Sample viewer

vx.netlux.org/Virus.DOS.Yury.560

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:00:27.217737533Z 131 PC: 12b51 | UNKNOWN!
2018-12-17T22:00:27.218884269Z 78 PC: 12b67 | Find first file
2018-12-17T22:00:27.225954405Z 67 PC: 12b73 | Get or set file attributes
2018-12-17T22:00:27.232774094Z 67 PC: 12b7f | Get or set file attributes
2018-12-17T22:00:27.253723328Z 61 PC: 12b9e | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:00:27.261143063Z 63 PC: 12bae | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:00:27.2672976Z 66 PC: 12bb9 | Move file pointer
2018-12-17T22:00:27.268578228Z 63 PC: 12bd2 | Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:00:27.27208231Z 64 PC: 12bee | Write file or device (Write 560 bytes on handle 5)
2018-12-17T22:00:27.279847382Z 66 PC: 12bf7 | Move file pointer
2018-12-17T22:00:27.281099105Z 64 PC: 12c02 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:00:27.301978036Z 62 PC: 12c06 | Close file
2018-12-17T22:00:27.310158277Z 67 PC: 12c0f | Get or set file attributes
2018-12-17T22:00:27.320233825Z 74 PC: 12c1c | Reallocate memory
2018-12-17T22:00:27.322887836Z 53 PC: 12c21 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:00:27.324067438Z 53 PC: 12c30 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:00:27.325504146Z 37 PC: 12c43 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:00:27.32741952Z 37 PC: 12c4c | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:00:27.328875739Z 75 PC: 12c86 | Execute program
2018-12-17T22:00:27.343133945Z 131 PC: 12fe1 | UNKNOWN!
2018-12-17T22:00:27.344201778Z 76 PC: 12f98 | Terminate with return code (Return code = '0')
2018-12-17T22:00:27.347497106Z 37 PC: 12cb7 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:00:27.348889254Z 37 PC: 12cc1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:00:27.350164768Z 76 PC: 12cc6 | Terminate with return code (Return code = '0')