Sample viewer

vx.netlux.org/Virus.DOS.Zerobug.1536.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:00:59.824031151Z 53 PC: 12a7a | Get interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-17T22:00:59.826331573Z 67 PC: 12ac7 | Get or set file attributes
2018-12-17T22:00:59.831468913Z 67 PC: 12ad1 | Get or set file attributes
2018-12-17T22:01:00.171978247Z 61 PC: 12ad9 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:01:00.179808721Z 87 PC: 12ae3 | Get or set file date and time
2018-12-17T22:01:00.180988845Z 63 PC: 12b02 | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:01:00.194240124Z 66 PC: 12b24 | Move file pointer
2018-12-17T22:01:00.19551289Z 64 PC: 12b3a | Write file or device (Write 56181 bytes on handle 5)
2018-12-17T22:01:00.213565242Z 87 PC: 12b46 | Get or set file date and time
2018-12-17T22:01:00.215386535Z 62 PC: 12b4a | Close file
2018-12-17T22:01:00.222942492Z 67 PC: 12b53 | Get or set file attributes
2018-12-17T22:01:00.2329635Z 37 PC: 12b70 | Set interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-17T22:01:00.234474106Z 74 PC: 12b88 | Reallocate memory
2018-12-17T22:01:00.23619415Z 53 PC: 12b90 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:01:00.238834688Z 37 PC: 12ba6 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:01:00.240390591Z 75 PC: 12bf2 | Execute program
2018-12-17T22:01:00.261082666Z 53 PC: 131da | Get interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-17T22:01:00.263563225Z 9 PC: 12d73 | Display string (String= '')
2018-12-17T22:01:00.265517285Z 53 PC: 12d99 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:01:00.266772326Z 37 PC: 12db0 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:01:00.268260211Z 37 PC: 12c0d | Set interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-17T22:01:00.26973038Z 76 PC: 131a5 | Terminate with return code (Return code = '0')
2018-12-17T22:01:00.271835548Z 49 PC: 12bf8 | Terminate and stay resident (Return code = '0' | Memory size = '112')