Sample viewer

vx.netlux.org/Virus.DOS.BloodyRevenger.727

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:52:50.641245755Z	53	PC: 12bde \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:50.644311939Z	37	PC: 12bee \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:50.645722324Z	47	PC: 12bf2 \| Get disk transfer address
2018-12-17T22:52:50.646817286Z	26	PC: 12ce4 \| Set disk transfer address
2018-12-17T22:52:50.647960145Z	78	PC: 12d41 \| Find first file
2018-12-17T22:52:50.653143543Z	67	PC: 12d4e \| Get or set file attributes
2018-12-17T22:52:50.66573525Z	61	PC: 12d58 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:52:50.6700123Z	87	PC: 12d66 \| Get or set file date and time
2018-12-17T22:52:50.671701609Z	63	PC: 12d91 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:52:50.675837874Z	66	PC: 12db3 \| Move file pointer
2018-12-17T22:52:50.677164687Z	64	PC: 12dbf \| Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:52:50.680328734Z	64	PC: 12dda \| Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:52:50.683090834Z	66	PC: 12dea \| Move file pointer
2018-12-17T22:52:50.68437987Z	64	PC: 12bc4 \| Write file or device (Write 727 bytes on handle 5)
2018-12-17T22:52:50.701807335Z	87	PC: 12e02 \| Get or set file date and time
2018-12-17T22:52:50.703272965Z	62	PC: 12e06 \| Close file
2018-12-17T22:52:50.71109238Z	26	PC: 12ce4 \| Set disk transfer address
2018-12-17T22:52:50.712904902Z	78	PC: 12d23 \| Find first file
2018-12-17T22:52:50.718376865Z	67	PC: 12d2b \| Get or set file attributes
2018-12-17T22:52:51.062922334Z	61	PC: 12d30 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:52:51.070629368Z	87	PC: 12d66 \| Get or set file date and time
2018-12-17T22:52:51.072862022Z	63	PC: 12d91 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:52:51.075749124Z	66	PC: 12db3 \| Move file pointer
2018-12-17T22:52:51.077683906Z	64	PC: 12dbf \| Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:52:51.081353734Z	64	PC: 12dda \| Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:52:51.084143444Z	66	PC: 12dea \| Move file pointer
2018-12-17T22:52:51.085711067Z	64	PC: 12bc4 \| Write file or device (Write 727 bytes on handle 5)
2018-12-17T22:52:51.09590495Z	87	PC: 12e02 \| Get or set file date and time
2018-12-17T22:52:51.097898036Z	62	PC: 12e06 \| Close file
2018-12-17T22:52:51.105022077Z	71	PC: 12c1d \| Get current directory
2018-12-17T22:52:51.121925501Z	59	PC: 12c27 \| Change current directory
2018-12-17T22:52:51.126079531Z	26	PC: 12c49 \| Set disk transfer address
2018-12-17T22:52:51.127432007Z	17	PC: 12c4d \| Find first file
2018-12-17T22:52:51.134777393Z	19	PC: 12c55 \| Delete file
2018-12-17T22:52:51.136545472Z	26	PC: 12ce4 \| Set disk transfer address
2018-12-17T22:52:51.137893102Z	78	PC: 12d41 \| Find first file
2018-12-17T22:52:51.146286841Z	67	PC: 12d4e \| Get or set file attributes
2018-12-17T22:52:51.155857681Z	61	PC: 12d58 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:52:51.16256025Z	87	PC: 12d66 \| Get or set file date and time
2018-12-17T22:52:51.16457672Z	62	PC: 12d76 \| Close file
2018-12-17T22:52:51.166407692Z	79	PC: 12d81 \| Find next file
2018-12-17T22:52:51.169921636Z	61	PC: 12d58 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:52:51.17703633Z	87	PC: 12d66 \| Get or set file date and time
2018-12-17T22:52:51.178719775Z	63	PC: 12d91 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:52:51.185323079Z	66	PC: 12db3 \| Move file pointer
2018-12-17T22:52:51.187300681Z	64	PC: 12dbf \| Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:52:51.190211117Z	64	PC: 12dda \| Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:52:51.193091866Z	66	PC: 12dea \| Move file pointer
2018-12-17T22:52:51.195679193Z	64	PC: 12bc4 \| Write file or device (Write 727 bytes on handle 5)
2018-12-17T22:52:51.203519218Z	87	PC: 12e02 \| Get or set file date and time
2018-12-17T22:52:51.204550614Z	62	PC: 12e06 \| Close file
2018-12-17T22:52:51.211227101Z	26	PC: 12c78 \| Set disk transfer address
2018-12-17T22:52:51.212159715Z	59	PC: 12c81 \| Change current directory
2018-12-17T22:52:51.213426487Z	37	PC: 12c8f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:51.215762997Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:52:51.220043808Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')