Sample viewer

vx.netlux.org/Virus.DOS.Roet.1875

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:05:50.531023082Z	177	PC: 14138 \| UNKNOWN!
2018-12-17T22:05:50.532279062Z	42	PC: 141cf \| Get date 0x141cf: cmp dh, 0xc 0x141d2: je 0x141d7 0x141d4: jmp 0x14644 0x141d7: cmp dl, 0x14 0x141da: jl 0x141fe 0x141dc: cmp dl, 0x1b 0x141df: jge 0x141fe 0x141e1: lea dx, word ptr [bp + 0x11f] 0x141e5: mov ah, 9 0x141e7: int 0x21 0x141e9: mov cx, 0xff 0x141ec: int 0x10 0x141ee: mov ax, 0xe07 0x141f1: loop 0x141ec 0x141f3: mov ax, 2 0x141f6: mov cx, 0x1770 0x141f9: cli 0x141fa: cdq 0x141fb: int 0x26 0x141fd: sti
2018-12-17T22:05:50.541813705Z	48	PC: 12a63 \| Get DOS version
2018-12-17T22:05:50.542921005Z	9	PC: 12a7a \| Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-17T22:05:50.553120857Z	61	PC: 12cb7 \| Open file (Filename = '')
2018-12-17T22:05:50.560266476Z	9	PC: 12a88 \| Display string (String= 'Self test: ')
2018-12-17T22:05:50.562368403Z	93	PC: 12b24 \| File sharing functions
2018-12-17T22:05:50.564629918Z	9	PC: 12b03 \| Display string (String= 'Size change=+0753h/01875d. Virus might be activ? ')
2018-12-17T22:05:50.569990402Z	76	PC: 12b09 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1772,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:15.827841104Z	177	PC: 14138 \| UNKNOWN!
2018-12-25T11:44:15.830211082Z	42	PC: 141cf \| Get date 0x141cf: cmp dh, 0xc 0x141d2: je 0x141d7 0x141d4: jmp 0x14644 0x141d7: cmp dl, 0x14 0x141da: jl 0x141fe 0x141dc: cmp dl, 0x1b 0x141df: jge 0x141fe 0x141e1: lea dx, word ptr [bp + 0x11f] 0x141e5: mov ah, 9 0x141e7: int 0x21 0x141e9: mov cx, 0xff 0x141ec: int 0x10 0x141ee: mov ax, 0xe07 0x141f1: loop 0x141ec 0x141f3: mov ax, 2 0x141f6: mov cx, 0x1770 0x141f9: cli 0x141fa: cdq 0x141fb: int 0x26 0x141fd: sti
2018-12-25T11:44:15.833046198Z	48	PC: 12a63 \| Get DOS version
2018-12-25T11:44:15.834473053Z	9	PC: 12a7a \| Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-25T11:44:15.844261672Z	61	PC: 12cb7 \| Open file (Filename = '')
2018-12-25T11:44:15.85301946Z	9	PC: 12a88 \| Display string (String= 'Self test: ')
2018-12-25T11:44:15.856495871Z	93	PC: 12b24 \| File sharing functions
2018-12-25T11:44:15.858632112Z	9	PC: 12b03 \| Display string (String= 'Size change=+0753h/01875d. Virus might be activ? ')
2018-12-25T11:44:15.863915967Z	76	PC: 12b09 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":20,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1772,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:16.015638643Z	177	PC: 14138 \| UNKNOWN!
2018-12-25T11:44:16.017494565Z	42	PC: 141cf \| Get date 0x141cf: cmp dh, 0xc 0x141d2: je 0x141d7 0x141d4: jmp 0x14644 0x141d7: cmp dl, 0x14 0x141da: jl 0x141fe 0x141dc: cmp dl, 0x1b 0x141df: jge 0x141fe 0x141e1: lea dx, word ptr [bp + 0x11f] 0x141e5: mov ah, 9 0x141e7: int 0x21 0x141e9: mov cx, 0xff 0x141ec: int 0x10 0x141ee: mov ax, 0xe07 0x141f1: loop 0x141ec 0x141f3: mov ax, 2 0x141f6: mov cx, 0x1770 0x141f9: cli 0x141fa: cdq 0x141fb: int 0x26 0x141fd: sti
2018-12-25T11:44:16.019982573Z	9	PC: 141e9 \| Display string (Could not find end pointer)
2018-12-25T11:44:16.049554222Z	48	PC: 12a63 \| Get DOS version
2018-12-25T11:44:16.056527417Z	9	PC: 12a7a \| Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-25T11:44:16.068336458Z	61	PC: 12cb7 \| Open file (Filename = '')
2018-12-25T11:44:16.076167878Z	9	PC: 12a88 \| Display string (String= 'Self test: ')
2018-12-25T11:44:16.084006357Z	93	PC: 12b24 \| File sharing functions
2018-12-25T11:44:16.087075811Z	9	PC: 12b03 \| Display string (String= 'Size change=+0753h/01875d. Virus might be activ? ')
2018-12-25T11:44:16.091973068Z	76	PC: 12b09 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":27,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1772,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:16.153907468Z	177	PC: 14138 \| UNKNOWN!
2018-12-25T11:44:16.155881284Z	42	PC: 141cf \| Get date 0x141cf: cmp dh, 0xc 0x141d2: je 0x141d7 0x141d4: jmp 0x14644 0x141d7: cmp dl, 0x14 0x141da: jl 0x141fe 0x141dc: cmp dl, 0x1b 0x141df: jge 0x141fe 0x141e1: lea dx, word ptr [bp + 0x11f] 0x141e5: mov ah, 9 0x141e7: int 0x21 0x141e9: mov cx, 0xff 0x141ec: int 0x10 0x141ee: mov ax, 0xe07 0x141f1: loop 0x141ec 0x141f3: mov ax, 2 0x141f6: mov cx, 0x1770 0x141f9: cli 0x141fa: cdq 0x141fb: int 0x26 0x141fd: sti
2018-12-25T11:44:16.158226951Z	48	PC: 12a63 \| Get DOS version
2018-12-25T11:44:16.159581671Z	9	PC: 12a7a \| Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-25T11:44:16.170903363Z	61	PC: 12cb7 \| Open file (Filename = '')
2018-12-25T11:44:16.177421328Z	9	PC: 12a88 \| Display string (String= 'Self test: ')
2018-12-25T11:44:16.180712504Z	93	PC: 12b24 \| File sharing functions
2018-12-25T11:44:16.182708855Z	9	PC: 12b03 \| Display string (String= 'Size change=+0753h/01875d. Virus might be activ? ')
2018-12-25T11:44:16.186732865Z	76	PC: 12b09 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1772,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:16.284455638Z	177	PC: 14138 \| UNKNOWN!
2018-12-25T11:44:16.286148509Z	42	PC: 141cf \| Get date 0x141cf: cmp dh, 0xc 0x141d2: je 0x141d7 0x141d4: jmp 0x14644 0x141d7: cmp dl, 0x14 0x141da: jl 0x141fe 0x141dc: cmp dl, 0x1b 0x141df: jge 0x141fe 0x141e1: lea dx, word ptr [bp + 0x11f] 0x141e5: mov ah, 9 0x141e7: int 0x21 0x141e9: mov cx, 0xff 0x141ec: int 0x10 0x141ee: mov ax, 0xe07 0x141f1: loop 0x141ec 0x141f3: mov ax, 2 0x141f6: mov cx, 0x1770 0x141f9: cli 0x141fa: cdq 0x141fb: int 0x26 0x141fd: sti
2018-12-25T11:44:16.288399596Z	48	PC: 12a63 \| Get DOS version
2018-12-25T11:44:16.289380539Z	9	PC: 12a7a \| Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-25T11:44:16.295450439Z	61	PC: 12cb7 \| Open file (Filename = '')
2018-12-25T11:44:16.302540464Z	9	PC: 12a88 \| Display string (String= 'Self test: ')
2018-12-25T11:44:16.304807928Z	93	PC: 12b24 \| File sharing functions
2018-12-25T11:44:16.306389442Z	9	PC: 12b03 \| Display string (String= 'Size change=+0753h/01875d. Virus might be activ? ')
2018-12-25T11:44:16.309985335Z	76	PC: 12b09 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":27,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1772,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:16.412046098Z	177	PC: 14138 \| UNKNOWN!
2018-12-25T11:44:16.41422048Z	42	PC: 141cf \| Get date 0x141cf: cmp dh, 0xc 0x141d2: je 0x141d7 0x141d4: jmp 0x14644 0x141d7: cmp dl, 0x14 0x141da: jl 0x141fe 0x141dc: cmp dl, 0x1b 0x141df: jge 0x141fe 0x141e1: lea dx, word ptr [bp + 0x11f] 0x141e5: mov ah, 9 0x141e7: int 0x21 0x141e9: mov cx, 0xff 0x141ec: int 0x10 0x141ee: mov ax, 0xe07 0x141f1: loop 0x141ec 0x141f3: mov ax, 2 0x141f6: mov cx, 0x1770 0x141f9: cli 0x141fa: cdq 0x141fb: int 0x26 0x141fd: sti
2018-12-25T11:44:16.417446733Z	48	PC: 12a63 \| Get DOS version
2018-12-25T11:44:16.418610116Z	9	PC: 12a7a \| Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-25T11:44:16.428995419Z	61	PC: 12cb7 \| Open file (Filename = '')
2018-12-25T11:44:16.4354681Z	9	PC: 12a88 \| Display string (String= 'Self test: ')
2018-12-25T11:44:16.43896219Z	93	PC: 12b24 \| File sharing functions
2018-12-25T11:44:16.441293466Z	9	PC: 12b03 \| Display string (String= 'Size change=+0753h/01875d. Virus might be activ? ')
2018-12-25T11:44:16.44577081Z	76	PC: 12b09 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1772,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:16.599813452Z	177	PC: 14138 \| UNKNOWN!
2018-12-25T11:44:16.60172131Z	42	PC: 141cf \| Get date 0x141cf: cmp dh, 0xc 0x141d2: je 0x141d7 0x141d4: jmp 0x14644 0x141d7: cmp dl, 0x14 0x141da: jl 0x141fe 0x141dc: cmp dl, 0x1b 0x141df: jge 0x141fe 0x141e1: lea dx, word ptr [bp + 0x11f] 0x141e5: mov ah, 9 0x141e7: int 0x21 0x141e9: mov cx, 0xff 0x141ec: int 0x10 0x141ee: mov ax, 0xe07 0x141f1: loop 0x141ec 0x141f3: mov ax, 2 0x141f6: mov cx, 0x1770 0x141f9: cli 0x141fa: cdq 0x141fb: int 0x26 0x141fd: sti
2018-12-25T11:44:16.604413754Z	48	PC: 12a63 \| Get DOS version
2018-12-25T11:44:16.605876106Z	9	PC: 12a7a \| Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-25T11:44:16.616708394Z	61	PC: 12cb7 \| Open file (Filename = '')
2018-12-25T11:44:16.628784536Z	9	PC: 12a88 \| Display string (String= 'Self test: ')
2018-12-25T11:44:16.633239256Z	93	PC: 12b24 \| File sharing functions
2018-12-25T11:44:16.635426324Z	9	PC: 12b03 \| Display string (String= 'Size change=+0753h/01875d. Virus might be activ? ')
2018-12-25T11:44:16.640398854Z	76	PC: 12b09 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1772,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:16.760568032Z	177	PC: 14138 \| UNKNOWN!
2018-12-25T11:44:16.762393082Z	42	PC: 141cf \| Get date 0x141cf: cmp dh, 0xc 0x141d2: je 0x141d7 0x141d4: jmp 0x14644 0x141d7: cmp dl, 0x14 0x141da: jl 0x141fe 0x141dc: cmp dl, 0x1b 0x141df: jge 0x141fe 0x141e1: lea dx, word ptr [bp + 0x11f] 0x141e5: mov ah, 9 0x141e7: int 0x21 0x141e9: mov cx, 0xff 0x141ec: int 0x10 0x141ee: mov ax, 0xe07 0x141f1: loop 0x141ec 0x141f3: mov ax, 2 0x141f6: mov cx, 0x1770 0x141f9: cli 0x141fa: cdq 0x141fb: int 0x26 0x141fd: sti
2018-12-25T11:44:16.767211824Z	48	PC: 12a63 \| Get DOS version
2018-12-25T11:44:16.76926637Z	9	PC: 12a7a \| Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-25T11:44:16.780343775Z	61	PC: 12cb7 \| Open file (Filename = '')
2018-12-25T11:44:16.787320027Z	9	PC: 12a88 \| Display string (String= 'Self test: ')
2018-12-25T11:44:16.791143323Z	93	PC: 12b24 \| File sharing functions
2018-12-25T11:44:16.79456066Z	9	PC: 12b03 \| Display string (String= 'Size change=+0753h/01875d. Virus might be activ? ')
2018-12-25T11:44:16.799245403Z	76	PC: 12b09 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":20,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1772,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:17.206492087Z	177	PC: 14138 \| UNKNOWN!
2018-12-25T11:44:17.208968022Z	42	PC: 141cf \| Get date 0x141cf: cmp dh, 0xc 0x141d2: je 0x141d7 0x141d4: jmp 0x14644 0x141d7: cmp dl, 0x14 0x141da: jl 0x141fe 0x141dc: cmp dl, 0x1b 0x141df: jge 0x141fe 0x141e1: lea dx, word ptr [bp + 0x11f] 0x141e5: mov ah, 9 0x141e7: int 0x21 0x141e9: mov cx, 0xff 0x141ec: int 0x10 0x141ee: mov ax, 0xe07 0x141f1: loop 0x141ec 0x141f3: mov ax, 2 0x141f6: mov cx, 0x1770 0x141f9: cli 0x141fa: cdq 0x141fb: int 0x26 0x141fd: sti
2018-12-25T11:44:17.211780591Z	9	PC: 141e9 \| Display string (Could not find end pointer)
2018-12-25T11:44:17.238614928Z	48	PC: 12a63 \| Get DOS version
2018-12-25T11:44:17.24028682Z	9	PC: 12a7a \| Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-25T11:44:17.250886889Z	61	PC: 12cb7 \| Open file (Filename = '')
2018-12-25T11:44:17.257944314Z	9	PC: 12a88 \| Display string (String= 'Self test: ')
2018-12-25T11:44:17.262680604Z	93	PC: 12b24 \| File sharing functions
2018-12-25T11:44:17.264566232Z	9	PC: 12b03 \| Display string (String= 'Size change=+0753h/01875d. Virus might be activ? ')
2018-12-25T11:44:17.268813007Z	76	PC: 12b09 \| Terminate with return code (Return code = '1')