Sample viewer

vx.netlux.org/Virus.DOS.E266.1072

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:10:25.368452809Z	42	PC: 12c0f \| Get date 0x12c0f: cmp dx, 0x616 0x12c13: je 0x12c6f 0x12c15: pop ds 0x12c16: pop es 0x12c17: cmp sp, 0xde9d 0x12c1b: je 0x12c45 0x12c1d: lea si, word ptr [bp + 0x42c] 0x12c21: mov di, 0x100 0x12c24: mov ax, 0xa4a5 0x12c27: mov bx, 0x100 0x12c2a: mov cx, 0xc483 0x12c2d: mov dx, 0x610e 0x12c30: mov bp, 0xccc3 0x12c33: mov bx, 0x5001 0x12c36: push bp 0x12c37: push bx 0x12c38: mov bx, 0xb8 0x12c3b: push bx 0x12c3c: push dx 0x12c3d: push cx
2018-12-17T23:10:25.371739971Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T23:10:25.375678408Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16850,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:05.245452925Z	42	PC: 12c0f \| Get date 0x12c0f: cmp dx, 0x616 0x12c13: je 0x12c6f 0x12c15: pop ds 0x12c16: pop es 0x12c17: cmp sp, 0xde9d 0x12c1b: je 0x12c45 0x12c1d: lea si, word ptr [bp + 0x42c] 0x12c21: mov di, 0x100 0x12c24: mov ax, 0xa4a5 0x12c27: mov bx, 0x100 0x12c2a: mov cx, 0xc483 0x12c2d: mov dx, 0x610e 0x12c30: mov bp, 0xccc3 0x12c33: mov bx, 0x5001 0x12c36: push bp 0x12c37: push bx 0x12c38: mov bx, 0xb8 0x12c3b: push bx 0x12c3c: push dx 0x12c3d: push cx
2018-12-25T12:54:05.248420863Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:54:05.268077114Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":22,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16850,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:05.298779466Z	42	PC: 12c0f \| Get date 0x12c0f: cmp dx, 0x616 0x12c13: je 0x12c6f 0x12c15: pop ds 0x12c16: pop es 0x12c17: cmp sp, 0xde9d 0x12c1b: je 0x12c45 0x12c1d: lea si, word ptr [bp + 0x42c] 0x12c21: mov di, 0x100 0x12c24: mov ax, 0xa4a5 0x12c27: mov bx, 0x100 0x12c2a: mov cx, 0xc483 0x12c2d: mov dx, 0x610e 0x12c30: mov bp, 0xccc3 0x12c33: mov bx, 0x5001 0x12c36: push bp 0x12c37: push bx 0x12c38: mov bx, 0xb8 0x12c3b: push bx 0x12c3c: push dx 0x12c3d: push cx

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16850,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:05.331374459Z	42	PC: 12c0f \| Get date 0x12c0f: cmp dx, 0x616 0x12c13: je 0x12c6f 0x12c15: pop ds 0x12c16: pop es 0x12c17: cmp sp, 0xde9d 0x12c1b: je 0x12c45 0x12c1d: lea si, word ptr [bp + 0x42c] 0x12c21: mov di, 0x100 0x12c24: mov ax, 0xa4a5 0x12c27: mov bx, 0x100 0x12c2a: mov cx, 0xc483 0x12c2d: mov dx, 0x610e 0x12c30: mov bp, 0xccc3 0x12c33: mov bx, 0x5001 0x12c36: push bp 0x12c37: push bx 0x12c38: mov bx, 0xb8 0x12c3b: push bx 0x12c3c: push dx 0x12c3d: push cx
2018-12-25T12:54:05.33453712Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:54:05.340814861Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":22,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16850,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:05.375603677Z	42	PC: 12c0f \| Get date 0x12c0f: cmp dx, 0x616 0x12c13: je 0x12c6f 0x12c15: pop ds 0x12c16: pop es 0x12c17: cmp sp, 0xde9d 0x12c1b: je 0x12c45 0x12c1d: lea si, word ptr [bp + 0x42c] 0x12c21: mov di, 0x100 0x12c24: mov ax, 0xa4a5 0x12c27: mov bx, 0x100 0x12c2a: mov cx, 0xc483 0x12c2d: mov dx, 0x610e 0x12c30: mov bp, 0xccc3 0x12c33: mov bx, 0x5001 0x12c36: push bp 0x12c37: push bx 0x12c38: mov bx, 0xb8 0x12c3b: push bx 0x12c3c: push dx 0x12c3d: push cx