Sample viewer

vx.netlux.org/Virus.DOS.Awake.797

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:58:00.976600222Z	42	PC: 14233 \| Get date 0x14233: cmp dh, 0xc 0x14236: jne 0x1424a 0x14238: cmp dl, 8 0x1423b: jne 0x1424a 0x1423d: mov ah, 9 0x1423f: mov dx, 0x182 0x14242: add dx, bx 0x14244: int 0x21 0x14246: xor ax, ax 0x14248: int 0x16 0x1424a: mov ax, 0xf4c0 0x1424d: int 0x21 0x1424f: cmp ax, 0xbaba 0x14252: jne 0x14257 0x14254: jmp 0x142a1 0x14256: nop 0x14257: mov ax, ds 0x14259: dec ax 0x1425a: mov ds, ax 0x1425c: cmp byte ptr [0], 0x5a
2018-12-17T21:58:00.979400459Z	244	PC: 1424f \| UNKNOWN!
2018-12-17T21:58:00.980593711Z	53	PC: 1426d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:58:00.981935983Z	37	PC: 142a1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:58:00.983935198Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/k...). Size=00001770h/0000006000d bytes. ')
2018-12-17T21:58:00.989376827Z	48	PC: 12a8f \| Get DOS version
2018-12-17T21:58:00.990683235Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-17T21:58:00.999081391Z	93	PC: 12afe \| File sharing functions
2018-12-17T21:58:01.001229804Z	9	PC: 12a86 \| Display string (String= 'Size change=031Dh/00797d. ')
2018-12-17T21:58:01.005181613Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":885,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:56.775506269Z	42	PC: 14233 \| Get date 0x14233: cmp dh, 0xc 0x14236: jne 0x1424a 0x14238: cmp dl, 8 0x1423b: jne 0x1424a 0x1423d: mov ah, 9 0x1423f: mov dx, 0x182 0x14242: add dx, bx 0x14244: int 0x21 0x14246: xor ax, ax 0x14248: int 0x16 0x1424a: mov ax, 0xf4c0 0x1424d: int 0x21 0x1424f: cmp ax, 0xbaba 0x14252: jne 0x14257 0x14254: jmp 0x142a1 0x14256: nop 0x14257: mov ax, ds 0x14259: dec ax 0x1425a: mov ds, ax 0x1425c: cmp byte ptr [0], 0x5a
2018-12-25T11:41:56.778911175Z	244	PC: 1424f \| UNKNOWN!
2018-12-25T11:41:56.780243465Z	53	PC: 1426d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:41:56.781919714Z	37	PC: 142a1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:41:56.784662695Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/k...). Size=00001770h/0000006000d bytes. ')
2018-12-25T11:41:56.791723278Z	48	PC: 12a8f \| Get DOS version
2018-12-25T11:41:56.793552798Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T11:41:56.8017839Z	93	PC: 12afe \| File sharing functions
2018-12-25T11:41:56.805927821Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T11:41:56.811232173Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":885,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:56.86609924Z	42	PC: 14233 \| Get date 0x14233: cmp dh, 0xc 0x14236: jne 0x1424a 0x14238: cmp dl, 8 0x1423b: jne 0x1424a 0x1423d: mov ah, 9 0x1423f: mov dx, 0x182 0x14242: add dx, bx 0x14244: int 0x21 0x14246: xor ax, ax 0x14248: int 0x16 0x1424a: mov ax, 0xf4c0 0x1424d: int 0x21 0x1424f: cmp ax, 0xbaba 0x14252: jne 0x14257 0x14254: jmp 0x142a1 0x14256: nop 0x14257: mov ax, ds 0x14259: dec ax 0x1425a: mov ds, ax 0x1425c: cmp byte ptr [0], 0x5a
2018-12-25T11:41:56.868763427Z	244	PC: 1424f \| UNKNOWN!
2018-12-25T11:41:56.869541787Z	53	PC: 1426d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:41:56.870697499Z	37	PC: 142a1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:41:56.872384217Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/k...). Size=00001770h/0000006000d bytes. ')
2018-12-25T11:41:56.877541457Z	48	PC: 12a8f \| Get DOS version
2018-12-25T11:41:56.878588734Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T11:41:56.88543707Z	93	PC: 12afe \| File sharing functions
2018-12-25T11:41:56.887424205Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T11:41:56.891505783Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":8,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":885,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:56.917297042Z	42	PC: 14233 \| Get date 0x14233: cmp dh, 0xc 0x14236: jne 0x1424a 0x14238: cmp dl, 8 0x1423b: jne 0x1424a 0x1423d: mov ah, 9 0x1423f: mov dx, 0x182 0x14242: add dx, bx 0x14244: int 0x21 0x14246: xor ax, ax 0x14248: int 0x16 0x1424a: mov ax, 0xf4c0 0x1424d: int 0x21 0x1424f: cmp ax, 0xbaba 0x14252: jne 0x14257 0x14254: jmp 0x142a1 0x14256: nop 0x14257: mov ax, ds 0x14259: dec ax 0x1425a: mov ds, ax 0x1425c: cmp byte ptr [0], 0x5a
2018-12-25T11:41:56.920300045Z	9	PC: 14246 \| Display string (String= ' Awake, Jim Morrison! Awake ! ')