Sample viewer

vx.netlux.org/Virus.DOS.Legion.3274

Time	Syscall Op	Syscall Name
2018-12-17T22:46:58.978693999Z	37	PC: 152ec \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:46:58.981150475Z	26	PC: 152fb \| Set disk transfer address
2018-12-17T22:46:58.982626751Z	25	PC: 1532f \| Get default drive
2018-12-17T22:46:58.983928042Z	68	PC: 1533b \| I/O control for devices (Set for = '瑞瑞瑞4&')
2018-12-17T22:46:58.986607203Z	14	PC: 15349 \| Set default drive (Drive = 'C')
2018-12-17T22:46:58.988143704Z	78	PC: 15354 \| Find first file
2018-12-17T22:46:58.993912163Z	79	PC: 15366 \| Find next file
2018-12-17T22:46:59.000442928Z	68	PC: 1533b \| I/O control for devices (Set for = '*.COM')
2018-12-17T22:46:59.002330909Z	14	PC: 15376 \| Set default drive (Drive = 'A')
2018-12-17T22:46:59.00382531Z	42	PC: 1537a \| Get date 0x1537a: cmp dh, dl 0x1537c: jne 0x153a2 0x1537e: xor ax, ax 0x15380: int 0x10 0x15382: mov ax, 0x1301 0x15385: mov bx, 0xe 0x15388: mov cx, 0x135 0x1538b: nop 0x1538c: mov dx, 0x500 0x1538f: mov bp, 0x3df 0x15392: int 0x10 0x15394: mov ax, 0xc07 0x15397: int 0x21 0x15399: cmp al, 0xd 0x1539b: jne 0x15394 0x1539d: mov ax, 2 0x153a0: int 0x10 0x153a2: push cs 0x153a3: push cs 0x153a4: pop ds
2018-12-17T22:46:59.007194842Z	9	PC: 12a4a \| Display string (String= 'This GOAT file was generated by Andreas Marx. ROSEGOAT by RR! (03.01.1993) File: ROSE065.COM - 10.144 (27A0h) bytes length! ')

Time	Syscall Op	Syscall Name
2018-12-25T12:22:24.194965646Z	37	PC: 152ec \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:24.19669558Z	26	PC: 152fb \| Set disk transfer address
2018-12-25T12:22:24.197898936Z	25	PC: 1532f \| Get default drive
2018-12-25T12:22:24.198974719Z	68	PC: 1533b \| I/O control for devices (Set for = '瑞瑞瑞4&')
2018-12-25T12:22:24.201252309Z	14	PC: 15349 \| Set default drive (Drive = 'C')
2018-12-25T12:22:24.202349581Z	78	PC: 15354 \| Find first file
2018-12-25T12:22:24.207478993Z	79	PC: 15366 \| Find next file
2018-12-25T12:22:24.210041058Z	68	PC: 1533b \| I/O control for devices (See above)
2018-12-25T12:22:24.211501673Z	14	PC: 15376 \| Set default drive (Drive = 'A')
2018-12-25T12:22:24.212627347Z	42	PC: 1537a \| Get date 0x1537a: cmp dh, dl 0x1537c: jne 0x153a2 0x1537e: xor ax, ax 0x15380: int 0x10 0x15382: mov ax, 0x1301 0x15385: mov bx, 0xe 0x15388: mov cx, 0x135 0x1538b: nop 0x1538c: mov dx, 0x500 0x1538f: mov bp, 0x3df 0x15392: int 0x10 0x15394: mov ax, 0xc07 0x15397: int 0x21 0x15399: cmp al, 0xd 0x1539b: jne 0x15394 0x1539d: mov ax, 2 0x153a0: int 0x10 0x153a2: push cs 0x153a3: push cs 0x153a4: pop ds
2018-12-25T12:22:24.228973013Z	12	PC: 15399 \| Flush input buffer and input

Time	Syscall Op	Syscall Name
2018-12-25T12:22:24.507144906Z	37	PC: 152ec \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:24.50907099Z	26	PC: 152fb \| Set disk transfer address
2018-12-25T12:22:24.509915062Z	25	PC: 1532f \| Get default drive
2018-12-25T12:22:24.510839148Z	68	PC: 1533b \| I/O control for devices (Set for = '瑞瑞瑞4&')
2018-12-25T12:22:24.51312435Z	14	PC: 15349 \| Set default drive (Drive = 'C')
2018-12-25T12:22:24.514044485Z	78	PC: 15354 \| Find first file
2018-12-25T12:22:24.517487893Z	79	PC: 15366 \| Find next file
2018-12-25T12:22:24.519865611Z	68	PC: 1533b \| I/O control for devices (See above)
2018-12-25T12:22:24.52108146Z	14	PC: 15376 \| Set default drive (Drive = 'A')
2018-12-25T12:22:24.52227899Z	42	PC: 1537a \| Get date 0x1537a: cmp dh, dl 0x1537c: jne 0x153a2 0x1537e: xor ax, ax 0x15380: int 0x10 0x15382: mov ax, 0x1301 0x15385: mov bx, 0xe 0x15388: mov cx, 0x135 0x1538b: nop 0x1538c: mov dx, 0x500 0x1538f: mov bp, 0x3df 0x15392: int 0x10 0x15394: mov ax, 0xc07 0x15397: int 0x21 0x15399: cmp al, 0xd 0x1539b: jne 0x15394 0x1539d: mov ax, 2 0x153a0: int 0x10 0x153a2: push cs 0x153a3: push cs 0x153a4: pop ds
2018-12-25T12:22:24.524451545Z	9	PC: 12a4a \| Display string (String= 'This GOAT file was generated by Andreas Marx. ROSEGOAT by RR! (03.01.1993) File: ROSE065.COM - 10.144 (27A0h) bytes length! ')