Sample viewer

vx.netlux.org/Virus.DOS.MGUL.1807

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:10:05.433845909Z	42	PC: 13e85 \| Get date 0x13e85: cmp dl, 0x12 0x13e88: jb 0x13e9e 0x13e8a: push cs 0x13e8b: pop ds 0x13e8c: lea dx, word ptr [bx + 0x695] 0x13e90: mov ah, 0x41 0x13e92: int 0x21 0x13e94: mov dx, 0x3d4 0x13e97: mov al, 9 0x13e99: out dx, al 0x13e9a: inc dx 0x13e9b: mov al, 5 0x13e9d: out dx, al 0x13e9e: mov si, bx 0x13ea0: sub si, 0x12 0x13ea3: push si 0x13ea4: mov ax, 0xbe00 0x13ea7: int 0x21 0x13ea9: cmp ax, 0xbe 0x13eac: jne 0x13eb1
2018-12-17T23:10:05.436716694Z	190	PC: 13ea9 \| UNKNOWN!
2018-12-17T23:10:05.438267612Z	98	PC: 13eb5 \| Get current PSP
2018-12-17T23:10:05.439816709Z	82	PC: 9f69a \| Get DOS internal pointers (SYSVARS)
2018-12-17T23:10:05.442369488Z	37	PC: 9f69a \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:10:05.443896346Z	48	PC: 13f31 \| Get DOS version
2018-12-17T23:10:05.445990677Z	9	PC: 9f69a \| Display string (String= 'Goat file (COM). Size=00001400h/0000005120d bytes. ')
2018-12-17T23:10:05.450839619Z	76	PC: 9f69a \| Terminate with return code (Return code = '36')
2018-12-17T23:10:05.45406306Z	77	PC: 9f69a \| Get program return code
2018-12-17T23:10:05.455481479Z	72	PC: 9f69a \| Allocate memory
2018-12-17T23:10:05.457568436Z	72	PC: 9f69a \| Allocate memory
2018-12-17T23:10:05.460727966Z	37	PC: 9f69a \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:10:05.462015446Z	37	PC: 9f69a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:10:05.463213906Z	37	PC: 9f69a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16749,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:44.318682752Z	42	PC: 13e85 \| Get date 0x13e85: cmp dl, 0x12 0x13e88: jb 0x13e9e 0x13e8a: push cs 0x13e8b: pop ds 0x13e8c: lea dx, word ptr [bx + 0x695] 0x13e90: mov ah, 0x41 0x13e92: int 0x21 0x13e94: mov dx, 0x3d4 0x13e97: mov al, 9 0x13e99: out dx, al 0x13e9a: inc dx 0x13e9b: mov al, 5 0x13e9d: out dx, al 0x13e9e: mov si, bx 0x13ea0: sub si, 0x12 0x13ea3: push si 0x13ea4: mov ax, 0xbe00 0x13ea7: int 0x21 0x13ea9: cmp ax, 0xbe 0x13eac: jne 0x13eb1
2018-12-25T12:53:44.321623502Z	190	PC: 13ea9 \| UNKNOWN!
2018-12-25T12:53:44.324958394Z	98	PC: 13eb5 \| Get current PSP
2018-12-25T12:53:44.326276165Z	82	PC: 9f69a \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:53:44.32783938Z	37	PC: 9f69a \| Set interrupt vector (See above)
2018-12-25T12:53:44.34215693Z	48	PC: 13f31 \| Get DOS version
2018-12-25T12:53:44.344691358Z	9	PC: 9f69a \| Display string (See above)
2018-12-25T12:53:44.351348376Z	76	PC: 9f69a \| Terminate with return code (See above)
2018-12-25T12:53:44.356263565Z	77	PC: 9f69a \| Get program return code (See above)
2018-12-25T12:53:44.358147942Z	72	PC: 9f69a \| Allocate memory (See above)
2018-12-25T12:53:44.360752405Z	72	PC: 9f69a \| Allocate memory (See above)
2018-12-25T12:53:44.364542393Z	37	PC: 9f69a \| Set interrupt vector (See above)
2018-12-25T12:53:44.367184826Z	37	PC: 9f69a \| Set interrupt vector (See above)
2018-12-25T12:53:44.371110107Z	37	PC: 9f69a \| Set interrupt vector (See above)

{"DateBased":true,"Day":18,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16749,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:44.683690076Z	42	PC: 13e85 \| Get date 0x13e85: cmp dl, 0x12 0x13e88: jb 0x13e9e 0x13e8a: push cs 0x13e8b: pop ds 0x13e8c: lea dx, word ptr [bx + 0x695] 0x13e90: mov ah, 0x41 0x13e92: int 0x21 0x13e94: mov dx, 0x3d4 0x13e97: mov al, 9 0x13e99: out dx, al 0x13e9a: inc dx 0x13e9b: mov al, 5 0x13e9d: out dx, al 0x13e9e: mov si, bx 0x13ea0: sub si, 0x12 0x13ea3: push si 0x13ea4: mov ax, 0xbe00 0x13ea7: int 0x21 0x13ea9: cmp ax, 0xbe 0x13eac: jne 0x13eb1
2018-12-25T12:53:44.686825952Z	65	PC: 13e94 \| Delete file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:53:45.023093132Z	190	PC: 13ea9 \| UNKNOWN!
2018-12-25T12:53:45.024652499Z	98	PC: 13eb5 \| Get current PSP
2018-12-25T12:53:45.027456406Z	82	PC: 9f69a \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:53:45.029578346Z	37	PC: 9f69a \| Set interrupt vector (See above)
2018-12-25T12:53:45.033691698Z	48	PC: 13f31 \| Get DOS version
2018-12-25T12:53:45.035185921Z	9	PC: 9f69a \| Display string (See above)
2018-12-25T12:53:45.038774679Z	76	PC: 9f69a \| Terminate with return code (See above)
2018-12-25T12:53:45.04071122Z	77	PC: 9f69a \| Get program return code (See above)
2018-12-25T12:53:45.041544966Z	72	PC: 9f69a \| Allocate memory (See above)
2018-12-25T12:53:45.043097853Z	72	PC: 9f69a \| Allocate memory (See above)
2018-12-25T12:53:45.044755281Z	37	PC: 9f69a \| Set interrupt vector (See above)
2018-12-25T12:53:45.045677462Z	37	PC: 9f69a \| Set interrupt vector (See above)
2018-12-25T12:53:45.047322514Z	37	PC: 9f69a \| Set interrupt vector (See above)