Sample viewer

vx.netlux.org/Virus.DOS.Fellow.1019.d

Time	Syscall Op	Syscall Name
2018-12-17T22:32:13.486807728Z	208	PC: 12af5 \| UNKNOWN!
2018-12-17T22:32:13.489628045Z	74	PC: 12aba \| Reallocate memory
2018-12-17T22:32:13.491097111Z	53	PC: 12ad3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:32:13.492336187Z	37	PC: 12ae3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:32:13.494727299Z	42	PC: 12ae7 \| Get date 0x12ae7: cmp dh, 9 0x12aea: jne 0x12af2 0x12aec: or byte ptr cs:[0x1a], 1 0x12af2: cli 0x12af3: mov es, word ptr [0x1b] 0x12af7: xor di, di 0x12af9: mov cx, 0xffff 0x12afc: mov al, 0 0x12afe: cld 0x12aff: repne scasb al, byte ptr es:[di] 0x12b01: cmp byte ptr es:[di], al 0x12b04: jne 0x12aff 0x12b06: mov dx, di 0x12b08: add dx, 3 0x12b0b: push es 0x12b0c: pop ds 0x12b0d: mov bx, cs 0x12b0f: mov ss, bx 0x12b11: mov es, bx 0x12b13: mov bx, 0x1b
2018-12-17T22:32:13.501625597Z	75	PC: 12b23 \| Execute program
2018-12-17T22:32:13.518775212Z	9	PC: 132e2 \| Display string (String= 'Goat file (EXE). Size=000000C8h/0000000200d bytes. ')
2018-12-17T22:32:13.523496578Z	76	PC: 132e6 \| Terminate with return code (Return code = '36')
2018-12-17T22:32:13.535625813Z	73	PC: 12b2d \| Release memory
2018-12-17T22:32:13.537309374Z	49	PC: 12b35 \| Terminate and stay resident (Return code = '0' \| Memory size = '128')

Time	Syscall Op	Syscall Name
2018-12-25T11:55:23.58138259Z	208	PC: 12af5 \| UNKNOWN!
2018-12-25T11:55:23.584490527Z	74	PC: 12aba \| Reallocate memory
2018-12-25T11:55:23.585953325Z	53	PC: 12ad3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:23.587141117Z	37	PC: 12ae3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:23.589197158Z	42	PC: 12ae7 \| Get date 0x12ae7: cmp dh, 9 0x12aea: jne 0x12af2 0x12aec: or byte ptr cs:[0x1a], 1 0x12af2: cli 0x12af3: mov es, word ptr [0x1b] 0x12af7: xor di, di 0x12af9: mov cx, 0xffff 0x12afc: mov al, 0 0x12afe: cld 0x12aff: repne scasb al, byte ptr es:[di] 0x12b01: cmp byte ptr es:[di], al 0x12b04: jne 0x12aff 0x12b06: mov dx, di 0x12b08: add dx, 3 0x12b0b: push es 0x12b0c: pop ds 0x12b0d: mov bx, cs 0x12b0f: mov ss, bx 0x12b11: mov es, bx 0x12b13: mov bx, 0x1b
2018-12-25T11:55:23.591661362Z	75	PC: 12b23 \| Execute program
2018-12-25T11:55:23.606291657Z	9	PC: 132e2 \| Display string (String= 'Goat file (EXE). Size=000000C8h/0000000200d bytes. ')
2018-12-25T11:55:23.612102013Z	76	PC: 132e6 \| Terminate with return code (Return code = '36')
2018-12-25T11:55:23.615388078Z	73	PC: 12b2d \| Release memory
2018-12-25T11:55:23.616981108Z	49	PC: 12b35 \| Terminate and stay resident (Return code = '0' \| Memory size = '128')

Time	Syscall Op	Syscall Name
2018-12-25T11:55:24.154133577Z	208	PC: 12af5 \| UNKNOWN!
2018-12-25T11:55:24.1565572Z	74	PC: 12aba \| Reallocate memory
2018-12-25T11:55:24.158130847Z	53	PC: 12ad3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:24.159613756Z	37	PC: 12ae3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:24.162335402Z	42	PC: 12ae7 \| Get date 0x12ae7: cmp dh, 9 0x12aea: jne 0x12af2 0x12aec: or byte ptr cs:[0x1a], 1 0x12af2: cli 0x12af3: mov es, word ptr [0x1b] 0x12af7: xor di, di 0x12af9: mov cx, 0xffff 0x12afc: mov al, 0 0x12afe: cld 0x12aff: repne scasb al, byte ptr es:[di] 0x12b01: cmp byte ptr es:[di], al 0x12b04: jne 0x12aff 0x12b06: mov dx, di 0x12b08: add dx, 3 0x12b0b: push es 0x12b0c: pop ds 0x12b0d: mov bx, cs 0x12b0f: mov ss, bx 0x12b11: mov es, bx 0x12b13: mov bx, 0x1b
2018-12-25T11:55:24.171501401Z	75	PC: 12b23 \| Execute program
2018-12-25T11:55:24.187227844Z	9	PC: 132e2 \| Display string (String= 'Goat file (EXE). Size=000000C8h/0000000200d bytes. ')
2018-12-25T11:55:24.19634731Z	76	PC: 132e6 \| Terminate with return code (Return code = '36')
2018-12-25T11:55:24.199521822Z	73	PC: 12b2d \| Release memory
2018-12-25T11:55:24.201583329Z	49	PC: 12b35 \| Terminate and stay resident (Return code = '0' \| Memory size = '128')