Sample viewer

vx.netlux.org/Virus.DOS.Later.987

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:50:50.330863005Z 42 PC: 12c35 | Get date 0x12c35: cmp al, 0
0x12c37: jne 0x12c5e
0x12c39: mov ax, cs
0x12c3b: mov ds, ax
0x12c3d: mov dx, 0x119
0x12c40: mov ah, 9
0x12c42: int 0x21
0x12c44: mov ax, 0x4c01
0x12c47: int 0x21
0x12c49: push sp
0x12c4a: push dx
0x12c4b: inc cx
0x12c4c: dec si
0x12c4d: push bx
0x12c4e: push ax
0x12c4f: dec sp
0x12c50: inc cx
0x12c51: dec si
0x12c52: push sp
0x12c53: and byte ptr [0x4e20], ah
2018-12-17T21:50:50.333561702Z 179 PC: 12c64 | UNKNOWN!
2018-12-17T21:50:50.334405591Z 53 PC: 12c89 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:50:50.335594392Z 37 PC: 12c95 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:50:50.337560152Z 67 PC: 12cde | Get or set file attributes
2018-12-17T21:50:50.344871413Z 53 PC: 12fab | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:50:50.346373366Z 37 PC: 12fba | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:50:50.349062593Z 67 PC: 12ceb | Get or set file attributes
2018-12-17T21:50:50.365522736Z 9 PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-17T21:50:50.371960797Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":57,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:39:47.68666364Z 42 PC: 12c35 | Get date 0x12c35: cmp al, 0
0x12c37: jne 0x12c5e
0x12c39: mov ax, cs
0x12c3b: mov ds, ax
0x12c3d: mov dx, 0x119
0x12c40: mov ah, 9
0x12c42: int 0x21
0x12c44: mov ax, 0x4c01
0x12c47: int 0x21
0x12c49: push sp
0x12c4a: push dx
0x12c4b: inc cx
0x12c4c: dec si
0x12c4d: push bx
0x12c4e: push ax
0x12c4f: dec sp
0x12c50: inc cx
0x12c51: dec si
0x12c52: push sp
0x12c53: and byte ptr [0x4e20], ah
2018-12-25T11:39:47.688856022Z 179 PC: 12c64 | UNKNOWN!
2018-12-25T11:39:47.689603995Z 53 PC: 12c89 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:39:47.690780801Z 37 PC: 12c95 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:39:47.692022481Z 67 PC: 12cde | Get or set file attributes
2018-12-25T11:39:47.698873847Z 53 PC: 12fab | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:39:47.700054895Z 37 PC: 12fba | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:39:47.701201781Z 67 PC: 12ceb | Get or set file attributes
2018-12-25T11:39:48.916841023Z 9 PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T11:39:48.924546677Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":57,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:39:47.913828398Z 42 PC: 12c35 | Get date 0x12c35: cmp al, 0
0x12c37: jne 0x12c5e
0x12c39: mov ax, cs
0x12c3b: mov ds, ax
0x12c3d: mov dx, 0x119
0x12c40: mov ah, 9
0x12c42: int 0x21
0x12c44: mov ax, 0x4c01
0x12c47: int 0x21
0x12c49: push sp
0x12c4a: push dx
0x12c4b: inc cx
0x12c4c: dec si
0x12c4d: push bx
0x12c4e: push ax
0x12c4f: dec sp
0x12c50: inc cx
0x12c51: dec si
0x12c52: push sp
0x12c53: and byte ptr [0x4e20], ah
2018-12-25T11:39:47.916504384Z 9 PC: 12c44 | Display string (String= 'ze=000003E8h/0000001000d bytes. ')
2018-12-25T11:39:47.91910396Z 76 PC: 12c49 | Terminate with return code (Return code = '1')