Sample viewer

vx.netlux.org/Virus.DOS.Roet.1875

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:05:50.531023082Z 177 PC: 14138 | UNKNOWN!
2018-12-17T22:05:50.532279062Z 42 PC: 141cf | Get date 0x141cf: cmp dh, 0xc
0x141d2: je 0x141d7
0x141d4: jmp 0x14644
0x141d7: cmp dl, 0x14
0x141da: jl 0x141fe
0x141dc: cmp dl, 0x1b
0x141df: jge 0x141fe
0x141e1: lea dx, word ptr [bp + 0x11f]
0x141e5: mov ah, 9
0x141e7: int 0x21
0x141e9: mov cx, 0xff
0x141ec: int 0x10
0x141ee: mov ax, 0xe07
0x141f1: loop 0x141ec
0x141f3: mov ax, 2
0x141f6: mov cx, 0x1770
0x141f9: cli
0x141fa: cdq
0x141fb: int 0x26
0x141fd: sti
2018-12-17T22:05:50.541813705Z 48 PC: 12a63 | Get DOS version
2018-12-17T22:05:50.542921005Z 9 PC: 12a7a | Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-17T22:05:50.553120857Z 61 PC: 12cb7 | Open file (Filename = '')
2018-12-17T22:05:50.560266476Z 9 PC: 12a88 | Display string (String= 'Self test: ')
2018-12-17T22:05:50.562368403Z 93 PC: 12b24 | File sharing functions
2018-12-17T22:05:50.564629918Z 9 PC: 12b03 | Display string (String= 'Size change=+0753h/01875d. Virus might be activ? ')
2018-12-17T22:05:50.569990402Z 76 PC: 12b09 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1772,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:15.827841104Z 177 PC: 14138 | UNKNOWN!
2018-12-25T11:44:15.830211082Z 42 PC: 141cf | Get date 0x141cf: cmp dh, 0xc
0x141d2: je 0x141d7
0x141d4: jmp 0x14644
0x141d7: cmp dl, 0x14
0x141da: jl 0x141fe
0x141dc: cmp dl, 0x1b
0x141df: jge 0x141fe
0x141e1: lea dx, word ptr [bp + 0x11f]
0x141e5: mov ah, 9
0x141e7: int 0x21
0x141e9: mov cx, 0xff
0x141ec: int 0x10
0x141ee: mov ax, 0xe07
0x141f1: loop 0x141ec
0x141f3: mov ax, 2
0x141f6: mov cx, 0x1770
0x141f9: cli
0x141fa: cdq
0x141fb: int 0x26
0x141fd: sti
2018-12-25T11:44:15.833046198Z 48 PC: 12a63 | Get DOS version
2018-12-25T11:44:15.834473053Z 9 PC: 12a7a | Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-25T11:44:15.844261672Z 61 PC: 12cb7 | Open file (Filename = '')
2018-12-25T11:44:15.85301946Z 9 PC: 12a88 | Display string (String= 'Self test: ')
2018-12-25T11:44:15.856495871Z 93 PC: 12b24 | File sharing functions
2018-12-25T11:44:15.858632112Z 9 PC: 12b03 | Display string (String= 'Size change=+0753h/01875d. Virus might be activ? ')
2018-12-25T11:44:15.863915967Z 76 PC: 12b09 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":20,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1772,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:16.015638643Z 177 PC: 14138 | UNKNOWN!
2018-12-25T11:44:16.017494565Z 42 PC: 141cf | Get date 0x141cf: cmp dh, 0xc
0x141d2: je 0x141d7
0x141d4: jmp 0x14644
0x141d7: cmp dl, 0x14
0x141da: jl 0x141fe
0x141dc: cmp dl, 0x1b
0x141df: jge 0x141fe
0x141e1: lea dx, word ptr [bp + 0x11f]
0x141e5: mov ah, 9
0x141e7: int 0x21
0x141e9: mov cx, 0xff
0x141ec: int 0x10
0x141ee: mov ax, 0xe07
0x141f1: loop 0x141ec
0x141f3: mov ax, 2
0x141f6: mov cx, 0x1770
0x141f9: cli
0x141fa: cdq
0x141fb: int 0x26
0x141fd: sti
2018-12-25T11:44:16.019982573Z 9 PC: 141e9 | Display string (Could not find end pointer)
2018-12-25T11:44:16.049554222Z 48 PC: 12a63 | Get DOS version
2018-12-25T11:44:16.056527417Z 9 PC: 12a7a | Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-25T11:44:16.068336458Z 61 PC: 12cb7 | Open file (Filename = '')
2018-12-25T11:44:16.076167878Z 9 PC: 12a88 | Display string (String= 'Self test: ')
2018-12-25T11:44:16.084006357Z 93 PC: 12b24 | File sharing functions
2018-12-25T11:44:16.087075811Z 9 PC: 12b03 | Display string (String= 'Size change=+0753h/01875d. Virus might be activ? ')
2018-12-25T11:44:16.091973068Z 76 PC: 12b09 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":27,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1772,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:16.153907468Z 177 PC: 14138 | UNKNOWN!
2018-12-25T11:44:16.155881284Z 42 PC: 141cf | Get date 0x141cf: cmp dh, 0xc
0x141d2: je 0x141d7
0x141d4: jmp 0x14644
0x141d7: cmp dl, 0x14
0x141da: jl 0x141fe
0x141dc: cmp dl, 0x1b
0x141df: jge 0x141fe
0x141e1: lea dx, word ptr [bp + 0x11f]
0x141e5: mov ah, 9
0x141e7: int 0x21
0x141e9: mov cx, 0xff
0x141ec: int 0x10
0x141ee: mov ax, 0xe07
0x141f1: loop 0x141ec
0x141f3: mov ax, 2
0x141f6: mov cx, 0x1770
0x141f9: cli
0x141fa: cdq
0x141fb: int 0x26
0x141fd: sti
2018-12-25T11:44:16.158226951Z 48 PC: 12a63 | Get DOS version
2018-12-25T11:44:16.159581671Z 9 PC: 12a7a | Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-25T11:44:16.170903363Z 61 PC: 12cb7 | Open file (Filename = '')
2018-12-25T11:44:16.177421328Z 9 PC: 12a88 | Display string (String= 'Self test: ')
2018-12-25T11:44:16.180712504Z 93 PC: 12b24 | File sharing functions
2018-12-25T11:44:16.182708855Z 9 PC: 12b03 | Display string (String= 'Size change=+0753h/01875d. Virus might be activ? ')
2018-12-25T11:44:16.186732865Z 76 PC: 12b09 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1772,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:16.284455638Z 177 PC: 14138 | UNKNOWN!
2018-12-25T11:44:16.286148509Z 42 PC: 141cf | Get date 0x141cf: cmp dh, 0xc
0x141d2: je 0x141d7
0x141d4: jmp 0x14644
0x141d7: cmp dl, 0x14
0x141da: jl 0x141fe
0x141dc: cmp dl, 0x1b
0x141df: jge 0x141fe
0x141e1: lea dx, word ptr [bp + 0x11f]
0x141e5: mov ah, 9
0x141e7: int 0x21
0x141e9: mov cx, 0xff
0x141ec: int 0x10
0x141ee: mov ax, 0xe07
0x141f1: loop 0x141ec
0x141f3: mov ax, 2
0x141f6: mov cx, 0x1770
0x141f9: cli
0x141fa: cdq
0x141fb: int 0x26
0x141fd: sti
2018-12-25T11:44:16.288399596Z 48 PC: 12a63 | Get DOS version
2018-12-25T11:44:16.289380539Z 9 PC: 12a7a | Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-25T11:44:16.295450439Z 61 PC: 12cb7 | Open file (Filename = '')
2018-12-25T11:44:16.302540464Z 9 PC: 12a88 | Display string (String= 'Self test: ')
2018-12-25T11:44:16.304807928Z 93 PC: 12b24 | File sharing functions
2018-12-25T11:44:16.306389442Z 9 PC: 12b03 | Display string (String= 'Size change=+0753h/01875d. Virus might be activ? ')
2018-12-25T11:44:16.309985335Z 76 PC: 12b09 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":27,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1772,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:16.412046098Z 177 PC: 14138 | UNKNOWN!
2018-12-25T11:44:16.41422048Z 42 PC: 141cf | Get date 0x141cf: cmp dh, 0xc
0x141d2: je 0x141d7
0x141d4: jmp 0x14644
0x141d7: cmp dl, 0x14
0x141da: jl 0x141fe
0x141dc: cmp dl, 0x1b
0x141df: jge 0x141fe
0x141e1: lea dx, word ptr [bp + 0x11f]
0x141e5: mov ah, 9
0x141e7: int 0x21
0x141e9: mov cx, 0xff
0x141ec: int 0x10
0x141ee: mov ax, 0xe07
0x141f1: loop 0x141ec
0x141f3: mov ax, 2
0x141f6: mov cx, 0x1770
0x141f9: cli
0x141fa: cdq
0x141fb: int 0x26
0x141fd: sti
2018-12-25T11:44:16.417446733Z 48 PC: 12a63 | Get DOS version
2018-12-25T11:44:16.418610116Z 9 PC: 12a7a | Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-25T11:44:16.428995419Z 61 PC: 12cb7 | Open file (Filename = '')
2018-12-25T11:44:16.4354681Z 9 PC: 12a88 | Display string (String= 'Self test: ')
2018-12-25T11:44:16.43896219Z 93 PC: 12b24 | File sharing functions
2018-12-25T11:44:16.441293466Z 9 PC: 12b03 | Display string (String= 'Size change=+0753h/01875d. Virus might be activ? ')
2018-12-25T11:44:16.44577081Z 76 PC: 12b09 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1772,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:16.599813452Z 177 PC: 14138 | UNKNOWN!
2018-12-25T11:44:16.60172131Z 42 PC: 141cf | Get date 0x141cf: cmp dh, 0xc
0x141d2: je 0x141d7
0x141d4: jmp 0x14644
0x141d7: cmp dl, 0x14
0x141da: jl 0x141fe
0x141dc: cmp dl, 0x1b
0x141df: jge 0x141fe
0x141e1: lea dx, word ptr [bp + 0x11f]
0x141e5: mov ah, 9
0x141e7: int 0x21
0x141e9: mov cx, 0xff
0x141ec: int 0x10
0x141ee: mov ax, 0xe07
0x141f1: loop 0x141ec
0x141f3: mov ax, 2
0x141f6: mov cx, 0x1770
0x141f9: cli
0x141fa: cdq
0x141fb: int 0x26
0x141fd: sti
2018-12-25T11:44:16.604413754Z 48 PC: 12a63 | Get DOS version
2018-12-25T11:44:16.605876106Z 9 PC: 12a7a | Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-25T11:44:16.616708394Z 61 PC: 12cb7 | Open file (Filename = '')
2018-12-25T11:44:16.628784536Z 9 PC: 12a88 | Display string (String= 'Self test: ')
2018-12-25T11:44:16.633239256Z 93 PC: 12b24 | File sharing functions
2018-12-25T11:44:16.635426324Z 9 PC: 12b03 | Display string (String= 'Size change=+0753h/01875d. Virus might be activ? ')
2018-12-25T11:44:16.640398854Z 76 PC: 12b09 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1772,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:16.760568032Z 177 PC: 14138 | UNKNOWN!
2018-12-25T11:44:16.762393082Z 42 PC: 141cf | Get date 0x141cf: cmp dh, 0xc
0x141d2: je 0x141d7
0x141d4: jmp 0x14644
0x141d7: cmp dl, 0x14
0x141da: jl 0x141fe
0x141dc: cmp dl, 0x1b
0x141df: jge 0x141fe
0x141e1: lea dx, word ptr [bp + 0x11f]
0x141e5: mov ah, 9
0x141e7: int 0x21
0x141e9: mov cx, 0xff
0x141ec: int 0x10
0x141ee: mov ax, 0xe07
0x141f1: loop 0x141ec
0x141f3: mov ax, 2
0x141f6: mov cx, 0x1770
0x141f9: cli
0x141fa: cdq
0x141fb: int 0x26
0x141fd: sti
2018-12-25T11:44:16.767211824Z 48 PC: 12a63 | Get DOS version
2018-12-25T11:44:16.76926637Z 9 PC: 12a7a | Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-25T11:44:16.780343775Z 61 PC: 12cb7 | Open file (Filename = '')
2018-12-25T11:44:16.787320027Z 9 PC: 12a88 | Display string (String= 'Self test: ')
2018-12-25T11:44:16.791143323Z 93 PC: 12b24 | File sharing functions
2018-12-25T11:44:16.79456066Z 9 PC: 12b03 | Display string (String= 'Size change=+0753h/01875d. Virus might be activ? ')
2018-12-25T11:44:16.799245403Z 76 PC: 12b09 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":20,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1772,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:17.206492087Z 177 PC: 14138 | UNKNOWN!
2018-12-25T11:44:17.208968022Z 42 PC: 141cf | Get date 0x141cf: cmp dh, 0xc
0x141d2: je 0x141d7
0x141d4: jmp 0x14644
0x141d7: cmp dl, 0x14
0x141da: jl 0x141fe
0x141dc: cmp dl, 0x1b
0x141df: jge 0x141fe
0x141e1: lea dx, word ptr [bp + 0x11f]
0x141e5: mov ah, 9
0x141e7: int 0x21
0x141e9: mov cx, 0xff
0x141ec: int 0x10
0x141ee: mov ax, 0xe07
0x141f1: loop 0x141ec
0x141f3: mov ax, 2
0x141f6: mov cx, 0x1770
0x141f9: cli
0x141fa: cdq
0x141fb: int 0x26
0x141fd: sti
2018-12-25T11:44:17.211780591Z 9 PC: 141e9 | Display string (Could not find end pointer)
2018-12-25T11:44:17.238614928Z 48 PC: 12a63 | Get DOS version
2018-12-25T11:44:17.24028682Z 9 PC: 12a7a | Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-25T11:44:17.250886889Z 61 PC: 12cb7 | Open file (Filename = '')
2018-12-25T11:44:17.257944314Z 9 PC: 12a88 | Display string (String= 'Self test: ')
2018-12-25T11:44:17.262680604Z 93 PC: 12b24 | File sharing functions
2018-12-25T11:44:17.264566232Z 9 PC: 12b03 | Display string (String= 'Size change=+0753h/01875d. Virus might be activ? ')
2018-12-25T11:44:17.268813007Z 76 PC: 12b09 | Terminate with return code (Return code = '1')