Sample viewer

vx.netlux.org/Virus.DOS.Corrupt.658

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:51:05.336978909Z	2	PC: 12a48 \| Character output (Char = '00')
2018-12-17T21:51:05.342400615Z	42	PC: 12bc4 \| Get date 0x12bc4: cmp dl, 0xd 0x12bc7: jne 0x12bd1 0x12bc9: call 0x22b4b 0x12bcc: ljmp 0xf000:0xfff0 0x12bd1: ret 0x12bd2: mov ah, 0x3b 0x12bd4: mov dx, 0x361 0x12bd7: int 0x21 0x12bd9: ret 0x12bda: mov ah, 0x3b 0x12bdc: mov dx, 0x321 0x12bdf: int 0x21 0x12be1: ret 0x12be2: xor byte ptr [di], 0xcb 0x12be5: inc di 0x12be6: loop 0x12be2 0x12be8: ret 0x12be9: push ax 0x12bea: push bx 0x12beb: push cx
2018-12-17T21:51:05.344806363Z	37	PC: 12a62 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:51:05.346125697Z	71	PC: 12a7b \| Get current directory
2018-12-17T21:51:05.350026758Z	78	PC: 12a92 \| Find first file
2018-12-17T21:51:05.354413485Z	78	PC: 12c01 \| Find first file
2018-12-17T21:51:05.365033557Z	62	PC: 12c36 \| Close file
2018-12-17T21:51:05.367298035Z	59	PC: 12bd9 \| Change current directory
2018-12-17T21:51:05.385809443Z	59	PC: 12be1 \| Change current directory
2018-12-17T21:51:05.387813169Z	9	PC: 13908 \| Display string (String= 'Goat file (COM/b...). Size=00000FA0h/0000004000d bytes. ')
2018-12-17T21:51:05.393037817Z	48	PC: 13911 \| Get DOS version
2018-12-17T21:51:05.394669838Z	61	PC: 139de \| Open file (Filename = '')
2018-12-17T21:51:05.401956126Z	93	PC: 13980 \| File sharing functions
2018-12-17T21:51:05.404217042Z	9	PC: 13908 \| Display string (String= 'Size change=0292h/00658d. ')
2018-12-17T21:51:05.409233368Z	76	PC: 13965 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":81,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:39:51.001000829Z	2	PC: 12a48 \| Character output (Char = '00')
2018-12-25T11:39:51.00384624Z	42	PC: 12bc4 \| Get date 0x12bc4: cmp dl, 0xd 0x12bc7: jne 0x12bd1 0x12bc9: call 0x22b4b 0x12bcc: ljmp 0xf000:0xfff0 0x12bd1: ret 0x12bd2: mov ah, 0x3b 0x12bd4: mov dx, 0x361 0x12bd7: int 0x21 0x12bd9: ret 0x12bda: mov ah, 0x3b 0x12bdc: mov dx, 0x321 0x12bdf: int 0x21 0x12be1: ret 0x12be2: xor byte ptr [di], 0xcb 0x12be5: inc di 0x12be6: loop 0x12be2 0x12be8: ret 0x12be9: push ax 0x12bea: push bx 0x12beb: push cx
2018-12-25T11:39:51.006102865Z	37	PC: 12a62 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:39:51.007061072Z	71	PC: 12a7b \| Get current directory
2018-12-25T11:39:51.009955983Z	78	PC: 12a92 \| Find first file
2018-12-25T11:39:51.016043195Z	78	PC: 12c01 \| Find first file
2018-12-25T11:39:51.022635642Z	62	PC: 12c36 \| Close file
2018-12-25T11:39:51.025068343Z	59	PC: 12bd9 \| Change current directory
2018-12-25T11:39:51.030082749Z	59	PC: 12be1 \| Change current directory
2018-12-25T11:39:51.031648623Z	9	PC: 13908 \| Display string (String= 'Goat file (COM/b...). Size=00000FA0h/0000004000d bytes. ')
2018-12-25T11:39:51.035016486Z	48	PC: 13911 \| Get DOS version
2018-12-25T11:39:51.036388018Z	61	PC: 139de \| Open file (Filename = '')
2018-12-25T11:39:51.040851809Z	93	PC: 13980 \| File sharing functions
2018-12-25T11:39:51.042109455Z	9	PC: 13908 \| Display string (See above)
2018-12-25T11:39:51.04647883Z	76	PC: 13965 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":81,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:39:51.184385558Z	2	PC: 12a48 \| Character output (Char = '00')
2018-12-25T11:39:51.186975855Z	42	PC: 12bc4 \| Get date 0x12bc4: cmp dl, 0xd 0x12bc7: jne 0x12bd1 0x12bc9: call 0x22b4b 0x12bcc: ljmp 0xf000:0xfff0 0x12bd1: ret 0x12bd2: mov ah, 0x3b 0x12bd4: mov dx, 0x361 0x12bd7: int 0x21 0x12bd9: ret 0x12bda: mov ah, 0x3b 0x12bdc: mov dx, 0x321 0x12bdf: int 0x21 0x12be1: ret 0x12be2: xor byte ptr [di], 0xcb 0x12be5: inc di 0x12be6: loop 0x12be2 0x12be8: ret 0x12be9: push ax 0x12bea: push bx 0x12beb: push cx