Sample viewer

vx.netlux.org/Virus.DOS.Zamol.4358

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:57:47.981979227Z 73 PC: 12a5d | Release memory
2018-12-17T21:57:47.983813634Z 72 PC: 12a67 | Allocate memory
2018-12-17T21:57:47.985756759Z 74 PC: 12a79 | Reallocate memory
2018-12-17T21:57:47.987284538Z 74 PC: 12a8b | Reallocate memory
2018-12-17T21:57:47.989839069Z 25 PC: 9ebac | Get default drive
2018-12-17T21:57:48.00004868Z 42 PC: 9ebff | Get date 0x9ebff: cmp al, 0
0x9ec01: jne 0x9ec3d
0x9ec03: xor ax, ax
0x9ec05: mov ds, ax
0x9ec07: les bx, ptr [0x24]
0x9ec0b: mov word ptr cs:[0x856], bx
0x9ec10: mov word ptr cs:[0x858], es
0x9ec15: mov word ptr [0x24], 0x798
0x9ec1b: mov word ptr [0x26], cs
0x9ec1f: les di, ptr [0x20]
0x9ec23: mov word ptr cs:[0x85e], di
0x9ec28: mov word ptr cs:[0x860], es
0x9ec2d: mov word ptr [0x22], cs
0x9ec31: mov word ptr [0x20], 0x7c2
0x9ec37: xor ax, ax
0x9ec39: nop
0x9ec3a: mov ds, ax
0x9ec3c: nop
0x9ec3d: xor ax, ax
0x9ec3f: nop
2018-12-17T21:57:48.002447828Z 9 PC: 12a47 | Display string (String= 'GOAT File Generator 1.40 � (c) 1994-98 by ROSE, Ralph Roth! (17.07.1998) File: ROSE007.COM - 15.500 (3C8Ch) bytes length! Researcher: Brian Burdick Contact: [email protected] DO NOT DISTRIBUTE THESE SAMPLES')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":859,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:55.852845844Z 73 PC: 12a5d | Release memory
2018-12-25T11:41:55.854684652Z 72 PC: 12a67 | Allocate memory
2018-12-25T11:41:55.85627192Z 74 PC: 12a79 | Reallocate memory
2018-12-25T11:41:55.8577061Z 74 PC: 12a8b | Reallocate memory
2018-12-25T11:41:55.860449324Z 25 PC: 9ebac | Get default drive
2018-12-25T11:41:55.870378228Z 42 PC: 9ebff | Get date 0x9ebff: cmp al, 0
0x9ec01: jne 0x9ec3d
0x9ec03: xor ax, ax
0x9ec05: mov ds, ax
0x9ec07: les bx, ptr [0x24]
0x9ec0b: mov word ptr cs:[0x856], bx
0x9ec10: mov word ptr cs:[0x858], es
0x9ec15: mov word ptr [0x24], 0x798
0x9ec1b: mov word ptr [0x26], cs
0x9ec1f: les di, ptr [0x20]
0x9ec23: mov word ptr cs:[0x85e], di
0x9ec28: mov word ptr cs:[0x860], es
0x9ec2d: mov word ptr [0x22], cs
0x9ec31: mov word ptr [0x20], 0x7c2
0x9ec37: xor ax, ax
0x9ec39: nop
0x9ec3a: mov ds, ax
0x9ec3c: nop
0x9ec3d: xor ax, ax
0x9ec3f: nop
2018-12-25T11:41:55.87256333Z 9 PC: 12a47 | Display string (String= 'GOAT File Generator 1.40 � (c) 1994-98 by ROSE, Ralph Roth! (17.07.1998) File: ROSE007.COM - 15.500 (3C8Ch) bytes length! Researcher: Brian Burdick Contact: [email protected] DO NOT DISTRIBUTE THESE SAMPLES')

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":859,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:55.831583173Z 73 PC: 12a5d | Release memory
2018-12-25T11:41:55.833211787Z 72 PC: 12a67 | Allocate memory
2018-12-25T11:41:55.834767594Z 74 PC: 12a79 | Reallocate memory
2018-12-25T11:41:55.836114692Z 74 PC: 12a8b | Reallocate memory
2018-12-25T11:41:55.838690544Z 25 PC: 9ebac | Get default drive
2018-12-25T11:41:55.848678898Z 42 PC: 9ebff | Get date 0x9ebff: cmp al, 0
0x9ec01: jne 0x9ec3d
0x9ec03: xor ax, ax
0x9ec05: mov ds, ax
0x9ec07: les bx, ptr [0x24]
0x9ec0b: mov word ptr cs:[0x856], bx
0x9ec10: mov word ptr cs:[0x858], es
0x9ec15: mov word ptr [0x24], 0x798
0x9ec1b: mov word ptr [0x26], cs
0x9ec1f: les di, ptr [0x20]
0x9ec23: mov word ptr cs:[0x85e], di
0x9ec28: mov word ptr cs:[0x860], es
0x9ec2d: mov word ptr [0x22], cs
0x9ec31: mov word ptr [0x20], 0x7c2
0x9ec37: xor ax, ax
0x9ec39: nop
0x9ec3a: mov ds, ax
0x9ec3c: nop
0x9ec3d: xor ax, ax
0x9ec3f: nop
2018-12-25T11:41:55.85087543Z 9 PC: 12a47 | Display string (String= 'GOAT File Generator 1.40 � (c) 1994-98 by ROSE, Ralph Roth! (17.07.1998) File: ROSE007.COM - 15.500 (3C8Ch) bytes length! Researcher: Brian Burdick Contact: [email protected] DO NOT DISTRIBUTE THESE SAMPLES')