Sample viewer

vx.netlux.org/Virus.DOS.Gliss.1247

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:00:22.211874113Z	25	PC: 12d6a \| Get default drive
2018-12-17T23:00:22.213403249Z	53	PC: 12d7b \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:00:22.214433647Z	37	PC: 12d8c \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:00:22.217668547Z	37	PC: 12da6 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:00:22.21922653Z	26	PC: 12dc3 \| Set disk transfer address
2018-12-17T23:00:22.220350482Z	78	PC: 12dcf \| Find first file
2018-12-17T23:00:22.227521985Z	47	PC: 12deb \| Get disk transfer address
2018-12-17T23:00:22.228618011Z	61	PC: 12df5 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:00:22.236405263Z	63	PC: 12e00 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T23:00:22.24332069Z	62	PC: 12e04 \| Close file
2018-12-17T23:00:22.245274385Z	47	PC: 12e0e \| Get disk transfer address
2018-12-17T23:00:22.247091239Z	47	PC: 12e29 \| Get disk transfer address
2018-12-17T23:00:22.248928473Z	67	PC: 12e34 \| Get or set file attributes
2018-12-17T23:00:22.255276462Z	67	PC: 12e3d \| Get or set file attributes
2018-12-17T23:00:22.388182852Z	61	PC: 12e44 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:00:22.396568691Z	64	PC: 12e5d \| Write file or device (Write 6 bytes on handle 5)
2018-12-17T23:00:22.400639824Z	66	PC: 12e69 \| Move file pointer
2018-12-17T23:00:22.403928165Z	64	PC: 12e7a \| Write file or device (Write 1247 bytes on handle 5)
2018-12-17T23:00:22.414376271Z	87	PC: 12e89 \| Get or set file date and time
2018-12-17T23:00:22.416342916Z	62	PC: 12e99 \| Close file
2018-12-17T23:00:22.425890452Z	9	PC: 12ea2 \| Display string (String= ' Dies ist ein Demonstrations-Computervirus ! So gerade eben wurde das Program :')
2018-12-17T23:00:22.437005706Z	2	PC: 12eaf \| Character output (Char = '53')
2018-12-17T23:00:22.439265591Z	2	PC: 12eaf \| Character output (Char = '4c')
2018-12-17T23:00:22.441531782Z	2	PC: 12eaf \| Character output (Char = '45')
2018-12-17T23:00:22.44467405Z	2	PC: 12eaf \| Character output (Char = '45')
2018-12-17T23:00:22.447192644Z	2	PC: 12eaf \| Character output (Char = '50')
2018-12-17T23:00:22.44962568Z	2	PC: 12eaf \| Character output (Char = '2e')
2018-12-17T23:00:22.453408513Z	2	PC: 12eaf \| Character output (Char = '43')
2018-12-17T23:00:22.455660936Z	2	PC: 12eaf \| Character output (Char = '4f')
2018-12-17T23:00:22.457968131Z	2	PC: 12eaf \| Character output (Char = '4d')
2018-12-17T23:00:22.461928874Z	9	PC: 12eba \| Display string (String= ' von diesem Virus befallen. Der VIRUS h�ngt sich an alle Files - in Laufwerk A - mit der Extention .COM an. Die Programme bleiben aber ablauff�hig.')
2018-12-17T23:00:22.474385426Z	9	PC: 12ec4 \| Display string (Could not find end pointer)
2018-12-17T23:00:22.503874106Z	14	PC: 12ec9 \| Set default drive (Drive = 'A')
2018-12-17T23:00:22.506624921Z	1	PC: 12ecd \| Character input