Sample viewer

vx.netlux.org/Virus.DOS.Grog.1641

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:54:37.128005273Z	47	PC: 12c7c \| Get disk transfer address
2018-12-17T22:54:37.12981118Z	26	PC: 1307c \| Set disk transfer address
2018-12-17T22:54:37.131551775Z	78	PC: 13086 \| Find first file
2018-12-17T22:54:37.13707241Z	47	PC: 12d9b \| Get disk transfer address
2018-12-17T22:54:37.138338893Z	26	PC: 12db4 \| Set disk transfer address
2018-12-17T22:54:37.139770907Z	61	PC: 12dee \| Open file (Filename = '\TEST.EXE')
2018-12-17T22:54:37.145095754Z	66	PC: 12e07 \| Move file pointer
2018-12-17T22:54:37.14650179Z	66	PC: 12e29 \| Move file pointer
2018-12-17T22:54:37.148572806Z	63	PC: 12e45 \| Read file or device (Read 12 bytes on handle 5)
2018-12-17T22:54:37.15109988Z	62	PC: 12e6a \| Close file
2018-12-17T22:54:37.152728664Z	26	PC: 1304f \| Set disk transfer address
2018-12-17T22:54:37.154307955Z	79	PC: 130a3 \| Find next file
2018-12-17T22:54:37.156938735Z	26	PC: 1307c \| Set disk transfer address
2018-12-17T22:54:37.158063781Z	78	PC: 13086 \| Find first file
2018-12-17T22:54:37.163999618Z	79	PC: 130a3 \| Find next file
2018-12-17T22:54:37.16636586Z	79	PC: 130a3 \| Find next file
2018-12-17T22:54:37.168554847Z	79	PC: 130a3 \| Find next file
2018-12-17T22:54:37.1746743Z	79	PC: 130a3 \| Find next file
2018-12-17T22:54:37.17689125Z	79	PC: 130a3 \| Find next file
2018-12-17T22:54:37.179031256Z	79	PC: 130a3 \| Find next file
2018-12-17T22:54:37.181559423Z	79	PC: 130a3 \| Find next file
2018-12-17T22:54:37.183866523Z	79	PC: 130a3 \| Find next file
2018-12-17T22:54:37.185960793Z	79	PC: 130a3 \| Find next file
2018-12-17T22:54:37.187856419Z	42	PC: 12d24 \| Get date 0x12d24: pop si 0x12d25: ret 0x12d26: mov si, dx 0x12d28: test byte ptr [si + 0x15], 0x10 0x12d2c: jne 0x12d39 0x12d2e: call 0x13095 0x12d31: jb 0x12d1f 0x12d33: test byte ptr [si + 0x15], 0x10 0x12d37: je 0x12d2e 0x12d39: cmp byte ptr [si + 0x1e], 0x2e 0x12d3d: je 0x12d2e 0x12d3f: call 0x12d74 0x12d42: push ax 0x12d43: mov ah, 0x1a 0x12d45: int 0x21 0x12d47: pop ax 0x12d48: push si 0x12d49: mov si, 0x70b 0x12d4c: add si, bp 0x12d4e: test word ptr [si], 0xffff
2018-12-17T22:54:37.190298423Z	26	PC: 12cae \| Set disk transfer address
2018-12-17T22:54:37.191324754Z	76	PC: 12c17 \| Terminate with return code (Return code = '35')