Sample viewer

vx.netlux.org/Virus.DOS.Havjiva.492

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:39:54.722467237Z 128 PC: 13279 | UNKNOWN!
2018-12-17T22:39:54.723685628Z 42 PC: 1329f | Get date 0x1329f: cmp dh, 5
0x132a2: jne 0x132db
0x132a4: mov cx, 0x7d0
0x132a7: mov di, 0xb800
0x132aa: mov es, di
0x132ac: xor di, di
0x132ae: mov ax, 0xa20
0x132b1: rep stosd dword ptr es:[di], eax
0x132b3: mov ah, 1
0x132b5: mov cx, 0x220f
0x132b8: int 0x42
0x132ba: mov si, 0x1ab
0x132bd: pop di
0x132be: add si, di
0x132c0: mov di, 0x700
0x132c3: mov cx, 0x2f
0x132c6: mov ah, 0xa
0x132c8: lodsb al, byte ptr [si]
0x132c9: neg al
0x132cb: stosw word ptr es:[di], ax
2018-12-17T22:39:54.727599757Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-17T22:39:54.745980187Z 48 PC: 12a8f | Get DOS version
2018-12-17T22:39:54.749046733Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-17T22:39:54.768315192Z 93 PC: 12afe | File sharing functions
2018-12-17T22:39:54.771271942Z 9 PC: 12a86 | Display string (String= 'Size change=01ECh/00492d. ')
2018-12-17T22:39:54.776286169Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6867,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:25.712376439Z 128 PC: 13279 | UNKNOWN!
2018-12-25T12:00:25.713356351Z 42 PC: 1329f | Get date 0x1329f: cmp dh, 5
0x132a2: jne 0x132db
0x132a4: mov cx, 0x7d0
0x132a7: mov di, 0xb800
0x132aa: mov es, di
0x132ac: xor di, di
0x132ae: mov ax, 0xa20
0x132b1: rep stosd dword ptr es:[di], eax
0x132b3: mov ah, 1
0x132b5: mov cx, 0x220f
0x132b8: int 0x42
0x132ba: mov si, 0x1ab
0x132bd: pop di
0x132be: add si, di
0x132c0: mov di, 0x700
0x132c3: mov cx, 0x2f
0x132c6: mov ah, 0xa
0x132c8: lodsb al, byte ptr [si]
0x132c9: neg al
0x132cb: stosw word ptr es:[di], ax

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6867,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:25.952102328Z 128 PC: 13279 | UNKNOWN!
2018-12-25T12:00:25.953993782Z 42 PC: 1329f | Get date 0x1329f: cmp dh, 5
0x132a2: jne 0x132db
0x132a4: mov cx, 0x7d0
0x132a7: mov di, 0xb800
0x132aa: mov es, di
0x132ac: xor di, di
0x132ae: mov ax, 0xa20
0x132b1: rep stosd dword ptr es:[di], eax
0x132b3: mov ah, 1
0x132b5: mov cx, 0x220f
0x132b8: int 0x42
0x132ba: mov si, 0x1ab
0x132bd: pop di
0x132be: add si, di
0x132c0: mov di, 0x700
0x132c3: mov cx, 0x2f
0x132c6: mov ah, 0xa
0x132c8: lodsb al, byte ptr [si]
0x132c9: neg al
0x132cb: stosw word ptr es:[di], ax
2018-12-25T12:00:25.956819423Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:00:25.963177484Z 48 PC: 12a8f | Get DOS version
2018-12-25T12:00:25.965187658Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T12:00:25.973047275Z 93 PC: 12afe | File sharing functions
2018-12-25T12:00:25.975646385Z 9 PC: 12a86 | Display string (See above)
2018-12-25T12:00:25.980750917Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')