½Hï¿½ï¿½ï¿½,ï¿½ï¿½ bï¿½yï¿½ï¿½ï¿½Y{vï¿½ï¿½T_ï¿½ï¿½ï¿½<ï¿½Eï¿½)ï¿½ï¿½<ï¿½)L[#Zï¿½ï¿½ï¿½1ï¿½5/ï¿½ï¿½Oï¿½ï¿½ï¿½6Ù¯Vï¿½~`TÐ¸ï¿½ï¿½ï¿½')
2018-12-25T12:45:17.458592787Z	63	PC: 9f66b \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:45:17.461458183Z	66	PC: 9f78d \| Move file pointer
2018-12-25T12:45:17.463127122Z	64	PC: 9f796 \| Write file or device (Write 1853 bytes on handle 5)
2018-12-25T12:45:17.474168375Z	66	PC: 9f79f \| Move file pointer
2018-12-25T12:45:17.475567622Z	64	PC: 9f7b7 \| Write file or device (Write 26 bytes on handle 5)
2018-12-25T12:45:17.479435919Z	87	PC: 9f7c4 \| Get or set file date and time
2018-12-25T12:45:17.480958653Z	62	PC: 9f7c8 \| Close file
2018-12-25T12:45:17.489092258Z	67	PC: 9f7d6 \| Get or set file attributes
2018-12-25T12:45:17.499816949Z	26	PC: 9f7e4 \| Set disk transfer address
2018-12-25T12:45:17.501052971Z	37	PC: 9f7f3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:17.502075658Z	171	PC: 12c94 \| UNKNOWN!
2018-12-25T12:45:17.50317185Z	42	PC: 12ba7 \| Get date 0x12ba7: cmp dx, 0x203 0x12bab: jne 0x12bda 0x12bad: mov ah, 0x2b 0x12baf: inc dl 0x12bb1: int 0x21 0x12bb3: push es 0x12bb4: push cs 0x12bb5: pop ax 0x12bb6: mov ds, ax 0x12bb8: mov es, ax 0x12bba: mov ah, 9 0x12bbc: lea dx, word ptr [bp + 0x49c] 0x12bc0: int 0x21 0x12bc2: mov ax, 0x1100 0x12bc5: mov bx, 0x1000 0x12bc8: mov cx, 1 0x12bcb: mov dx, 0x64 0x12bce: lea bp, word ptr [bp + 0x677] 0x12bd2: int 0x10 0x12bd4: pop es
2018-12-25T12:45:17.50562024Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:45:17.511575669Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":3,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16071,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:16.741787665Z	171	PC: 12b9a \| UNKNOWN!
2018-12-25T12:45:16.743253583Z	53	PC: 12c15 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:16.744220529Z	53	PC: 9f609 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:16.745009608Z	37	PC: 9f620 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:16.745964158Z	47	PC: 9f625 \| Get disk transfer address
2018-12-25T12:45:16.747570352Z	26	PC: 9f63c \| Set disk transfer address
2018-12-25T12:45:16.748547605Z	78	PC: 9f647 \| Find first file
2018-12-25T12:45:16.752208791Z	67	PC: 9f64e \| Get or set file attributes
2018-12-25T12:45:17.513231518Z	61	PC: 9f658 \| Open file (Filename = 'ï¿½;ï¿½7Û…ï¿½ï¿½Zï¿½Â¸ï¿½ï¿½,aï¿½Csï¿½ï¿½iï¿½ï¿½ï¿½vm(uï¿½ï¿½0ï¿½gï¿½Hï¿½ï¿½ï¿½,ï¿½ï¿½ bï¿½yï¿½ï¿½ï¿½Y{vï¿½ï¿½T_ï¿½ï¿½ï¿½<ï¿½Eï¿½)ï¿½ï¿½<ï¿½)L[#Zï¿½ï¿½ï¿½1ï¿½5/ï¿½ï¿½Oï¿½ï¿½ï¿½6Ù¯Vï¿½~`TÐ¸ï¿½ï¿½ï¿½')
2018-12-25T12:45:17.520163483Z	63	PC: 9f66b \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:45:17.5230445Z	66	PC: 9f78d \| Move file pointer
2018-12-25T12:45:17.525416948Z	64	PC: 9f796 \| Write file or device (Write 1853 bytes on handle 5)
2018-12-25T12:45:17.535327077Z	66	PC: 9f79f \| Move file pointer
2018-12-25T12:45:17.537051118Z	64	PC: 9f7b7 \| Write file or device (Write 26 bytes on handle 5)
2018-12-25T12:45:17.542093745Z	87	PC: 9f7c4 \| Get or set file date and time
2018-12-25T12:45:17.543694226Z	62	PC: 9f7c8 \| Close file
2018-12-25T12:45:17.550665113Z	67	PC: 9f7d6 \| Get or set file attributes
2018-12-25T12:45:17.561288659Z	26	PC: 9f7e4 \| Set disk transfer address
2018-12-25T12:45:17.562749156Z	37	PC: 9f7f3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:17.564140091Z	171	PC: 12c94 \| UNKNOWN!
2018-12-25T12:45:17.565845218Z	42	PC: 12ba7 \| Get date 0x12ba7: cmp dx, 0x203 0x12bab: jne 0x12bda 0x12bad: mov ah, 0x2b 0x12baf: inc dl 0x12bb1: int 0x21 0x12bb3: push es 0x12bb4: push cs 0x12bb5: pop ax 0x12bb6: mov ds, ax 0x12bb8: mov es, ax 0x12bba: mov ah, 9 0x12bbc: lea dx, word ptr [bp + 0x49c] 0x12bc0: int 0x21 0x12bc2: mov ax, 0x1100 0x12bc5: mov bx, 0x1000 0x12bc8: mov cx, 1 0x12bcb: mov dx, 0x64 0x12bce: lea bp, word ptr [bp + 0x677] 0x12bd2: int 0x10 0x12bd4: pop es
2018-12-25T12:45:17.568787633Z	43	PC: 12bb3 \| Set date
2018-12-25T12:45:17.572274342Z	9	PC: 12bc2 \| Display string (Could not find end pointer)
2018-12-25T12:45:17.59103727Z	76	PC: 12bda \| Terminate with return code (Return code = '0')