Sample viewer

vx.netlux.org/Virus.DOS.ExeHeader.440

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:00:19.199539118Z	53	PC: 12a84 \| Get interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T22:00:19.201656876Z	53	PC: 12ac7 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:00:19.202706197Z	53	PC: 12ad3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:00:19.203736566Z	37	PC: 12ae5 \| Set interrupt vector (Interrupt = '115' AKA 'UNKNOWN!')
2018-12-17T22:00:19.205016499Z	37	PC: 12aed \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:00:19.20677155Z	37	PC: 12af4 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:00:19.208026641Z	37	PC: 12aff \| Set interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T22:00:19.209724005Z	48	PC: 12a87 \| Get DOS version
2018-12-17T22:00:19.223455298Z	9	PC: 12a96 \| Display string (String= 'The Norton Commander, Copyright (C) 1986, 88, 89, Peter Norton Computing, Inc. ')
2018-12-17T22:00:19.228533048Z	74	PC: 12adc \| Reallocate memory
2018-12-17T22:00:19.230316471Z	37	PC: 12af0 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:00:19.232097565Z	51	PC: 12d58 \| Get or set Ctrl-Break
2018-12-17T22:00:19.233024754Z	51	PC: 12d63 \| Get or set Ctrl-Break
2018-12-17T22:00:19.233983106Z	72	PC: 13109 \| Allocate memory
2018-12-17T22:00:19.236411824Z	41	PC: 13184 \| Parse filename
2018-12-17T22:00:19.237884334Z	41	PC: 1318d \| Parse filename
2018-12-17T22:00:19.239239522Z	61	PC: 9faf8 \| Open file (Filename = 'A:\NCMAIN.EXE')
2018-12-17T22:00:19.245769966Z	62	PC: 9fb8c \| Close file
2018-12-17T22:00:19.247264124Z	75	PC: 13157 \| Execute program