Sample viewer

vx.netlux.org/Virus.DOS.Paradise.1400

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:54:19.521381059Z	11	PC: 12d0c \| Get input status
2018-12-17T21:54:19.525044946Z	42	PC: 12d6b \| Get date 0x12d6b: cmp dx, 0x711 0x12d6f: je 0x12d89 0x12d71: mov ax, word ptr cs:[bp + 0x661] 0x12d76: mov bx, word ptr cs:[bp + 0x663] 0x12d7b: mov word ptr cs:[0x100], ax 0x12d7f: mov word ptr cs:[0x102], bx 0x12d84: mov ax, 0x100 0x12d87: jmp ax 0x12d89: lea bx, word ptr [bp + 0x410] 0x12d8d: mov ah, byte ptr cs:[bx] 0x12d90: cmp ah, 0x80 0x12d93: ja 0x12d71 0x12d95: mov bx, 0x411 0x12d98: mov cx, 0x12 0x12d9b: cmp ah, 0x20 0x12d9e: jb 0x12dbc 0x12da0: mov bx, 0x423 0x12da3: mov cx, 0xb 0x12da6: cmp ah, 0x40 0x12da9: jb 0x12dbc
2018-12-17T21:54:19.52781517Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T21:54:19.532342581Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":469,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:56.295422388Z	11	PC: 12d0c \| Get input status
2018-12-25T11:40:56.299135599Z	42	PC: 12d6b \| Get date 0x12d6b: cmp dx, 0x711 0x12d6f: je 0x12d89 0x12d71: mov ax, word ptr cs:[bp + 0x661] 0x12d76: mov bx, word ptr cs:[bp + 0x663] 0x12d7b: mov word ptr cs:[0x100], ax 0x12d7f: mov word ptr cs:[0x102], bx 0x12d84: mov ax, 0x100 0x12d87: jmp ax 0x12d89: lea bx, word ptr [bp + 0x410] 0x12d8d: mov ah, byte ptr cs:[bx] 0x12d90: cmp ah, 0x80 0x12d93: ja 0x12d71 0x12d95: mov bx, 0x411 0x12d98: mov cx, 0x12 0x12d9b: cmp ah, 0x20 0x12d9e: jb 0x12dbc 0x12da0: mov bx, 0x423 0x12da3: mov cx, 0xb 0x12da6: cmp ah, 0x40 0x12da9: jb 0x12dbc
2018-12-25T11:40:56.303006976Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:40:56.308581222Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":17,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":469,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:56.364850807Z	11	PC: 12d0c \| Get input status
2018-12-25T11:40:56.36938543Z	42	PC: 12d6b \| Get date 0x12d6b: cmp dx, 0x711 0x12d6f: je 0x12d89 0x12d71: mov ax, word ptr cs:[bp + 0x661] 0x12d76: mov bx, word ptr cs:[bp + 0x663] 0x12d7b: mov word ptr cs:[0x100], ax 0x12d7f: mov word ptr cs:[0x102], bx 0x12d84: mov ax, 0x100 0x12d87: jmp ax 0x12d89: lea bx, word ptr [bp + 0x410] 0x12d8d: mov ah, byte ptr cs:[bx] 0x12d90: cmp ah, 0x80 0x12d93: ja 0x12d71 0x12d95: mov bx, 0x411 0x12d98: mov cx, 0x12 0x12d9b: cmp ah, 0x20 0x12d9e: jb 0x12dbc 0x12da0: mov bx, 0x423 0x12da3: mov cx, 0xb 0x12da6: cmp ah, 0x40 0x12da9: jb 0x12dbc
2018-12-25T11:40:56.378187571Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:40:56.384977698Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":469,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:56.397097757Z	11	PC: 12d0c \| Get input status
2018-12-25T11:40:56.405343223Z	42	PC: 12d6b \| Get date 0x12d6b: cmp dx, 0x711 0x12d6f: je 0x12d89 0x12d71: mov ax, word ptr cs:[bp + 0x661] 0x12d76: mov bx, word ptr cs:[bp + 0x663] 0x12d7b: mov word ptr cs:[0x100], ax 0x12d7f: mov word ptr cs:[0x102], bx 0x12d84: mov ax, 0x100 0x12d87: jmp ax 0x12d89: lea bx, word ptr [bp + 0x410] 0x12d8d: mov ah, byte ptr cs:[bx] 0x12d90: cmp ah, 0x80 0x12d93: ja 0x12d71 0x12d95: mov bx, 0x411 0x12d98: mov cx, 0x12 0x12d9b: cmp ah, 0x20 0x12d9e: jb 0x12dbc 0x12da0: mov bx, 0x423 0x12da3: mov cx, 0xb 0x12da6: cmp ah, 0x40 0x12da9: jb 0x12dbc
2018-12-25T11:40:56.408488593Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:40:56.415356578Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":17,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":469,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:56.483409426Z	11	PC: 12d0c \| Get input status
2018-12-25T11:40:56.487279268Z	42	PC: 12d6b \| Get date 0x12d6b: cmp dx, 0x711 0x12d6f: je 0x12d89 0x12d71: mov ax, word ptr cs:[bp + 0x661] 0x12d76: mov bx, word ptr cs:[bp + 0x663] 0x12d7b: mov word ptr cs:[0x100], ax 0x12d7f: mov word ptr cs:[0x102], bx 0x12d84: mov ax, 0x100 0x12d87: jmp ax 0x12d89: lea bx, word ptr [bp + 0x410] 0x12d8d: mov ah, byte ptr cs:[bx] 0x12d90: cmp ah, 0x80 0x12d93: ja 0x12d71 0x12d95: mov bx, 0x411 0x12d98: mov cx, 0x12 0x12d9b: cmp ah, 0x20 0x12d9e: jb 0x12dbc 0x12da0: mov bx, 0x423 0x12da3: mov cx, 0xb 0x12da6: cmp ah, 0x40 0x12da9: jb 0x12dbc
2018-12-25T11:40:56.496379079Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:40:56.502370223Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')