Sample viewer

vx.netlux.org/Virus.DOS.AntiPascal.528

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:00:46.393994677Z 74 PC: 12aa9 | Reallocate memory
2018-12-17T23:00:46.3965644Z 72 PC: 12ab0 | Allocate memory
2018-12-17T23:00:46.398303313Z 37 PC: 12abd | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:46.399650328Z 26 PC: 12ac4 | Set disk transfer address
2018-12-17T23:00:46.401875803Z 25 PC: 12ac8 | Get default drive
2018-12-17T23:00:46.40331451Z 78 PC: 12bd4 | Find first file
2018-12-17T23:00:46.409286089Z 62 PC: 12c09 | Close file
2018-12-17T23:00:46.410957878Z 79 PC: 12bd4 | Find next file
2018-12-17T23:00:46.414578885Z 62 PC: 12c09 | Close file
2018-12-17T23:00:46.416242008Z 79 PC: 12bd4 | Find next file
2018-12-17T23:00:46.418931818Z 62 PC: 12c09 | Close file
2018-12-17T23:00:46.421453152Z 79 PC: 12bd4 | Find next file
2018-12-17T23:00:46.423804796Z 62 PC: 12c09 | Close file
2018-12-17T23:00:46.425174667Z 79 PC: 12bd4 | Find next file
2018-12-17T23:00:46.428980761Z 62 PC: 12c09 | Close file
2018-12-17T23:00:46.430347333Z 79 PC: 12bd4 | Find next file
2018-12-17T23:00:46.432590025Z 62 PC: 12c09 | Close file
2018-12-17T23:00:46.434241173Z 79 PC: 12bd4 | Find next file
2018-12-17T23:00:46.436928108Z 62 PC: 12c09 | Close file
2018-12-17T23:00:46.438622712Z 79 PC: 12bd4 | Find next file
2018-12-17T23:00:46.452363341Z 61 PC: 12b80 | Open file (Filename = 'TEST.COM')
2018-12-17T23:00:46.45893639Z 63 PC: 12b90 | Read file or device (Read 528 bytes on handle 5)
2018-12-17T23:00:46.465744604Z 66 PC: 12b68 | Move file pointer
2018-12-17T23:00:46.467077364Z 64 PC: 12baa | Write file or device (Write 528 bytes on handle 5)
2018-12-17T23:00:46.481346877Z 66 PC: 12b68 | Move file pointer
2018-12-17T23:00:46.483455215Z 64 PC: 12c04 | Write file or device (Write 528 bytes on handle 5)
2018-12-17T23:00:46.49230327Z 62 PC: 12c09 | Close file
2018-12-17T23:00:46.50139186Z 68 PC: 12aef | I/O control for devices (Set for = '� ��')
2018-12-17T23:00:46.503551437Z 14 PC: 12afd | Set default drive (Drive = 'C')
2018-12-17T23:00:46.504958312Z 78 PC: 12bd4 | Find first file
2018-12-17T23:00:46.511223674Z 61 PC: 12b80 | Open file (Filename = 'COMMAND.COM')
2018-12-17T23:00:46.517417704Z 63 PC: 12b90 | Read file or device (Read 528 bytes on handle 5)
2018-12-17T23:00:46.524394168Z 66 PC: 12b68 | Move file pointer
2018-12-17T23:00:46.536037311Z 64 PC: 12baa | Write file or device (Write 528 bytes on handle 5)
2018-12-17T23:00:46.874066013Z 66 PC: 12b68 | Move file pointer
2018-12-17T23:00:46.876416135Z 64 PC: 12c04 | Write file or device (Write 528 bytes on handle 5)
2018-12-17T23:00:46.88431673Z 62 PC: 12c09 | Close file
2018-12-17T23:00:46.893996172Z 14 PC: 12b05 | Set default drive (Drive = 'A')
2018-12-17T23:00:46.895700482Z 73 PC: 12b11 | Release memory
2018-12-17T23:00:46.897771389Z 74 PC: 12b1a | Reallocate memory
2018-12-17T23:00:46.899415781Z 74 PC: 12b1e | Reallocate memory
2018-12-17T23:00:46.900733063Z 26 PC: 12b25 | Set disk transfer address
2018-12-17T23:00:46.902631873Z 37 PC: 12b2f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:46.904526106Z 48 PC: 12a63 | Get DOS version
2018-12-17T23:00:46.905631107Z 9 PC: 12a7a | Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-17T23:00:46.915371735Z 61 PC: 12cb7 | Open file (Filename = '')
2018-12-17T23:00:46.922446769Z 9 PC: 12a88 | Display string (String= 'Self test: ')
2018-12-17T23:00:46.924540166Z 93 PC: 12b24 | File sharing functions
2018-12-17T23:00:46.926497573Z 9 PC: 12b03 | Display string (String= 'Size change=+0420h/01056d. Virus might be activ? ')
2018-12-17T23:00:46.932111533Z 76 PC: 12b09 | Terminate with return code (Return code = '1')