Sample viewer

vx.netlux.org/Virus.DOS.Goma.1370

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:15:41.734010274Z	245	PC: 1a521 \| UNKNOWN!
2018-12-17T23:15:41.736905846Z	250	PC: 1a521 \| UNKNOWN!
2018-12-17T23:15:41.738452494Z	42	PC: 1a4fd \| Get date 0x1a4fd: cmp dh, 0xa 0x1a500: jne 0x1a4d5 0x1a502: cmp dl, 0x16 0x1a505: jne 0x1a4d5 0x1a507: mov ah, 9 0x1a509: lea dx, word ptr [bp + 0x383] 0x1a50d: int 0x21 0x1a50f: call 0x1a522 0x1a512: mov ah, 9 0x1a514: lea dx, word ptr [bp + 0x3aa] 0x1a518: int 0x21 0x1a51a: mov ah, 0 0x1a51c: int 0x16 0x1a51e: ret 0x1a51f: int 0x21 0x1a521: ret 0x1a522: mov ch, 0 0x1a524: mov dx, 0x80 0x1a527: mov ch, 0 0x1a529: mov al, 0
2018-12-17T23:15:41.741304825Z	53	PC: 18cbb \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:15:41.743440419Z	53	PC: 18cc8 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:15:41.744998848Z	53	PC: 18cd5 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:15:41.74649994Z	53	PC: 18ce2 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:15:41.748011982Z	53	PC: 18cef \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:15:41.749754758Z	37	PC: 18d02 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:15:41.75110727Z	37	PC: 18d0a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:15:41.752465453Z	37	PC: 18d12 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:15:41.754821431Z	68	PC: 19b4b \| I/O control for devices (Set for = '')
2018-12-17T23:15:41.802079099Z	53	PC: 1868f \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:15:41.803657345Z	37	PC: 186a2 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9370,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:57.733240652Z	245	PC: 1a521 \| UNKNOWN!
2018-12-25T12:22:57.735601283Z	250	PC: 1a521 \| UNKNOWN! (See above)
2018-12-25T12:22:57.737532037Z	42	PC: 1a4fd \| Get date 0x1a4fd: cmp dh, 0xa 0x1a500: jne 0x1a4d5 0x1a502: cmp dl, 0x16 0x1a505: jne 0x1a4d5 0x1a507: mov ah, 9 0x1a509: lea dx, word ptr [bp + 0x383] 0x1a50d: int 0x21 0x1a50f: call 0x1a522 0x1a512: mov ah, 9 0x1a514: lea dx, word ptr [bp + 0x3aa] 0x1a518: int 0x21 0x1a51a: mov ah, 0 0x1a51c: int 0x16 0x1a51e: ret 0x1a51f: int 0x21 0x1a521: ret 0x1a522: mov ch, 0 0x1a524: mov dx, 0x80 0x1a527: mov ch, 0 0x1a529: mov al, 0
2018-12-25T12:22:57.74016461Z	53	PC: 18cbb \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:22:57.742098447Z	53	PC: 18cc8 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-25T12:22:57.743627504Z	53	PC: 18cd5 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:22:57.744949933Z	53	PC: 18ce2 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:57.746532266Z	53	PC: 18cef \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-25T12:22:57.749078608Z	37	PC: 18d02 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:22:57.751402967Z	37	PC: 18d0a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:22:57.753418087Z	37	PC: 18d12 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:57.756253432Z	68	PC: 19b4b \| I/O control for devices (Set for = '')
2018-12-25T12:22:57.806942596Z	53	PC: 1868f \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T12:22:57.808355603Z	37	PC: 186a2 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9370,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:58.104619352Z	245	PC: 1a521 \| UNKNOWN!
2018-12-25T12:22:58.106476394Z	250	PC: 1a521 \| UNKNOWN! (See above)
2018-12-25T12:22:58.107266233Z	42	PC: 1a4fd \| Get date 0x1a4fd: cmp dh, 0xa 0x1a500: jne 0x1a4d5 0x1a502: cmp dl, 0x16 0x1a505: jne 0x1a4d5 0x1a507: mov ah, 9 0x1a509: lea dx, word ptr [bp + 0x383] 0x1a50d: int 0x21 0x1a50f: call 0x1a522 0x1a512: mov ah, 9 0x1a514: lea dx, word ptr [bp + 0x3aa] 0x1a518: int 0x21 0x1a51a: mov ah, 0 0x1a51c: int 0x16 0x1a51e: ret 0x1a51f: int 0x21 0x1a521: ret 0x1a522: mov ch, 0 0x1a524: mov dx, 0x80 0x1a527: mov ch, 0 0x1a529: mov al, 0
2018-12-25T12:22:58.109676489Z	53	PC: 18cbb \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:22:58.115819124Z	53	PC: 18cc8 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-25T12:22:58.116914532Z	53	PC: 18cd5 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:22:58.117969137Z	53	PC: 18ce2 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:58.128764558Z	53	PC: 18cef \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-25T12:22:58.130262117Z	37	PC: 18d02 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:22:58.131577832Z	37	PC: 18d0a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:22:58.134844741Z	37	PC: 18d12 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:58.136408483Z	68	PC: 19b4b \| I/O control for devices (Set for = '')
2018-12-25T12:22:58.21335641Z	53	PC: 1868f \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T12:22:58.215851649Z	37	PC: 186a2 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')

{"DateBased":true,"Day":22,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9370,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:58.183390377Z	245	PC: 1a521 \| UNKNOWN!
2018-12-25T12:22:58.185755697Z	250	PC: 1a521 \| UNKNOWN! (See above)
2018-12-25T12:22:58.18707802Z	42	PC: 1a4fd \| Get date 0x1a4fd: cmp dh, 0xa 0x1a500: jne 0x1a4d5 0x1a502: cmp dl, 0x16 0x1a505: jne 0x1a4d5 0x1a507: mov ah, 9 0x1a509: lea dx, word ptr [bp + 0x383] 0x1a50d: int 0x21 0x1a50f: call 0x1a522 0x1a512: mov ah, 9 0x1a514: lea dx, word ptr [bp + 0x3aa] 0x1a518: int 0x21 0x1a51a: mov ah, 0 0x1a51c: int 0x16 0x1a51e: ret 0x1a51f: int 0x21 0x1a521: ret 0x1a522: mov ch, 0 0x1a524: mov dx, 0x80 0x1a527: mov ch, 0 0x1a529: mov al, 0
2018-12-25T12:22:58.18963274Z	9	PC: 1a50f \| Display string (String= '��Aguarde alguns instantes ...')
2018-12-25T12:22:58.217724992Z	9	PC: 1a51a \| Display string (Could not find end pointer)