Sample viewer

vx.netlux.org/Virus.DOS.Hi.671

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:46:13.76888815Z	53	PC: 12caf \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:46:13.77017718Z	53	PC: 12cbc \| Get interrupt vector (Interrupt = '23' AKA 'Rename file')
2018-12-17T22:46:13.772165174Z	37	PC: 12ccc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:46:13.773787892Z	37	PC: 12cd4 \| Set interrupt vector (Interrupt = '23' AKA 'Rename file')
2018-12-17T22:46:13.775260047Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-17T22:46:13.780315812Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8805,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:52.12961397Z	53	PC: 12caf \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:52.13114375Z	53	PC: 12cbc \| Get interrupt vector (Interrupt = '23' AKA 'Rename file')
2018-12-25T12:21:52.132457288Z	37	PC: 12ccc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:52.134275194Z	37	PC: 12cd4 \| Set interrupt vector (Interrupt = '23' AKA 'Rename file')
2018-12-25T12:21:52.136464925Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T12:21:52.141675365Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":29,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8805,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:52.3349188Z	53	PC: 12caf \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:52.336489193Z	53	PC: 12cbc \| Get interrupt vector (Interrupt = '23' AKA 'Rename file')
2018-12-25T12:21:52.337565465Z	37	PC: 12ccc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:52.338616532Z	37	PC: 12cd4 \| Set interrupt vector (Interrupt = '23' AKA 'Rename file')
2018-12-25T12:21:52.340203093Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T12:21:52.345388503Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":31,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8805,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:52.593165416Z	53	PC: 12caf \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:52.594990128Z	53	PC: 12cbc \| Get interrupt vector (Interrupt = '23' AKA 'Rename file')
2018-12-25T12:21:52.596019844Z	37	PC: 12ccc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:52.597046972Z	37	PC: 12cd4 \| Set interrupt vector (Interrupt = '23' AKA 'Rename file')
2018-12-25T12:21:52.598520274Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T12:21:52.60417176Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":29,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8805,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:52.613488351Z	53	PC: 12caf \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:52.615330411Z	53	PC: 12cbc \| Get interrupt vector (Interrupt = '23' AKA 'Rename file')
2018-12-25T12:21:52.616602994Z	37	PC: 12ccc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:52.617816902Z	37	PC: 12cd4 \| Set interrupt vector (Interrupt = '23' AKA 'Rename file')
2018-12-25T12:21:52.61934841Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T12:21:52.624207819Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":31,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8805,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:52.822653897Z	42	PC: 13730 \| Get date 0x13730: mov al, 0x72 0x13732: cmp dx, 0x504 0x13736: jb 0x1373e 0x13738: cmp cx, 0x7c9 0x1373c: jae 0x13740 0x1373e: mov al, 0xeb 0x13740: mov byte ptr cs:[si - 0xbb7], al 0x13745: mov ah, 0x30 0x13747: cld 0x13748: int 0x21 0x1374a: xchg ah, al 0x1374c: cmp ax, 0x31d 0x1374f: ja 0x13754 0x13751: jmp 0x139e0 0x13754: mov ax, 0xf1e9 0x13757: int 0x21 0x13759: cmp ax, 0xcade 0x1375c: je 0x13751 0x1375e: xor di, di 0x13760: mov ax, 0x40
2018-12-25T12:21:52.824901619Z	48	PC: 1374a \| Get DOS version
2018-12-25T12:21:52.825805228Z	241	PC: 13759 \| UNKNOWN!
2018-12-25T12:21:52.826901619Z	98	PC: 13770 \| Get current PSP
2018-12-25T12:21:52.838452245Z	88	PC: 1377d \| case 0xGet or set allocation strateg:
2018-12-25T12:21:52.839480671Z	88	PC: 13788 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:52.840461109Z	88	PC: 1378d \| case 0xGet or set allocation strateg:
2018-12-25T12:21:52.854435972Z	88	PC: 13798 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:52.855648527Z	88	PC: 13802 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:52.856736172Z	88	PC: 13808 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:52.858079788Z	74	PC: 1381c \| Reallocate memory
2018-12-25T12:21:52.85955051Z	74	PC: 13828 \| Reallocate memory
2018-12-25T12:21:52.860746091Z	53	PC: 13850 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:52.861816902Z	53	PC: 1386e \| Get interrupt vector (Interrupt = '21' AKA 'Sequential write')
2018-12-25T12:21:52.863109407Z	82	PC: 13563 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:21:52.864218301Z	53	PC: 138ef \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:21:52.865195987Z	37	PC: 138fa \| Set interrupt vector (Interrupt = '1' AKA 'Character input')