Sample viewer

vx.netlux.org/Virus.DOS.PS-MPC.Abraxas.546

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:00:18.480637868Z	26	PC: 12a7b \| Set disk transfer address
2018-12-17T23:00:18.483295226Z	71	PC: 12a85 \| Get current directory
2018-12-17T23:00:18.486867494Z	53	PC: 12a8f \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:18.488636553Z	37	PC: 12a9f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:18.490390795Z	78	PC: 12b29 \| Find first file
2018-12-17T23:00:18.498255882Z	78	PC: 12b29 \| Find first file
2018-12-17T23:00:18.505068841Z	61	PC: 12c47 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:00:18.513553109Z	63	PC: 12b3b \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:00:18.522122875Z	62	PC: 12b3f \| Close file
2018-12-17T23:00:18.524733982Z	79	PC: 12b29 \| Find next file
2018-12-17T23:00:18.528217355Z	61	PC: 12c47 \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:00:18.536558495Z	63	PC: 12b3b \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:00:18.543774376Z	62	PC: 12b3f \| Close file
2018-12-17T23:00:18.545827219Z	79	PC: 12b29 \| Find next file
2018-12-17T23:00:18.549418469Z	61	PC: 12c47 \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:00:18.5570448Z	63	PC: 12b3b \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:00:18.564430304Z	62	PC: 12b3f \| Close file
2018-12-17T23:00:18.570502131Z	79	PC: 12b29 \| Find next file
2018-12-17T23:00:18.573530127Z	61	PC: 12c47 \| Open file (Filename = 'PHANG.COM')
2018-12-17T23:00:18.582529348Z	63	PC: 12b3b \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:00:18.589823388Z	62	PC: 12b3f \| Close file
2018-12-17T23:00:18.592729948Z	79	PC: 12b29 \| Find next file
2018-12-17T23:00:18.595990074Z	61	PC: 12c47 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:00:18.603620922Z	63	PC: 12b3b \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:00:18.612065363Z	62	PC: 12b3f \| Close file
2018-12-17T23:00:18.614471196Z	79	PC: 12b29 \| Find next file
2018-12-17T23:00:18.617772493Z	61	PC: 12c47 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T23:00:18.62657533Z	63	PC: 12b3b \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:00:18.634014627Z	62	PC: 12b3f \| Close file
2018-12-17T23:00:18.636405394Z	79	PC: 12b29 \| Find next file
2018-12-17T23:00:18.640343815Z	61	PC: 12c47 \| Open file (Filename = 'PAH.COM')
2018-12-17T23:00:18.648628927Z	63	PC: 12b3b \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:00:18.65651104Z	62	PC: 12b3f \| Close file
2018-12-17T23:00:18.659022889Z	79	PC: 12b29 \| Find next file
2018-12-17T23:00:18.662440772Z	61	PC: 12c47 \| Open file (Filename = 'TEST.COM')
2018-12-17T23:00:18.670658018Z	63	PC: 12b3b \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:00:18.673879358Z	62	PC: 12b3f \| Close file
2018-12-17T23:00:18.676696209Z	79	PC: 12b29 \| Find next file
2018-12-17T23:00:18.679352466Z	59	PC: 12ab7 \| Change current directory
2018-12-17T23:00:18.683816213Z	37	PC: 12ac5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:18.686258366Z	59	PC: 12acf \| Change current directory
2018-12-17T23:00:18.691002861Z	26	PC: 12adc \| Set disk transfer address
2018-12-17T23:00:18.692742767Z	26	PC: 12a7b \| Set disk transfer address
2018-12-17T23:00:18.695436102Z	71	PC: 12a85 \| Get current directory
2018-12-17T23:00:18.699010042Z	53	PC: 12a8f \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:18.700716004Z	37	PC: 12a9f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:18.703204832Z	78	PC: 12b29 \| Find first file
2018-12-17T23:00:18.71581727Z	78	PC: 12b29 \| Find first file
2018-12-17T23:00:18.723492099Z	61	PC: 12c47 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:00:18.731317208Z	63	PC: 12b3b \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:00:18.738793743Z	62	PC: 12b3f \| Close file
2018-12-17T23:00:18.740837143Z	79	PC: 12b29 \| Find next file
2018-12-17T23:00:18.743870265Z	61	PC: 12c47 \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:00:18.751241652Z	63	PC: 12b3b \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:00:18.758366432Z	62	PC: 12b3f \| Close file
2018-12-17T23:00:18.760480716Z	79	PC: 12b29 \| Find next file
2018-12-17T23:00:18.764273628Z	61	PC: 12c47 \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:00:18.771818563Z	63	PC: 12b3b \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:00:18.779189582Z	62	PC: 12b3f \| Close file
2018-12-17T23:00:18.782484565Z	79	PC: 12b29 \| Find next file
2018-12-17T23:00:18.786153974Z	61	PC: 12c47 \| Open file (Filename = 'PHANG.COM')
2018-12-17T23:00:18.793484949Z	63	PC: 12b3b \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:00:18.802241619Z	62	PC: 12b3f \| Close file
2018-12-17T23:00:18.804641959Z	79	PC: 12b29 \| Find next file
2018-12-17T23:00:18.808089148Z	61	PC: 12c47 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:00:18.816419621Z	63	PC: 12b3b \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:00:18.823828868Z	62	PC: 12b3f \| Close file
2018-12-17T23:00:18.826118028Z	79	PC: 12b29 \| Find next file
2018-12-17T23:00:18.831079909Z	61	PC: 12c47 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T23:00:18.83870426Z	63	PC: 12b3b \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:00:18.846046774Z	62	PC: 12b3f \| Close file
2018-12-17T23:00:18.848268159Z	79	PC: 12b29 \| Find next file
2018-12-17T23:00:18.852780598Z	61	PC: 12c47 \| Open file (Filename = 'PAH.COM')
2018-12-17T23:00:18.86036158Z	63	PC: 12b3b \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:00:18.8678967Z	62	PC: 12b3f \| Close file
2018-12-17T23:00:18.871930059Z	79	PC: 12b29 \| Find next file
2018-12-17T23:00:18.875316036Z	61	PC: 12c47 \| Open file (Filename = 'TEST.COM')
2018-12-17T23:00:18.882918669Z	63	PC: 12b3b \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:00:18.890625069Z	62	PC: 12b3f \| Close file
2018-12-17T23:00:18.892854181Z	79	PC: 12b29 \| Find next file
2018-12-17T23:00:18.89555736Z	59	PC: 12ab7 \| Change current directory
2018-12-17T23:00:18.901156738Z	37	PC: 12ac5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:18.902692755Z	59	PC: 12acf \| Change current directory
2018-12-17T23:00:18.907557942Z	26	PC: 12adc \| Set disk transfer address