Sample viewer

vx.netlux.org/Virus.DOS.Morphine.1951

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:11:21.330596385Z	44	PC: 13302 \| Get time 0x13302: mov al, byte ptr [bp + 0x16c] 0x13306: or al, al 0x13308: jne 0x1330d 0x1330a: jmp 0x133bf 0x1330d: push es 0x1330e: pushf 0x1330f: pop ax 0x13310: and ax, 0xfeff 0x13313: push ax 0x13314: popf 0x13315: xor ax, ax 0x13317: mov es, ax 0x13319: not word ptr es:[6] 0x1331e: mov ax, word ptr es:[0x80] 0x13322: mov word ptr cs:[bp + 0x1c9], ax 0x13327: mov ax, word ptr es:[0x82] 0x1332b: mov word ptr cs:[bp + 0x1cb], ax 0x13330: push cs 0x13331: pop ds 0x13332: lea ax, word ptr [bp + 0x1a4]
2018-12-17T23:11:21.33566094Z	254	PC: 133c4 \| UNKNOWN!
2018-12-17T23:11:21.337020417Z	74	PC: 133e8 \| Reallocate memory
2018-12-17T23:11:21.339021862Z	72	PC: 133ee \| Allocate memory
2018-12-17T23:11:21.340853166Z	42	PC: 1343b \| Get date 0x1343b: cmp dx, 0x80a 0x1343f: jne 0x1344d 0x13441: lea dx, word ptr [bp + 0x588] 0x13445: mov ah, 9 0x13447: int 0x21 0x13449: mov ah, 0x4c 0x1344b: int 0x21 0x1344d: pop cx 0x1344e: mov ax, cs 0x13450: cmp cx, ax 0x13452: jne 0x13463 0x13454: push cs 0x13455: push cs 0x13456: pop ds 0x13457: pop es 0x13458: lea si, word ptr [bp + 0x29d] 0x1345c: mov di, 0x100 0x1345f: push di 0x13460: movsw word ptr es:[di], word ptr [si] 0x13461: movsb byte ptr es:[di], byte ptr [si]
2018-12-17T23:11:21.344676787Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-17T23:11:21.35038311Z	48	PC: 12a8f \| Get DOS version
2018-12-17T23:11:21.352006774Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-17T23:11:21.360267801Z	93	PC: 12afe \| File sharing functions
2018-12-17T23:11:21.362518694Z	9	PC: 12a86 \| Display string (String= 'Size change=081Dh/02077d. ')
2018-12-17T23:11:21.367350752Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17162,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:05.154178245Z	44	PC: 13302 \| Get time 0x13302: mov al, byte ptr [bp + 0x16c] 0x13306: or al, al 0x13308: jne 0x1330d 0x1330a: jmp 0x133bf 0x1330d: push es 0x1330e: pushf 0x1330f: pop ax 0x13310: and ax, 0xfeff 0x13313: push ax 0x13314: popf 0x13315: xor ax, ax 0x13317: mov es, ax 0x13319: not word ptr es:[6] 0x1331e: mov ax, word ptr es:[0x80] 0x13322: mov word ptr cs:[bp + 0x1c9], ax 0x13327: mov ax, word ptr es:[0x82] 0x1332b: mov word ptr cs:[bp + 0x1cb], ax 0x13330: push cs 0x13331: pop ds 0x13332: lea ax, word ptr [bp + 0x1a4]
2018-12-25T12:55:05.157379962Z	254	PC: 133c4 \| UNKNOWN!
2018-12-25T12:55:05.158304034Z	74	PC: 133e8 \| Reallocate memory
2018-12-25T12:55:05.15971095Z	72	PC: 133ee \| Allocate memory
2018-12-25T12:55:05.161758435Z	42	PC: 1343b \| Get date 0x1343b: cmp dx, 0x80a 0x1343f: jne 0x1344d 0x13441: lea dx, word ptr [bp + 0x588] 0x13445: mov ah, 9 0x13447: int 0x21 0x13449: mov ah, 0x4c 0x1344b: int 0x21 0x1344d: pop cx 0x1344e: mov ax, cs 0x13450: cmp cx, ax 0x13452: jne 0x13463 0x13454: push cs 0x13455: push cs 0x13456: pop ds 0x13457: pop es 0x13458: lea si, word ptr [bp + 0x29d] 0x1345c: mov di, 0x100 0x1345f: push di 0x13460: movsw word ptr es:[di], word ptr [si] 0x13461: movsb byte ptr es:[di], byte ptr [si]
2018-12-25T12:55:05.164546676Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:55:05.170587338Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:55:05.171767883Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:55:05.179751652Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:55:05.181710724Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:55:05.186229743Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":10,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17162,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:05.202188603Z	44	PC: 13302 \| Get time 0x13302: mov al, byte ptr [bp + 0x16c] 0x13306: or al, al 0x13308: jne 0x1330d 0x1330a: jmp 0x133bf 0x1330d: push es 0x1330e: pushf 0x1330f: pop ax 0x13310: and ax, 0xfeff 0x13313: push ax 0x13314: popf 0x13315: xor ax, ax 0x13317: mov es, ax 0x13319: not word ptr es:[6] 0x1331e: mov ax, word ptr es:[0x80] 0x13322: mov word ptr cs:[bp + 0x1c9], ax 0x13327: mov ax, word ptr es:[0x82] 0x1332b: mov word ptr cs:[bp + 0x1cb], ax 0x13330: push cs 0x13331: pop ds 0x13332: lea ax, word ptr [bp + 0x1a4]
2018-12-25T12:55:05.207431047Z	254	PC: 133c4 \| UNKNOWN!
2018-12-25T12:55:05.208780271Z	74	PC: 133e8 \| Reallocate memory
2018-12-25T12:55:05.210356192Z	72	PC: 133ee \| Allocate memory
2018-12-25T12:55:05.212257925Z	42	PC: 1343b \| Get date 0x1343b: cmp dx, 0x80a 0x1343f: jne 0x1344d 0x13441: lea dx, word ptr [bp + 0x588] 0x13445: mov ah, 9 0x13447: int 0x21 0x13449: mov ah, 0x4c 0x1344b: int 0x21 0x1344d: pop cx 0x1344e: mov ax, cs 0x13450: cmp cx, ax 0x13452: jne 0x13463 0x13454: push cs 0x13455: push cs 0x13456: pop ds 0x13457: pop es 0x13458: lea si, word ptr [bp + 0x29d] 0x1345c: mov di, 0x100 0x1345f: push di 0x13460: movsw word ptr es:[di], word ptr [si] 0x13461: movsb byte ptr es:[di], byte ptr [si]
2018-12-25T12:55:05.217055934Z	9	PC: 13449 \| Display string (String= 'Morphine-A virus0.3�.1pby Ren Ho�kBs.As.Argentina')
2018-12-25T12:55:05.224140508Z	76	PC: 1344d \| Terminate with return code (Return code = '36')