Sample viewer

vx.netlux.org/Virus.DOS.KOV.Eddy.1457

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:34:34.46732875Z	42	PC: 12f26 \| Get date 0x12f26: cmp cx, 0x7cc 0x12f2a: jne 0x12f36 0x12f2c: cmp dh, 4 0x12f2f: ja 0x12f36 0x12f31: cmp dl, 0xf 0x12f34: jb 0x12f7f 0x12f36: mov al, 0xff 0x12f38: mov ah, 0xf 0x12f3a: xchg al, ah 0x12f3c: nop 0x12f3d: int 0x21 0x12f3f: cmp ax, 0x101 0x12f42: jne 0x12f48 0x12f44: call 0x12f83 0x12f47: nop 0x12f48: mov ax, 0x3521 0x12f4b: nop 0x12f4c: int 0x21 0x12f4e: cmp word ptr es:[0xa], 0x4254 0x12f55: jne 0x12f63
2018-12-17T22:34:34.471010092Z	255	PC: 12f3f \| UNKNOWN!
2018-12-17T22:34:34.472212083Z	53	PC: 12f4e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:34:34.475913305Z	240	PC: 12f7d \| UNKNOWN!
2018-12-17T22:34:34.477687492Z	44	PC: 12e7b \| Get time 0x12e7b: cmp cl, 6 0x12e7e: jne 0x12eb5 0x12e80: mov ax, 0xb800 0x12e83: mov es, ax 0x12e85: mov cx, 0x30 0x12e88: push cx 0x12e89: mov cx, 0x7c0 0x12e8c: xor si, si 0x12e8e: mov ah, byte ptr es:[si] 0x12e91: cmp ah, 0x77 0x12e94: jb 0x12ea3 0x12e96: dec ah 0x12e98: mov byte ptr es:[si], ah 0x12e9b: mov byte ptr es:[si + 1], 0x79 0x12ea0: jmp 0x12ead 0x12ea2: nop 0x12ea3: inc ah 0x12ea5: mov byte ptr es:[si], ah 0x12ea8: mov byte ptr es:[si + 1], 0x8f 0x12ead: inc si
2018-12-17T22:34:34.481188029Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00002774h/0000010100d bytes. ')
2018-12-17T22:34:34.487154094Z	48	PC: 12a8f \| Get DOS version
2018-12-17T22:34:34.488445834Z	47	PC: 9f6ac \| Get disk transfer address
2018-12-17T22:34:34.494699872Z	26	PC: 9f6ac \| Set disk transfer address
2018-12-17T22:34:34.495965867Z	78	PC: 9f6ac \| Find first file
2018-12-17T22:34:34.503402555Z	79	PC: 9f6ac \| Find next file
2018-12-17T22:34:34.508279804Z	79	PC: 9f6ac \| Find next file
2018-12-17T22:34:34.51113414Z	79	PC: 9f6ac \| Find next file
2018-12-17T22:34:34.514168001Z	79	PC: 9f6ac \| Find next file
2018-12-17T22:34:34.517846523Z	79	PC: 9f6ac \| Find next file
2018-12-17T22:34:34.520737231Z	79	PC: 9f6ac \| Find next file
2018-12-17T22:34:34.523772451Z	79	PC: 9f6ac \| Find next file
2018-12-17T22:34:34.526710267Z	79	PC: 9f6ac \| Find next file
2018-12-17T22:34:34.530744031Z	79	PC: 9f6ac \| Find next file
2018-12-17T22:34:34.53351615Z	26	PC: 9f73a \| Set disk transfer address
2018-12-17T22:34:34.534887776Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-17T22:34:34.543714464Z	93	PC: 12afe \| File sharing functions
2018-12-17T22:34:34.545624882Z	9	PC: 12a86 \| Display string (String= 'Size change=05B1h/01457d. ')
2018-12-17T22:34:34.552068435Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6189,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:50.684366158Z	42	PC: 12f26 \| Get date 0x12f26: cmp cx, 0x7cc 0x12f2a: jne 0x12f36 0x12f2c: cmp dh, 4 0x12f2f: ja 0x12f36 0x12f31: cmp dl, 0xf 0x12f34: jb 0x12f7f 0x12f36: mov al, 0xff 0x12f38: mov ah, 0xf 0x12f3a: xchg al, ah 0x12f3c: nop 0x12f3d: int 0x21 0x12f3f: cmp ax, 0x101 0x12f42: jne 0x12f48 0x12f44: call 0x12f83 0x12f47: nop 0x12f48: mov ax, 0x3521 0x12f4b: nop 0x12f4c: int 0x21 0x12f4e: cmp word ptr es:[0xa], 0x4254 0x12f55: jne 0x12f63
2018-12-25T11:58:50.686875984Z	255	PC: 12f3f \| UNKNOWN!
2018-12-25T11:58:50.68753709Z	53	PC: 12f4e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:50.688572823Z	240	PC: 12f7d \| UNKNOWN!
2018-12-25T11:58:50.690129556Z	44	PC: 12e7b \| Get time 0x12e7b: cmp cl, 6 0x12e7e: jne 0x12eb5 0x12e80: mov ax, 0xb800 0x12e83: mov es, ax 0x12e85: mov cx, 0x30 0x12e88: push cx 0x12e89: mov cx, 0x7c0 0x12e8c: xor si, si 0x12e8e: mov ah, byte ptr es:[si] 0x12e91: cmp ah, 0x77 0x12e94: jb 0x12ea3 0x12e96: dec ah 0x12e98: mov byte ptr es:[si], ah 0x12e9b: mov byte ptr es:[si + 1], 0x79 0x12ea0: jmp 0x12ead 0x12ea2: nop 0x12ea3: inc ah 0x12ea5: mov byte ptr es:[si], ah 0x12ea8: mov byte ptr es:[si + 1], 0x8f 0x12ead: inc si
2018-12-25T11:58:50.692786228Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00002774h/0000010100d bytes. ')
2018-12-25T11:58:50.697945898Z	48	PC: 12a8f \| Get DOS version
2018-12-25T11:58:50.69952912Z	47	PC: 9f6ac \| Get disk transfer address
2018-12-25T11:58:50.700541723Z	26	PC: 9f6ac \| Set disk transfer address (See above)
2018-12-25T11:58:50.70135605Z	78	PC: 9f6ac \| Find first file (See above)
2018-12-25T11:58:50.707446149Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:50.709867359Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:50.712249906Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:50.715632211Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:50.718757703Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:50.721057515Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:50.723607067Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:50.734713719Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:50.737164794Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:50.739615914Z	26	PC: 9f73a \| Set disk transfer address
2018-12-25T11:58:50.741082271Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T11:58:50.748179718Z	93	PC: 12afe \| File sharing functions
2018-12-25T11:58:50.751054973Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T11:58:50.75887816Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6189,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:50.894990303Z	42	PC: 12f26 \| Get date 0x12f26: cmp cx, 0x7cc 0x12f2a: jne 0x12f36 0x12f2c: cmp dh, 4 0x12f2f: ja 0x12f36 0x12f31: cmp dl, 0xf 0x12f34: jb 0x12f7f 0x12f36: mov al, 0xff 0x12f38: mov ah, 0xf 0x12f3a: xchg al, ah 0x12f3c: nop 0x12f3d: int 0x21 0x12f3f: cmp ax, 0x101 0x12f42: jne 0x12f48 0x12f44: call 0x12f83 0x12f47: nop 0x12f48: mov ax, 0x3521 0x12f4b: nop 0x12f4c: int 0x21 0x12f4e: cmp word ptr es:[0xa], 0x4254 0x12f55: jne 0x12f63
2018-12-25T11:58:50.897995971Z	255	PC: 12f3f \| UNKNOWN!
2018-12-25T11:58:50.898891035Z	53	PC: 12f4e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:50.900191616Z	240	PC: 12f7d \| UNKNOWN!
2018-12-25T11:58:50.902189214Z	44	PC: 12e7b \| Get time 0x12e7b: cmp cl, 6 0x12e7e: jne 0x12eb5 0x12e80: mov ax, 0xb800 0x12e83: mov es, ax 0x12e85: mov cx, 0x30 0x12e88: push cx 0x12e89: mov cx, 0x7c0 0x12e8c: xor si, si 0x12e8e: mov ah, byte ptr es:[si] 0x12e91: cmp ah, 0x77 0x12e94: jb 0x12ea3 0x12e96: dec ah 0x12e98: mov byte ptr es:[si], ah 0x12e9b: mov byte ptr es:[si + 1], 0x79 0x12ea0: jmp 0x12ead 0x12ea2: nop 0x12ea3: inc ah 0x12ea5: mov byte ptr es:[si], ah 0x12ea8: mov byte ptr es:[si + 1], 0x8f 0x12ead: inc si
2018-12-25T11:58:50.906292458Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00002774h/0000010100d bytes. ')
2018-12-25T11:58:50.912440961Z	48	PC: 12a8f \| Get DOS version
2018-12-25T11:58:50.91445541Z	47	PC: 9f6ac \| Get disk transfer address
2018-12-25T11:58:50.915897076Z	26	PC: 9f6ac \| Set disk transfer address (See above)
2018-12-25T11:58:50.917199519Z	78	PC: 9f6ac \| Find first file (See above)
2018-12-25T11:58:50.924477329Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:50.928140158Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:50.93131793Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:50.934091544Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:50.937277422Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:50.94002276Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:50.942788657Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:50.94721825Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:50.95008304Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:50.952666536Z	26	PC: 9f73a \| Set disk transfer address
2018-12-25T11:58:50.954224664Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T11:58:50.962258518Z	93	PC: 12afe \| File sharing functions
2018-12-25T11:58:50.964698252Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T11:58:50.970448804Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":6,"Second":0,"TimeBased":true,"OriginalID":6189,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:51.001967338Z	42	PC: 12f26 \| Get date 0x12f26: cmp cx, 0x7cc 0x12f2a: jne 0x12f36 0x12f2c: cmp dh, 4 0x12f2f: ja 0x12f36 0x12f31: cmp dl, 0xf 0x12f34: jb 0x12f7f 0x12f36: mov al, 0xff 0x12f38: mov ah, 0xf 0x12f3a: xchg al, ah 0x12f3c: nop 0x12f3d: int 0x21 0x12f3f: cmp ax, 0x101 0x12f42: jne 0x12f48 0x12f44: call 0x12f83 0x12f47: nop 0x12f48: mov ax, 0x3521 0x12f4b: nop 0x12f4c: int 0x21 0x12f4e: cmp word ptr es:[0xa], 0x4254 0x12f55: jne 0x12f63
2018-12-25T11:58:51.004747115Z	255	PC: 12f3f \| UNKNOWN!
2018-12-25T11:58:51.006102376Z	53	PC: 12f4e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:51.007720518Z	240	PC: 12f7d \| UNKNOWN!
2018-12-25T11:58:51.010188932Z	44	PC: 12e7b \| Get time 0x12e7b: cmp cl, 6 0x12e7e: jne 0x12eb5 0x12e80: mov ax, 0xb800 0x12e83: mov es, ax 0x12e85: mov cx, 0x30 0x12e88: push cx 0x12e89: mov cx, 0x7c0 0x12e8c: xor si, si 0x12e8e: mov ah, byte ptr es:[si] 0x12e91: cmp ah, 0x77 0x12e94: jb 0x12ea3 0x12e96: dec ah 0x12e98: mov byte ptr es:[si], ah 0x12e9b: mov byte ptr es:[si + 1], 0x79 0x12ea0: jmp 0x12ead 0x12ea2: nop 0x12ea3: inc ah 0x12ea5: mov byte ptr es:[si], ah 0x12ea8: mov byte ptr es:[si + 1], 0x8f 0x12ead: inc si
2018-12-25T11:58:51.072717506Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00002774h/0000010100d bytes. ')
2018-12-25T11:58:51.078030693Z	48	PC: 12a8f \| Get DOS version
2018-12-25T11:58:51.086907513Z	47	PC: 9f6ac \| Get disk transfer address
2018-12-25T11:58:51.088058546Z	26	PC: 9f6ac \| Set disk transfer address (See above)
2018-12-25T11:58:51.089073654Z	78	PC: 9f6ac \| Find first file (See above)
2018-12-25T11:58:51.095006736Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:51.097101008Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:51.09928329Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:51.101548305Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:51.103532957Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:51.105393935Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:51.107501634Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:51.109884445Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:51.111771323Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:51.113336502Z	26	PC: 9f73a \| Set disk transfer address
2018-12-25T11:58:51.115070767Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T11:58:51.121069452Z	93	PC: 12afe \| File sharing functions
2018-12-25T11:58:51.123464588Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T11:58:51.129650626Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":6,"Second":0,"TimeBased":true,"OriginalID":6189,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:51.33940585Z	42	PC: 12f26 \| Get date 0x12f26: cmp cx, 0x7cc 0x12f2a: jne 0x12f36 0x12f2c: cmp dh, 4 0x12f2f: ja 0x12f36 0x12f31: cmp dl, 0xf 0x12f34: jb 0x12f7f 0x12f36: mov al, 0xff 0x12f38: mov ah, 0xf 0x12f3a: xchg al, ah 0x12f3c: nop 0x12f3d: int 0x21 0x12f3f: cmp ax, 0x101 0x12f42: jne 0x12f48 0x12f44: call 0x12f83 0x12f47: nop 0x12f48: mov ax, 0x3521 0x12f4b: nop 0x12f4c: int 0x21 0x12f4e: cmp word ptr es:[0xa], 0x4254 0x12f55: jne 0x12f63
2018-12-25T11:58:51.342277966Z	255	PC: 12f3f \| UNKNOWN!
2018-12-25T11:58:51.343352283Z	53	PC: 12f4e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:51.344847396Z	240	PC: 12f7d \| UNKNOWN!
2018-12-25T11:58:51.346817571Z	44	PC: 12e7b \| Get time 0x12e7b: cmp cl, 6 0x12e7e: jne 0x12eb5 0x12e80: mov ax, 0xb800 0x12e83: mov es, ax 0x12e85: mov cx, 0x30 0x12e88: push cx 0x12e89: mov cx, 0x7c0 0x12e8c: xor si, si 0x12e8e: mov ah, byte ptr es:[si] 0x12e91: cmp ah, 0x77 0x12e94: jb 0x12ea3 0x12e96: dec ah 0x12e98: mov byte ptr es:[si], ah 0x12e9b: mov byte ptr es:[si + 1], 0x79 0x12ea0: jmp 0x12ead 0x12ea2: nop 0x12ea3: inc ah 0x12ea5: mov byte ptr es:[si], ah 0x12ea8: mov byte ptr es:[si + 1], 0x8f 0x12ead: inc si
2018-12-25T11:58:51.404204633Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00002774h/0000010100d bytes. ')
2018-12-25T11:58:51.4110753Z	48	PC: 12a8f \| Get DOS version
2018-12-25T11:58:51.413266144Z	47	PC: 9f6ac \| Get disk transfer address
2018-12-25T11:58:51.414544645Z	26	PC: 9f6ac \| Set disk transfer address (See above)
2018-12-25T11:58:51.415503734Z	78	PC: 9f6ac \| Find first file (See above)
2018-12-25T11:58:51.421791258Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:51.425787907Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:51.4282887Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:51.430737199Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:51.43359503Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:51.436422591Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:51.438938012Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:51.441878531Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:51.444360767Z	79	PC: 9f6ac \| Find next file (See above)
2018-12-25T11:58:51.446597629Z	26	PC: 9f73a \| Set disk transfer address
2018-12-25T11:58:51.448308892Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T11:58:51.454865225Z	93	PC: 12afe \| File sharing functions
2018-12-25T11:58:51.457120936Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T11:58:51.461905702Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')