Sample viewer

vx.netlux.org/Virus.DOS.Gdog.832

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:35:11.895456449Z 195 PC: 12a50 | UNKNOWN!
2018-12-17T22:35:11.896458071Z 202 PC: 12a77 | UNKNOWN!
2018-12-17T22:35:11.913526764Z 53 PC: 12a81 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:35:11.914394003Z 74 PC: 12aa3 | Reallocate memory
2018-12-17T22:35:11.915345922Z 72 PC: 12aa9 | Allocate memory
2018-12-17T22:35:11.916928821Z 37 PC: 12adb | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:35:11.917736018Z 42 PC: 12adf | Get date 0x12adf: cmp dx, 0x819
0x12ae3: jne 0x12b04
0x12ae5: push cs
0x12ae6: pop ds
0x12ae7: lea dx, word ptr [bp + 0x1b3]
0x12aeb: mov ah, 9
0x12aed: int 0x21
0x12aef: mov ah, 0x4c
0x12af1: int 0x21
0x12af3: sub byte ptr [bp + di + 0x29], ah
0x12af6: and byte ptr [bp + si + 0x79], ah
0x12af9: and byte ptr [bx + 0x68], al
0x12afc: outsw dx, word ptr [si]
0x12afd: jae 0x12b73
0x12aff: inc sp
0x12b00: outsw dx, word ptr [si]
0x12b01: pop es
0x12b03: and al, 0x1f
0x12b05: pop es
0x12b06: mov ax, ds

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6330,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:09.440838533Z 195 PC: 12a50 | UNKNOWN!
2018-12-25T11:59:09.442715923Z 202 PC: 12a77 | UNKNOWN!
2018-12-25T11:59:09.445835095Z 53 PC: 12a81 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:09.447561217Z 74 PC: 12aa3 | Reallocate memory
2018-12-25T11:59:09.450274954Z 72 PC: 12aa9 | Allocate memory
2018-12-25T11:59:09.452702244Z 37 PC: 12adb | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:09.453839872Z 42 PC: 12adf | Get date 0x12adf: cmp dx, 0x819
0x12ae3: jne 0x12b04
0x12ae5: push cs
0x12ae6: pop ds
0x12ae7: lea dx, word ptr [bp + 0x1b3]
0x12aeb: mov ah, 9
0x12aed: int 0x21
0x12aef: mov ah, 0x4c
0x12af1: int 0x21
0x12af3: sub byte ptr [bp + di + 0x29], ah
0x12af6: and byte ptr [bp + si + 0x79], ah
0x12af9: and byte ptr [bx + 0x68], al
0x12afc: outsw dx, word ptr [si]
0x12afd: jae 0x12b73
0x12aff: inc sp
0x12b00: outsw dx, word ptr [si]
0x12b01: pop es
0x12b03: and al, 0x1f
0x12b05: pop es
0x12b06: mov ax, ds

{"DateBased":true,"Day":25,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6330,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:09.481152314Z 195 PC: 12a50 | UNKNOWN!
2018-12-25T11:59:09.48272776Z 202 PC: 12a77 | UNKNOWN!
2018-12-25T11:59:09.483700493Z 53 PC: 12a81 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:09.48509089Z 74 PC: 12aa3 | Reallocate memory
2018-12-25T11:59:09.486854151Z 72 PC: 12aa9 | Allocate memory
2018-12-25T11:59:09.489217917Z 37 PC: 12adb | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:09.49044622Z 42 PC: 12adf | Get date 0x12adf: cmp dx, 0x819
0x12ae3: jne 0x12b04
0x12ae5: push cs
0x12ae6: pop ds
0x12ae7: lea dx, word ptr [bp + 0x1b3]
0x12aeb: mov ah, 9
0x12aed: int 0x21
0x12aef: mov ah, 0x4c
0x12af1: int 0x21
0x12af3: sub byte ptr [bp + di + 0x29], ah
0x12af6: and byte ptr [bp + si + 0x79], ah
0x12af9: and byte ptr [bx + 0x68], al
0x12afc: outsw dx, word ptr [si]
0x12afd: jae 0x12b73
0x12aff: inc sp
0x12b00: outsw dx, word ptr [si]
0x12b01: pop es
0x12b03: and al, 0x1f
0x12b05: pop es
0x12b06: mov ax, ds
2018-12-25T11:59:09.492826748Z 9 PC: 12aef | Display string (String= '(c) by GhostDog')
2018-12-25T11:59:09.496127863Z 76 PC: 12af3 | Terminate with return code (Return code = '36')