Sample viewer

vx.netlux.org/Virus.DOS.Bomzh.3809

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:56:18.882163519Z	75	PC: 13a07 \| Execute program
2018-12-17T22:56:18.885208144Z	98	PC: 13a10 \| Get current PSP
2018-12-17T22:56:18.887012657Z	98	PC: 144a7 \| Get current PSP
2018-12-17T22:56:18.889002128Z	74	PC: 12aa9 \| Reallocate memory
2018-12-17T22:56:18.894015675Z	53	PC: 12d7e \| Get interrupt vector (Interrupt = '23' AKA 'Rename file')
2018-12-17T22:56:18.896216013Z	37	PC: 12d8f \| Set interrupt vector (Interrupt = '23' AKA 'Rename file')
2018-12-17T22:56:18.898219059Z	53	PC: 12d94 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:56:18.899908747Z	37	PC: 12da5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:56:18.9027185Z	37	PC: 12c2b \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:18.904849056Z	67	PC: 12dcd \| Get or set file attributes
2018-12-17T22:56:18.912650465Z	67	PC: 12dda \| Get or set file attributes
2018-12-17T22:56:18.932544072Z	61	PC: 12de7 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:56:18.940350311Z	66	PC: 12ea3 \| Move file pointer
2018-12-17T22:56:18.942370259Z	63	PC: 12eae \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:56:18.946018329Z	66	PC: 12ecb \| Move file pointer
2018-12-17T22:56:18.949064356Z	66	PC: 12ef1 \| Move file pointer
2018-12-17T22:56:18.950941967Z	63	PC: 12efc \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:56:18.954263312Z	66	PC: 13086 \| Move file pointer
2018-12-17T22:56:18.957382418Z	66	PC: 130a1 \| Move file pointer
2018-12-17T22:56:18.959228328Z	63	PC: 130ac \| Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:56:18.967622773Z	66	PC: 130b5 \| Move file pointer
2018-12-17T22:56:18.977685024Z	64	PC: 130c0 \| Write file or device (Write 24 bytes on handle 5)
2018-12-17T22:56:18.981375282Z	66	PC: 130cd \| Move file pointer
2018-12-17T22:56:18.983201756Z	64	PC: 130d3 \| Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:56:18.992982828Z	66	PC: 12f12 \| Move file pointer
2018-12-17T22:56:18.995183206Z	62	PC: 12cb4 \| Close file
2018-12-17T22:56:19.004240737Z	61	PC: 12cd4 \| Open file (Filename = '��=UUt�z ��G��Z��-')
2018-12-17T22:56:19.011180838Z	37	PC: 12d4d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:19.012620184Z	66	PC: 12f26 \| Move file pointer
2018-12-17T22:56:19.014275938Z	63	PC: 12f33 \| Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:56:19.016906464Z	66	PC: 12f59 \| Move file pointer
2018-12-17T22:56:19.019682644Z	66	PC: 12f92 \| Move file pointer
2018-12-17T22:56:19.024974744Z	64	PC: 13882 \| Write file or device (Write 3809 bytes on handle 5)
2018-12-17T22:56:19.035917571Z	66	PC: 12fcc \| Move file pointer
2018-12-17T22:56:19.038255667Z	64	PC: 12fd5 \| Write file or device (Write 24 bytes on handle 5)
2018-12-17T22:56:19.040690997Z	62	PC: 1311f \| Close file
2018-12-17T22:56:19.048191621Z	98	PC: 13156 \| Get current PSP
2018-12-17T22:56:19.049679198Z	19	PC: 13460 \| Delete file
2018-12-17T22:56:19.055231137Z	19	PC: 13460 \| Delete file
2018-12-17T22:56:19.061985147Z	19	PC: 13460 \| Delete file
2018-12-17T22:56:19.075567126Z	75	PC: 12ad1 \| Execute program
2018-12-17T22:56:19.102911673Z	98	PC: 168cf \| Get current PSP
2018-12-17T22:56:19.10466496Z	9	PC: 158c2 \| Display string (String= 'Goat file (EXE). Size=000011A0h/0000004512d bytes. ')
2018-12-17T22:56:19.110400435Z	76	PC: 158c6 \| Terminate with return code (Return code = '36')
2018-12-17T22:56:19.114526463Z	77	PC: 12ad5 \| Get program return code
2018-12-17T22:56:19.116581257Z	49	PC: 12aeb \| Terminate and stay resident (Return code = '36' \| Memory size = '285')