Sample viewer

vx.netlux.org/Virus.DOS.Hitch.1247.b

Time	Syscall Op	Syscall Name
2018-12-17T22:56:45.792616927Z	48	PC: 12a47 \| Get DOS version
2018-12-17T22:56:45.795203174Z	22	PC: 12a50 \| Create or truncate file
2018-12-17T22:56:45.797606919Z	53	PC: 12a5d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:56:45.799375662Z	37	PC: 12a6f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:56:45.801046214Z	42	PC: 12a85 \| Get date 0x12a85: cmp dh, 8 0x12a88: je 0x12a92 0x12a8a: mov dx, 0x210 0x12a8d: mov ax, 0x251c 0x12a90: int 0x21 0x12a92: mov bp, cs 0x12a94: dec bp 0x12a95: mov es, bp 0x12a97: mov ax, 0x100 0x12a9a: mov si, word ptr [0x16] 0x12a9e: mov word ptr es:[1], si 0x12aa3: mov dx, word ptr es:[3] 0x12aa8: mov word ptr es:[3], ax 0x12aac: mov byte ptr es:[0], 0x4d 0x12ab2: sub dx, ax 0x12ab4: dec dx 0x12ab5: inc bp 0x12ab6: add bp, ax 0x12ab8: mov es, bp 0x12aba: inc bp
2018-12-17T22:56:45.80507973Z	37	PC: 12a92 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:56:45.806822022Z	80	PC: 12ad3 \| Set current PSP
2018-12-17T22:56:45.808476825Z	9	PC: 13a92 \| Display string (String= 'Goat file (COM). Size=00002710h/0000010000d bytes. ')
2018-12-17T22:56:45.814680118Z	76	PC: 13a96 \| Terminate with return code (Return code = '36')

Time	Syscall Op	Syscall Name
2018-12-25T12:32:29.095770511Z	48	PC: 12a47 \| Get DOS version
2018-12-25T12:32:29.097273699Z	22	PC: 12a50 \| Create or truncate file
2018-12-25T12:32:29.098572188Z	53	PC: 12a5d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:32:29.099643735Z	37	PC: 12a6f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:32:29.101446806Z	42	PC: 12a85 \| Get date 0x12a85: cmp dh, 8 0x12a88: je 0x12a92 0x12a8a: mov dx, 0x210 0x12a8d: mov ax, 0x251c 0x12a90: int 0x21 0x12a92: mov bp, cs 0x12a94: dec bp 0x12a95: mov es, bp 0x12a97: mov ax, 0x100 0x12a9a: mov si, word ptr [0x16] 0x12a9e: mov word ptr es:[1], si 0x12aa3: mov dx, word ptr es:[3] 0x12aa8: mov word ptr es:[3], ax 0x12aac: mov byte ptr es:[0], 0x4d 0x12ab2: sub dx, ax 0x12ab4: dec dx 0x12ab5: inc bp 0x12ab6: add bp, ax 0x12ab8: mov es, bp 0x12aba: inc bp
2018-12-25T12:32:29.10398897Z	37	PC: 12a92 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:32:29.105080991Z	80	PC: 12ad3 \| Set current PSP
2018-12-25T12:32:29.106605009Z	9	PC: 13a92 \| Display string (String= 'Goat file (COM). Size=00002710h/0000010000d bytes. ')
2018-12-25T12:32:29.111966017Z	76	PC: 13a96 \| Terminate with return code (Return code = '36')

Time	Syscall Op	Syscall Name
2018-12-25T12:32:29.099975319Z	48	PC: 12a47 \| Get DOS version
2018-12-25T12:32:29.101587626Z	22	PC: 12a50 \| Create or truncate file
2018-12-25T12:32:29.102734922Z	53	PC: 12a5d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:32:29.103761843Z	37	PC: 12a6f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:32:29.105211116Z	42	PC: 12a85 \| Get date 0x12a85: cmp dh, 8 0x12a88: je 0x12a92 0x12a8a: mov dx, 0x210 0x12a8d: mov ax, 0x251c 0x12a90: int 0x21 0x12a92: mov bp, cs 0x12a94: dec bp 0x12a95: mov es, bp 0x12a97: mov ax, 0x100 0x12a9a: mov si, word ptr [0x16] 0x12a9e: mov word ptr es:[1], si 0x12aa3: mov dx, word ptr es:[3] 0x12aa8: mov word ptr es:[3], ax 0x12aac: mov byte ptr es:[0], 0x4d 0x12ab2: sub dx, ax 0x12ab4: dec dx 0x12ab5: inc bp 0x12ab6: add bp, ax 0x12ab8: mov es, bp 0x12aba: inc bp
2018-12-25T12:32:29.107228285Z	80	PC: 12ad3 \| Set current PSP
2018-12-25T12:32:29.108707904Z	9	PC: 13a92 \| Display string (String= 'Goat file (COM). Size=00002710h/0000010000d bytes. ')
2018-12-25T12:32:29.112618153Z	76	PC: 13a96 \| Terminate with return code (Return code = '36')