Sample viewer

vx.netlux.org/Virus.DOS.KOV.Eddy.1567

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:15:29.080870407Z	42	PC: 12f94 \| Get date 0x12f94: cmp cx, 0x7cb 0x12f98: jne 0x12fa4 0x12f9a: cmp dh, 4 0x12f9d: ja 0x12fa4 0x12f9f: cmp dl, 0xf 0x12fa2: jb 0x12fed 0x12fa4: mov al, 0xff 0x12fa6: mov ah, 0xf 0x12fa8: xchg al, ah 0x12faa: nop 0x12fab: int 0x21 0x12fad: cmp ax, 0x101 0x12fb0: jne 0x12fb6 0x12fb2: call 0x12ff1 0x12fb5: nop 0x12fb6: mov ax, 0x3521 0x12fb9: nop 0x12fba: int 0x21 0x12fbc: cmp word ptr es:[0xa], 0x4254 0x12fc3: jne 0x12fd1
2018-12-17T22:15:29.083721152Z	255	PC: 12fad \| UNKNOWN!
2018-12-17T22:15:29.085328688Z	53	PC: 12fbc \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:15:29.086889259Z	240	PC: 12feb \| UNKNOWN!
2018-12-17T22:15:29.1060794Z	44	PC: 12ee9 \| Get time 0x12ee9: cmp cl, 6 0x12eec: jne 0x12f23 0x12eee: mov ax, 0xb800 0x12ef1: mov es, ax 0x12ef3: mov cx, 0x30 0x12ef6: push cx 0x12ef7: mov cx, 0x7c0 0x12efa: xor si, si 0x12efc: mov ah, byte ptr es:[si] 0x12eff: cmp ah, 0x77 0x12f02: jb 0x12f11 0x12f04: dec ah 0x12f06: mov byte ptr es:[si], ah 0x12f09: mov byte ptr es:[si + 1], 0x79 0x12f0e: jmp 0x12f1b 0x12f10: nop 0x12f11: inc ah 0x12f13: mov byte ptr es:[si], ah 0x12f16: mov byte ptr es:[si + 1], 0x8f 0x12f1b: inc si
2018-12-17T22:15:29.109421756Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00002774h/0000010100d bytes. ')
2018-12-17T22:15:29.115295388Z	48	PC: 12a8f \| Get DOS version
2018-12-17T22:15:29.11744863Z	47	PC: 9f699 \| Get disk transfer address
2018-12-17T22:15:29.119553634Z	26	PC: 9f699 \| Set disk transfer address
2018-12-17T22:15:29.121554793Z	78	PC: 9f699 \| Find first file
2018-12-17T22:15:29.128713861Z	79	PC: 9f699 \| Find next file
2018-12-17T22:15:29.138164165Z	79	PC: 9f699 \| Find next file
2018-12-17T22:15:29.14082475Z	79	PC: 9f699 \| Find next file
2018-12-17T22:15:29.143950845Z	79	PC: 9f699 \| Find next file
2018-12-17T22:15:29.146927974Z	79	PC: 9f699 \| Find next file
2018-12-17T22:15:29.149722321Z	79	PC: 9f699 \| Find next file
2018-12-17T22:15:29.152726915Z	79	PC: 9f699 \| Find next file
2018-12-17T22:15:29.156104663Z	79	PC: 9f699 \| Find next file
2018-12-17T22:15:29.158671588Z	79	PC: 9f699 \| Find next file
2018-12-17T22:15:29.160878168Z	26	PC: 9f727 \| Set disk transfer address
2018-12-17T22:15:29.162677058Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-17T22:15:29.169985058Z	93	PC: 12afe \| File sharing functions
2018-12-17T22:15:29.172143155Z	9	PC: 12a86 \| Display string (String= 'Size change=061Fh/01567d. ')
2018-12-17T22:15:29.176810026Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2835,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:22.312711991Z	42	PC: 12f94 \| Get date 0x12f94: cmp cx, 0x7cb 0x12f98: jne 0x12fa4 0x12f9a: cmp dh, 4 0x12f9d: ja 0x12fa4 0x12f9f: cmp dl, 0xf 0x12fa2: jb 0x12fed 0x12fa4: mov al, 0xff 0x12fa6: mov ah, 0xf 0x12fa8: xchg al, ah 0x12faa: nop 0x12fab: int 0x21 0x12fad: cmp ax, 0x101 0x12fb0: jne 0x12fb6 0x12fb2: call 0x12ff1 0x12fb5: nop 0x12fb6: mov ax, 0x3521 0x12fb9: nop 0x12fba: int 0x21 0x12fbc: cmp word ptr es:[0xa], 0x4254 0x12fc3: jne 0x12fd1
2018-12-25T11:47:22.315923128Z	255	PC: 12fad \| UNKNOWN!
2018-12-25T11:47:22.317200178Z	53	PC: 12fbc \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:22.318608048Z	240	PC: 12feb \| UNKNOWN!
2018-12-25T11:47:22.320834855Z	44	PC: 12ee9 \| Get time 0x12ee9: cmp cl, 6 0x12eec: jne 0x12f23 0x12eee: mov ax, 0xb800 0x12ef1: mov es, ax 0x12ef3: mov cx, 0x30 0x12ef6: push cx 0x12ef7: mov cx, 0x7c0 0x12efa: xor si, si 0x12efc: mov ah, byte ptr es:[si] 0x12eff: cmp ah, 0x77 0x12f02: jb 0x12f11 0x12f04: dec ah 0x12f06: mov byte ptr es:[si], ah 0x12f09: mov byte ptr es:[si + 1], 0x79 0x12f0e: jmp 0x12f1b 0x12f10: nop 0x12f11: inc ah 0x12f13: mov byte ptr es:[si], ah 0x12f16: mov byte ptr es:[si + 1], 0x8f 0x12f1b: inc si
2018-12-25T11:47:22.323999386Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00002774h/0000010100d bytes. ')
2018-12-25T11:47:22.329281309Z	48	PC: 12a8f \| Get DOS version
2018-12-25T11:47:22.330880014Z	47	PC: 9f699 \| Get disk transfer address
2018-12-25T11:47:22.332329633Z	26	PC: 9f699 \| Set disk transfer address (See above)
2018-12-25T11:47:22.33367223Z	78	PC: 9f699 \| Find first file (See above)
2018-12-25T11:47:22.341393442Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.344107552Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.346843483Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.34954863Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.353017578Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.35642153Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.359718118Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.374395449Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.377550205Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.379833996Z	26	PC: 9f727 \| Set disk transfer address
2018-12-25T11:47:22.38097278Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T11:47:22.393595288Z	93	PC: 12afe \| File sharing functions
2018-12-25T11:47:22.39552905Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T11:47:22.400027058Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2835,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:22.437087211Z	42	PC: 12f94 \| Get date 0x12f94: cmp cx, 0x7cb 0x12f98: jne 0x12fa4 0x12f9a: cmp dh, 4 0x12f9d: ja 0x12fa4 0x12f9f: cmp dl, 0xf 0x12fa2: jb 0x12fed 0x12fa4: mov al, 0xff 0x12fa6: mov ah, 0xf 0x12fa8: xchg al, ah 0x12faa: nop 0x12fab: int 0x21 0x12fad: cmp ax, 0x101 0x12fb0: jne 0x12fb6 0x12fb2: call 0x12ff1 0x12fb5: nop 0x12fb6: mov ax, 0x3521 0x12fb9: nop 0x12fba: int 0x21 0x12fbc: cmp word ptr es:[0xa], 0x4254 0x12fc3: jne 0x12fd1
2018-12-25T11:47:22.440256518Z	255	PC: 12fad \| UNKNOWN!
2018-12-25T11:47:22.441021947Z	53	PC: 12fbc \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:22.442175879Z	240	PC: 12feb \| UNKNOWN!
2018-12-25T11:47:22.444141056Z	44	PC: 12ee9 \| Get time 0x12ee9: cmp cl, 6 0x12eec: jne 0x12f23 0x12eee: mov ax, 0xb800 0x12ef1: mov es, ax 0x12ef3: mov cx, 0x30 0x12ef6: push cx 0x12ef7: mov cx, 0x7c0 0x12efa: xor si, si 0x12efc: mov ah, byte ptr es:[si] 0x12eff: cmp ah, 0x77 0x12f02: jb 0x12f11 0x12f04: dec ah 0x12f06: mov byte ptr es:[si], ah 0x12f09: mov byte ptr es:[si + 1], 0x79 0x12f0e: jmp 0x12f1b 0x12f10: nop 0x12f11: inc ah 0x12f13: mov byte ptr es:[si], ah 0x12f16: mov byte ptr es:[si + 1], 0x8f 0x12f1b: inc si
2018-12-25T11:47:22.447346452Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00002774h/0000010100d bytes. ')
2018-12-25T11:47:22.452997586Z	48	PC: 12a8f \| Get DOS version
2018-12-25T11:47:22.454518062Z	47	PC: 9f699 \| Get disk transfer address
2018-12-25T11:47:22.456319696Z	26	PC: 9f699 \| Set disk transfer address (See above)
2018-12-25T11:47:22.457486926Z	78	PC: 9f699 \| Find first file (See above)
2018-12-25T11:47:22.463460207Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.46747268Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.470813657Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.473406555Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.478377735Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.481377187Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.484053489Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.487291045Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.490327767Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.492854885Z	26	PC: 9f727 \| Set disk transfer address
2018-12-25T11:47:22.495199627Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T11:47:22.502164345Z	93	PC: 12afe \| File sharing functions
2018-12-25T11:47:22.504033493Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T11:47:22.509481464Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":6,"Second":0,"TimeBased":true,"OriginalID":2835,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:22.611664009Z	42	PC: 12f94 \| Get date 0x12f94: cmp cx, 0x7cb 0x12f98: jne 0x12fa4 0x12f9a: cmp dh, 4 0x12f9d: ja 0x12fa4 0x12f9f: cmp dl, 0xf 0x12fa2: jb 0x12fed 0x12fa4: mov al, 0xff 0x12fa6: mov ah, 0xf 0x12fa8: xchg al, ah 0x12faa: nop 0x12fab: int 0x21 0x12fad: cmp ax, 0x101 0x12fb0: jne 0x12fb6 0x12fb2: call 0x12ff1 0x12fb5: nop 0x12fb6: mov ax, 0x3521 0x12fb9: nop 0x12fba: int 0x21 0x12fbc: cmp word ptr es:[0xa], 0x4254 0x12fc3: jne 0x12fd1
2018-12-25T11:47:22.615634999Z	255	PC: 12fad \| UNKNOWN!
2018-12-25T11:47:22.616888433Z	53	PC: 12fbc \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:22.618586192Z	240	PC: 12feb \| UNKNOWN!
2018-12-25T11:47:22.620917124Z	44	PC: 12ee9 \| Get time 0x12ee9: cmp cl, 6 0x12eec: jne 0x12f23 0x12eee: mov ax, 0xb800 0x12ef1: mov es, ax 0x12ef3: mov cx, 0x30 0x12ef6: push cx 0x12ef7: mov cx, 0x7c0 0x12efa: xor si, si 0x12efc: mov ah, byte ptr es:[si] 0x12eff: cmp ah, 0x77 0x12f02: jb 0x12f11 0x12f04: dec ah 0x12f06: mov byte ptr es:[si], ah 0x12f09: mov byte ptr es:[si + 1], 0x79 0x12f0e: jmp 0x12f1b 0x12f10: nop 0x12f11: inc ah 0x12f13: mov byte ptr es:[si], ah 0x12f16: mov byte ptr es:[si + 1], 0x8f 0x12f1b: inc si
2018-12-25T11:47:22.687459398Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00002774h/0000010100d bytes. ')
2018-12-25T11:47:22.69414295Z	48	PC: 12a8f \| Get DOS version
2018-12-25T11:47:22.696263534Z	47	PC: 9f699 \| Get disk transfer address
2018-12-25T11:47:22.698010306Z	26	PC: 9f699 \| Set disk transfer address (See above)
2018-12-25T11:47:22.699272605Z	78	PC: 9f699 \| Find first file (See above)
2018-12-25T11:47:22.705361851Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.708557288Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.710451718Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.712802501Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.717350399Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.72004501Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.722947441Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.733231149Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.736924179Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.740148008Z	26	PC: 9f727 \| Set disk transfer address
2018-12-25T11:47:22.742105652Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T11:47:22.75033983Z	93	PC: 12afe \| File sharing functions
2018-12-25T11:47:22.752397766Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T11:47:22.758076552Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":6,"Second":0,"TimeBased":true,"OriginalID":2835,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:22.645472724Z	42	PC: 12f94 \| Get date 0x12f94: cmp cx, 0x7cb 0x12f98: jne 0x12fa4 0x12f9a: cmp dh, 4 0x12f9d: ja 0x12fa4 0x12f9f: cmp dl, 0xf 0x12fa2: jb 0x12fed 0x12fa4: mov al, 0xff 0x12fa6: mov ah, 0xf 0x12fa8: xchg al, ah 0x12faa: nop 0x12fab: int 0x21 0x12fad: cmp ax, 0x101 0x12fb0: jne 0x12fb6 0x12fb2: call 0x12ff1 0x12fb5: nop 0x12fb6: mov ax, 0x3521 0x12fb9: nop 0x12fba: int 0x21 0x12fbc: cmp word ptr es:[0xa], 0x4254 0x12fc3: jne 0x12fd1
2018-12-25T11:47:22.648144818Z	255	PC: 12fad \| UNKNOWN!
2018-12-25T11:47:22.649842647Z	53	PC: 12fbc \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:22.651568223Z	240	PC: 12feb \| UNKNOWN!
2018-12-25T11:47:22.653130459Z	44	PC: 12ee9 \| Get time 0x12ee9: cmp cl, 6 0x12eec: jne 0x12f23 0x12eee: mov ax, 0xb800 0x12ef1: mov es, ax 0x12ef3: mov cx, 0x30 0x12ef6: push cx 0x12ef7: mov cx, 0x7c0 0x12efa: xor si, si 0x12efc: mov ah, byte ptr es:[si] 0x12eff: cmp ah, 0x77 0x12f02: jb 0x12f11 0x12f04: dec ah 0x12f06: mov byte ptr es:[si], ah 0x12f09: mov byte ptr es:[si + 1], 0x79 0x12f0e: jmp 0x12f1b 0x12f10: nop 0x12f11: inc ah 0x12f13: mov byte ptr es:[si], ah 0x12f16: mov byte ptr es:[si + 1], 0x8f 0x12f1b: inc si
2018-12-25T11:47:22.712383484Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00002774h/0000010100d bytes. ')
2018-12-25T11:47:22.720981038Z	48	PC: 12a8f \| Get DOS version
2018-12-25T11:47:22.722889117Z	47	PC: 9f699 \| Get disk transfer address
2018-12-25T11:47:22.725161843Z	26	PC: 9f699 \| Set disk transfer address (See above)
2018-12-25T11:47:22.726748707Z	78	PC: 9f699 \| Find first file (See above)
2018-12-25T11:47:22.731342085Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.734323337Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.736242589Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.738305307Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.741302049Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.744401993Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.747251799Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.750994887Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.754158911Z	79	PC: 9f699 \| Find next file (See above)
2018-12-25T11:47:22.757007794Z	26	PC: 9f727 \| Set disk transfer address
2018-12-25T11:47:22.758758377Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T11:47:22.767429736Z	93	PC: 12afe \| File sharing functions
2018-12-25T11:47:22.769719454Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T11:47:22.774332518Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')