Sample viewer

vx.netlux.org/Virus.DOS.Awake.1099

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:09:19.021568756Z	42	PC: 12e3a \| Get date 0x12e3a: cmp dh, 0xc 0x12e3d: jne 0x12e51 0x12e3f: cmp dl, 8 0x12e42: jne 0x12e51 0x12e44: mov ah, 9 0x12e46: mov dx, 0x182 0x12e49: add dx, bx 0x12e4b: int 0x21 0x12e4d: xor ax, ax 0x12e4f: int 0x16 0x12e51: mov ax, 0xf4c0 0x12e54: int 0x21 0x12e56: cmp ax, 0xbaba 0x12e59: jne 0x12e5e 0x12e5b: jmp 0x12ea8 0x12e5d: nop 0x12e5e: mov ax, ds 0x12e60: dec ax 0x12e61: mov ds, ax 0x12e63: cmp byte ptr [0], 0x5a
2018-12-17T23:09:19.024953281Z	244	PC: 12e56 \| UNKNOWN!
2018-12-17T23:09:19.02629801Z	53	PC: 12e74 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:09:19.027854715Z	37	PC: 12ea8 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:09:19.029391178Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T23:09:19.035455903Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16483,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:04.459707478Z	42	PC: 12e3a \| Get date 0x12e3a: cmp dh, 0xc 0x12e3d: jne 0x12e51 0x12e3f: cmp dl, 8 0x12e42: jne 0x12e51 0x12e44: mov ah, 9 0x12e46: mov dx, 0x182 0x12e49: add dx, bx 0x12e4b: int 0x21 0x12e4d: xor ax, ax 0x12e4f: int 0x16 0x12e51: mov ax, 0xf4c0 0x12e54: int 0x21 0x12e56: cmp ax, 0xbaba 0x12e59: jne 0x12e5e 0x12e5b: jmp 0x12ea8 0x12e5d: nop 0x12e5e: mov ax, ds 0x12e60: dec ax 0x12e61: mov ds, ax 0x12e63: cmp byte ptr [0], 0x5a
2018-12-25T12:53:04.462460715Z	244	PC: 12e56 \| UNKNOWN!
2018-12-25T12:53:04.465388068Z	53	PC: 12e74 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:04.467237489Z	37	PC: 12ea8 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:04.469112233Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:53:04.477611623Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16483,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:04.63415329Z	42	PC: 12e3a \| Get date 0x12e3a: cmp dh, 0xc 0x12e3d: jne 0x12e51 0x12e3f: cmp dl, 8 0x12e42: jne 0x12e51 0x12e44: mov ah, 9 0x12e46: mov dx, 0x182 0x12e49: add dx, bx 0x12e4b: int 0x21 0x12e4d: xor ax, ax 0x12e4f: int 0x16 0x12e51: mov ax, 0xf4c0 0x12e54: int 0x21 0x12e56: cmp ax, 0xbaba 0x12e59: jne 0x12e5e 0x12e5b: jmp 0x12ea8 0x12e5d: nop 0x12e5e: mov ax, ds 0x12e60: dec ax 0x12e61: mov ds, ax 0x12e63: cmp byte ptr [0], 0x5a
2018-12-25T12:53:04.635901341Z	244	PC: 12e56 \| UNKNOWN!
2018-12-25T12:53:04.636448045Z	53	PC: 12e74 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:04.637218912Z	37	PC: 12ea8 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:04.638328231Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:53:04.64136224Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":8,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16483,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:04.654700764Z	42	PC: 12e3a \| Get date 0x12e3a: cmp dh, 0xc 0x12e3d: jne 0x12e51 0x12e3f: cmp dl, 8 0x12e42: jne 0x12e51 0x12e44: mov ah, 9 0x12e46: mov dx, 0x182 0x12e49: add dx, bx 0x12e4b: int 0x21 0x12e4d: xor ax, ax 0x12e4f: int 0x16 0x12e51: mov ax, 0xf4c0 0x12e54: int 0x21 0x12e56: cmp ax, 0xbaba 0x12e59: jne 0x12e5e 0x12e5b: jmp 0x12ea8 0x12e5d: nop 0x12e5e: mov ax, ds 0x12e60: dec ax 0x12e61: mov ds, ax 0x12e63: cmp byte ptr [0], 0x5a
2018-12-25T12:53:04.656347178Z	9	PC: 12e4d \| Display string (Could not find end pointer)