Sample viewer

vx.netlux.org/Virus.DOS.Codr.1402

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:15:37.205478466Z 82 PC: 13286 | Get DOS internal pointers (SYSVARS)
2018-12-17T23:15:37.208338586Z 98 PC: 132f4 | Get current PSP
2018-12-17T23:15:37.209148383Z 42 PC: 136a2 | Get date 0x136a2: cmp al, 5
0x136a4: jne 0x136ae
0x136a6: cmp dl, 0xd
0x136a9: jne 0x136ae
0x136ab: call 0x2367d
0x136ae: cmp dl, 0x15
0x136b1: jne 0x136bf
0x136b3: mov ah, 0x2c
0x136b5: int 0x21
0x136b7: cmp ch, 0xc
0x136ba: jae 0x136bf
0x136bc: call 0x2366a
0x136bf: pop dx
0x136c0: pop cx
0x136c1: pop ax
0x136c2: ret
0x136c3: push cs
0x136c4: pop ds
0x136c5: mov ax, word ptr [0]
0x136c8: push ax
2018-12-17T23:15:37.211438514Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-17T23:15:37.21762272Z 48 PC: 12a8f | Get DOS version
2018-12-17T23:15:37.219965131Z 67 PC: 9f790 | Get or set file attributes
2018-12-17T23:15:37.225878077Z 67 PC: 9f790 | Get or set file attributes
2018-12-17T23:15:39.382255067Z 61 PC: 9f790 | Open file (Filename = '�&�')
2018-12-17T23:15:39.515019132Z 87 PC: 9f790 | Get or set file date and time
2018-12-17T23:15:39.516772148Z 63 PC: 9f790 | Read file or device (Read 24 bytes on handle 5)
2018-12-17T23:15:39.538475118Z 87 PC: 9f790 | Get or set file date and time
2018-12-17T23:15:39.540645529Z 62 PC: 9f790 | Close file
2018-12-17T23:15:39.6121959Z 67 PC: 9f790 | Get or set file attributes
2018-12-17T23:15:39.661061339Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-17T23:15:39.670779823Z 93 PC: 12afe | File sharing functions
2018-12-17T23:15:39.673087121Z 9 PC: 12a86 | Display string (String= 'Size change=057Ah/01402d. ')
2018-12-17T23:15:39.678764452Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":21,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7110,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:51.967016558Z 82 PC: 13286 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:00:51.970567403Z 98 PC: 132f4 | Get current PSP
2018-12-25T12:00:51.972413706Z 42 PC: 136a2 | Get date 0x136a2: cmp al, 5
0x136a4: jne 0x136ae
0x136a6: cmp dl, 0xd
0x136a9: jne 0x136ae
0x136ab: call 0x2367d
0x136ae: cmp dl, 0x15
0x136b1: jne 0x136bf
0x136b3: mov ah, 0x2c
0x136b5: int 0x21
0x136b7: cmp ch, 0xc
0x136ba: jae 0x136bf
0x136bc: call 0x2366a
0x136bf: pop dx
0x136c0: pop cx
0x136c1: pop ax
0x136c2: ret
0x136c3: push cs
0x136c4: pop ds
0x136c5: mov ax, word ptr [0]
0x136c8: push ax
2018-12-25T12:00:51.974957477Z 44 PC: 136b7 | Get time 0x136b7: cmp ch, 0xc
0x136ba: jae 0x136bf
0x136bc: call 0x2366a
0x136bf: pop dx
0x136c0: pop cx
0x136c1: pop ax
0x136c2: ret
0x136c3: push cs
0x136c4: pop ds
0x136c5: mov ax, word ptr [0]
0x136c8: push ax
0x136c9: xor dx, dx
0x136cb: mov bx, word ptr cs:[0x569]
0x136d0: mov ah, 0x40
0x136d2: mov cx, 0x6b
0x136d5: call 0x235fe
0x136d8: mov di, 0x6b
0x136db: mov cx, 0x57a
0x136de: sub cx, di
0x136e0: push cx
2018-12-25T12:00:51.978275157Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:00:51.984319973Z 48 PC: 12a8f | Get DOS version
2018-12-25T12:00:51.98656211Z 67 PC: 9f790 | Get or set file attributes
2018-12-25T12:00:51.994401446Z 67 PC: 9f790 | Get or set file attributes (See above)
2018-12-25T12:00:52.028434317Z 61 PC: 9f790 | Open file (See above)
2018-12-25T12:00:52.035636153Z 87 PC: 9f790 | Get or set file date and time (See above)
2018-12-25T12:00:52.036910909Z 63 PC: 9f790 | Read file or device (See above)
2018-12-25T12:00:52.040637319Z 87 PC: 9f790 | Get or set file date and time (See above)
2018-12-25T12:00:52.041944574Z 62 PC: 9f790 | Close file (See above)
2018-12-25T12:00:52.049032646Z 67 PC: 9f790 | Get or set file attributes (See above)
2018-12-25T12:00:52.060354424Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T12:00:52.067159178Z 93 PC: 12afe | File sharing functions
2018-12-25T12:00:52.068876499Z 9 PC: 12a86 | Display string (See above)
2018-12-25T12:00:52.074470938Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":21,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7110,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:52.156231573Z 82 PC: 13286 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:00:52.158485684Z 98 PC: 132f4 | Get current PSP
2018-12-25T12:00:52.159617201Z 42 PC: 136a2 | Get date 0x136a2: cmp al, 5
0x136a4: jne 0x136ae
0x136a6: cmp dl, 0xd
0x136a9: jne 0x136ae
0x136ab: call 0x2367d
0x136ae: cmp dl, 0x15
0x136b1: jne 0x136bf
0x136b3: mov ah, 0x2c
0x136b5: int 0x21
0x136b7: cmp ch, 0xc
0x136ba: jae 0x136bf
0x136bc: call 0x2366a
0x136bf: pop dx
0x136c0: pop cx
0x136c1: pop ax
0x136c2: ret
0x136c3: push cs
0x136c4: pop ds
0x136c5: mov ax, word ptr [0]
0x136c8: push ax
2018-12-25T12:00:52.16195375Z 44 PC: 136b7 | Get time 0x136b7: cmp ch, 0xc
0x136ba: jae 0x136bf
0x136bc: call 0x2366a
0x136bf: pop dx
0x136c0: pop cx
0x136c1: pop ax
0x136c2: ret
0x136c3: push cs
0x136c4: pop ds
0x136c5: mov ax, word ptr [0]
0x136c8: push ax
0x136c9: xor dx, dx
0x136cb: mov bx, word ptr cs:[0x569]
0x136d0: mov ah, 0x40
0x136d2: mov cx, 0x6b
0x136d5: call 0x235fe
0x136d8: mov di, 0x6b
0x136db: mov cx, 0x57a
0x136de: sub cx, di
0x136e0: push cx
2018-12-25T12:00:52.165443618Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:00:52.170958658Z 48 PC: 12a8f | Get DOS version
2018-12-25T12:00:52.174450125Z 67 PC: 9f790 | Get or set file attributes
2018-12-25T12:00:52.18276466Z 67 PC: 9f790 | Get or set file attributes (See above)
2018-12-25T12:00:52.199011182Z 61 PC: 9f790 | Open file (See above)
2018-12-25T12:00:52.205798228Z 87 PC: 9f790 | Get or set file date and time (See above)
2018-12-25T12:00:52.208155217Z 63 PC: 9f790 | Read file or device (See above)
2018-12-25T12:00:52.212905505Z 87 PC: 9f790 | Get or set file date and time (See above)
2018-12-25T12:00:52.215011387Z 62 PC: 9f790 | Close file (See above)
2018-12-25T12:00:52.222097644Z 67 PC: 9f790 | Get or set file attributes (See above)
2018-12-25T12:00:52.232137733Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T12:00:52.23868739Z 93 PC: 12afe | File sharing functions
2018-12-25T12:00:52.240086992Z 9 PC: 12a86 | Display string (See above)
2018-12-25T12:00:52.243809169Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7110,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:52.839112924Z 82 PC: 13286 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:00:52.841739756Z 98 PC: 132f4 | Get current PSP
2018-12-25T12:00:52.842913183Z 42 PC: 136a2 | Get date 0x136a2: cmp al, 5
0x136a4: jne 0x136ae
0x136a6: cmp dl, 0xd
0x136a9: jne 0x136ae
0x136ab: call 0x2367d
0x136ae: cmp dl, 0x15
0x136b1: jne 0x136bf
0x136b3: mov ah, 0x2c
0x136b5: int 0x21
0x136b7: cmp ch, 0xc
0x136ba: jae 0x136bf
0x136bc: call 0x2366a
0x136bf: pop dx
0x136c0: pop cx
0x136c1: pop ax
0x136c2: ret
0x136c3: push cs
0x136c4: pop ds
0x136c5: mov ax, word ptr [0]
0x136c8: push ax

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7110,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:52.972950418Z 82 PC: 13286 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:00:52.97517123Z 98 PC: 132f4 | Get current PSP
2018-12-25T12:00:52.976621437Z 42 PC: 136a2 | Get date 0x136a2: cmp al, 5
0x136a4: jne 0x136ae
0x136a6: cmp dl, 0xd
0x136a9: jne 0x136ae
0x136ab: call 0x2367d
0x136ae: cmp dl, 0x15
0x136b1: jne 0x136bf
0x136b3: mov ah, 0x2c
0x136b5: int 0x21
0x136b7: cmp ch, 0xc
0x136ba: jae 0x136bf
0x136bc: call 0x2366a
0x136bf: pop dx
0x136c0: pop cx
0x136c1: pop ax
0x136c2: ret
0x136c3: push cs
0x136c4: pop ds
0x136c5: mov ax, word ptr [0]
0x136c8: push ax
2018-12-25T12:00:52.979253814Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:00:52.985380615Z 48 PC: 12a8f | Get DOS version
2018-12-25T12:00:52.987650381Z 67 PC: 9f790 | Get or set file attributes
2018-12-25T12:00:52.994347553Z 67 PC: 9f790 | Get or set file attributes (See above)
2018-12-25T12:00:53.011385268Z 61 PC: 9f790 | Open file (See above)
2018-12-25T12:00:53.024069109Z 87 PC: 9f790 | Get or set file date and time (See above)
2018-12-25T12:00:53.026519659Z 63 PC: 9f790 | Read file or device (See above)
2018-12-25T12:00:53.033769378Z 87 PC: 9f790 | Get or set file date and time (See above)
2018-12-25T12:00:53.035899968Z 62 PC: 9f790 | Close file (See above)
2018-12-25T12:00:53.044563719Z 67 PC: 9f790 | Get or set file attributes (See above)
2018-12-25T12:00:53.055381699Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T12:00:53.062984895Z 93 PC: 12afe | File sharing functions
2018-12-25T12:00:53.065202684Z 9 PC: 12a86 | Display string (See above)
2018-12-25T12:00:53.070395612Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7110,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:53.244558355Z 82 PC: 13286 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:00:53.249461637Z 98 PC: 132f4 | Get current PSP
2018-12-25T12:00:53.251178792Z 42 PC: 136a2 | Get date 0x136a2: cmp al, 5
0x136a4: jne 0x136ae
0x136a6: cmp dl, 0xd
0x136a9: jne 0x136ae
0x136ab: call 0x2367d
0x136ae: cmp dl, 0x15
0x136b1: jne 0x136bf
0x136b3: mov ah, 0x2c
0x136b5: int 0x21
0x136b7: cmp ch, 0xc
0x136ba: jae 0x136bf
0x136bc: call 0x2366a
0x136bf: pop dx
0x136c0: pop cx
0x136c1: pop ax
0x136c2: ret
0x136c3: push cs
0x136c4: pop ds
0x136c5: mov ax, word ptr [0]
0x136c8: push ax
2018-12-25T12:00:53.254572318Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:00:53.260898072Z 48 PC: 12a8f | Get DOS version
2018-12-25T12:00:53.264189292Z 67 PC: 9f790 | Get or set file attributes
2018-12-25T12:00:53.271175282Z 67 PC: 9f790 | Get or set file attributes (See above)
2018-12-25T12:00:53.296829767Z 61 PC: 9f790 | Open file (See above)
2018-12-25T12:00:53.312773753Z 87 PC: 9f790 | Get or set file date and time (See above)
2018-12-25T12:00:53.314500706Z 63 PC: 9f790 | Read file or device (See above)
2018-12-25T12:00:53.325028463Z 87 PC: 9f790 | Get or set file date and time (See above)
2018-12-25T12:00:53.330695701Z 62 PC: 9f790 | Close file (See above)
2018-12-25T12:00:53.338906721Z 67 PC: 9f790 | Get or set file attributes (See above)
2018-12-25T12:00:53.35076059Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T12:00:53.359694241Z 93 PC: 12afe | File sharing functions
2018-12-25T12:00:53.361726706Z 9 PC: 12a86 | Display string (See above)
2018-12-25T12:00:53.366231876Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')