Sample viewer

vx.netlux.org/Virus.DOS.Slubdestr.1024

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:29:33.256577768Z	53	PC: 9f8b3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:29:33.258130395Z	37	PC: 9f8ca \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:29:33.259991615Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:29:33.264980158Z	47	PC: 9f99e \| Get disk transfer address
2018-12-17T22:29:33.266551094Z	26	PC: 9f9b3 \| Set disk transfer address
2018-12-17T22:29:33.268691527Z	78	PC: 9f9c7 \| Find first file
2018-12-17T22:29:33.275973764Z	61	PC: 9f9df \| Open file
2018-12-17T22:29:33.284396859Z	63	PC: 9fac3 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:29:33.292085775Z	66	PC: 9fae7 \| Move file pointer
2018-12-17T22:29:33.293754709Z	63	PC: 9fa02 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:29:33.296504476Z	66	PC: 9fa13 \| Move file pointer
2018-12-17T22:29:33.299217256Z	64	PC: 9fa40 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:29:33.302158837Z	66	PC: 9fa51 \| Move file pointer
2018-12-17T22:29:33.303593612Z	64	PC: 9fa67 \| Write file or device (Write 1024 bytes on handle 5)
2018-12-17T22:29:33.319933553Z	62	PC: 9fa75 \| Close file
2018-12-17T22:29:33.335127165Z	79	PC: 9fa83 \| Find next file
2018-12-17T22:29:33.338790633Z	61	PC: 9f9df \| Open file
2018-12-17T22:29:33.347510966Z	63	PC: 9fac3 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:29:33.35577916Z	66	PC: 9fae7 \| Move file pointer
2018-12-17T22:29:33.35736308Z	63	PC: 9fa02 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:29:33.36023616Z	66	PC: 9fa13 \| Move file pointer
2018-12-17T22:29:33.362570586Z	64	PC: 9fa40 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:29:33.365729065Z	66	PC: 9fa51 \| Move file pointer
2018-12-17T22:29:33.367428633Z	64	PC: 9fa67 \| Write file or device (Write 1024 bytes on handle 5)
2018-12-17T22:29:33.38613214Z	62	PC: 9fa75 \| Close file
2018-12-17T22:29:33.400665969Z	79	PC: 9fa83 \| Find next file
2018-12-17T22:29:33.404930063Z	62	PC: 9fa99 \| Close file
2018-12-17T22:29:33.408162055Z	26	PC: 9faa9 \| Set disk transfer address
2018-12-17T22:29:33.410082724Z	44	PC: 9f97c \| Get time 0x9f97c: cmp ch, 0xa 0x9f97f: jne 0x9f983 0x9f981: jmp 0x9f906 0x9f983: cmp ch, 0x11 0x9f986: jne 0x9f98b 0x9f988: jmp 0x9f906 0x9f98b: pop ds 0x9f98c: pop es 0x9f98d: pop dx 0x9f98e: pop cx 0x9f98f: pop bx 0x9f990: pop ax 0x9f991: ljmp ptr cs:[0xa7] 0x9f996: push es 0x9f997: add word ptr [si - 0x4bee], dx 0x9f99b: das 0x9f99c: int 0x21 0x9f99e: mov word ptr cs:[0x196], dx 0x9f9a3: mov word ptr cs:[0x198], ds 0x9f9a8: mov ah, 0x1a
2018-12-17T22:29:33.412904242Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5277,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:04.298903759Z	53	PC: 9f8b3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:04.300886297Z	37	PC: 9f8ca \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:04.302126171Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:54:04.307465895Z	47	PC: 9f99e \| Get disk transfer address
2018-12-25T11:54:04.310130094Z	26	PC: 9f9b3 \| Set disk transfer address
2018-12-25T11:54:04.311258596Z	78	PC: 9f9c7 \| Find first file
2018-12-25T11:54:04.317740098Z	61	PC: 9f9df \| Open file
2018-12-25T11:54:04.326687181Z	63	PC: 9fac3 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:54:04.333875361Z	66	PC: 9fae7 \| Move file pointer
2018-12-25T11:54:04.33530939Z	63	PC: 9fa02 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:54:04.337968921Z	66	PC: 9fa13 \| Move file pointer
2018-12-25T11:54:04.34037529Z	64	PC: 9fa40 \| Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:54:04.343426983Z	66	PC: 9fa51 \| Move file pointer
2018-12-25T11:54:04.345342862Z	64	PC: 9fa67 \| Write file or device (Write 1024 bytes on handle 5)
2018-12-25T11:54:04.360004136Z	62	PC: 9fa75 \| Close file
2018-12-25T11:54:04.368182069Z	79	PC: 9fa83 \| Find next file
2018-12-25T11:54:04.371109903Z	61	PC: 9f9df \| Open file (See above)
2018-12-25T11:54:04.378712294Z	63	PC: 9fac3 \| Read file or device (See above)
2018-12-25T11:54:04.385241035Z	66	PC: 9fae7 \| Move file pointer (See above)
2018-12-25T11:54:04.386767843Z	63	PC: 9fa02 \| Read file or device (See above)
2018-12-25T11:54:04.389937432Z	66	PC: 9fa13 \| Move file pointer (See above)
2018-12-25T11:54:04.39150131Z	64	PC: 9fa40 \| Write file or device (See above)
2018-12-25T11:54:04.394339561Z	66	PC: 9fa51 \| Move file pointer (See above)
2018-12-25T11:54:04.396865876Z	64	PC: 9fa67 \| Write file or device (See above)
2018-12-25T11:54:04.408848432Z	62	PC: 9fa75 \| Close file (See above)
2018-12-25T11:54:04.42396562Z	79	PC: 9fa83 \| Find next file (See above)
2018-12-25T11:54:04.427421012Z	62	PC: 9fa99 \| Close file
2018-12-25T11:54:04.428864628Z	26	PC: 9faa9 \| Set disk transfer address
2018-12-25T11:54:04.429858999Z	44	PC: 9f97c \| Get time 0x9f97c: cmp ch, 0xa 0x9f97f: jne 0x9f983 0x9f981: jmp 0x9f906 0x9f983: cmp ch, 0x11 0x9f986: jne 0x9f98b 0x9f988: jmp 0x9f906 0x9f98b: pop ds 0x9f98c: pop es 0x9f98d: pop dx 0x9f98e: pop cx 0x9f98f: pop bx 0x9f990: pop ax 0x9f991: ljmp ptr cs:[0xa7] 0x9f996: push es 0x9f997: add word ptr [si - 0x4bee], dx 0x9f99b: das 0x9f99c: int 0x21 0x9f99e: mov word ptr cs:[0x196], dx 0x9f9a3: mov word ptr cs:[0x198], ds 0x9f9a8: mov ah, 0x1a
2018-12-25T11:54:04.441166651Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":10,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5277,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:04.433305452Z	53	PC: 9f8b3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:04.435250461Z	37	PC: 9f8ca \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:04.436858961Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:54:04.44382156Z	47	PC: 9f99e \| Get disk transfer address
2018-12-25T11:54:04.445426105Z	26	PC: 9f9b3 \| Set disk transfer address
2018-12-25T11:54:04.447536866Z	78	PC: 9f9c7 \| Find first file
2018-12-25T11:54:04.454752379Z	61	PC: 9f9df \| Open file
2018-12-25T11:54:04.462400302Z	63	PC: 9fac3 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:54:04.470218462Z	66	PC: 9fae7 \| Move file pointer
2018-12-25T11:54:04.471873744Z	63	PC: 9fa02 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:54:04.474685467Z	66	PC: 9fa13 \| Move file pointer
2018-12-25T11:54:04.489743932Z	64	PC: 9fa40 \| Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:54:04.494318381Z	66	PC: 9fa51 \| Move file pointer
2018-12-25T11:54:04.496268809Z	64	PC: 9fa67 \| Write file or device (Write 1024 bytes on handle 5)
2018-12-25T11:54:04.51376495Z	62	PC: 9fa75 \| Close file
2018-12-25T11:54:04.523304648Z	79	PC: 9fa83 \| Find next file
2018-12-25T11:54:04.526194866Z	61	PC: 9f9df \| Open file (See above)
2018-12-25T11:54:04.53387079Z	63	PC: 9fac3 \| Read file or device (See above)
2018-12-25T11:54:04.546864209Z	66	PC: 9fae7 \| Move file pointer (See above)
2018-12-25T11:54:04.5487988Z	63	PC: 9fa02 \| Read file or device (See above)
2018-12-25T11:54:04.564865348Z	66	PC: 9fa13 \| Move file pointer (See above)
2018-12-25T11:54:04.567316168Z	64	PC: 9fa40 \| Write file or device (See above)
2018-12-25T11:54:04.570654012Z	66	PC: 9fa51 \| Move file pointer (See above)
2018-12-25T11:54:04.572639032Z	64	PC: 9fa67 \| Write file or device (See above)
2018-12-25T11:54:04.583091869Z	62	PC: 9fa75 \| Close file (See above)
2018-12-25T11:54:04.592972874Z	79	PC: 9fa83 \| Find next file (See above)
2018-12-25T11:54:04.596205405Z	62	PC: 9fa99 \| Close file
2018-12-25T11:54:04.598266406Z	26	PC: 9faa9 \| Set disk transfer address
2018-12-25T11:54:04.599388382Z	44	PC: 9f97c \| Get time 0x9f97c: cmp ch, 0xa 0x9f97f: jne 0x9f983 0x9f981: jmp 0x9f906 0x9f983: cmp ch, 0x11 0x9f986: jne 0x9f98b 0x9f988: jmp 0x9f906 0x9f98b: pop ds 0x9f98c: pop es 0x9f98d: pop dx 0x9f98e: pop cx 0x9f98f: pop bx 0x9f990: pop ax 0x9f991: ljmp ptr cs:[0xa7] 0x9f996: push es 0x9f997: add word ptr [si - 0x4bee], dx 0x9f99b: das 0x9f99c: int 0x21 0x9f99e: mov word ptr cs:[0x196], dx 0x9f9a3: mov word ptr cs:[0x198], ds 0x9f9a8: mov ah, 0x1a
2018-12-25T11:54:04.601790155Z	86	PC: 9f91a \| Rename file
2018-12-25T11:54:04.954517053Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":17,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5277,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:04.692454669Z	53	PC: 9f8b3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:04.694919551Z	37	PC: 9f8ca \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:04.696247379Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:54:04.703054462Z	47	PC: 9f99e \| Get disk transfer address
2018-12-25T11:54:04.712213074Z	26	PC: 9f9b3 \| Set disk transfer address
2018-12-25T11:54:04.714027154Z	78	PC: 9f9c7 \| Find first file
2018-12-25T11:54:04.720401554Z	61	PC: 9f9df \| Open file
2018-12-25T11:54:04.728196443Z	63	PC: 9fac3 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:54:04.742177942Z	66	PC: 9fae7 \| Move file pointer
2018-12-25T11:54:04.743924127Z	63	PC: 9fa02 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:54:04.746937478Z	66	PC: 9fa13 \| Move file pointer
2018-12-25T11:54:04.748822441Z	64	PC: 9fa40 \| Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:54:04.751741084Z	66	PC: 9fa51 \| Move file pointer
2018-12-25T11:54:04.753372571Z	64	PC: 9fa67 \| Write file or device (Write 1024 bytes on handle 5)
2018-12-25T11:54:04.76837545Z	62	PC: 9fa75 \| Close file
2018-12-25T11:54:04.777470848Z	79	PC: 9fa83 \| Find next file
2018-12-25T11:54:04.7805404Z	61	PC: 9f9df \| Open file (See above)
2018-12-25T11:54:04.788797934Z	63	PC: 9fac3 \| Read file or device (See above)
2018-12-25T11:54:04.795388188Z	66	PC: 9fae7 \| Move file pointer (See above)
2018-12-25T11:54:04.797005111Z	63	PC: 9fa02 \| Read file or device (See above)
2018-12-25T11:54:04.801061458Z	66	PC: 9fa13 \| Move file pointer (See above)
2018-12-25T11:54:04.803108151Z	64	PC: 9fa40 \| Write file or device (See above)
2018-12-25T11:54:04.806009143Z	66	PC: 9fa51 \| Move file pointer (See above)
2018-12-25T11:54:04.808672162Z	64	PC: 9fa67 \| Write file or device (See above)
2018-12-25T11:54:04.817286631Z	62	PC: 9fa75 \| Close file (See above)
2018-12-25T11:54:04.82575616Z	79	PC: 9fa83 \| Find next file (See above)
2018-12-25T11:54:04.8290558Z	62	PC: 9fa99 \| Close file
2018-12-25T11:54:04.830913845Z	26	PC: 9faa9 \| Set disk transfer address
2018-12-25T11:54:04.83201655Z	44	PC: 9f97c \| Get time 0x9f97c: cmp ch, 0xa 0x9f97f: jne 0x9f983 0x9f981: jmp 0x9f906 0x9f983: cmp ch, 0x11 0x9f986: jne 0x9f98b 0x9f988: jmp 0x9f906 0x9f98b: pop ds 0x9f98c: pop es 0x9f98d: pop dx 0x9f98e: pop cx 0x9f98f: pop bx 0x9f990: pop ax 0x9f991: ljmp ptr cs:[0xa7] 0x9f996: push es 0x9f997: add word ptr [si - 0x4bee], dx 0x9f99b: das 0x9f99c: int 0x21 0x9f99e: mov word ptr cs:[0x196], dx 0x9f9a3: mov word ptr cs:[0x198], ds 0x9f9a8: mov ah, 0x1a
2018-12-25T11:54:04.834704841Z	86	PC: 9f91a \| Rename file
2018-12-25T11:54:05.192423127Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')