Sample viewer

vx.netlux.org/Virus.DOS.FaxFree.Pinniz.1536.e

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:52:01.683427867Z	74	PC: 12b10 \| Reallocate memory
2018-12-17T22:52:01.685300923Z	72	PC: 12b17 \| Allocate memory
2018-12-17T22:52:01.686805079Z	42	PC: 134d0 \| Get date 0x134d0: ret 0x134d1: pop es 0x134d2: add word ptr cs:[0x40], 1 0x134d8: cli 0x134d9: push ax 0x134da: xor ax, ax 0x134dc: mov es, ax 0x134de: mov ax, word ptr cs:[0x37] 0x134e2: mov word ptr es:[0x84], ax 0x134e6: mov ax, word ptr cs:[0x39] 0x134ea: mov word ptr es:[0x86], ax 0x134ee: pop ax 0x134ef: call 0x2319e 0x134f2: cmp byte ptr cs:[0x35a], 7 0x134f8: je 0x134ef 0x134fa: int 0x21 0x134fc: call 0x2317b 0x134ff: cli 0x13500: xor ax, ax 0x13502: mov es, ax
2018-12-17T22:52:01.688821066Z	72	PC: 13247 \| Allocate memory
2018-12-17T22:52:01.691448937Z	75	PC: 13281 \| Execute program
2018-12-17T22:52:01.705892249Z	53	PC: 13a15 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:52:01.706873452Z	37	PC: 13a2c \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:52:01.70786138Z	77	PC: 13a30 \| Get program return code
2018-12-17T22:52:01.709308769Z	49	PC: 13a37 \| Terminate and stay resident (Return code = '0' \| Memory size = '96')
2018-12-17T22:52:01.711210768Z	53	PC: 13295 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:52:01.712390679Z	37	PC: 132ac \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:52:01.713964624Z	77	PC: 132b0 \| Get program return code
2018-12-17T22:52:01.715142759Z	49	PC: 132b7 \| Terminate and stay resident (Return code = '0' \| Memory size = '96')