Sample viewer

vx.netlux.org/Virus.DOS.Ply.4722

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:58:48.023235739Z 65 PC: 12c60 | Delete file (Filename = '\NCDTREE')
2018-12-17T22:58:48.035515843Z 26 PC: 137fa | Set disk transfer address
2018-12-17T22:58:48.036901988Z 53 PC: 12f4b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:48.038319247Z 37 PC: 12f66 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:48.039952933Z 78 PC: 1375f | Find first file
2018-12-17T22:58:48.047832411Z 61 PC: 13062 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:58:48.055411179Z 63 PC: 13071 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:58:48.058559082Z 62 PC: 13d6a | Close file
2018-12-17T22:58:48.061075763Z 79 PC: 1375f | Find next file
2018-12-17T22:58:48.063799538Z 37 PC: 12fe4 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:48.065111921Z 98 PC: 13b6c | Get current PSP
2018-12-17T22:58:48.070214319Z 26 PC: 1387e | Set disk transfer address
2018-12-17T22:58:48.071380765Z 98 PC: 131d0 | Get current PSP
2018-12-17T22:58:48.072917428Z 76 PC: 12aa4 | Terminate with return code (Return code = '0')