Sample viewer

vx.netlux.org/Virus.DOS.Gotcha.633

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:00:04.965064422Z	218	PC: 12a8b \| UNKNOWN!
2018-12-17T22:00:04.966392598Z	48	PC: 12a95 \| Get DOS version
2018-12-17T22:00:04.967995472Z	37	PC: 12ad9 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:00:04.971232856Z	77	PC: 11fe0 \| Get program return code
2018-12-17T22:00:04.972956532Z	72	PC: 12174 \| Allocate memory
2018-12-17T22:00:04.975097381Z	72	PC: 1218d \| Allocate memory
2018-12-17T22:00:04.977553531Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:00:04.979230561Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:00:04.980862853Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:00:04.982332523Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:04.984167487Z	62	PC: 122ab \| Close file
2018-12-17T22:00:04.986356333Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:04.987848229Z	62	PC: 122ab \| Close file
2018-12-17T22:00:04.989644331Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:04.992175695Z	62	PC: 122ab \| Close file
2018-12-17T22:00:04.994189418Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:04.996752095Z	62	PC: 122ab \| Close file
2018-12-17T22:00:04.99972105Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:05.0015818Z	62	PC: 122ab \| Close file
2018-12-17T22:00:05.003829331Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:05.007247449Z	62	PC: 122ab \| Close file
2018-12-17T22:00:05.008855375Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:05.010750871Z	62	PC: 122ab \| Close file
2018-12-17T22:00:05.012563782Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:05.013810334Z	62	PC: 122ab \| Close file
2018-12-17T22:00:05.014883227Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:05.016602253Z	62	PC: 122ab \| Close file
2018-12-17T22:00:05.01776086Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:05.018842908Z	62	PC: 122ab \| Close file
2018-12-17T22:00:05.020663703Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:05.022254477Z	62	PC: 122ab \| Close file
2018-12-17T22:00:05.024585384Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:05.028246Z	62	PC: 122ab \| Close file
2018-12-17T22:00:05.029798564Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:05.031342892Z	62	PC: 122ab \| Close file
2018-12-17T22:00:05.033200613Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:05.034830104Z	62	PC: 122ab \| Close file
2018-12-17T22:00:05.036843405Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:05.039085411Z	62	PC: 122ab \| Close file
2018-12-17T22:00:05.040884956Z	99	PC: 9a247 \| Get DBCS lead byte table pointer
2018-12-17T22:00:05.041802265Z	56	PC: 94a69 \| Get or set country info
2018-12-17T22:00:05.043192949Z	64	PC: 9a4b8 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:00:05.046552149Z	25	PC: 94ad2 \| Get default drive
2018-12-17T22:00:05.04798068Z	71	PC: 96d4d \| Get current directory
2018-12-17T22:00:05.051393195Z	64	PC: 9a4b8 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:00:05.057270528Z	2	PC: 96d22 \| Character output (Char = '3e')
2018-12-17T22:00:05.059055695Z	93	PC: 94b90 \| File sharing functions
2018-12-17T22:00:05.06091333Z	93	PC: 94b97 \| File sharing functions
2018-12-17T22:00:05.063579246Z	10	PC: 94ba9 \| Buffered keyboard input
2018-12-17T22:00:19.953923731Z	0	PC: 0 \| Program terminate
2018-12-17T22:00:21.308502359Z	0	PC: 0 \| Program terminate
2018-12-17T22:00:21.41046921Z	64	PC: 9a4b8 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:00:21.41435344Z	41	PC: 94c1e \| Parse filename
2018-12-17T22:00:21.416576824Z	41	PC: 94c9f \| Parse filename
2018-12-17T22:00:21.417825175Z	41	PC: 94cbc \| Parse filename
2018-12-17T22:00:21.420284396Z	26	PC: 98167 \| Set disk transfer address
2018-12-17T22:00:21.42203021Z	71	PC: 98363 \| Get current directory
2018-12-17T22:00:21.427434269Z	78	PC: 9836e \| Find first file
2018-12-17T22:00:21.433434082Z	71	PC: 981dc \| Get current directory
2018-12-17T22:00:21.437020925Z	73	PC: 97879 \| Release memory
2018-12-17T22:00:21.43840901Z	61	PC: 9fa2c \| Open file (Filename = 'A:\PRINT.COM')
2018-12-17T22:00:21.444915342Z	98	PC: 9fa53 \| Get current PSP
2018-12-17T22:00:21.446721487Z	51	PC: 9fa7b \| Get or set Ctrl-Break
2018-12-17T22:00:21.447531241Z	51	PC: 9fa81 \| Get or set Ctrl-Break
2018-12-17T22:00:21.448635558Z	53	PC: 9fa88 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:00:21.450369496Z	37	PC: 9fa96 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:00:21.451973828Z	63	PC: 9fb0a \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:00:21.459205834Z	63	PC: 9fb1b \| Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:00:21.462173375Z	62	PC: 9fa4c \| Close file
2018-12-17T22:00:21.464300471Z	37	PC: 9fba3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:00:21.465815502Z	51	PC: 9fba7 \| Get or set Ctrl-Break
2018-12-17T22:00:21.467815677Z	75	PC: 11821 \| Execute program
2018-12-17T22:00:21.478801011Z	9	PC: 12a47 \| Display string (String= 'Hello, World! ')
2018-12-17T22:00:21.483023825Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')
2018-12-17T22:00:21.486804446Z	77	PC: 11fe0 \| Get program return code
2018-12-17T22:00:21.500267507Z	72	PC: 12174 \| Allocate memory
2018-12-17T22:00:21.502697787Z	72	PC: 1218d \| Allocate memory
2018-12-17T22:00:21.505159885Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:00:21.506618186Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:00:21.509571327Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:00:21.512193566Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:21.514769605Z	62	PC: 122ab \| Close file
2018-12-17T22:00:21.51644365Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:21.518458266Z	62	PC: 122ab \| Close file
2018-12-17T22:00:21.519985747Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:21.521679612Z	62	PC: 122ab \| Close file
2018-12-17T22:00:21.523956786Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:21.525706637Z	62	PC: 122ab \| Close file
2018-12-17T22:00:21.527488228Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:21.531839504Z	62	PC: 122ab \| Close file
2018-12-17T22:00:21.533927432Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:21.535786206Z	62	PC: 122ab \| Close file
2018-12-17T22:00:21.538059602Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:21.539563752Z	62	PC: 122ab \| Close file
2018-12-17T22:00:21.541326801Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:21.54379991Z	62	PC: 122ab \| Close file
2018-12-17T22:00:21.545218694Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:21.54660944Z	62	PC: 122ab \| Close file
2018-12-17T22:00:21.548614217Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:21.550009984Z	62	PC: 122ab \| Close file
2018-12-17T22:00:21.551340655Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:21.552894279Z	62	PC: 122ab \| Close file
2018-12-17T22:00:21.554850789Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:21.556559241Z	62	PC: 122ab \| Close file
2018-12-17T22:00:21.558216068Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:21.561212303Z	62	PC: 122ab \| Close file
2018-12-17T22:00:21.562781454Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:21.564377335Z	62	PC: 122ab \| Close file
2018-12-17T22:00:21.566627522Z	69	PC: 9fa2c \| Duplicate handle
2018-12-17T22:00:21.56882407Z	62	PC: 122ab \| Close file
2018-12-17T22:00:21.580095335Z	99	PC: 9a247 \| Get DBCS lead byte table pointer
2018-12-17T22:00:21.583102871Z	56	PC: 94a69 \| Get or set country info
2018-12-17T22:00:21.584967785Z	64	PC: 9a4b8 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:00:21.589266826Z	25	PC: 94ad2 \| Get default drive
2018-12-17T22:00:21.591381224Z	71	PC: 96d4d \| Get current directory
2018-12-17T22:00:21.595171671Z	64	PC: 9a4b8 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:00:21.598207749Z	2	PC: 96d22 \| Character output (Char = '3e')
2018-12-17T22:00:21.605083139Z	93	PC: 94b90 \| File sharing functions
2018-12-17T22:00:21.606683658Z	93	PC: 94b97 \| File sharing functions
2018-12-17T22:00:21.608360065Z	10	PC: 94ba9 \| Buffered keyboard input