Sample viewer

vx.netlux.org/Virus.DOS.BW.Roet.753

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:12:57.224922033Z	177	PC: 12ed1 \| UNKNOWN!
2018-12-17T23:12:57.230167186Z	42	PC: 12f6d \| Get date 0x12f6d: cmp dh, 0xc 0x12f70: je 0x12f75 0x12f72: jmp 0x12f84 0x12f74: nop 0x12f75: cmp dl, 0x1c 0x12f78: jb 0x12f84 0x12f7a: mov cx, 0xff 0x12f7d: int 0x10 0x12f7f: mov ax, 0xe07 0x12f82: loop 0x12f7d 0x12f84: pop es 0x12f85: pop ds 0x12f86: jmp 0x12ef6 0x12f89: nop 0x12f8a: lea si, word ptr [bp + 3] 0x12f8e: mov di, 0x100 0x12f91: jmp 0x12eff 0x12f94: movsb byte ptr es:[di], byte ptr [si] 0x12f95: call 0x12fd0 0x12f98: ret
2018-12-17T23:12:57.233219705Z	42	PC: 12c7c \| Get date 0x12c7c: cmp dh, 0xc 0x12c7f: je 0x12c84 0x12c81: jmp 0x12c93 0x12c83: nop 0x12c84: cmp dl, 0x1c 0x12c87: jb 0x12c93 0x12c89: mov cx, 0xff 0x12c8c: int 0x10 0x12c8e: mov ax, 0xe07 0x12c91: loop 0x12c8c 0x12c93: pop es 0x12c94: pop ds 0x12c95: jmp 0x12c05 0x12c98: nop 0x12c99: lea si, word ptr [bp + 3] 0x12c9d: mov di, 0x100 0x12ca0: jmp 0x12c0e 0x12ca3: movsb byte ptr es:[di], byte ptr [si] 0x12ca4: call 0x12cdf 0x12ca7: ret
2018-12-17T23:12:57.236222812Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T23:12:57.241383645Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17685,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:56:20.418427593Z	177	PC: 12ed1 \| UNKNOWN!
2018-12-25T12:56:20.428350589Z	42	PC: 12f6d \| Get date 0x12f6d: cmp dh, 0xc 0x12f70: je 0x12f75 0x12f72: jmp 0x12f84 0x12f74: nop 0x12f75: cmp dl, 0x1c 0x12f78: jb 0x12f84 0x12f7a: mov cx, 0xff 0x12f7d: int 0x10 0x12f7f: mov ax, 0xe07 0x12f82: loop 0x12f7d 0x12f84: pop es 0x12f85: pop ds 0x12f86: jmp 0x12ef6 0x12f89: nop 0x12f8a: lea si, word ptr [bp + 3] 0x12f8e: mov di, 0x100 0x12f91: jmp 0x12eff 0x12f94: movsb byte ptr es:[di], byte ptr [si] 0x12f95: call 0x12fd0 0x12f98: ret
2018-12-25T12:56:20.43057709Z	42	PC: 12c7c \| Get date 0x12c7c: cmp dh, 0xc 0x12c7f: je 0x12c84 0x12c81: jmp 0x12c93 0x12c83: nop 0x12c84: cmp dl, 0x1c 0x12c87: jb 0x12c93 0x12c89: mov cx, 0xff 0x12c8c: int 0x10 0x12c8e: mov ax, 0xe07 0x12c91: loop 0x12c8c 0x12c93: pop es 0x12c94: pop ds 0x12c95: jmp 0x12c05 0x12c98: nop 0x12c99: lea si, word ptr [bp + 3] 0x12c9d: mov di, 0x100 0x12ca0: jmp 0x12c0e 0x12ca3: movsb byte ptr es:[di], byte ptr [si] 0x12ca4: call 0x12cdf 0x12ca7: ret
2018-12-25T12:56:20.432877277Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:56:20.438859522Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":28,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17685,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:56:20.463431337Z	177	PC: 12ed1 \| UNKNOWN!
2018-12-25T12:56:20.473557721Z	42	PC: 12f6d \| Get date 0x12f6d: cmp dh, 0xc 0x12f70: je 0x12f75 0x12f72: jmp 0x12f84 0x12f74: nop 0x12f75: cmp dl, 0x1c 0x12f78: jb 0x12f84 0x12f7a: mov cx, 0xff 0x12f7d: int 0x10 0x12f7f: mov ax, 0xe07 0x12f82: loop 0x12f7d 0x12f84: pop es 0x12f85: pop ds 0x12f86: jmp 0x12ef6 0x12f89: nop 0x12f8a: lea si, word ptr [bp + 3] 0x12f8e: mov di, 0x100 0x12f91: jmp 0x12eff 0x12f94: movsb byte ptr es:[di], byte ptr [si] 0x12f95: call 0x12fd0 0x12f98: ret
2018-12-25T12:56:20.477905177Z	42	PC: 12c7c \| Get date 0x12c7c: cmp dh, 0xc 0x12c7f: je 0x12c84 0x12c81: jmp 0x12c93 0x12c83: nop 0x12c84: cmp dl, 0x1c 0x12c87: jb 0x12c93 0x12c89: mov cx, 0xff 0x12c8c: int 0x10 0x12c8e: mov ax, 0xe07 0x12c91: loop 0x12c8c 0x12c93: pop es 0x12c94: pop ds 0x12c95: jmp 0x12c05 0x12c98: nop 0x12c99: lea si, word ptr [bp + 3] 0x12c9d: mov di, 0x100 0x12ca0: jmp 0x12c0e 0x12ca3: movsb byte ptr es:[di], byte ptr [si] 0x12ca4: call 0x12cdf 0x12ca7: ret
2018-12-25T12:56:20.482895217Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:56:20.488517828Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17685,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:56:20.398138934Z	177	PC: 12ed1 \| UNKNOWN!
2018-12-25T12:56:20.399532274Z	42	PC: 12f6d \| Get date 0x12f6d: cmp dh, 0xc 0x12f70: je 0x12f75 0x12f72: jmp 0x12f84 0x12f74: nop 0x12f75: cmp dl, 0x1c 0x12f78: jb 0x12f84 0x12f7a: mov cx, 0xff 0x12f7d: int 0x10 0x12f7f: mov ax, 0xe07 0x12f82: loop 0x12f7d 0x12f84: pop es 0x12f85: pop ds 0x12f86: jmp 0x12ef6 0x12f89: nop 0x12f8a: lea si, word ptr [bp + 3] 0x12f8e: mov di, 0x100 0x12f91: jmp 0x12eff 0x12f94: movsb byte ptr es:[di], byte ptr [si] 0x12f95: call 0x12fd0 0x12f98: ret
2018-12-25T12:56:20.401466262Z	42	PC: 12c7c \| Get date 0x12c7c: cmp dh, 0xc 0x12c7f: je 0x12c84 0x12c81: jmp 0x12c93 0x12c83: nop 0x12c84: cmp dl, 0x1c 0x12c87: jb 0x12c93 0x12c89: mov cx, 0xff 0x12c8c: int 0x10 0x12c8e: mov ax, 0xe07 0x12c91: loop 0x12c8c 0x12c93: pop es 0x12c94: pop ds 0x12c95: jmp 0x12c05 0x12c98: nop 0x12c99: lea si, word ptr [bp + 3] 0x12c9d: mov di, 0x100 0x12ca0: jmp 0x12c0e 0x12ca3: movsb byte ptr es:[di], byte ptr [si] 0x12ca4: call 0x12cdf 0x12ca7: ret
2018-12-25T12:56:20.403033798Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:56:20.406402122Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":28,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17685,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:56:20.46552005Z	177	PC: 12ed1 \| UNKNOWN!
2018-12-25T12:56:20.466665766Z	42	PC: 12f6d \| Get date 0x12f6d: cmp dh, 0xc 0x12f70: je 0x12f75 0x12f72: jmp 0x12f84 0x12f74: nop 0x12f75: cmp dl, 0x1c 0x12f78: jb 0x12f84 0x12f7a: mov cx, 0xff 0x12f7d: int 0x10 0x12f7f: mov ax, 0xe07 0x12f82: loop 0x12f7d 0x12f84: pop es 0x12f85: pop ds 0x12f86: jmp 0x12ef6 0x12f89: nop 0x12f8a: lea si, word ptr [bp + 3] 0x12f8e: mov di, 0x100 0x12f91: jmp 0x12eff 0x12f94: movsb byte ptr es:[di], byte ptr [si] 0x12f95: call 0x12fd0 0x12f98: ret
2018-12-25T12:56:20.469438141Z	42	PC: 12c7c \| Get date 0x12c7c: cmp dh, 0xc 0x12c7f: je 0x12c84 0x12c81: jmp 0x12c93 0x12c83: nop 0x12c84: cmp dl, 0x1c 0x12c87: jb 0x12c93 0x12c89: mov cx, 0xff 0x12c8c: int 0x10 0x12c8e: mov ax, 0xe07 0x12c91: loop 0x12c8c 0x12c93: pop es 0x12c94: pop ds 0x12c95: jmp 0x12c05 0x12c98: nop 0x12c99: lea si, word ptr [bp + 3] 0x12c9d: mov di, 0x100 0x12ca0: jmp 0x12c0e 0x12ca3: movsb byte ptr es:[di], byte ptr [si] 0x12ca4: call 0x12cdf 0x12ca7: ret
2018-12-25T12:56:20.472216472Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:56:20.475641101Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17685,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:56:20.61080439Z	177	PC: 12ed1 \| UNKNOWN!
2018-12-25T12:56:20.612533329Z	42	PC: 12f6d \| Get date 0x12f6d: cmp dh, 0xc 0x12f70: je 0x12f75 0x12f72: jmp 0x12f84 0x12f74: nop 0x12f75: cmp dl, 0x1c 0x12f78: jb 0x12f84 0x12f7a: mov cx, 0xff 0x12f7d: int 0x10 0x12f7f: mov ax, 0xe07 0x12f82: loop 0x12f7d 0x12f84: pop es 0x12f85: pop ds 0x12f86: jmp 0x12ef6 0x12f89: nop 0x12f8a: lea si, word ptr [bp + 3] 0x12f8e: mov di, 0x100 0x12f91: jmp 0x12eff 0x12f94: movsb byte ptr es:[di], byte ptr [si] 0x12f95: call 0x12fd0 0x12f98: ret
2018-12-25T12:56:20.615275817Z	42	PC: 12c7c \| Get date 0x12c7c: cmp dh, 0xc 0x12c7f: je 0x12c84 0x12c81: jmp 0x12c93 0x12c83: nop 0x12c84: cmp dl, 0x1c 0x12c87: jb 0x12c93 0x12c89: mov cx, 0xff 0x12c8c: int 0x10 0x12c8e: mov ax, 0xe07 0x12c91: loop 0x12c8c 0x12c93: pop es 0x12c94: pop ds 0x12c95: jmp 0x12c05 0x12c98: nop 0x12c99: lea si, word ptr [bp + 3] 0x12c9d: mov di, 0x100 0x12ca0: jmp 0x12c0e 0x12ca3: movsb byte ptr es:[di], byte ptr [si] 0x12ca4: call 0x12cdf 0x12ca7: ret
2018-12-25T12:56:20.618013014Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:56:20.624166412Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17685,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:56:20.723888212Z	177	PC: 12ed1 \| UNKNOWN!
2018-12-25T12:56:20.725212968Z	42	PC: 12f6d \| Get date 0x12f6d: cmp dh, 0xc 0x12f70: je 0x12f75 0x12f72: jmp 0x12f84 0x12f74: nop 0x12f75: cmp dl, 0x1c 0x12f78: jb 0x12f84 0x12f7a: mov cx, 0xff 0x12f7d: int 0x10 0x12f7f: mov ax, 0xe07 0x12f82: loop 0x12f7d 0x12f84: pop es 0x12f85: pop ds 0x12f86: jmp 0x12ef6 0x12f89: nop 0x12f8a: lea si, word ptr [bp + 3] 0x12f8e: mov di, 0x100 0x12f91: jmp 0x12eff 0x12f94: movsb byte ptr es:[di], byte ptr [si] 0x12f95: call 0x12fd0 0x12f98: ret
2018-12-25T12:56:20.727373904Z	42	PC: 12c7c \| Get date 0x12c7c: cmp dh, 0xc 0x12c7f: je 0x12c84 0x12c81: jmp 0x12c93 0x12c83: nop 0x12c84: cmp dl, 0x1c 0x12c87: jb 0x12c93 0x12c89: mov cx, 0xff 0x12c8c: int 0x10 0x12c8e: mov ax, 0xe07 0x12c91: loop 0x12c8c 0x12c93: pop es 0x12c94: pop ds 0x12c95: jmp 0x12c05 0x12c98: nop 0x12c99: lea si, word ptr [bp + 3] 0x12c9d: mov di, 0x100 0x12ca0: jmp 0x12c0e 0x12ca3: movsb byte ptr es:[di], byte ptr [si] 0x12ca4: call 0x12cdf 0x12ca7: ret
2018-12-25T12:56:20.72936336Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:56:20.734486202Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17685,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:56:21.18596734Z	177	PC: 12ed1 \| UNKNOWN!
2018-12-25T12:56:21.187242095Z	42	PC: 12f6d \| Get date 0x12f6d: cmp dh, 0xc 0x12f70: je 0x12f75 0x12f72: jmp 0x12f84 0x12f74: nop 0x12f75: cmp dl, 0x1c 0x12f78: jb 0x12f84 0x12f7a: mov cx, 0xff 0x12f7d: int 0x10 0x12f7f: mov ax, 0xe07 0x12f82: loop 0x12f7d 0x12f84: pop es 0x12f85: pop ds 0x12f86: jmp 0x12ef6 0x12f89: nop 0x12f8a: lea si, word ptr [bp + 3] 0x12f8e: mov di, 0x100 0x12f91: jmp 0x12eff 0x12f94: movsb byte ptr es:[di], byte ptr [si] 0x12f95: call 0x12fd0 0x12f98: ret
2018-12-25T12:56:21.189355471Z	42	PC: 12c7c \| Get date 0x12c7c: cmp dh, 0xc 0x12c7f: je 0x12c84 0x12c81: jmp 0x12c93 0x12c83: nop 0x12c84: cmp dl, 0x1c 0x12c87: jb 0x12c93 0x12c89: mov cx, 0xff 0x12c8c: int 0x10 0x12c8e: mov ax, 0xe07 0x12c91: loop 0x12c8c 0x12c93: pop es 0x12c94: pop ds 0x12c95: jmp 0x12c05 0x12c98: nop 0x12c99: lea si, word ptr [bp + 3] 0x12c9d: mov di, 0x100 0x12ca0: jmp 0x12c0e 0x12ca3: movsb byte ptr es:[di], byte ptr [si] 0x12ca4: call 0x12cdf 0x12ca7: ret
2018-12-25T12:56:21.191459111Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:56:21.196979054Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17685,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:56:21.200993607Z	177	PC: 12ed1 \| UNKNOWN!
2018-12-25T12:56:21.20215708Z	42	PC: 12f6d \| Get date 0x12f6d: cmp dh, 0xc 0x12f70: je 0x12f75 0x12f72: jmp 0x12f84 0x12f74: nop 0x12f75: cmp dl, 0x1c 0x12f78: jb 0x12f84 0x12f7a: mov cx, 0xff 0x12f7d: int 0x10 0x12f7f: mov ax, 0xe07 0x12f82: loop 0x12f7d 0x12f84: pop es 0x12f85: pop ds 0x12f86: jmp 0x12ef6 0x12f89: nop 0x12f8a: lea si, word ptr [bp + 3] 0x12f8e: mov di, 0x100 0x12f91: jmp 0x12eff 0x12f94: movsb byte ptr es:[di], byte ptr [si] 0x12f95: call 0x12fd0 0x12f98: ret
2018-12-25T12:56:21.203780171Z	42	PC: 12c7c \| Get date 0x12c7c: cmp dh, 0xc 0x12c7f: je 0x12c84 0x12c81: jmp 0x12c93 0x12c83: nop 0x12c84: cmp dl, 0x1c 0x12c87: jb 0x12c93 0x12c89: mov cx, 0xff 0x12c8c: int 0x10 0x12c8e: mov ax, 0xe07 0x12c91: loop 0x12c8c 0x12c93: pop es 0x12c94: pop ds 0x12c95: jmp 0x12c05 0x12c98: nop 0x12c99: lea si, word ptr [bp + 3] 0x12c9d: mov di, 0x100 0x12ca0: jmp 0x12c0e 0x12ca3: movsb byte ptr es:[di], byte ptr [si] 0x12ca4: call 0x12cdf 0x12ca7: ret
2018-12-25T12:56:21.205336056Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:56:21.209071885Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":28,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17685,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:56:21.274198806Z	177	PC: 12ed1 \| UNKNOWN!
2018-12-25T12:56:21.274991137Z	42	PC: 12f6d \| Get date 0x12f6d: cmp dh, 0xc 0x12f70: je 0x12f75 0x12f72: jmp 0x12f84 0x12f74: nop 0x12f75: cmp dl, 0x1c 0x12f78: jb 0x12f84 0x12f7a: mov cx, 0xff 0x12f7d: int 0x10 0x12f7f: mov ax, 0xe07 0x12f82: loop 0x12f7d 0x12f84: pop es 0x12f85: pop ds 0x12f86: jmp 0x12ef6 0x12f89: nop 0x12f8a: lea si, word ptr [bp + 3] 0x12f8e: mov di, 0x100 0x12f91: jmp 0x12eff 0x12f94: movsb byte ptr es:[di], byte ptr [si] 0x12f95: call 0x12fd0 0x12f98: ret
2018-12-25T12:56:21.279904986Z	42	PC: 12c7c \| Get date 0x12c7c: cmp dh, 0xc 0x12c7f: je 0x12c84 0x12c81: jmp 0x12c93 0x12c83: nop 0x12c84: cmp dl, 0x1c 0x12c87: jb 0x12c93 0x12c89: mov cx, 0xff 0x12c8c: int 0x10 0x12c8e: mov ax, 0xe07 0x12c91: loop 0x12c8c 0x12c93: pop es 0x12c94: pop ds 0x12c95: jmp 0x12c05 0x12c98: nop 0x12c99: lea si, word ptr [bp + 3] 0x12c9d: mov di, 0x100 0x12ca0: jmp 0x12c0e 0x12ca3: movsb byte ptr es:[di], byte ptr [si] 0x12ca4: call 0x12cdf 0x12ca7: ret
2018-12-25T12:56:21.284940379Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:56:21.290860645Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')