Sample viewer

vx.netlux.org/Virus.DOS.Spirit.1710

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:53:17.367257055Z 42 PC: 12a44 | Get date 0x12a44: cmp dh, 7
0x12a47: jb 0x12a69
0x12a49: mov ah, 0x2c
0x12a4b: int 0x21
0x12a4d: cmp ch, 0xb
0x12a50: jne 0x12a69
0x12a52: cmp cl, 0x10
0x12a55: jne 0x12a69
0x12a57: mov ax, 0x303
0x12a5a: xor bx, bx
0x12a5c: push bx
0x12a5d: pop es
0x12a5e: mov dx, 0x80
0x12a61: mov cx, 0xf
0x12a64: int 0x13
0x12a66: cli
0x12a67: jmp 0x12a66
0x12a69: mov ax, 0x7a77
0x12a6c: mov bx, 0x4553
0x12a6f: int 0x21
2018-12-17T21:53:17.376611756Z 44 PC: 12a4d | Get time 0x12a4d: cmp ch, 0xb
0x12a50: jne 0x12a69
0x12a52: cmp cl, 0x10
0x12a55: jne 0x12a69
0x12a57: mov ax, 0x303
0x12a5a: xor bx, bx
0x12a5c: push bx
0x12a5d: pop es
0x12a5e: mov dx, 0x80
0x12a61: mov cx, 0xf
0x12a64: int 0x13
0x12a66: cli
0x12a67: jmp 0x12a66
0x12a69: mov ax, 0x7a77
0x12a6c: mov bx, 0x4553
0x12a6f: int 0x21
0x12a71: cmp ax, 0x4553
0x12a74: jne 0x12a79
0x12a76: jmp 0x12c39
0x12a79: mov ax, es
2018-12-17T21:53:17.379124896Z 122 PC: 12a71 | UNKNOWN!
2018-12-17T21:53:17.380772192Z 72 PC: 12aa5 | Allocate memory
2018-12-17T21:53:17.384143514Z 42 PC: 12a44 | Get date 0x12a44: cmp dh, 7
0x12a47: jb 0x12a69
0x12a49: mov ah, 0x2c
0x12a4b: int 0x21
0x12a4d: cmp ch, 0xb
0x12a50: jne 0x12a69
0x12a52: cmp cl, 0x10
0x12a55: jne 0x12a69
0x12a57: mov ax, 0x303
0x12a5a: xor bx, bx
0x12a5c: push bx
0x12a5d: pop es
0x12a5e: mov dx, 0x80
0x12a61: mov cx, 0xf
0x12a64: int 0x13
0x12a66: cli
0x12a67: jmp 0x12a66
0x12a69: mov ax, 0x7a77
0x12a6c: mov bx, 0x4553
0x12a6f: int 0x21
2018-12-17T21:53:17.386219427Z 44 PC: 12a4d | Get time 0x12a4d: cmp ch, 0xb
0x12a50: jne 0x12a69
0x12a52: cmp cl, 0x10
0x12a55: jne 0x12a69
0x12a57: mov ax, 0x303
0x12a5a: xor bx, bx
0x12a5c: push bx
0x12a5d: pop es
0x12a5e: mov dx, 0x80
0x12a61: mov cx, 0xf
0x12a64: int 0x13
0x12a66: cli
0x12a67: jmp 0x12a66
0x12a69: mov ax, 0x7a77
0x12a6c: mov bx, 0x4553
0x12a6f: int 0x21
0x12a71: cmp ax, 0x4553
0x12a74: jne 0x12a79
0x12a76: jmp 0x12c39
0x12a79: mov ax, es
2018-12-17T21:53:17.388140705Z 122 PC: 12a71 | UNKNOWN!
2018-12-17T21:53:17.403233726Z 72 PC: 12aa5 | Allocate memory
2018-12-17T21:53:17.405672779Z 9 PC: 1514b | Display string (String= 'Generic triage goat. ')
2018-12-17T21:53:17.409536535Z 76 PC: 15150 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":350,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:49.7309621Z 42 PC: 12a44 | Get date 0x12a44: cmp dh, 7
0x12a47: jb 0x12a69
0x12a49: mov ah, 0x2c
0x12a4b: int 0x21
0x12a4d: cmp ch, 0xb
0x12a50: jne 0x12a69
0x12a52: cmp cl, 0x10
0x12a55: jne 0x12a69
0x12a57: mov ax, 0x303
0x12a5a: xor bx, bx
0x12a5c: push bx
0x12a5d: pop es
0x12a5e: mov dx, 0x80
0x12a61: mov cx, 0xf
0x12a64: int 0x13
0x12a66: cli
0x12a67: jmp 0x12a66
0x12a69: mov ax, 0x7a77
0x12a6c: mov bx, 0x4553
0x12a6f: int 0x21
2018-12-25T11:40:49.73429722Z 122 PC: 12a71 | UNKNOWN!
2018-12-25T11:40:49.735293419Z 72 PC: 12aa5 | Allocate memory
2018-12-25T11:40:49.737401195Z 42 PC: 12a44 | Get date (See above)
2018-12-25T11:40:49.740227857Z 122 PC: 12a71 | UNKNOWN! (See above)
2018-12-25T11:40:49.741136929Z 72 PC: 12aa5 | Allocate memory (See above)
2018-12-25T11:40:49.743680388Z 9 PC: 1514b | Display string (String= 'Generic triage goat. ')
2018-12-25T11:40:49.749630498Z 76 PC: 15150 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":350,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:49.970935469Z 42 PC: 12a44 | Get date 0x12a44: cmp dh, 7
0x12a47: jb 0x12a69
0x12a49: mov ah, 0x2c
0x12a4b: int 0x21
0x12a4d: cmp ch, 0xb
0x12a50: jne 0x12a69
0x12a52: cmp cl, 0x10
0x12a55: jne 0x12a69
0x12a57: mov ax, 0x303
0x12a5a: xor bx, bx
0x12a5c: push bx
0x12a5d: pop es
0x12a5e: mov dx, 0x80
0x12a61: mov cx, 0xf
0x12a64: int 0x13
0x12a66: cli
0x12a67: jmp 0x12a66
0x12a69: mov ax, 0x7a77
0x12a6c: mov bx, 0x4553
0x12a6f: int 0x21
2018-12-25T11:40:49.988245279Z 122 PC: 12a71 | UNKNOWN!
2018-12-25T11:40:49.989112464Z 72 PC: 12aa5 | Allocate memory
2018-12-25T11:40:49.991108021Z 42 PC: 12a44 | Get date (See above)
2018-12-25T11:40:49.993741595Z 122 PC: 12a71 | UNKNOWN! (See above)
2018-12-25T11:40:49.994672397Z 72 PC: 12aa5 | Allocate memory (See above)
2018-12-25T11:40:49.996810103Z 9 PC: 1514b | Display string (String= 'Generic triage goat. ')
2018-12-25T11:40:50.001454886Z 76 PC: 15150 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":350,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:50.041976271Z 42 PC: 12a44 | Get date 0x12a44: cmp dh, 7
0x12a47: jb 0x12a69
0x12a49: mov ah, 0x2c
0x12a4b: int 0x21
0x12a4d: cmp ch, 0xb
0x12a50: jne 0x12a69
0x12a52: cmp cl, 0x10
0x12a55: jne 0x12a69
0x12a57: mov ax, 0x303
0x12a5a: xor bx, bx
0x12a5c: push bx
0x12a5d: pop es
0x12a5e: mov dx, 0x80
0x12a61: mov cx, 0xf
0x12a64: int 0x13
0x12a66: cli
0x12a67: jmp 0x12a66
0x12a69: mov ax, 0x7a77
0x12a6c: mov bx, 0x4553
0x12a6f: int 0x21
2018-12-25T11:40:50.045070526Z 122 PC: 12a71 | UNKNOWN!
2018-12-25T11:40:50.046200647Z 72 PC: 12aa5 | Allocate memory
2018-12-25T11:40:50.048599328Z 42 PC: 12a44 | Get date (See above)
2018-12-25T11:40:50.05178503Z 122 PC: 12a71 | UNKNOWN! (See above)
2018-12-25T11:40:50.05285511Z 72 PC: 12aa5 | Allocate memory (See above)
2018-12-25T11:40:50.055126328Z 9 PC: 1514b | Display string (String= 'Generic triage goat. ')
2018-12-25T11:40:50.060386443Z 76 PC: 15150 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":11,"Min":0,"Second":0,"TimeBased":true,"OriginalID":350,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:50.079435127Z 42 PC: 12a44 | Get date 0x12a44: cmp dh, 7
0x12a47: jb 0x12a69
0x12a49: mov ah, 0x2c
0x12a4b: int 0x21
0x12a4d: cmp ch, 0xb
0x12a50: jne 0x12a69
0x12a52: cmp cl, 0x10
0x12a55: jne 0x12a69
0x12a57: mov ax, 0x303
0x12a5a: xor bx, bx
0x12a5c: push bx
0x12a5d: pop es
0x12a5e: mov dx, 0x80
0x12a61: mov cx, 0xf
0x12a64: int 0x13
0x12a66: cli
0x12a67: jmp 0x12a66
0x12a69: mov ax, 0x7a77
0x12a6c: mov bx, 0x4553
0x12a6f: int 0x21
2018-12-25T11:40:50.08309874Z 122 PC: 12a71 | UNKNOWN!
2018-12-25T11:40:50.084306443Z 72 PC: 12aa5 | Allocate memory
2018-12-25T11:40:50.086562884Z 42 PC: 12a44 | Get date (See above)
2018-12-25T11:40:50.089302858Z 122 PC: 12a71 | UNKNOWN! (See above)
2018-12-25T11:40:50.091038688Z 72 PC: 12aa5 | Allocate memory (See above)
2018-12-25T11:40:50.093235583Z 9 PC: 1514b | Display string (String= 'Generic triage goat. ')
2018-12-25T11:40:50.09772505Z 76 PC: 15150 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":11,"Min":0,"Second":0,"TimeBased":true,"OriginalID":350,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:50.617903405Z 42 PC: 12a44 | Get date 0x12a44: cmp dh, 7
0x12a47: jb 0x12a69
0x12a49: mov ah, 0x2c
0x12a4b: int 0x21
0x12a4d: cmp ch, 0xb
0x12a50: jne 0x12a69
0x12a52: cmp cl, 0x10
0x12a55: jne 0x12a69
0x12a57: mov ax, 0x303
0x12a5a: xor bx, bx
0x12a5c: push bx
0x12a5d: pop es
0x12a5e: mov dx, 0x80
0x12a61: mov cx, 0xf
0x12a64: int 0x13
0x12a66: cli
0x12a67: jmp 0x12a66
0x12a69: mov ax, 0x7a77
0x12a6c: mov bx, 0x4553
0x12a6f: int 0x21
2018-12-25T11:40:50.620581028Z 122 PC: 12a71 | UNKNOWN!
2018-12-25T11:40:50.621727971Z 72 PC: 12aa5 | Allocate memory
2018-12-25T11:40:50.624305037Z 42 PC: 12a44 | Get date (See above)
2018-12-25T11:40:50.629561015Z 122 PC: 12a71 | UNKNOWN! (See above)
2018-12-25T11:40:50.63039546Z 72 PC: 12aa5 | Allocate memory (See above)
2018-12-25T11:40:50.632454889Z 9 PC: 1514b | Display string (String= 'Generic triage goat. ')
2018-12-25T11:40:50.637464596Z 76 PC: 15150 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":11,"Min":0,"Second":0,"TimeBased":true,"OriginalID":350,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:50.714722842Z 42 PC: 12a44 | Get date 0x12a44: cmp dh, 7
0x12a47: jb 0x12a69
0x12a49: mov ah, 0x2c
0x12a4b: int 0x21
0x12a4d: cmp ch, 0xb
0x12a50: jne 0x12a69
0x12a52: cmp cl, 0x10
0x12a55: jne 0x12a69
0x12a57: mov ax, 0x303
0x12a5a: xor bx, bx
0x12a5c: push bx
0x12a5d: pop es
0x12a5e: mov dx, 0x80
0x12a61: mov cx, 0xf
0x12a64: int 0x13
0x12a66: cli
0x12a67: jmp 0x12a66
0x12a69: mov ax, 0x7a77
0x12a6c: mov bx, 0x4553
0x12a6f: int 0x21
2018-12-25T11:40:50.717845005Z 122 PC: 12a71 | UNKNOWN!
2018-12-25T11:40:50.718782382Z 72 PC: 12aa5 | Allocate memory
2018-12-25T11:40:50.721258772Z 42 PC: 12a44 | Get date (See above)
2018-12-25T11:40:50.725143055Z 122 PC: 12a71 | UNKNOWN! (See above)
2018-12-25T11:40:50.726462967Z 72 PC: 12aa5 | Allocate memory (See above)
2018-12-25T11:40:50.729050886Z 9 PC: 1514b | Display string (String= 'Generic triage goat. ')
2018-12-25T11:40:50.736283153Z 76 PC: 15150 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":11,"Min":16,"Second":0,"TimeBased":true,"OriginalID":350,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:50.839285565Z 42 PC: 12a44 | Get date 0x12a44: cmp dh, 7
0x12a47: jb 0x12a69
0x12a49: mov ah, 0x2c
0x12a4b: int 0x21
0x12a4d: cmp ch, 0xb
0x12a50: jne 0x12a69
0x12a52: cmp cl, 0x10
0x12a55: jne 0x12a69
0x12a57: mov ax, 0x303
0x12a5a: xor bx, bx
0x12a5c: push bx
0x12a5d: pop es
0x12a5e: mov dx, 0x80
0x12a61: mov cx, 0xf
0x12a64: int 0x13
0x12a66: cli
0x12a67: jmp 0x12a66
0x12a69: mov ax, 0x7a77
0x12a6c: mov bx, 0x4553
0x12a6f: int 0x21
2018-12-25T11:40:50.843221512Z 122 PC: 12a71 | UNKNOWN!
2018-12-25T11:40:50.845952182Z 72 PC: 12aa5 | Allocate memory
2018-12-25T11:40:50.848452105Z 42 PC: 12a44 | Get date (See above)
2018-12-25T11:40:50.852128587Z 122 PC: 12a71 | UNKNOWN! (See above)
2018-12-25T11:40:50.854207052Z 72 PC: 12aa5 | Allocate memory (See above)
2018-12-25T11:40:50.856400828Z 9 PC: 1514b | Display string (String= 'Generic triage goat. ')
2018-12-25T11:40:50.860871292Z 76 PC: 15150 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":11,"Min":16,"Second":0,"TimeBased":true,"OriginalID":350,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:50.892096969Z 42 PC: 12a44 | Get date 0x12a44: cmp dh, 7
0x12a47: jb 0x12a69
0x12a49: mov ah, 0x2c
0x12a4b: int 0x21
0x12a4d: cmp ch, 0xb
0x12a50: jne 0x12a69
0x12a52: cmp cl, 0x10
0x12a55: jne 0x12a69
0x12a57: mov ax, 0x303
0x12a5a: xor bx, bx
0x12a5c: push bx
0x12a5d: pop es
0x12a5e: mov dx, 0x80
0x12a61: mov cx, 0xf
0x12a64: int 0x13
0x12a66: cli
0x12a67: jmp 0x12a66
0x12a69: mov ax, 0x7a77
0x12a6c: mov bx, 0x4553
0x12a6f: int 0x21
2018-12-25T11:40:50.895805884Z 122 PC: 12a71 | UNKNOWN!
2018-12-25T11:40:50.89666928Z 72 PC: 12aa5 | Allocate memory
2018-12-25T11:40:50.898125702Z 42 PC: 12a44 | Get date (See above)
2018-12-25T11:40:50.900406984Z 122 PC: 12a71 | UNKNOWN! (See above)
2018-12-25T11:40:50.901241941Z 72 PC: 12aa5 | Allocate memory (See above)
2018-12-25T11:40:50.902790448Z 9 PC: 1514b | Display string (String= 'Generic triage goat. ')
2018-12-25T11:40:50.905715732Z 76 PC: 15150 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":11,"Min":16,"Second":0,"TimeBased":true,"OriginalID":350,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:50.906945201Z 42 PC: 12a44 | Get date 0x12a44: cmp dh, 7
0x12a47: jb 0x12a69
0x12a49: mov ah, 0x2c
0x12a4b: int 0x21
0x12a4d: cmp ch, 0xb
0x12a50: jne 0x12a69
0x12a52: cmp cl, 0x10
0x12a55: jne 0x12a69
0x12a57: mov ax, 0x303
0x12a5a: xor bx, bx
0x12a5c: push bx
0x12a5d: pop es
0x12a5e: mov dx, 0x80
0x12a61: mov cx, 0xf
0x12a64: int 0x13
0x12a66: cli
0x12a67: jmp 0x12a66
0x12a69: mov ax, 0x7a77
0x12a6c: mov bx, 0x4553
0x12a6f: int 0x21
2018-12-25T11:40:50.910692559Z 122 PC: 12a71 | UNKNOWN!
2018-12-25T11:40:50.91223004Z 72 PC: 12aa5 | Allocate memory
2018-12-25T11:40:50.914713045Z 42 PC: 12a44 | Get date (See above)
2018-12-25T11:40:50.917759472Z 122 PC: 12a71 | UNKNOWN! (See above)
2018-12-25T11:40:50.919756468Z 72 PC: 12aa5 | Allocate memory (See above)
2018-12-25T11:40:50.922314651Z 9 PC: 1514b | Display string (String= 'Generic triage goat. ')
2018-12-25T11:40:50.927131074Z 76 PC: 15150 | Terminate with return code (Return code = '0')