Sample viewer

vx.netlux.org/Virus.DOS.KOV.Eddy.1386

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:56:52.651974719Z	42	PC: 12edf \| Get date 0x12edf: cmp cx, 0x7cc 0x12ee3: jne 0x12eef 0x12ee5: cmp dh, 5 0x12ee8: ja 0x12eef 0x12eea: cmp dl, 0xf 0x12eed: jb 0x12f38 0x12eef: mov al, 0xff 0x12ef1: mov ah, 0xf 0x12ef3: xchg al, ah 0x12ef5: nop 0x12ef6: int 0x21 0x12ef8: cmp ax, 0x101 0x12efb: jne 0x12f01 0x12efd: call 0x12f3c 0x12f00: nop 0x12f01: mov ax, 0x3521 0x12f04: nop 0x12f05: int 0x21 0x12f07: cmp word ptr es:[0xa], 0x4254 0x12f0e: jne 0x12f1c
2018-12-17T21:56:52.653887346Z	255	PC: 12ef8 \| UNKNOWN!
2018-12-17T21:56:52.654534057Z	53	PC: 12f07 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:56:52.65562116Z	240	PC: 12f36 \| UNKNOWN!
2018-12-17T21:56:52.657255236Z	44	PC: 12e52 \| Get time 0x12e52: cmp cl, 6 0x12e55: jne 0x12e6e 0x12e57: mov ah, 0x19 0x12e59: int 0x21 0x12e5b: mov dl, al 0x12e5d: mov ah, 5 0x12e5f: mov al, 9 0x12e61: mov bx, 0x626 0x12e64: push cs 0x12e65: pop es 0x12e66: mov ch, 0 0x12e68: mov cl, 1 0x12e6a: mov dh, 0 0x12e6c: int 0x13 0x12e6e: pop si 0x12e6f: ret 0x12e70: push ds 0x12e71: mov ax, ds 0x12e73: xor bx, bx 0x12e75: mov dx, si
2018-12-17T21:56:52.65879442Z	25	PC: 12e5b \| Get default drive
2018-12-17T21:56:52.677259082Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00002774h/0000010100d bytes. ')
2018-12-17T21:56:52.68965149Z	48	PC: 12a8f \| Get DOS version
2018-12-17T21:56:52.69080013Z	47	PC: 9f6c3 \| Get disk transfer address
2018-12-17T21:56:52.691633802Z	26	PC: 9f6c3 \| Set disk transfer address
2018-12-17T21:56:52.692999966Z	78	PC: 9f6c3 \| Find first file
2018-12-17T21:56:52.698642453Z	79	PC: 9f6c3 \| Find next file
2018-12-17T21:56:52.700972996Z	79	PC: 9f6c3 \| Find next file
2018-12-17T21:56:52.703590049Z	79	PC: 9f6c3 \| Find next file
2018-12-17T21:56:52.706049941Z	79	PC: 9f6c3 \| Find next file
2018-12-17T21:56:52.708331195Z	79	PC: 9f6c3 \| Find next file
2018-12-17T21:56:52.71079738Z	79	PC: 9f6c3 \| Find next file
2018-12-17T21:56:52.713321178Z	79	PC: 9f6c3 \| Find next file
2018-12-17T21:56:52.715550151Z	79	PC: 9f6c3 \| Find next file
2018-12-17T21:56:52.718001679Z	79	PC: 9f6c3 \| Find next file
2018-12-17T21:56:52.720709243Z	26	PC: 9f751 \| Set disk transfer address
2018-12-17T21:56:52.722044314Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-17T21:56:52.729953438Z	93	PC: 12afe \| File sharing functions
2018-12-17T21:56:52.732507837Z	9	PC: 12a86 \| Display string (String= 'Size change=056Ah/01386d. ')
2018-12-17T21:56:52.736563701Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":750,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:56.125918536Z	42	PC: 12edf \| Get date 0x12edf: cmp cx, 0x7cc 0x12ee3: jne 0x12eef 0x12ee5: cmp dh, 5 0x12ee8: ja 0x12eef 0x12eea: cmp dl, 0xf 0x12eed: jb 0x12f38 0x12eef: mov al, 0xff 0x12ef1: mov ah, 0xf 0x12ef3: xchg al, ah 0x12ef5: nop 0x12ef6: int 0x21 0x12ef8: cmp ax, 0x101 0x12efb: jne 0x12f01 0x12efd: call 0x12f3c 0x12f00: nop 0x12f01: mov ax, 0x3521 0x12f04: nop 0x12f05: int 0x21 0x12f07: cmp word ptr es:[0xa], 0x4254 0x12f0e: jne 0x12f1c
2018-12-25T11:41:56.127854672Z	255	PC: 12ef8 \| UNKNOWN!
2018-12-25T11:41:56.129075986Z	53	PC: 12f07 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:41:56.130207304Z	240	PC: 12f36 \| UNKNOWN!
2018-12-25T11:41:56.138589592Z	44	PC: 12e52 \| Get time 0x12e52: cmp cl, 6 0x12e55: jne 0x12e6e 0x12e57: mov ah, 0x19 0x12e59: int 0x21 0x12e5b: mov dl, al 0x12e5d: mov ah, 5 0x12e5f: mov al, 9 0x12e61: mov bx, 0x626 0x12e64: push cs 0x12e65: pop es 0x12e66: mov ch, 0 0x12e68: mov cl, 1 0x12e6a: mov dh, 0 0x12e6c: int 0x13 0x12e6e: pop si 0x12e6f: ret 0x12e70: push ds 0x12e71: mov ax, ds 0x12e73: xor bx, bx 0x12e75: mov dx, si
2018-12-25T11:41:56.140528553Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00002774h/0000010100d bytes. ')
2018-12-25T11:41:56.143924949Z	48	PC: 12a8f \| Get DOS version
2018-12-25T11:41:56.145449346Z	47	PC: 9f6c3 \| Get disk transfer address
2018-12-25T11:41:56.146436631Z	26	PC: 9f6c3 \| Set disk transfer address (See above)
2018-12-25T11:41:56.147352475Z	78	PC: 9f6c3 \| Find first file (See above)
2018-12-25T11:41:56.15366373Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.156018161Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.158440892Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.161624363Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.163991047Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.166471119Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.169235457Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.171560678Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.174586756Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.177295917Z	26	PC: 9f751 \| Set disk transfer address
2018-12-25T11:41:56.178308448Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T11:41:56.184637048Z	93	PC: 12afe \| File sharing functions
2018-12-25T11:41:56.187040833Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T11:41:56.198338451Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":750,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:56.197862999Z	42	PC: 12edf \| Get date 0x12edf: cmp cx, 0x7cc 0x12ee3: jne 0x12eef 0x12ee5: cmp dh, 5 0x12ee8: ja 0x12eef 0x12eea: cmp dl, 0xf 0x12eed: jb 0x12f38 0x12eef: mov al, 0xff 0x12ef1: mov ah, 0xf 0x12ef3: xchg al, ah 0x12ef5: nop 0x12ef6: int 0x21 0x12ef8: cmp ax, 0x101 0x12efb: jne 0x12f01 0x12efd: call 0x12f3c 0x12f00: nop 0x12f01: mov ax, 0x3521 0x12f04: nop 0x12f05: int 0x21 0x12f07: cmp word ptr es:[0xa], 0x4254 0x12f0e: jne 0x12f1c
2018-12-25T11:41:56.200403078Z	255	PC: 12ef8 \| UNKNOWN!
2018-12-25T11:41:56.201288048Z	53	PC: 12f07 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:41:56.204055351Z	240	PC: 12f36 \| UNKNOWN!
2018-12-25T11:41:56.206040126Z	44	PC: 12e52 \| Get time 0x12e52: cmp cl, 6 0x12e55: jne 0x12e6e 0x12e57: mov ah, 0x19 0x12e59: int 0x21 0x12e5b: mov dl, al 0x12e5d: mov ah, 5 0x12e5f: mov al, 9 0x12e61: mov bx, 0x626 0x12e64: push cs 0x12e65: pop es 0x12e66: mov ch, 0 0x12e68: mov cl, 1 0x12e6a: mov dh, 0 0x12e6c: int 0x13 0x12e6e: pop si 0x12e6f: ret 0x12e70: push ds 0x12e71: mov ax, ds 0x12e73: xor bx, bx 0x12e75: mov dx, si
2018-12-25T11:41:56.209275507Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00002774h/0000010100d bytes. ')
2018-12-25T11:41:56.215356624Z	48	PC: 12a8f \| Get DOS version
2018-12-25T11:41:56.217455242Z	47	PC: 9f6c3 \| Get disk transfer address
2018-12-25T11:41:56.224701935Z	26	PC: 9f6c3 \| Set disk transfer address (See above)
2018-12-25T11:41:56.225808071Z	78	PC: 9f6c3 \| Find first file (See above)
2018-12-25T11:41:56.232824599Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.235783513Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.238656919Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.24230978Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.245429084Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.248613077Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.251267765Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.254368137Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.256928086Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.259685316Z	26	PC: 9f751 \| Set disk transfer address
2018-12-25T11:41:56.261263617Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T11:41:56.268504231Z	93	PC: 12afe \| File sharing functions
2018-12-25T11:41:56.270545617Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T11:41:56.275530529Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":6,"Second":0,"TimeBased":true,"OriginalID":750,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:56.345587589Z	42	PC: 12edf \| Get date 0x12edf: cmp cx, 0x7cc 0x12ee3: jne 0x12eef 0x12ee5: cmp dh, 5 0x12ee8: ja 0x12eef 0x12eea: cmp dl, 0xf 0x12eed: jb 0x12f38 0x12eef: mov al, 0xff 0x12ef1: mov ah, 0xf 0x12ef3: xchg al, ah 0x12ef5: nop 0x12ef6: int 0x21 0x12ef8: cmp ax, 0x101 0x12efb: jne 0x12f01 0x12efd: call 0x12f3c 0x12f00: nop 0x12f01: mov ax, 0x3521 0x12f04: nop 0x12f05: int 0x21 0x12f07: cmp word ptr es:[0xa], 0x4254 0x12f0e: jne 0x12f1c
2018-12-25T11:41:56.348557371Z	255	PC: 12ef8 \| UNKNOWN!
2018-12-25T11:41:56.349773634Z	53	PC: 12f07 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:41:56.351219614Z	240	PC: 12f36 \| UNKNOWN!
2018-12-25T11:41:56.352703494Z	44	PC: 12e52 \| Get time 0x12e52: cmp cl, 6 0x12e55: jne 0x12e6e 0x12e57: mov ah, 0x19 0x12e59: int 0x21 0x12e5b: mov dl, al 0x12e5d: mov ah, 5 0x12e5f: mov al, 9 0x12e61: mov bx, 0x626 0x12e64: push cs 0x12e65: pop es 0x12e66: mov ch, 0 0x12e68: mov cl, 1 0x12e6a: mov dh, 0 0x12e6c: int 0x13 0x12e6e: pop si 0x12e6f: ret 0x12e70: push ds 0x12e71: mov ax, ds 0x12e73: xor bx, bx 0x12e75: mov dx, si
2018-12-25T11:41:56.355475795Z	25	PC: 12e5b \| Get default drive
2018-12-25T11:41:56.36076137Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00002774h/0000010100d bytes. ')
2018-12-25T11:41:56.367242951Z	48	PC: 12a8f \| Get DOS version
2018-12-25T11:41:56.36918652Z	47	PC: 9f6c3 \| Get disk transfer address
2018-12-25T11:41:56.370486152Z	26	PC: 9f6c3 \| Set disk transfer address (See above)
2018-12-25T11:41:56.371782329Z	78	PC: 9f6c3 \| Find first file (See above)
2018-12-25T11:41:56.379160943Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.382059366Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.384894181Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.388213453Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.391456061Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.394505555Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.398441815Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.402023946Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.404783322Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.407697051Z	26	PC: 9f751 \| Set disk transfer address
2018-12-25T11:41:56.408813026Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T11:41:56.416164058Z	93	PC: 12afe \| File sharing functions
2018-12-25T11:41:56.418786936Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T11:41:56.423669158Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":6,"Second":0,"TimeBased":true,"OriginalID":750,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:56.369007463Z	42	PC: 12edf \| Get date 0x12edf: cmp cx, 0x7cc 0x12ee3: jne 0x12eef 0x12ee5: cmp dh, 5 0x12ee8: ja 0x12eef 0x12eea: cmp dl, 0xf 0x12eed: jb 0x12f38 0x12eef: mov al, 0xff 0x12ef1: mov ah, 0xf 0x12ef3: xchg al, ah 0x12ef5: nop 0x12ef6: int 0x21 0x12ef8: cmp ax, 0x101 0x12efb: jne 0x12f01 0x12efd: call 0x12f3c 0x12f00: nop 0x12f01: mov ax, 0x3521 0x12f04: nop 0x12f05: int 0x21 0x12f07: cmp word ptr es:[0xa], 0x4254 0x12f0e: jne 0x12f1c
2018-12-25T11:41:56.37279707Z	255	PC: 12ef8 \| UNKNOWN!
2018-12-25T11:41:56.373593432Z	53	PC: 12f07 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:41:56.37481344Z	240	PC: 12f36 \| UNKNOWN!
2018-12-25T11:41:56.376468297Z	44	PC: 12e52 \| Get time 0x12e52: cmp cl, 6 0x12e55: jne 0x12e6e 0x12e57: mov ah, 0x19 0x12e59: int 0x21 0x12e5b: mov dl, al 0x12e5d: mov ah, 5 0x12e5f: mov al, 9 0x12e61: mov bx, 0x626 0x12e64: push cs 0x12e65: pop es 0x12e66: mov ch, 0 0x12e68: mov cl, 1 0x12e6a: mov dh, 0 0x12e6c: int 0x13 0x12e6e: pop si 0x12e6f: ret 0x12e70: push ds 0x12e71: mov ax, ds 0x12e73: xor bx, bx 0x12e75: mov dx, si
2018-12-25T11:41:56.378804291Z	25	PC: 12e5b \| Get default drive
2018-12-25T11:41:56.383978608Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00002774h/0000010100d bytes. ')
2018-12-25T11:41:56.390510093Z	48	PC: 12a8f \| Get DOS version
2018-12-25T11:41:56.392264419Z	47	PC: 9f6c3 \| Get disk transfer address
2018-12-25T11:41:56.393462873Z	26	PC: 9f6c3 \| Set disk transfer address (See above)
2018-12-25T11:41:56.395002125Z	78	PC: 9f6c3 \| Find first file (See above)
2018-12-25T11:41:56.403544692Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.406224967Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.40969295Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.413697111Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.416430827Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.419536936Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.423307959Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.426191967Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.429144461Z	79	PC: 9f6c3 \| Find next file (See above)
2018-12-25T11:41:56.432416346Z	26	PC: 9f751 \| Set disk transfer address
2018-12-25T11:41:56.433605902Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T11:41:56.440901015Z	93	PC: 12afe \| File sharing functions
2018-12-25T11:41:56.443587191Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T11:41:56.448416832Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')