Sample viewer

vx.netlux.org/Virus.DOS.Illusion.1330

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:51:50.885854151Z	48	PC: 12bad \| Get DOS version
2018-12-17T21:51:50.888967945Z	42	PC: 12bbb \| Get date 0x12bbb: cmp dh, 7 0x12bbe: jne 0x12bc8 0x12bc0: cmp dl, 4 0x12bc3: jne 0x12bc8 0x12bc5: jmp 0x12f84 0x12bc8: cmp al, 2 0x12bca: jne 0x12be1 0x12bcc: cmp dl, 5 0x12bcf: jne 0x12be1 0x12bd1: jmp 0x12f84 0x12bd4: sub ax, 0x233e 0x12bd7: push sp 0x12bd8: push 0x5f45 0x12bdb: push di 0x12bdc: imul bx, word ptr [bp + si + 0x41], 0x4472 0x12be1: mov ax, 0x3621 0x12be4: dec ah 0x12be6: int 0x21 0x12be8: mov word ptr cs:[bp + 0x1ac], bx 0x12bed: mov word ptr cs:[bp + 0x1ae], es
2018-12-17T21:51:50.891497166Z	53	PC: 12be8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:51:50.893431826Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T21:51:50.899072258Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":181,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:19.390076972Z	48	PC: 12bad \| Get DOS version
2018-12-25T11:40:19.391369399Z	42	PC: 12bbb \| Get date 0x12bbb: cmp dh, 7 0x12bbe: jne 0x12bc8 0x12bc0: cmp dl, 4 0x12bc3: jne 0x12bc8 0x12bc5: jmp 0x12f84 0x12bc8: cmp al, 2 0x12bca: jne 0x12be1 0x12bcc: cmp dl, 5 0x12bcf: jne 0x12be1 0x12bd1: jmp 0x12f84 0x12bd4: sub ax, 0x233e 0x12bd7: push sp 0x12bd8: push 0x5f45 0x12bdb: push di 0x12bdc: imul bx, word ptr [bp + si + 0x41], 0x4472 0x12be1: mov ax, 0x3621 0x12be4: dec ah 0x12be6: int 0x21 0x12be8: mov word ptr cs:[bp + 0x1ac], bx 0x12bed: mov word ptr cs:[bp + 0x1ae], es
2018-12-25T11:40:19.393405175Z	53	PC: 12be8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:19.394693611Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:40:19.400391332Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":181,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:19.472357137Z	48	PC: 12bad \| Get DOS version
2018-12-25T11:40:19.473640057Z	42	PC: 12bbb \| Get date 0x12bbb: cmp dh, 7 0x12bbe: jne 0x12bc8 0x12bc0: cmp dl, 4 0x12bc3: jne 0x12bc8 0x12bc5: jmp 0x12f84 0x12bc8: cmp al, 2 0x12bca: jne 0x12be1 0x12bcc: cmp dl, 5 0x12bcf: jne 0x12be1 0x12bd1: jmp 0x12f84 0x12bd4: sub ax, 0x233e 0x12bd7: push sp 0x12bd8: push 0x5f45 0x12bdb: push di 0x12bdc: imul bx, word ptr [bp + si + 0x41], 0x4472 0x12be1: mov ax, 0x3621 0x12be4: dec ah 0x12be6: int 0x21 0x12be8: mov word ptr cs:[bp + 0x1ac], bx 0x12bed: mov word ptr cs:[bp + 0x1ae], es
2018-12-25T11:40:19.481877349Z	53	PC: 12be8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:19.483427602Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:40:19.489464078Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":5,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":181,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:19.60932705Z	48	PC: 12bad \| Get DOS version
2018-12-25T11:40:19.611024435Z	42	PC: 12bbb \| Get date 0x12bbb: cmp dh, 7 0x12bbe: jne 0x12bc8 0x12bc0: cmp dl, 4 0x12bc3: jne 0x12bc8 0x12bc5: jmp 0x12f84 0x12bc8: cmp al, 2 0x12bca: jne 0x12be1 0x12bcc: cmp dl, 5 0x12bcf: jne 0x12be1 0x12bd1: jmp 0x12f84 0x12bd4: sub ax, 0x233e 0x12bd7: push sp 0x12bd8: push 0x5f45 0x12bdb: push di 0x12bdc: imul bx, word ptr [bp + si + 0x41], 0x4472 0x12be1: mov ax, 0x3621 0x12be4: dec ah 0x12be6: int 0x21 0x12be8: mov word ptr cs:[bp + 0x1ac], bx 0x12bed: mov word ptr cs:[bp + 0x1ae], es
2018-12-25T11:40:19.620524654Z	76	PC: 12fc9 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":181,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:19.796475786Z	48	PC: 12bad \| Get DOS version
2018-12-25T11:40:19.797842138Z	42	PC: 12bbb \| Get date 0x12bbb: cmp dh, 7 0x12bbe: jne 0x12bc8 0x12bc0: cmp dl, 4 0x12bc3: jne 0x12bc8 0x12bc5: jmp 0x12f84 0x12bc8: cmp al, 2 0x12bca: jne 0x12be1 0x12bcc: cmp dl, 5 0x12bcf: jne 0x12be1 0x12bd1: jmp 0x12f84 0x12bd4: sub ax, 0x233e 0x12bd7: push sp 0x12bd8: push 0x5f45 0x12bdb: push di 0x12bdc: imul bx, word ptr [bp + si + 0x41], 0x4472 0x12be1: mov ax, 0x3621 0x12be4: dec ah 0x12be6: int 0x21 0x12be8: mov word ptr cs:[bp + 0x1ac], bx 0x12bed: mov word ptr cs:[bp + 0x1ae], es
2018-12-25T11:40:19.799895951Z	53	PC: 12be8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:19.800908149Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:40:19.804651529Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":2,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":181,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:19.950709741Z	48	PC: 12bad \| Get DOS version
2018-12-25T11:40:19.95213518Z	42	PC: 12bbb \| Get date 0x12bbb: cmp dh, 7 0x12bbe: jne 0x12bc8 0x12bc0: cmp dl, 4 0x12bc3: jne 0x12bc8 0x12bc5: jmp 0x12f84 0x12bc8: cmp al, 2 0x12bca: jne 0x12be1 0x12bcc: cmp dl, 5 0x12bcf: jne 0x12be1 0x12bd1: jmp 0x12f84 0x12bd4: sub ax, 0x233e 0x12bd7: push sp 0x12bd8: push 0x5f45 0x12bdb: push di 0x12bdc: imul bx, word ptr [bp + si + 0x41], 0x4472 0x12be1: mov ax, 0x3621 0x12be4: dec ah 0x12be6: int 0x21 0x12be8: mov word ptr cs:[bp + 0x1ac], bx 0x12bed: mov word ptr cs:[bp + 0x1ae], es
2018-12-25T11:40:19.961673582Z	53	PC: 12be8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:19.963602859Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:40:19.969889978Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":4,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":181,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:19.996063437Z	48	PC: 12bad \| Get DOS version
2018-12-25T11:40:19.997591303Z	42	PC: 12bbb \| Get date 0x12bbb: cmp dh, 7 0x12bbe: jne 0x12bc8 0x12bc0: cmp dl, 4 0x12bc3: jne 0x12bc8 0x12bc5: jmp 0x12f84 0x12bc8: cmp al, 2 0x12bca: jne 0x12be1 0x12bcc: cmp dl, 5 0x12bcf: jne 0x12be1 0x12bd1: jmp 0x12f84 0x12bd4: sub ax, 0x233e 0x12bd7: push sp 0x12bd8: push 0x5f45 0x12bdb: push di 0x12bdc: imul bx, word ptr [bp + si + 0x41], 0x4472 0x12be1: mov ax, 0x3621 0x12be4: dec ah 0x12be6: int 0x21 0x12be8: mov word ptr cs:[bp + 0x1ac], bx 0x12bed: mov word ptr cs:[bp + 0x1ae], es
2018-12-25T11:40:20.00684479Z	76	PC: 12fc9 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":5,"Month":7,"Year":1983,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":181,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:20.075054098Z	48	PC: 12bad \| Get DOS version
2018-12-25T11:40:20.076790162Z	42	PC: 12bbb \| Get date 0x12bbb: cmp dh, 7 0x12bbe: jne 0x12bc8 0x12bc0: cmp dl, 4 0x12bc3: jne 0x12bc8 0x12bc5: jmp 0x12f84 0x12bc8: cmp al, 2 0x12bca: jne 0x12be1 0x12bcc: cmp dl, 5 0x12bcf: jne 0x12be1 0x12bd1: jmp 0x12f84 0x12bd4: sub ax, 0x233e 0x12bd7: push sp 0x12bd8: push 0x5f45 0x12bdb: push di 0x12bdc: imul bx, word ptr [bp + si + 0x41], 0x4472 0x12be1: mov ax, 0x3621 0x12be4: dec ah 0x12be6: int 0x21 0x12be8: mov word ptr cs:[bp + 0x1ac], bx 0x12bed: mov word ptr cs:[bp + 0x1ae], es
2018-12-25T11:40:20.090071766Z	76	PC: 12fc9 \| Terminate with return code (Return code = '0')