Sample viewer

vx.netlux.org/Virus.DOS.Revelations.1150

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:12:16.065450069Z 42 PC: 12c67 | Get date 0x12c67: cmp dl, 1
0x12c6a: jne 0x12c75
0x12c6c: mov ah, 9
0x12c6e: mov dx, 0x28a
0x12c71: int 0x21
0x12c73: jmp 0x12c73
0x12c75: push cs
0x12c76: pop es
0x12c77: mov ah, 0x1a
0x12c79: mov dx, 0x5b7
0x12c7c: int 0x21
0x12c7e: mov ah, 0x4e
0x12c80: mov cx, 3
0x12c83: mov dx, 0x531
0x12c86: int 0x21
0x12c88: jae 0x12c97
0x12c8a: jmp 0x12d6b
0x12c8d: call 0x12d92
0x12c90: mov ah, 0x4f
0x12c92: call 0x1308a
2018-12-17T23:12:16.068658155Z 26 PC: 12c7e | Set disk transfer address
2018-12-17T23:12:16.070291187Z 78 PC: 12c88 | Find first file
2018-12-17T23:12:16.076453717Z 67 PC: 13090 | Get or set file attributes
2018-12-17T23:12:16.387641816Z 61 PC: 12cac | Open file (Filename = 'TEST.EXE')
2018-12-17T23:12:16.402029667Z 63 PC: 13090 | Read file or device (Read 24 bytes on handle 5)
2018-12-17T23:12:16.404846765Z 66 PC: 13090 | Move file pointer
2018-12-17T23:12:16.40737775Z 63 PC: 13090 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:12:16.410992351Z 62 PC: 13090 | Close file
2018-12-17T23:12:16.41320551Z 67 PC: 13090 | Get or set file attributes
2018-12-17T23:12:16.423820848Z 67 PC: 13090 | Get or set file attributes
2018-12-17T23:12:16.435207941Z 79 PC: 13090 | Find next file
2018-12-17T23:12:16.438111858Z 9 PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-17T23:12:16.442521478Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17464,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:50.350633171Z 42 PC: 12c67 | Get date 0x12c67: cmp dl, 1
0x12c6a: jne 0x12c75
0x12c6c: mov ah, 9
0x12c6e: mov dx, 0x28a
0x12c71: int 0x21
0x12c73: jmp 0x12c73
0x12c75: push cs
0x12c76: pop es
0x12c77: mov ah, 0x1a
0x12c79: mov dx, 0x5b7
0x12c7c: int 0x21
0x12c7e: mov ah, 0x4e
0x12c80: mov cx, 3
0x12c83: mov dx, 0x531
0x12c86: int 0x21
0x12c88: jae 0x12c97
0x12c8a: jmp 0x12d6b
0x12c8d: call 0x12d92
0x12c90: mov ah, 0x4f
0x12c92: call 0x1308a
2018-12-25T12:55:50.352148411Z 9 PC: 12c73 | Display string (Could not find end pointer)

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17464,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:50.413020198Z 42 PC: 12c67 | Get date 0x12c67: cmp dl, 1
0x12c6a: jne 0x12c75
0x12c6c: mov ah, 9
0x12c6e: mov dx, 0x28a
0x12c71: int 0x21
0x12c73: jmp 0x12c73
0x12c75: push cs
0x12c76: pop es
0x12c77: mov ah, 0x1a
0x12c79: mov dx, 0x5b7
0x12c7c: int 0x21
0x12c7e: mov ah, 0x4e
0x12c80: mov cx, 3
0x12c83: mov dx, 0x531
0x12c86: int 0x21
0x12c88: jae 0x12c97
0x12c8a: jmp 0x12d6b
0x12c8d: call 0x12d92
0x12c90: mov ah, 0x4f
0x12c92: call 0x1308a
2018-12-25T12:55:50.421350802Z 26 PC: 12c7e | Set disk transfer address
2018-12-25T12:55:50.422268411Z 78 PC: 12c88 | Find first file
2018-12-25T12:55:50.428079188Z 67 PC: 13090 | Get or set file attributes
2018-12-25T12:55:50.453827699Z 61 PC: 12cac | Open file (Filename = 'TEST.EXE')
2018-12-25T12:55:50.460274478Z 63 PC: 13090 | Read file or device (See above)
2018-12-25T12:55:50.462612555Z 66 PC: 13090 | Move file pointer (See above)
2018-12-25T12:55:50.464319878Z 63 PC: 13090 | Read file or device (See above)
2018-12-25T12:55:50.467078882Z 62 PC: 13090 | Close file (See above)
2018-12-25T12:55:50.469034364Z 67 PC: 13090 | Get or set file attributes (See above)
2018-12-25T12:55:50.479087782Z 67 PC: 13090 | Get or set file attributes (See above)
2018-12-25T12:55:50.491309586Z 79 PC: 13090 | Find next file (See above)
2018-12-25T12:55:50.493550457Z 9 PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T12:55:50.503454678Z 76 PC: 12a86 | Terminate with return code (Return code = '36')