Sample viewer

vx.netlux.org/Virus.DOS.Tadihno.971

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:19:54.185513165Z 75 PC: 132a8 | Execute program
2018-12-17T22:19:54.18735549Z 82 PC: 132b0 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:19:54.188754383Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-17T22:19:54.194166212Z 48 PC: 12a8f | Get DOS version
2018-12-17T22:19:54.196118003Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-17T22:19:54.208448884Z 93 PC: 12afe | File sharing functions
2018-12-17T22:19:54.210703648Z 9 PC: 12a86 | Display string (String= 'Size change=03CBh/00971d. ')
2018-12-17T22:19:54.218646247Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3438,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:13.71591343Z 75 PC: 132a8 | Execute program
2018-12-25T11:49:13.718069745Z 82 PC: 132b0 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:49:13.719672653Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T11:49:13.735969237Z 48 PC: 12a8f | Get DOS version
2018-12-25T11:49:13.741855523Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T11:49:13.754707999Z 93 PC: 12afe | File sharing functions
2018-12-25T11:49:13.757204512Z 9 PC: 12a86 | Display string (See above)
2018-12-25T11:49:13.762245585Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3438,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:13.752563579Z 75 PC: 132a8 | Execute program
2018-12-25T11:49:13.755193768Z 82 PC: 132b0 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:49:13.756580083Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T11:49:13.762129869Z 48 PC: 12a8f | Get DOS version
2018-12-25T11:49:13.76405038Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T11:49:13.770569984Z 93 PC: 12afe | File sharing functions
2018-12-25T11:49:13.772410088Z 9 PC: 12a86 | Display string (See above)
2018-12-25T11:49:13.776907172Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')