Sample viewer

vx.netlux.org/Virus.DOS.Warlock.777

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:31:48.471605001Z 53 PC: 1bc0b | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:31:48.474106473Z 53 PC: 1bc18 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:31:48.475718447Z 255 PC: 1bc29 | UNKNOWN!
2018-12-17T22:31:48.477001864Z 37 PC: 1bc5c | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:31:48.478706919Z 42 PC: 1bc60 | Get date 0x1bc60: cmp al, 5
0x1bc62: jne 0x1bc6c
0x1bc64: mov dx, 0x9e
0x1bc67: mov ax, 0x2513
0x1bc6a: int 0x21
0x1bc6c: pop di
0x1bc6d: pop es
0x1bc6e: pop ds
0x1bc6f: mov al, 1
0x1bc71: or al, 0
0x1bc73: jne 0x1bc86
0x1bc75: lea si, word ptr [di + 0x305]
0x1bc79: mov di, 0x100
0x1bc7c: mov cx, 4
0x1bc7f: rep movsb byte ptr es:[di], byte ptr [si]
0x1bc81: mov ax, 0x100
0x1bc84: push ax
0x1bc85: ret
0x1bc86: push es
0x1bc87: pop ax
2018-12-17T22:31:48.481023654Z 9 PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000093BAh/0000037818d bytes. ')
2018-12-17T22:31:48.487097349Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5679,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:10.886279716Z 53 PC: 1bc0b | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:10.88828297Z 53 PC: 1bc18 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:55:10.889655221Z 255 PC: 1bc29 | UNKNOWN!
2018-12-25T11:55:10.890658171Z 37 PC: 1bc5c | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:10.89276811Z 42 PC: 1bc60 | Get date 0x1bc60: cmp al, 5
0x1bc62: jne 0x1bc6c
0x1bc64: mov dx, 0x9e
0x1bc67: mov ax, 0x2513
0x1bc6a: int 0x21
0x1bc6c: pop di
0x1bc6d: pop es
0x1bc6e: pop ds
0x1bc6f: mov al, 1
0x1bc71: or al, 0
0x1bc73: jne 0x1bc86
0x1bc75: lea si, word ptr [di + 0x305]
0x1bc79: mov di, 0x100
0x1bc7c: mov cx, 4
0x1bc7f: rep movsb byte ptr es:[di], byte ptr [si]
0x1bc81: mov ax, 0x100
0x1bc84: push ax
0x1bc85: ret
0x1bc86: push es
0x1bc87: pop ax
2018-12-25T11:55:10.895549282Z 9 PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000093BAh/0000037818d bytes. ')
2018-12-25T11:55:10.90922765Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5679,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:13.741433887Z 53 PC: 1bc0b | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:13.743632887Z 53 PC: 1bc18 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:55:13.745069161Z 255 PC: 1bc29 | UNKNOWN!
2018-12-25T11:55:13.745736628Z 37 PC: 1bc5c | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:13.747464704Z 42 PC: 1bc60 | Get date 0x1bc60: cmp al, 5
0x1bc62: jne 0x1bc6c
0x1bc64: mov dx, 0x9e
0x1bc67: mov ax, 0x2513
0x1bc6a: int 0x21
0x1bc6c: pop di
0x1bc6d: pop es
0x1bc6e: pop ds
0x1bc6f: mov al, 1
0x1bc71: or al, 0
0x1bc73: jne 0x1bc86
0x1bc75: lea si, word ptr [di + 0x305]
0x1bc79: mov di, 0x100
0x1bc7c: mov cx, 4
0x1bc7f: rep movsb byte ptr es:[di], byte ptr [si]
0x1bc81: mov ax, 0x100
0x1bc84: push ax
0x1bc85: ret
0x1bc86: push es
0x1bc87: pop ax
2018-12-25T11:55:13.749535888Z 37 PC: 1bc6c | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:55:13.750699279Z 9 PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000093BAh/0000037818d bytes. ')
2018-12-25T11:55:13.756550083Z 76 PC: 12a86 | Terminate with return code (Return code = '36')