Sample viewer

vx.netlux.org/Virus.DOS.Kustanai.2071

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:58:26.103329773Z	43	PC: 143cc \| Set date
2018-12-17T22:58:26.105229481Z	53	PC: 143d6 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:26.111066033Z	53	PC: 143e2 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:58:26.114699173Z	74	PC: 14404 \| Reallocate memory
2018-12-17T22:58:26.117076732Z	72	PC: 1440d \| Allocate memory
2018-12-17T22:58:26.120081506Z	37	PC: 14432 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:26.121865045Z	37	PC: 14439 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:58:26.124130043Z	67	PC: 9f4a4 \| Get or set file attributes
2018-12-17T22:58:26.135706117Z	108	PC: 9f4a4 \| Extended open/create file
2018-12-17T22:58:26.143464503Z	53	PC: 9f4a4 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:26.145083253Z	37	PC: 9f4a4 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:26.147467628Z	87	PC: 9f4a4 \| Get or set file date and time
2018-12-17T22:58:26.149251923Z	63	PC: 9f4a4 \| Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:58:26.152342701Z	62	PC: 9f4a4 \| Close file
2018-12-17T22:58:26.154673663Z	37	PC: 9f4a4 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:26.156550903Z	61	PC: 144da \| Open file (Filename = '')
2018-12-17T22:58:26.164788067Z	66	PC: 144ea \| Move file pointer
2018-12-17T22:58:26.167098405Z	62	PC: 14532 \| Close file
2018-12-17T22:58:26.170119272Z	9	PC: 12a86 \| Display string (String= 'Goat file (EXE/k...). Size=00001A90h/0000006800d bytes. ')
2018-12-17T22:58:26.174740447Z	48	PC: 12a8f \| Get DOS version
2018-12-17T22:58:26.17712404Z	67	PC: 9f4a4 \| Get or set file attributes
2018-12-17T22:58:26.184011139Z	108	PC: 9f4a4 \| Extended open/create file
2018-12-17T22:58:26.192494761Z	53	PC: 9f4a4 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:26.19436329Z	37	PC: 9f4a4 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:26.196462155Z	87	PC: 9f4a4 \| Get or set file date and time
2018-12-17T22:58:26.198596488Z	63	PC: 9f4a4 \| Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:58:26.202735393Z	62	PC: 9f4a4 \| Close file
2018-12-17T22:58:26.20799883Z	37	PC: 9f4a4 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:26.209509771Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-17T22:58:26.217369367Z	93	PC: 12afe \| File sharing functions
2018-12-17T22:58:26.220256347Z	9	PC: 12a86 \| Display string (String= 'Size change=0817h/02071d. ')
2018-12-17T22:58:26.225147671Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')