Sample viewer

vx.netlux.org/Virus.DOS.BatMan_II.2844

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:00:47.430902472Z 53 PC: 157d4 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:00:47.432953876Z 37 PC: 157e4 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:00:47.434122752Z 53 PC: 157e9 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:00:47.435717495Z 37 PC: 157f9 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:00:47.438395236Z 53 PC: 157fe | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:00:47.439909413Z 53 PC: 1580b | Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-17T23:00:47.441380944Z 37 PC: 1581b | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:00:47.444461613Z 74 PC: 12e48 | Reallocate memory
2018-12-17T23:00:47.446436595Z 53 PC: 12e4d | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:00:47.447835004Z 53 PC: 13106 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:47.450526071Z 51 PC: 12e5f | Get or set Ctrl-Break
2018-12-17T23:00:47.452210834Z 88 PC: 12fb4 | case 0xGet or set allocation strateg:
2018-12-17T23:00:47.453596672Z 88 PC: 12fbf | case 0xGet or set allocation strateg:
2018-12-17T23:00:47.454818821Z 88 PC: 12fa3 | case 0xGet or set allocation strateg:
2018-12-17T23:00:47.457126082Z 88 PC: 12fad | case 0xGet or set allocation strateg:
2018-12-17T23:00:47.45857402Z 88 PC: 12f8d | case 0xGet or set allocation strateg:
2018-12-17T23:00:47.459712921Z 88 PC: 12f99 | case 0xGet or set allocation strateg:
2018-12-17T23:00:47.461709753Z 37 PC: 12f14 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:00:47.462967604Z 25 PC: 12fdf | Get default drive
2018-12-17T23:00:47.464163896Z 14 PC: 12fec | Set default drive (Drive = 'Á')
2018-12-17T23:00:47.465980691Z 54 PC: 13388 | Get free disk space
2018-12-17T23:00:47.474916903Z 37 PC: 13128 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:47.476334142Z 57 PC: 12fcc | Create subdirectory
2018-12-17T23:00:47.495252626Z 58 PC: 12fd4 | Remove subdirectory
2018-12-17T23:00:47.506161987Z 47 PC: 13016 | Get disk transfer address
2018-12-17T23:00:47.507469273Z 26 PC: 1344d | Set disk transfer address
2018-12-17T23:00:47.509372958Z 71 PC: 1345c | Get current directory
2018-12-17T23:00:47.51267951Z 78 PC: 13083 | Find first file
2018-12-17T23:00:47.52350457Z 61 PC: 1308d | Open file (Filename = ' ')
2018-12-17T23:00:47.536124396Z 66 PC: 1309d | Move file pointer
2018-12-17T23:00:47.53785439Z 63 PC: 130a7 | Read file or device (Read 12 bytes on handle 5)
2018-12-17T23:00:47.544993444Z 62 PC: 133c6 | Close file
2018-12-17T23:00:47.547754138Z 79 PC: 130d6 | Find next file
2018-12-17T23:00:47.554193322Z 66 PC: 130f0 | Move file pointer
2018-12-17T23:00:47.556021509Z 63 PC: 130fa | Read file or device (Read 32 bytes on handle 5)
2018-12-17T23:00:47.558650133Z 59 PC: 13452 | Change current directory
2018-12-17T23:00:47.563025459Z 78 PC: 13083 | Find first file
2018-12-17T23:00:47.569205965Z 61 PC: 1308d | Open file (Filename = 'TEST.EXE')
2018-12-17T23:00:47.576663698Z 66 PC: 1309d | Move file pointer
2018-12-17T23:00:47.578279874Z 63 PC: 130a7 | Read file or device (Read 12 bytes on handle 5)
2018-12-17T23:00:47.581504528Z 62 PC: 133c6 | Close file
2018-12-17T23:00:47.583548273Z 79 PC: 130d6 | Find next file
2018-12-17T23:00:47.58637034Z 66 PC: 130f0 | Move file pointer
2018-12-17T23:00:47.58785409Z 63 PC: 130fa | Read file or device (Read 32 bytes on handle 5)
2018-12-17T23:00:47.58957901Z 26 PC: 13445 | Set disk transfer address
2018-12-17T23:00:47.591201194Z 78 PC: 133e4 | Find first file
2018-12-17T23:00:47.596937986Z 67 PC: 133ee | Get or set file attributes
2018-12-17T23:00:47.603093065Z 79 PC: 13419 | Find next file
2018-12-17T23:00:47.606220415Z 67 PC: 13423 | Get or set file attributes
2018-12-17T23:00:47.612098137Z 79 PC: 13419 | Find next file
2018-12-17T23:00:47.615040677Z 67 PC: 13423 | Get or set file attributes
2018-12-17T23:00:47.621162597Z 79 PC: 13419 | Find next file
2018-12-17T23:00:47.623752016Z 67 PC: 13423 | Get or set file attributes
2018-12-17T23:00:47.629393348Z 79 PC: 13419 | Find next file
2018-12-17T23:00:47.632764697Z 67 PC: 13423 | Get or set file attributes
2018-12-17T23:00:47.638345261Z 79 PC: 13419 | Find next file
2018-12-17T23:00:47.640988485Z 67 PC: 13423 | Get or set file attributes
2018-12-17T23:00:47.647901946Z 79 PC: 13419 | Find next file
2018-12-17T23:00:47.650957455Z 67 PC: 13423 | Get or set file attributes
2018-12-17T23:00:47.657411425Z 79 PC: 13419 | Find next file
2018-12-17T23:00:47.661247871Z 67 PC: 13423 | Get or set file attributes
2018-12-17T23:00:47.667270662Z 79 PC: 13419 | Find next file
2018-12-17T23:00:47.670750127Z 67 PC: 13423 | Get or set file attributes
2018-12-17T23:00:47.677368647Z 79 PC: 13419 | Find next file
2018-12-17T23:00:47.680144848Z 26 PC: 1344d | Set disk transfer address
2018-12-17T23:00:47.681493986Z 26 PC: 1305d | Set disk transfer address
2018-12-17T23:00:47.683516628Z 59 PC: 13452 | Change current directory
2018-12-17T23:00:47.687795119Z 59 PC: 13452 | Change current directory
2018-12-17T23:00:47.689813743Z 37 PC: 13139 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:47.695540094Z 14 PC: 13072 | Set default drive (Drive = 'A')
2018-12-17T23:00:47.696862179Z 37 PC: 12dcd | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:00:47.698373668Z 37 PC: 12dde | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:00:47.700191032Z 37 PC: 12def | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:00:47.70126857Z 75 PC: 134d6 | Execute program
2018-12-17T23:00:47.716756431Z 53 PC: 16484 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:00:47.718380794Z 37 PC: 16494 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:00:47.719265182Z 53 PC: 16499 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:00:47.720253768Z 37 PC: 164a9 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:00:47.721699073Z 53 PC: 164ae | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:00:47.722749129Z 53 PC: 164bb | Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-17T23:00:47.723726826Z 37 PC: 164cb | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:00:47.725341649Z 37 PC: 165cd | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:00:47.726390564Z 37 PC: 165de | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:00:47.72736335Z 37 PC: 165ef | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:00:47.733915058Z 74 PC: 13737 | Reallocate memory
2018-12-17T23:00:47.742922824Z 99 PC: 157a8 | Get DBCS lead byte table pointer
2018-12-17T23:00:47.752601536Z 68 PC: 157c4 | I/O control for devices (Set for = '')
2018-12-17T23:00:47.754454367Z 68 PC: 157cf | I/O control for devices (Set for = '')
2018-12-17T23:00:47.75603085Z 68 PC: 157da | I/O control for devices (Set for = '')
2018-12-17T23:00:47.757524463Z 68 PC: 157e2 | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-17T23:00:47.759305839Z 48 PC: 157e7 | Get DOS version
2018-12-17T23:00:47.760687286Z 64 PC: 15a78 | Write file or device (Write 23 bytes on handle 2)
2018-12-17T23:00:47.763747381Z 37 PC: 165db | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:00:47.765190321Z 76 PC: 165c4 | Terminate with return code (Return code = '11')
2018-12-17T23:00:47.767266616Z 37 PC: 12f21 | Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-17T23:00:47.768212702Z 49 PC: 12e8d | Terminate and stay resident (Return code = '0' | Memory size = '193')