Sample viewer

vx.netlux.org/Virus.DOS.Aznar.667

Time	Syscall Op	Syscall Name
2018-12-17T22:14:33.806165191Z	202	PC: 12a56 \| UNKNOWN!
2018-12-17T22:14:33.807801282Z	42	PC: 12ad0 \| Get date 0x12ad0: cmp dx, 0x707 0x12ad4: jne 0x12b0d 0x12ad6: mov cx, 0x7d0 0x12ad9: xor dx, dx 0x12adb: mov ah, 0x2b 0x12add: int 0x21 0x12adf: mov ah, 9 0x12ae1: mov dx, 0x37d 0x12ae4: int 0x21 0x12ae6: push es 0x12ae7: push ds 0x12ae8: xor ax, ax 0x12aea: mov ds, ax 0x12aec: mov es, word ptr cs:[0x367] 0x12af1: mov ax, word ptr [0x40] 0x12af4: mov word ptr es:[0x363], ax 0x12af8: mov ax, word ptr [0x42] 0x12afb: mov word ptr es:[0x365], ax 0x12aff: mov ax, 0x21a 0x12b02: cli
2018-12-17T22:14:33.810660841Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=00002710h/0000010000d bytes. ')
2018-12-17T22:14:33.814835469Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

Time	Syscall Op	Syscall Name
2018-12-25T11:46:22.047095757Z	202	PC: 12a56 \| UNKNOWN!
2018-12-25T11:46:22.048746894Z	42	PC: 12ad0 \| Get date 0x12ad0: cmp dx, 0x707 0x12ad4: jne 0x12b0d 0x12ad6: mov cx, 0x7d0 0x12ad9: xor dx, dx 0x12adb: mov ah, 0x2b 0x12add: int 0x21 0x12adf: mov ah, 9 0x12ae1: mov dx, 0x37d 0x12ae4: int 0x21 0x12ae6: push es 0x12ae7: push ds 0x12ae8: xor ax, ax 0x12aea: mov ds, ax 0x12aec: mov es, word ptr cs:[0x367] 0x12af1: mov ax, word ptr [0x40] 0x12af4: mov word ptr es:[0x363], ax 0x12af8: mov ax, word ptr [0x42] 0x12afb: mov word ptr es:[0x365], ax 0x12aff: mov ax, 0x21a 0x12b02: cli
2018-12-25T11:46:22.051263031Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=00002710h/0000010000d bytes. ')
2018-12-25T11:46:22.056089087Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

Time	Syscall Op	Syscall Name
2018-12-25T11:46:22.143497656Z	202	PC: 12a56 \| UNKNOWN!
2018-12-25T11:46:22.145246543Z	42	PC: 12ad0 \| Get date 0x12ad0: cmp dx, 0x707 0x12ad4: jne 0x12b0d 0x12ad6: mov cx, 0x7d0 0x12ad9: xor dx, dx 0x12adb: mov ah, 0x2b 0x12add: int 0x21 0x12adf: mov ah, 9 0x12ae1: mov dx, 0x37d 0x12ae4: int 0x21 0x12ae6: push es 0x12ae7: push ds 0x12ae8: xor ax, ax 0x12aea: mov ds, ax 0x12aec: mov es, word ptr cs:[0x367] 0x12af1: mov ax, word ptr [0x40] 0x12af4: mov word ptr es:[0x363], ax 0x12af8: mov ax, word ptr [0x42] 0x12afb: mov word ptr es:[0x365], ax 0x12aff: mov ax, 0x21a 0x12b02: cli
2018-12-25T11:46:22.147329177Z	43	PC: 12adf \| Set date
2018-12-25T11:46:22.148271113Z	9	PC: 12ae6 \| Display string (String= 'VIRUS ANTI-AZNAR por JoDT VM')
2018-12-25T11:46:22.150915825Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=00002710h/0000010000d bytes. ')
2018-12-25T11:46:22.156138448Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')