Sample viewer

vx.netlux.org/Virus.DOS.Ninja.1225

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:08:35.878211591Z	144	PC: 12d31 \| UNKNOWN!
2018-12-17T23:08:35.881725769Z	42	PC: 13172 \| Get date 0x13172: cmp cx, 0x7cd 0x13176: jne 0x13189 0x13178: cmp dl, 0xd 0x1317b: jne 0x13189 0x1317d: mov ah, 0x2c 0x1317f: int 0x21 0x13181: cmp ch, 0xd 0x13184: jne 0x13189 0x13186: call 0x230c0 0x13189: pop dx 0x1318a: pop cx 0x1318b: pop ax 0x1318c: ret 0x1318d: dec bp 0x1318e: pop dx 0x1318f: call 0x13393 0x13192: add byte ptr [bx + si], al 0x13194: add byte ptr [bx + si], ah 0x13196: add byte ptr [bx + si], al 0x13198: add bh, bh
2018-12-17T23:08:35.884242821Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-17T23:08:35.888608854Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16255,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:46:16.821662151Z	144	PC: 12d31 \| UNKNOWN!
2018-12-25T12:46:16.823646438Z	42	PC: 13172 \| Get date 0x13172: cmp cx, 0x7cd 0x13176: jne 0x13189 0x13178: cmp dl, 0xd 0x1317b: jne 0x13189 0x1317d: mov ah, 0x2c 0x1317f: int 0x21 0x13181: cmp ch, 0xd 0x13184: jne 0x13189 0x13186: call 0x230c0 0x13189: pop dx 0x1318a: pop cx 0x1318b: pop ax 0x1318c: ret 0x1318d: dec bp 0x1318e: pop dx 0x1318f: call 0x13393 0x13192: add byte ptr [bx + si], al 0x13194: add byte ptr [bx + si], ah 0x13196: add byte ptr [bx + si], al 0x13198: add bh, bh
2018-12-25T12:46:16.825063018Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T12:46:16.827891149Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1997,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16255,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:46:20.540680339Z	144	PC: 12d31 \| UNKNOWN!
2018-12-25T12:46:20.542844434Z	42	PC: 13172 \| Get date 0x13172: cmp cx, 0x7cd 0x13176: jne 0x13189 0x13178: cmp dl, 0xd 0x1317b: jne 0x13189 0x1317d: mov ah, 0x2c 0x1317f: int 0x21 0x13181: cmp ch, 0xd 0x13184: jne 0x13189 0x13186: call 0x230c0 0x13189: pop dx 0x1318a: pop cx 0x1318b: pop ax 0x1318c: ret 0x1318d: dec bp 0x1318e: pop dx 0x1318f: call 0x13393 0x13192: add byte ptr [bx + si], al 0x13194: add byte ptr [bx + si], ah 0x13196: add byte ptr [bx + si], al 0x13198: add bh, bh
2018-12-25T12:46:20.544269907Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T12:46:20.547006489Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":13,"Month":1,"Year":1997,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16255,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:46:20.67860978Z	144	PC: 12d31 \| UNKNOWN!
2018-12-25T12:46:20.68084149Z	42	PC: 13172 \| Get date 0x13172: cmp cx, 0x7cd 0x13176: jne 0x13189 0x13178: cmp dl, 0xd 0x1317b: jne 0x13189 0x1317d: mov ah, 0x2c 0x1317f: int 0x21 0x13181: cmp ch, 0xd 0x13184: jne 0x13189 0x13186: call 0x230c0 0x13189: pop dx 0x1318a: pop cx 0x1318b: pop ax 0x1318c: ret 0x1318d: dec bp 0x1318e: pop dx 0x1318f: call 0x13393 0x13192: add byte ptr [bx + si], al 0x13194: add byte ptr [bx + si], ah 0x13196: add byte ptr [bx + si], al 0x13198: add bh, bh
2018-12-25T12:46:20.682131649Z	44	PC: 13181 \| Get time 0x13181: cmp ch, 0xd 0x13184: jne 0x13189 0x13186: call 0x230c0 0x13189: pop dx 0x1318a: pop cx 0x1318b: pop ax 0x1318c: ret 0x1318d: dec bp 0x1318e: pop dx 0x1318f: call 0x13393 0x13192: add byte ptr [bx + si], al 0x13194: add byte ptr [bx + si], ah 0x13196: add byte ptr [bx + si], al 0x13198: add bh, bh 0x1319a: ljmp ptr [di] 0x1319c: add byte ptr [bx + di + 5], dl 0x1319f: jb 0x131ba 0x131a1: push es 0x131a2: add byte ptr [di], ch 0x131a4: add byte ptr [bp + di + 0x4f], al
2018-12-25T12:46:20.683471813Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T12:46:20.686720487Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')