Sample viewer

vx.netlux.org/Virus.DOS.Bony.1365

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:09:21.168013596Z 11 PC: 17c2e | Get input status
2018-12-17T22:09:21.172865493Z 42 PC: 18024 | Get date 0x18024: cmp dh, 0xb
0x18027: jb 0x1802b
0x18029: mov dh, 0
0x1802b: inc dh
0x1802d: inc dh
0x1802f: mov byte ptr cs:[bp + 0x5c5], dh
0x18034: mov byte ptr cs:[bp + 0x5d8], 0
0x1803a: ret
0x1803b: xor di, di
0x1803d: xor bx, word ptr es:[di]
0x18040: inc di
0x18041: inc di
0x18042: loop 0x1803d
0x18044: ret
0x18045: dec word ptr cs:[0x62d]
0x1804a: jmp 0x1805f
0x1804c: mov word ptr cs:[0x5d2], 0
0x18053: mov word ptr cs:[0x5d4], 0xffff
0x1805a: ljmp ptr cs:[0x5d2]
0x1805f: ljmp ptr cs:[0x5d2]
2018-12-17T22:09:21.175086881Z 202 PC: 17c8e | UNKNOWN!
2018-12-17T22:09:21.175934236Z 250 PC: 1806d | UNKNOWN!
2018-12-17T22:09:21.17812185Z 53 PC: 17ca1 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:09:21.179483157Z 53 PC: 17cb0 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:09:21.180792096Z 74 PC: 17cd3 | Reallocate memory
2018-12-17T22:09:21.18302527Z 72 PC: 17cde | Allocate memory
2018-12-17T22:09:21.185429752Z 37 PC: 17d04 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:09:21.186993546Z 9 PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000053DDh/0000021469d bytes. ')
2018-12-17T22:09:21.191475557Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2161,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:01.650144428Z 11 PC: 17c2e | Get input status
2018-12-25T11:45:01.655570156Z 42 PC: 18024 | Get date 0x18024: cmp dh, 0xb
0x18027: jb 0x1802b
0x18029: mov dh, 0
0x1802b: inc dh
0x1802d: inc dh
0x1802f: mov byte ptr cs:[bp + 0x5c5], dh
0x18034: mov byte ptr cs:[bp + 0x5d8], 0
0x1803a: ret
0x1803b: xor di, di
0x1803d: xor bx, word ptr es:[di]
0x18040: inc di
0x18041: inc di
0x18042: loop 0x1803d
0x18044: ret
0x18045: dec word ptr cs:[0x62d]
0x1804a: jmp 0x1805f
0x1804c: mov word ptr cs:[0x5d2], 0
0x18053: mov word ptr cs:[0x5d4], 0xffff
0x1805a: ljmp ptr cs:[0x5d2]
0x1805f: ljmp ptr cs:[0x5d2]
2018-12-25T11:45:01.658056522Z 202 PC: 17c8e | UNKNOWN!
2018-12-25T11:45:01.658950368Z 250 PC: 1806d | UNKNOWN!
2018-12-25T11:45:01.660444656Z 53 PC: 17ca1 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:01.661921499Z 53 PC: 17cb0 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:45:01.663177477Z 74 PC: 17cd3 | Reallocate memory
2018-12-25T11:45:01.665228819Z 72 PC: 17cde | Allocate memory
2018-12-25T11:45:01.667093433Z 37 PC: 17d04 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:01.668521073Z 9 PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000053DDh/0000021469d bytes. ')
2018-12-25T11:45:01.675073297Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2161,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:02.256825896Z 11 PC: 17c2e | Get input status
2018-12-25T11:45:02.261523827Z 42 PC: 18024 | Get date 0x18024: cmp dh, 0xb
0x18027: jb 0x1802b
0x18029: mov dh, 0
0x1802b: inc dh
0x1802d: inc dh
0x1802f: mov byte ptr cs:[bp + 0x5c5], dh
0x18034: mov byte ptr cs:[bp + 0x5d8], 0
0x1803a: ret
0x1803b: xor di, di
0x1803d: xor bx, word ptr es:[di]
0x18040: inc di
0x18041: inc di
0x18042: loop 0x1803d
0x18044: ret
0x18045: dec word ptr cs:[0x62d]
0x1804a: jmp 0x1805f
0x1804c: mov word ptr cs:[0x5d2], 0
0x18053: mov word ptr cs:[0x5d4], 0xffff
0x1805a: ljmp ptr cs:[0x5d2]
0x1805f: ljmp ptr cs:[0x5d2]
2018-12-25T11:45:02.263882345Z 202 PC: 17c8e | UNKNOWN!
2018-12-25T11:45:02.264698014Z 250 PC: 1806d | UNKNOWN!
2018-12-25T11:45:02.265792494Z 53 PC: 17ca1 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:02.266783022Z 53 PC: 17cb0 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:45:02.267799093Z 74 PC: 17cd3 | Reallocate memory
2018-12-25T11:45:02.269786974Z 72 PC: 17cde | Allocate memory
2018-12-25T11:45:02.271265592Z 37 PC: 17d04 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:02.272331592Z 9 PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000053DDh/0000021469d bytes. ')
2018-12-25T11:45:02.277872201Z 76 PC: 12a86 | Terminate with return code (Return code = '36')