Sample viewer

vx.netlux.org/Virus.DOS.Sanga.1193

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:19:35.317005725Z	74	PC: 13c85 \| Reallocate memory
2018-12-17T22:19:35.320824218Z	72	PC: 13c8e \| Allocate memory
2018-12-17T22:19:35.322938699Z	255	PC: 14364 \| UNKNOWN!
2018-12-17T22:19:35.323740822Z	42	PC: 1436d \| Get date 0x1436d: and dl, 3 0x14370: jne 0x1437a 0x14372: mov al, 1 0x14374: mov byte ptr cs:[0x45b], al 0x14378: jmp 0x14380 0x1437a: xor al, al 0x1437c: mov byte ptr cs:[0x45b], al 0x14380: mov cx, 0x1b1 0x14383: mov bx, 0x18e 0x14386: mov al, byte ptr cs:[bx] 0x14389: xor al, 0x64 0x1438b: mov byte ptr cs:[bx], al 0x1438e: inc bx 0x1438f: loop 0x14386 0x14391: call 0x1469d 0x14394: jb 0x143b2 0x14396: push es 0x14397: pop ds 0x14398: mov ax, 0x3521 0x1439b: int 0x21
2018-12-17T22:19:35.326689488Z	88	PC: 146a2 \| case 0xGet or set allocation strateg:
2018-12-17T22:19:35.328628505Z	88	PC: 146a8 \| case 0xGet or set allocation strateg:
2018-12-17T22:19:35.330564469Z	88	PC: 146b1 \| case 0xGet or set allocation strateg:
2018-12-17T22:19:35.333429923Z	88	PC: 146b9 \| case 0xGet or set allocation strateg:
2018-12-17T22:19:35.335264833Z	72	PC: 146c0 \| Allocate memory
2018-12-17T22:19:35.336519006Z	88	PC: 146ca \| case 0xGet or set allocation strateg:
2018-12-17T22:19:35.338389373Z	88	PC: 146d2 \| case 0xGet or set allocation strateg:
2018-12-17T22:19:35.33987652Z	53	PC: 1439d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:19:35.340904993Z	37	PC: 143af \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:19:35.342696917Z	73	PC: 13cbd \| Release memory
2018-12-17T22:19:35.344293131Z	74	PC: 13ccb \| Reallocate memory
2018-12-17T22:19:35.345943749Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=00001401h/0000005121d bytes. ')
2018-12-17T22:19:35.349827781Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3382,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:59.998319741Z	74	PC: 13c85 \| Reallocate memory
2018-12-25T11:49:00.000090893Z	72	PC: 13c8e \| Allocate memory
2018-12-25T11:49:00.002090224Z	255	PC: 14364 \| UNKNOWN!
2018-12-25T11:49:00.002713337Z	42	PC: 1436d \| Get date 0x1436d: and dl, 3 0x14370: jne 0x1437a 0x14372: mov al, 1 0x14374: mov byte ptr cs:[0x45b], al 0x14378: jmp 0x14380 0x1437a: xor al, al 0x1437c: mov byte ptr cs:[0x45b], al 0x14380: mov cx, 0x1b1 0x14383: mov bx, 0x18e 0x14386: mov al, byte ptr cs:[bx] 0x14389: xor al, 0x64 0x1438b: mov byte ptr cs:[bx], al 0x1438e: inc bx 0x1438f: loop 0x14386 0x14391: call 0x1469d 0x14394: jb 0x143b2 0x14396: push es 0x14397: pop ds 0x14398: mov ax, 0x3521 0x1439b: int 0x21
2018-12-25T11:49:00.00534287Z	88	PC: 146a2 \| case 0xGet or set allocation strateg:
2018-12-25T11:49:00.006391411Z	88	PC: 146a8 \| case 0xGet or set allocation strateg:
2018-12-25T11:49:00.007354531Z	88	PC: 146b1 \| case 0xGet or set allocation strateg:
2018-12-25T11:49:00.008841246Z	88	PC: 146b9 \| case 0xGet or set allocation strateg:
2018-12-25T11:49:00.009999731Z	72	PC: 146c0 \| Allocate memory
2018-12-25T11:49:00.011309718Z	88	PC: 146ca \| case 0xGet or set allocation strateg:
2018-12-25T11:49:00.012504026Z	88	PC: 146d2 \| case 0xGet or set allocation strateg:
2018-12-25T11:49:00.013908427Z	53	PC: 1439d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:49:00.014873854Z	37	PC: 143af \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:49:00.015895802Z	73	PC: 13cbd \| Release memory
2018-12-25T11:49:00.017097312Z	74	PC: 13ccb \| Reallocate memory
2018-12-25T11:49:00.018601892Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=00001401h/0000005121d bytes. ')
2018-12-25T11:49:00.024520174Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3382,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:49:00.071216942Z	74	PC: 13c85 \| Reallocate memory
2018-12-25T11:49:00.073541696Z	72	PC: 13c8e \| Allocate memory
2018-12-25T11:49:00.075418005Z	255	PC: 14364 \| UNKNOWN!
2018-12-25T11:49:00.076174178Z	42	PC: 1436d \| Get date 0x1436d: and dl, 3 0x14370: jne 0x1437a 0x14372: mov al, 1 0x14374: mov byte ptr cs:[0x45b], al 0x14378: jmp 0x14380 0x1437a: xor al, al 0x1437c: mov byte ptr cs:[0x45b], al 0x14380: mov cx, 0x1b1 0x14383: mov bx, 0x18e 0x14386: mov al, byte ptr cs:[bx] 0x14389: xor al, 0x64 0x1438b: mov byte ptr cs:[bx], al 0x1438e: inc bx 0x1438f: loop 0x14386 0x14391: call 0x1469d 0x14394: jb 0x143b2 0x14396: push es 0x14397: pop ds 0x14398: mov ax, 0x3521 0x1439b: int 0x21
2018-12-25T11:49:00.078624192Z	88	PC: 146a2 \| case 0xGet or set allocation strateg:
2018-12-25T11:49:00.0797345Z	88	PC: 146a8 \| case 0xGet or set allocation strateg:
2018-12-25T11:49:00.080818686Z	88	PC: 146b1 \| case 0xGet or set allocation strateg:
2018-12-25T11:49:00.082317278Z	88	PC: 146b9 \| case 0xGet or set allocation strateg:
2018-12-25T11:49:00.083771552Z	72	PC: 146c0 \| Allocate memory
2018-12-25T11:49:00.085273256Z	88	PC: 146ca \| case 0xGet or set allocation strateg:
2018-12-25T11:49:00.086410535Z	88	PC: 146d2 \| case 0xGet or set allocation strateg:
2018-12-25T11:49:00.088396518Z	53	PC: 1439d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:49:00.089604252Z	37	PC: 143af \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:49:00.090801089Z	73	PC: 13cbd \| Release memory
2018-12-25T11:49:00.092664431Z	74	PC: 13ccb \| Reallocate memory
2018-12-25T11:49:00.094695866Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=00001401h/0000005121d bytes. ')
2018-12-25T11:49:00.100727013Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')