Sample viewer

vx.netlux.org/Virus.DOS.Matthew.3044

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:56:51.923127615Z 73 PC: 13466 | Release memory
2018-12-17T22:56:51.925486396Z 53 PC: 133b2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:56:51.92773535Z 37 PC: 133c5 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:56:51.92967509Z 53 PC: 133f2 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:56:51.931638152Z 53 PC: 133cb | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:56:51.934118511Z 77 PC: 12dd9 | Get program return code
2018-12-17T22:56:51.935630491Z 49 PC: 12dd9 | Terminate and stay resident (Return code = '0' | Memory size = '254')
2018-12-17T22:56:51.938037706Z 48 PC: 1354d | Get DOS version
2018-12-17T22:56:51.948412905Z 75 PC: 12dd9 | Execute program
2018-12-17T22:56:51.96637627Z 9 PC: 13ac3 | Display string (String= ' Mabuhay! This program came from Bahay Kawayan at http://come.to/hexfiles Putoksa Kawayan [email protected] ')
2018-12-17T22:56:51.9843312Z 76 PC: 13ac7 | Terminate with return code (Return code = '36')
2018-12-17T22:56:51.988515905Z 77 PC: 1359f | Get program return code