Sample viewer

vx.netlux.org/Virus.DOS.Intruder.1555

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:53:58.179839429Z	48	PC: 16a5c \| Get DOS version
2018-12-17T22:53:58.184902162Z	74	PC: 16aac \| Reallocate memory
2018-12-17T22:53:58.187011459Z	48	PC: 16b10 \| Get DOS version
2018-12-17T22:53:58.188310997Z	53	PC: 16b18 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:58.189739724Z	37	PC: 16b2a \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:58.191906162Z	53	PC: 191b2 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:53:58.193004053Z	37	PC: 191c2 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:53:58.194120029Z	53	PC: 191c7 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:53:58.196551216Z	37	PC: 191d7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:53:58.198316326Z	53	PC: 16f06 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:53:58.200187765Z	53	PC: 16f06 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:53:58.207905683Z	53	PC: 16f06 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:53:58.209615395Z	53	PC: 16f06 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:53:58.211383023Z	53	PC: 16f06 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:53:58.214327772Z	53	PC: 16f06 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:53:58.215972976Z	53	PC: 16f06 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:53:58.217646973Z	53	PC: 16f06 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:53:58.220246624Z	53	PC: 16f06 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:53:58.221580798Z	53	PC: 16f06 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:53:58.222768763Z	53	PC: 16f06 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:53:58.223973436Z	37	PC: 16f35 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:53:58.232103094Z	37	PC: 16f35 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:53:58.233686275Z	37	PC: 16f35 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:53:58.235071912Z	37	PC: 16f35 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:53:58.237403438Z	37	PC: 16f35 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:53:58.239576223Z	37	PC: 16f35 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:53:58.242016261Z	37	PC: 16f35 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:53:58.244807261Z	37	PC: 16f35 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:53:58.246889729Z	37	PC: 16f3c \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:53:58.2494183Z	37	PC: 16f41 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:53:58.256606228Z	68	PC: 16bbb \| I/O control for devices (Set for = 'N�5��')
2018-12-17T22:53:58.258225051Z	68	PC: 16bbb \| I/O control for devices
2018-12-17T22:53:58.259736722Z	68	PC: 16bbb \| I/O control for devices (Set for = 'PRTVXZ\^`bdfhjlnprtvxz\|~��')
2018-12-17T22:53:58.262328078Z	68	PC: 16bbb \| I/O control for devices (Set for = 'dfhjlnprtvxz\|~��')
2018-12-17T22:53:58.26376657Z	68	PC: 16bbb \| I/O control for devices (Set for = 'dfhjlnprtvxz\|~��')
2018-12-17T22:53:58.265553588Z	53	PC: 14d8a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:58.267602278Z	53	PC: 14d97 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:53:58.268801082Z	53	PC: 14da4 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:53:58.269972428Z	37	PC: 14db9 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:58.271298122Z	37	PC: 14dc1 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:53:58.273559686Z	37	PC: 14dc9 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:53:58.274750264Z	53	PC: 15848 \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:53:58.275826008Z	53	PC: 15855 \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:53:58.283065964Z	53	PC: 15864 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:53:58.284483693Z	37	PC: 15871 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:53:58.285796542Z	53	PC: 15878 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:53:58.287696343Z	37	PC: 15885 \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:53:58.288941747Z	53	PC: 15891 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:53:58.293092483Z	48	PC: 15953 \| Get DOS version
2018-12-17T22:53:58.294704688Z	74	PC: 13a55 \| Reallocate memory
2018-12-17T22:53:58.296514967Z	74	PC: 13a55 \| Reallocate memory
2018-12-17T22:53:58.298156811Z	68	PC: 14d00 \| I/O control for devices (Set for = '\system\.dll .vir�!')
2018-12-17T22:53:58.300059051Z	68	PC: 14d00 \| I/O control for devices (Set for = '')
2018-12-17T22:53:58.301332359Z	51	PC: 14d1e \| Get or set Ctrl-Break
2018-12-17T22:53:58.302131451Z	51	PC: 14d2a \| Get or set Ctrl-Break
2018-12-17T22:53:58.309946666Z	74	PC: 13a55 \| Reallocate memory
2018-12-17T22:53:58.3114914Z	51	PC: 14d35 \| Get or set Ctrl-Break
2018-12-17T22:53:58.312433178Z	53	PC: 13482 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:53:58.314317277Z	53	PC: 1348f \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:53:58.315662688Z	53	PC: 1349c \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:53:58.317006722Z	37	PC: 134b7 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:53:58.319050963Z	53	PC: 134bf \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:53:58.320264727Z	37	PC: 134cc \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:53:58.321404724Z	53	PC: 134d3 \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:53:58.323555035Z	37	PC: 134e0 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:53:58.324758696Z	37	PC: 134ea \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:53:58.32608481Z	37	PC: 134f5 \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:53:58.328279338Z	37	PC: 16f51 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:53:58.329819869Z	37	PC: 16f51 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:53:58.331243945Z	37	PC: 16f51 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:53:58.33359018Z	37	PC: 16f51 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:53:58.335105908Z	37	PC: 16f51 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:53:58.33649932Z	37	PC: 16f51 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:53:58.338588526Z	37	PC: 16f51 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:53:58.340252521Z	37	PC: 16f51 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:53:58.341609802Z	37	PC: 16f51 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:53:58.343171915Z	37	PC: 16f51 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:53:58.345321651Z	37	PC: 16f51 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:53:58.346721529Z	37	PC: 191e6 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:53:58.348097315Z	37	PC: 16c6c \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:58.351272333Z	41	PC: 16867 \| Parse filename
2018-12-17T22:53:58.353002745Z	41	PC: 16869 \| Parse filename
2018-12-17T22:53:58.354717469Z	41	PC: 1686e \| Parse filename
2018-12-17T22:53:58.357296012Z	75	PC: 16884 \| Execute program
2018-12-17T22:53:58.3793902Z	80	PC: 1c2c9 \| Set current PSP
2018-12-17T22:53:58.380177206Z	48	PC: 1c2ce \| Get DOS version
2018-12-17T22:53:58.382278479Z	99	PC: 22ab0 \| Get DBCS lead byte table pointer
2018-12-17T22:53:58.384772253Z	101	PC: 1c354 \| Get extended country info
2018-12-17T22:53:58.386056622Z	99	PC: 1c35a \| Get DBCS lead byte table pointer
2018-12-17T22:53:58.387718957Z	74	PC: 1c3bc \| Reallocate memory
2018-12-17T22:53:58.389544651Z	25	PC: 1c3f3 \| Get default drive
2018-12-17T22:53:58.39123772Z	37	PC: 1beb3 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:53:58.393432256Z	37	PC: 1beba \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:53:58.39483786Z	37	PC: 1bec1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:53:58.399287122Z	74	PC: 1b05c \| Reallocate memory
2018-12-17T22:53:58.401907223Z	72	PC: 1b09d \| Allocate memory
2018-12-17T22:53:58.403885444Z	72	PC: 1b0d5 \| Allocate memory
2018-12-17T22:53:58.405937029Z	72	PC: 1b0dd \| Allocate memory