Sample viewer

vx.netlux.org/Virus.DOS.Armageddon.Thomos.1079

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:53:59.486062113Z	66	PC: 140f7 \| Move file pointer
2018-12-17T22:53:59.489232713Z	74	PC: 14106 \| Reallocate memory
2018-12-17T22:53:59.491086654Z	74	PC: 1410e \| Reallocate memory
2018-12-17T22:53:59.493055294Z	72	PC: 14115 \| Allocate memory
2018-12-17T22:53:59.495436078Z	224	PC: 12d7a \| UNKNOWN!
2018-12-17T22:53:59.497036023Z	53	PC: 12d89 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:53:59.498867956Z	37	PC: 12d99 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:53:59.500654147Z	53	PC: 12d9e \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:53:59.503095131Z	37	PC: 12dae \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:53:59.504769323Z	44	PC: 12db2 \| Get time 0x12db2: mov byte ptr [0x12c], ch 0x12db6: mov byte ptr [0x12d], cl 0x12dba: mov byte ptr [0x12e], dh 0x12dbe: mov ax, word ptr cs:[0x2c] 0x12dc2: mov ds, ax 0x12dc4: xor si, si 0x12dc6: mov al, byte ptr [si] 0x12dc8: cmp al, 1 0x12dca: je 0x12dcf 0x12dcc: inc si 0x12dcd: jmp 0x12dc6 0x12dcf: inc si 0x12dd0: inc si 0x12dd1: mov dx, si 0x12dd3: mov ax, cs 0x12dd5: mov es, ax 0x12dd7: mov bx, 0x5a 0x12dda: mov ah, 0x4a 0x12ddc: int 0x21 0x12dde: mov bx, word ptr cs:[0x81]
2018-12-17T22:53:59.507499673Z	74	PC: 12dde \| Reallocate memory
2018-12-17T22:53:59.509563715Z	75	PC: 12e06 \| Execute program
2018-12-17T22:53:59.52165665Z	198	PC: 1aef5 \| UNKNOWN!
2018-12-17T22:53:59.522509437Z	72	PC: 1af21 \| Allocate memory
2018-12-17T22:53:59.52426122Z	72	PC: 1af2b \| Allocate memory
2018-12-17T22:53:59.525677685Z	53	PC: 1af76 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:53:59.526806307Z	53	PC: 1af8b \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:53:59.528323515Z	53	PC: 1af94 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:53:59.529719931Z	37	PC: 1afa5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:53:59.530942575Z	37	PC: 1afad \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:53:59.532551645Z	37	PC: 1b004 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:53:59.533999732Z	37	PC: 1b012 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:53:59.536316199Z	49	PC: 12e1b \| Terminate and stay resident (Return code = '0' \| Memory size = '84')