Sample viewer

vx.netlux.org/Virus.DOS.Barrotes.1310.i

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:48:44.110781713Z	239	PC: 13050 \| UNKNOWN!
2018-12-17T22:48:44.112509215Z	53	PC: 1305d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:44.113898137Z	54	PC: 9f771 \| Get free disk space
2018-12-17T22:48:44.151366254Z	53	PC: 9f793 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:44.153772054Z	67	PC: 9f7be \| Get or set file attributes
2018-12-17T22:48:44.161434858Z	67	PC: 9f7ca \| Get or set file attributes
2018-12-17T22:48:45.12654664Z	61	PC: 9f7d4 \| Open file (Filename = '')
2018-12-17T22:48:45.140192102Z	87	PC: 9f7e4 \| Get or set file date and time
2018-12-17T22:48:45.142606505Z	66	PC: 9fa4e \| Move file pointer
2018-12-17T22:48:45.144314358Z	63	PC: 9fa3f \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:48:45.150193928Z	66	PC: 9f828 \| Move file pointer
2018-12-17T22:48:45.15362285Z	63	PC: 9fa3f \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:48:45.159785509Z	66	PC: 9fa4e \| Move file pointer
2018-12-17T22:48:45.163324938Z	63	PC: 9f864 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:48:45.169507609Z	66	PC: 9fa5d \| Move file pointer
2018-12-17T22:48:45.170963751Z	64	PC: 9f885 \| Write file or device (Write 1310 bytes on handle 5)
2018-12-17T22:48:45.181010554Z	66	PC: 9fa4e \| Move file pointer
2018-12-17T22:48:45.183476886Z	64	PC: 9f8ab \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:48:45.187307294Z	87	PC: 9f9f3 \| Get or set file date and time
2018-12-17T22:48:45.189007275Z	62	PC: 9f9f7 \| Close file
2018-12-17T22:48:45.196745422Z	67	PC: 9fa0b \| Get or set file attributes
2018-12-17T22:48:45.205874255Z	42	PC: 130ec \| Get date 0x130ec: cmp dx, 0x517 0x130f0: jne 0x13111 0x130f2: xor ax, ax 0x130f4: mov es, ax 0x130f6: mov dx, 0x49f 0x130f9: mov word ptr es:[0x70], dx 0x130fe: mov word ptr es:[0x72], ds 0x13103: inc word ptr cs:[0x5f0] 0x13108: jmp 0x13111 0x1310a: nop 0x1310b: nop 0x1310c: nop 0x1310d: add word ptr [bx + si], ax 0x1310f: add byte ptr [bx + si], al 0x13111: cmp byte ptr cs:[si + 0x3b], 1 0x13116: je 0x1312a 0x13118: push cs 0x13119: push cs 0x1311a: pop ds 0x1311b: pop es
2018-12-17T22:48:45.208660246Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-17T22:48:45.213063536Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9653,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:22.767176391Z	239	PC: 13050 \| UNKNOWN!
2018-12-25T12:23:22.76855515Z	53	PC: 1305d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:22.770001593Z	54	PC: 9f771 \| Get free disk space
2018-12-25T12:23:22.809054792Z	53	PC: 9f793 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:22.811132747Z	67	PC: 9f7be \| Get or set file attributes
2018-12-25T12:23:22.819063557Z	67	PC: 9f7ca \| Get or set file attributes
2018-12-25T12:23:23.146659984Z	61	PC: 9f7d4 \| Open file (Filename = '')
2018-12-25T12:23:23.153301067Z	87	PC: 9f7e4 \| Get or set file date and time
2018-12-25T12:23:23.154985968Z	66	PC: 9fa4e \| Move file pointer
2018-12-25T12:23:23.156429998Z	63	PC: 9fa3f \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:23:23.162433539Z	66	PC: 9f828 \| Move file pointer
2018-12-25T12:23:23.164057557Z	63	PC: 9fa3f \| Read file or device (See above)
2018-12-25T12:23:23.169884172Z	66	PC: 9fa4e \| Move file pointer (See above)
2018-12-25T12:23:23.172151145Z	63	PC: 9f864 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:23:23.174836701Z	66	PC: 9fa5d \| Move file pointer
2018-12-25T12:23:23.176571204Z	64	PC: 9f885 \| Write file or device (Write 1310 bytes on handle 5)
2018-12-25T12:23:23.478494589Z	66	PC: 9fa4e \| Move file pointer (See above)
2018-12-25T12:23:23.480372142Z	64	PC: 9f8ab \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:23:23.483080709Z	87	PC: 9f9f3 \| Get or set file date and time
2018-12-25T12:23:23.484496654Z	62	PC: 9f9f7 \| Close file
2018-12-25T12:23:23.491606471Z	67	PC: 9fa0b \| Get or set file attributes
2018-12-25T12:23:23.500597579Z	42	PC: 130ec \| Get date 0x130ec: cmp dx, 0x517 0x130f0: jne 0x13111 0x130f2: xor ax, ax 0x130f4: mov es, ax 0x130f6: mov dx, 0x49f 0x130f9: mov word ptr es:[0x70], dx 0x130fe: mov word ptr es:[0x72], ds 0x13103: inc word ptr cs:[0x5f0] 0x13108: jmp 0x13111 0x1310a: nop 0x1310b: nop 0x1310c: nop 0x1310d: add word ptr [bx + si], ax 0x1310f: add byte ptr [bx + si], al 0x13111: cmp byte ptr cs:[si + 0x3b], 1 0x13116: je 0x1312a 0x13118: push cs 0x13119: push cs 0x1311a: pop ds 0x1311b: pop es
2018-12-25T12:23:23.503080924Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T12:23:23.508970724Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":23,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9653,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:23.104772155Z	239	PC: 13050 \| UNKNOWN!
2018-12-25T12:23:23.106306186Z	53	PC: 1305d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:23.107683788Z	54	PC: 9f771 \| Get free disk space
2018-12-25T12:23:23.145270173Z	53	PC: 9f793 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:23.146343215Z	67	PC: 9f7be \| Get or set file attributes
2018-12-25T12:23:23.152785259Z	67	PC: 9f7ca \| Get or set file attributes
2018-12-25T12:23:23.480400393Z	61	PC: 9f7d4 \| Open file (Filename = '')
2018-12-25T12:23:23.484397663Z	87	PC: 9f7e4 \| Get or set file date and time
2018-12-25T12:23:23.486766595Z	66	PC: 9fa4e \| Move file pointer
2018-12-25T12:23:23.487763301Z	63	PC: 9fa3f \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:23:23.491179454Z	66	PC: 9f828 \| Move file pointer
2018-12-25T12:23:23.492627331Z	63	PC: 9fa3f \| Read file or device (See above)
2018-12-25T12:23:23.496377842Z	66	PC: 9fa4e \| Move file pointer (See above)
2018-12-25T12:23:23.497615779Z	63	PC: 9f864 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:23:23.500542293Z	66	PC: 9fa5d \| Move file pointer
2018-12-25T12:23:23.501745802Z	64	PC: 9f885 \| Write file or device (Write 1310 bytes on handle 5)
2018-12-25T12:23:23.511159802Z	66	PC: 9fa4e \| Move file pointer (See above)
2018-12-25T12:23:23.512887366Z	64	PC: 9f8ab \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:23:23.515873501Z	87	PC: 9f9f3 \| Get or set file date and time
2018-12-25T12:23:23.518900156Z	62	PC: 9f9f7 \| Close file
2018-12-25T12:23:23.529540354Z	67	PC: 9fa0b \| Get or set file attributes
2018-12-25T12:23:23.539786002Z	42	PC: 130ec \| Get date 0x130ec: cmp dx, 0x517 0x130f0: jne 0x13111 0x130f2: xor ax, ax 0x130f4: mov es, ax 0x130f6: mov dx, 0x49f 0x130f9: mov word ptr es:[0x70], dx 0x130fe: mov word ptr es:[0x72], ds 0x13103: inc word ptr cs:[0x5f0] 0x13108: jmp 0x13111 0x1310a: nop 0x1310b: nop 0x1310c: nop 0x1310d: add word ptr [bx + si], ax 0x1310f: add byte ptr [bx + si], al 0x13111: cmp byte ptr cs:[si + 0x3b], 1 0x13116: je 0x1312a 0x13118: push cs 0x13119: push cs 0x1311a: pop ds 0x1311b: pop es
2018-12-25T12:23:23.542389055Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T12:23:23.548337742Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')