Sample viewer

vx.netlux.org/Virus.DOS.Enculator.1089

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:50:05.476901466Z	53	PC: 12dfa \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:50:05.47821401Z	88	PC: 13014 \| case 0xGet or set allocation strateg:
2018-12-17T22:50:05.479195091Z	47	PC: 1313e \| Get disk transfer address
2018-12-17T22:50:05.479904717Z	26	PC: 12d92 \| Set disk transfer address
2018-12-17T22:50:05.481044452Z	71	PC: 13159 \| Get current directory
2018-12-17T22:50:05.482839082Z	53	PC: 12dfa \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:05.483593453Z	37	PC: 12dff \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:05.484804258Z	67	PC: 12e12 \| Get or set file attributes
2018-12-17T22:50:05.840789813Z	61	PC: 12e0a \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:50:05.84541082Z	63	PC: 12de0 \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:50:05.848511983Z	66	PC: 12dbd \| Move file pointer
2018-12-17T22:50:05.849844134Z	63	PC: 12de0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:05.851631757Z	66	PC: 12dcc \| Move file pointer
2018-12-17T22:50:05.853428086Z	66	PC: 12df5 \| Move file pointer
2018-12-17T22:50:05.854965468Z	63	PC: 12de0 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:50:05.860853066Z	66	PC: 12dcc \| Move file pointer
2018-12-17T22:50:05.862874418Z	64	PC: 12dae \| Write file or device (Write 1804 bytes on handle 5)
2018-12-17T22:50:06.17508809Z	64	PC: 12dd6 \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:50:06.177888268Z	66	PC: 12dbd \| Move file pointer
2018-12-17T22:50:06.179390369Z	64	PC: 12dd6 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:50:06.182292965Z	78	PC: 12d76 \| Find first file
2018-12-17T22:50:06.188073364Z	78	PC: 12d76 \| Find first file
2018-12-17T22:50:06.193876928Z	62	PC: 12dea \| Close file
2018-12-17T22:50:06.201448777Z	59	PC: 12e04 \| Change current directory
2018-12-17T22:50:06.205262156Z	59	PC: 12e04 \| Change current directory
2018-12-17T22:50:06.207086707Z	37	PC: 12dff \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:06.208141058Z	26	PC: 12d92 \| Set disk transfer address
2018-12-17T22:50:06.209185482Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-17T22:50:06.213787048Z	76	PC: 12c28 \| Terminate with return code (Return code = '0')