Sample viewer

vx.netlux.org/Virus.DOS.Hary.981

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:00:27.100181733Z 53 PC: 13127 | Get interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-17T22:00:27.110219757Z 48 PC: 12c4b | Get DOS version
2018-12-17T22:00:27.111377008Z 53 PC: 12c57 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:00:27.112521404Z 37 PC: 12c67 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:00:27.114268047Z 37 PC: 12c71 | Set interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-17T22:00:27.115603996Z 74 PC: 12c7d | Reallocate memory
2018-12-17T22:00:27.117353867Z 61 PC: 12abf | Open file (Filename = 'A:\TEST.COM')
2018-12-17T22:00:27.124066294Z 63 PC: 12adb | Read file or device (Read 40 bytes on handle 5)
2018-12-17T22:00:27.127916943Z 62 PC: 12a9c | Close file
2018-12-17T22:00:27.129650829Z 75 PC: 12cd5 | Execute program
2018-12-17T22:00:27.143429086Z 53 PC: 17677 | Get interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-17T22:00:27.145266455Z 9 PC: 17376 | Display string (String= 'Hello - Copyright S & S International, 1990 ')
2018-12-17T22:00:27.150991818Z 49 PC: 12ce4 | Terminate and stay resident (Return code = '0' | Memory size = '79')