Sample viewer

vx.netlux.org/Virus.DOS.Won.2310

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:58:40.523920164Z	88	PC: 1335d \| case 0xGet or set allocation strateg:
2018-12-17T22:58:40.525938237Z	72	PC: 13366 \| Allocate memory
2018-12-17T22:58:40.528007937Z	74	PC: 13331 \| Reallocate memory
2018-12-17T22:58:40.531862682Z	72	PC: 13366 \| Allocate memory
2018-12-17T22:58:40.533751222Z	88	PC: 13371 \| case 0xGet or set allocation strateg:
2018-12-17T22:58:40.535244569Z	82	PC: 13293 \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:58:40.53774594Z	54	PC: 133a7 \| Get free disk space
2018-12-17T22:58:40.585616896Z	50	PC: 133bf \| Get disk parameter block for specified drive
2018-12-17T22:58:40.921263351Z	53	PC: 1347b \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:58:40.923270714Z	37	PC: 1348b \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:58:40.926131852Z	53	PC: 1347b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:40.927731688Z	37	PC: 1348b \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:40.929170623Z	53	PC: 1347b \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:58:40.931940299Z	37	PC: 1348b \| Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:58:40.933445278Z	37	PC: 132e7 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:58:40.935237767Z	82	PC: 13293 \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:58:40.938015999Z	98	PC: 13305 \| Get current PSP
2018-12-17T22:58:40.939507302Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:58:40.944378437Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')