Sample viewer

vx.netlux.org/Virus.DOS.Barrotes.1310.j

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:55:18.988504234Z 238 PC: 12fb5 | UNKNOWN!
2018-12-17T21:55:18.989653937Z 53 PC: 12fc2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:55:18.991107696Z 54 PC: 9f771 | Get free disk space
2018-12-17T21:55:19.000857976Z 53 PC: 9f793 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:19.003367452Z 67 PC: 9f7be | Get or set file attributes
2018-12-17T21:55:19.00912525Z 67 PC: 9f7ca | Get or set file attributes
2018-12-17T21:55:19.014820879Z 67 PC: 9fa0b | Get or set file attributes
2018-12-17T21:55:19.019789998Z 42 PC: 13051 | Get date 0x13051: cmp dx, 0x105
0x13055: jne 0x13076
0x13057: xor ax, ax
0x13059: mov es, ax
0x1305b: mov dx, 0x49f
0x1305e: mov word ptr es:[0x70], dx
0x13063: mov word ptr es:[0x72], ds
0x13068: nop
0x13069: nop
0x1306a: nop
0x1306b: nop
0x1306c: nop
0x1306d: nop
0x1306e: nop
0x1306f: nop
0x13070: nop
0x13071: nop
0x13072: nop
0x13073: nop
0x13074: nop
2018-12-17T21:55:19.022379442Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T21:55:19.026926939Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":5,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":572,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:21.45691227Z 238 PC: 12fb5 | UNKNOWN!
2018-12-25T11:41:21.457863698Z 53 PC: 12fc2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:41:21.459954559Z 54 PC: 9f771 | Get free disk space
2018-12-25T11:41:21.470489475Z 53 PC: 9f793 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:21.471872981Z 67 PC: 9f7be | Get or set file attributes
2018-12-25T11:41:21.479970967Z 67 PC: 9f7ca | Get or set file attributes
2018-12-25T11:41:21.491900832Z 67 PC: 9fa0b | Get or set file attributes
2018-12-25T11:41:21.503189256Z 42 PC: 13051 | Get date 0x13051: cmp dx, 0x105
0x13055: jne 0x13076
0x13057: xor ax, ax
0x13059: mov es, ax
0x1305b: mov dx, 0x49f
0x1305e: mov word ptr es:[0x70], dx
0x13063: mov word ptr es:[0x72], ds
0x13068: nop
0x13069: nop
0x1306a: nop
0x1306b: nop
0x1306c: nop
0x1306d: nop
0x1306e: nop
0x1306f: nop
0x13070: nop
0x13071: nop
0x13072: nop
0x13073: nop
0x13074: nop
2018-12-25T11:41:21.507225958Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:41:21.513413357Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":572,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:21.506598131Z 238 PC: 12fb5 | UNKNOWN!
2018-12-25T11:41:21.508131083Z 53 PC: 12fc2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:41:21.510544737Z 54 PC: 9f771 | Get free disk space
2018-12-25T11:41:21.520505596Z 53 PC: 9f793 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:21.522904176Z 67 PC: 9f7be | Get or set file attributes
2018-12-25T11:41:21.529812668Z 67 PC: 9f7ca | Get or set file attributes
2018-12-25T11:41:21.542815592Z 67 PC: 9fa0b | Get or set file attributes
2018-12-25T11:41:21.548508876Z 42 PC: 13051 | Get date 0x13051: cmp dx, 0x105
0x13055: jne 0x13076
0x13057: xor ax, ax
0x13059: mov es, ax
0x1305b: mov dx, 0x49f
0x1305e: mov word ptr es:[0x70], dx
0x13063: mov word ptr es:[0x72], ds
0x13068: nop
0x13069: nop
0x1306a: nop
0x1306b: nop
0x1306c: nop
0x1306d: nop
0x1306e: nop
0x1306f: nop
0x13070: nop
0x13071: nop
0x13072: nop
0x13073: nop
0x13074: nop
2018-12-25T11:41:21.551125336Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:41:21.560228447Z 76 PC: 12a86 | Terminate with return code (Return code = '36')