Sample viewer

vx.netlux.org/Virus.DOS.Rest.1588

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:47:46.652345259Z	42	PC: 12a55 \| Get date 0x12a55: cmp cx, 0x7ca 0x12a59: jb 0x12a63 0x12a5b: cmp dl, 0x15 0x12a5e: jb 0x12a63 0x12a60: call 0x13003 0x12a63: cmp cx, 0x7bc 0x12a67: je 0x12a71 0x12a69: mov byte ptr cs:[0x20e], 1 0x12a6f: jmp 0x12a77 0x12a71: mov byte ptr cs:[0x20e], 0 0x12a77: mov ax, 0x634 0x12a7a: mov cl, 4 0x12a7c: shr ax, cl 0x12a7e: inc ax 0x12a7f: mov word ptr cs:[0x1e1], ax 0x12a83: mov dx, cs 0x12a85: add word ptr cs:[0x1c4], dx 0x12a8a: mov ax, 0xeeee 0x12a8d: int 0x21 0x12a8f: cmp bx, 0x5555
2018-12-17T22:47:46.655847887Z	238	PC: 12a8f \| UNKNOWN!
2018-12-17T22:47:46.657051142Z	53	PC: 9f072 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:47:46.658712767Z	37	PC: 9f086 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:47:46.660399401Z	61	PC: 9f0a9 \| Open file (Filename = '')
2018-12-17T22:47:46.669698287Z	66	PC: 9f532 \| Move file pointer
2018-12-17T22:47:46.671312176Z	66	PC: 9f532 \| Move file pointer
2018-12-17T22:47:46.672771417Z	63	PC: 9f532 \| Read file or device (Read 1588 bytes on handle 5)
2018-12-17T22:47:46.681813023Z	62	PC: 9f532 \| Close file
2018-12-17T22:47:46.683986828Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000011A0h/0000004512d bytes. ')
2018-12-17T22:47:46.688658519Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1981,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9331,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:51.710622023Z	42	PC: 12a55 \| Get date 0x12a55: cmp cx, 0x7ca 0x12a59: jb 0x12a63 0x12a5b: cmp dl, 0x15 0x12a5e: jb 0x12a63 0x12a60: call 0x13003 0x12a63: cmp cx, 0x7bc 0x12a67: je 0x12a71 0x12a69: mov byte ptr cs:[0x20e], 1 0x12a6f: jmp 0x12a77 0x12a71: mov byte ptr cs:[0x20e], 0 0x12a77: mov ax, 0x634 0x12a7a: mov cl, 4 0x12a7c: shr ax, cl 0x12a7e: inc ax 0x12a7f: mov word ptr cs:[0x1e1], ax 0x12a83: mov dx, cs 0x12a85: add word ptr cs:[0x1c4], dx 0x12a8a: mov ax, 0xeeee 0x12a8d: int 0x21 0x12a8f: cmp bx, 0x5555
2018-12-25T12:22:51.713059316Z	238	PC: 12a8f \| UNKNOWN!
2018-12-25T12:22:51.713967174Z	53	PC: 9f072 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:51.714930303Z	37	PC: 9f086 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:51.716039149Z	61	PC: 9f0a9 \| Open file (Filename = '')
2018-12-25T12:22:51.721005887Z	66	PC: 9f532 \| Move file pointer
2018-12-25T12:22:51.722119905Z	66	PC: 9f532 \| Move file pointer (See above)
2018-12-25T12:22:51.723209155Z	63	PC: 9f532 \| Read file or device (See above)
2018-12-25T12:22:51.728716391Z	62	PC: 9f532 \| Close file (See above)
2018-12-25T12:22:51.730204207Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000011A0h/0000004512d bytes. ')
2018-12-25T12:22:51.734535777Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9331,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:51.90208635Z	42	PC: 12a55 \| Get date 0x12a55: cmp cx, 0x7ca 0x12a59: jb 0x12a63 0x12a5b: cmp dl, 0x15 0x12a5e: jb 0x12a63 0x12a60: call 0x13003 0x12a63: cmp cx, 0x7bc 0x12a67: je 0x12a71 0x12a69: mov byte ptr cs:[0x20e], 1 0x12a6f: jmp 0x12a77 0x12a71: mov byte ptr cs:[0x20e], 0 0x12a77: mov ax, 0x634 0x12a7a: mov cl, 4 0x12a7c: shr ax, cl 0x12a7e: inc ax 0x12a7f: mov word ptr cs:[0x1e1], ax 0x12a83: mov dx, cs 0x12a85: add word ptr cs:[0x1c4], dx 0x12a8a: mov ax, 0xeeee 0x12a8d: int 0x21 0x12a8f: cmp bx, 0x5555
2018-12-25T12:22:51.904076218Z	238	PC: 12a8f \| UNKNOWN!
2018-12-25T12:22:51.904832462Z	53	PC: 9f072 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:51.905667956Z	37	PC: 9f086 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:51.917509559Z	61	PC: 9f0a9 \| Open file (Filename = '')
2018-12-25T12:22:51.921702439Z	66	PC: 9f532 \| Move file pointer
2018-12-25T12:22:51.922778015Z	66	PC: 9f532 \| Move file pointer (See above)
2018-12-25T12:22:51.924299751Z	63	PC: 9f532 \| Read file or device (See above)
2018-12-25T12:22:51.928942625Z	62	PC: 9f532 \| Close file (See above)
2018-12-25T12:22:51.930144096Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000011A0h/0000004512d bytes. ')
2018-12-25T12:22:51.935120308Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":21,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9331,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:52.46497122Z	42	PC: 12a55 \| Get date 0x12a55: cmp cx, 0x7ca 0x12a59: jb 0x12a63 0x12a5b: cmp dl, 0x15 0x12a5e: jb 0x12a63 0x12a60: call 0x13003 0x12a63: cmp cx, 0x7bc 0x12a67: je 0x12a71 0x12a69: mov byte ptr cs:[0x20e], 1 0x12a6f: jmp 0x12a77 0x12a71: mov byte ptr cs:[0x20e], 0 0x12a77: mov ax, 0x634 0x12a7a: mov cl, 4 0x12a7c: shr ax, cl 0x12a7e: inc ax 0x12a7f: mov word ptr cs:[0x1e1], ax 0x12a83: mov dx, cs 0x12a85: add word ptr cs:[0x1c4], dx 0x12a8a: mov ax, 0xeeee 0x12a8d: int 0x21 0x12a8f: cmp bx, 0x5555

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9331,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:52.470486012Z	42	PC: 12a55 \| Get date 0x12a55: cmp cx, 0x7ca 0x12a59: jb 0x12a63 0x12a5b: cmp dl, 0x15 0x12a5e: jb 0x12a63 0x12a60: call 0x13003 0x12a63: cmp cx, 0x7bc 0x12a67: je 0x12a71 0x12a69: mov byte ptr cs:[0x20e], 1 0x12a6f: jmp 0x12a77 0x12a71: mov byte ptr cs:[0x20e], 0 0x12a77: mov ax, 0x634 0x12a7a: mov cl, 4 0x12a7c: shr ax, cl 0x12a7e: inc ax 0x12a7f: mov word ptr cs:[0x1e1], ax 0x12a83: mov dx, cs 0x12a85: add word ptr cs:[0x1c4], dx 0x12a8a: mov ax, 0xeeee 0x12a8d: int 0x21 0x12a8f: cmp bx, 0x5555
2018-12-25T12:22:52.473393274Z	238	PC: 12a8f \| UNKNOWN!
2018-12-25T12:22:52.474798695Z	53	PC: 9f072 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:52.476134419Z	37	PC: 9f086 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:52.477417507Z	61	PC: 9f0a9 \| Open file (Filename = '')
2018-12-25T12:22:52.485873043Z	66	PC: 9f532 \| Move file pointer
2018-12-25T12:22:52.487479682Z	66	PC: 9f532 \| Move file pointer (See above)
2018-12-25T12:22:52.489113713Z	63	PC: 9f532 \| Read file or device (See above)
2018-12-25T12:22:52.498289418Z	62	PC: 9f532 \| Close file (See above)
2018-12-25T12:22:52.499736473Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000011A0h/0000004512d bytes. ')
2018-12-25T12:22:52.503271527Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')