Sample viewer

vx.netlux.org/Virus.DOS.Phantasmagoria

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:02:15.373074227Z 26 PC: 12aea | Set disk transfer address
2018-12-17T22:02:15.375190804Z 78 PC: 12af5 | Find first file
2018-12-17T22:02:15.381307847Z 61 PC: 12b1d | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:02:15.387823322Z 87 PC: 12b2e | Get or set file date and time
2018-12-17T22:02:15.390358345Z 63 PC: 12b73 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:02:15.396724782Z 66 PC: 12b7c | Move file pointer
2018-12-17T22:02:15.398194187Z 64 PC: 12b92 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:02:15.400804733Z 66 PC: 12b9d | Move file pointer
2018-12-17T22:02:15.402405057Z 64 PC: 12ba7 | Write file or device (Write 366 bytes on handle 5)
2018-12-17T22:02:15.418023203Z 87 PC: 12bae | Get or set file date and time
2018-12-17T22:02:15.419987656Z 62 PC: 12bb4 | Close file
2018-12-17T22:02:15.428069246Z 2 PC: 12bca | Character output (Char = '50')
2018-12-17T22:02:15.430442806Z 2 PC: 12bca | Character output (Char = '48')
2018-12-17T22:02:15.432787066Z 2 PC: 12bca | Character output (Char = '41')
2018-12-17T22:02:15.435425156Z 2 PC: 12bca | Character output (Char = '4e')
2018-12-17T22:02:15.437416715Z 2 PC: 12bca | Character output (Char = '54')
2018-12-17T22:02:15.439334115Z 2 PC: 12bca | Character output (Char = '41')
2018-12-17T22:02:15.442260227Z 2 PC: 12bca | Character output (Char = '53')
2018-12-17T22:02:15.444595439Z 2 PC: 12bca | Character output (Char = '4d')
2018-12-17T22:02:15.447738376Z 2 PC: 12bca | Character output (Char = '41')
2018-12-17T22:02:15.451061776Z 2 PC: 12bca | Character output (Char = '47')
2018-12-17T22:02:15.453766644Z 2 PC: 12bca | Character output (Char = '4f')
2018-12-17T22:02:15.456362938Z 2 PC: 12bca | Character output (Char = '52')
2018-12-17T22:02:15.459871341Z 2 PC: 12bca | Character output (Char = '49')
2018-12-17T22:02:15.462154369Z 2 PC: 12bca | Character output (Char = '41')
2018-12-17T22:02:15.464245479Z 2 PC: 12bca | Character output (Char = '20')
2018-12-17T22:02:15.466773741Z 2 PC: 12bca | Character output (Char = '21')
2018-12-17T22:02:15.469269332Z 2 PC: 12bca | Character output (Char = '20')
2018-12-17T22:02:15.471444021Z 2 PC: 12bca | Character output (Char = '53')
2018-12-17T22:02:15.474548321Z 2 PC: 12bca | Character output (Char = '6c')
2018-12-17T22:02:15.478563488Z 2 PC: 12bca | Character output (Char = '65')
2018-12-17T22:02:15.480630138Z 2 PC: 12bca | Character output (Char = '65')
2018-12-17T22:02:15.4829691Z 2 PC: 12bca | Character output (Char = '70')
2018-12-17T22:02:15.492265314Z 2 PC: 12bca | Character output (Char = '20')
2018-12-17T22:02:15.494608477Z 2 PC: 12bca | Character output (Char = '57')
2018-12-17T22:02:15.497095094Z 2 PC: 12bca | Character output (Char = '65')
2018-12-17T22:02:15.499327909Z 2 PC: 12bca | Character output (Char = '6c')
2018-12-17T22:02:15.501278698Z 2 PC: 12bca | Character output (Char = '6c')
2018-12-17T22:02:15.503396315Z 2 PC: 12bca | Character output (Char = '0d')
2018-12-17T22:02:15.506210423Z 2 PC: 12bca | Character output (Char = '0a')
2018-12-17T22:02:15.509934825Z 37 PC: 12bd8 | Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-17T22:02:15.510981327Z 26 PC: 12bdf | Set disk transfer address
2018-12-17T22:02:15.522890598Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')
2018-12-17T22:02:17.728967441Z 72 PC: 8f1b9 | Allocate memory
2018-12-17T22:02:17.731052808Z 72 PC: 8f1bd | Allocate memory
2018-12-17T22:02:17.734494906Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-17T22:02:17.737447898Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-17T22:02:17.748193701Z 66 PC: 91f95 | Move file pointer
2018-12-17T22:02:17.75224875Z 62 PC: 91fc1 | Close file
2018-12-17T22:02:17.754478097Z 75 PC: 91fe0 | Execute program
2018-12-17T22:02:17.770312491Z 98 PC: 916f1 | Get current PSP
2018-12-17T22:02:17.77256679Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-17T22:02:17.778921807Z 48 PC: c609 | Get DOS version
2018-12-17T22:02:17.782311096Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-17T22:02:17.785832394Z 2 PC: c38c | Character output (Char = '32')
2018-12-17T22:02:17.788625979Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-17T22:02:17.792296944Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-17T22:02:17.79766302Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-17T22:02:17.802883524Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\SMARTDRV.EXE')
2018-12-17T22:02:17.81312156Z 66 PC: 91f95 | Move file pointer
2018-12-17T22:02:17.815662788Z 62 PC: 91fc1 | Close file
2018-12-17T22:02:17.818411995Z 75 PC: 91fe0 | Execute program
2018-12-17T22:02:17.838338809Z 98 PC: 916f1 | Get current PSP
2018-12-17T22:02:17.842622843Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:02:17.845186918Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:02:17.846682937Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:02:17.848145631Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:02:17.855233967Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:02:17.856692415Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-17T22:02:17.865084742Z 62 PC: 8f8eb | Close file
2018-12-17T22:02:17.868184886Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.870328298Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.871755271Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.874256133Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.87578022Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.877354099Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.879749747Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.881819891Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.883527679Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.886615704Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.888925882Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.890439018Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.892580355Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.894676865Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.896473633Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.898512563Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.90136237Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.906941396Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.908741591Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.911412244Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.913343765Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.915132354Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.917743377Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.919442767Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.921756876Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.924372905Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.926204838Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.927991313Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.930755065Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.932291571Z 62 PC: 8f8f2 | Close file
2018-12-17T22:02:17.934009734Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-17T22:02:17.939710939Z 62 PC: 8f90e | Close file
2018-12-17T22:02:17.945661277Z 69 PC: 8f915 | Duplicate handle
2018-12-17T22:02:17.947521138Z 69 PC: 8f919 | Duplicate handle
2018-12-17T22:02:17.950178937Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T22:02:17.95594661Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T22:02:17.957520197Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T22:02:17.963024385Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T22:02:17.965329999Z 74 PC: 8f9c4 | Reallocate memory
2018-12-17T22:02:17.966996873Z 72 PC: 8f9e0 | Allocate memory
2018-12-17T22:02:17.969693973Z 72 PC: 8f9e4 | Allocate memory
2018-12-17T22:02:17.971844149Z 74 PC: 8f9fb | Reallocate memory
2018-12-17T22:02:17.973495304Z 72 PC: 8fa02 | Allocate memory
2018-12-17T22:02:17.975662217Z 72 PC: 8fa06 | Allocate memory
2018-12-17T22:02:17.978294347Z 73 PC: 8fa11 | Release memory
2018-12-17T22:02:17.980052221Z 73 PC: 8efea | Release memory
2018-12-17T22:02:17.981672317Z 74 PC: 8f003 | Reallocate memory
2018-12-17T22:02:17.984451844Z 72 PC: 8f054 | Allocate memory
2018-12-17T22:02:17.986470602Z 72 PC: 8f058 | Allocate memory
2018-12-17T22:02:17.988281244Z 73 PC: 8f060 | Release memory
2018-12-17T22:02:17.990834355Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-17T22:02:17.999768331Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:02:18.005523072Z 66 PC: 8f0ad | Move file pointer
2018-12-17T22:02:18.008216349Z 62 PC: 8f0d1 | Close file
2018-12-17T22:02:18.010160427Z 75 PC: 8f0f2 | Execute program
2018-12-17T22:02:18.032525052Z 80 PC: 12be9 | Set current PSP
2018-12-17T22:02:18.035575055Z 48 PC: 12bee | Get DOS version
2018-12-17T22:02:18.037619938Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-17T22:02:18.040447292Z 101 PC: 12c74 | Get extended country info
2018-12-17T22:02:18.042887451Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-17T22:02:18.044528137Z 74 PC: 12cdc | Reallocate memory
2018-12-17T22:02:18.04618865Z 72 PC: 1355d | Allocate memory
2018-12-17T22:02:18.050992669Z 25 PC: 13596 | Get default drive
2018-12-17T22:02:18.052364104Z 71 PC: 135ad | Get current directory
2018-12-17T22:02:18.055072609Z 59 PC: 135ba | Change current directory
2018-12-17T22:02:18.061738404Z 59 PC: 135c8 | Change current directory
2018-12-17T22:02:18.068230578Z 59 PC: 135d3 | Change current directory
2018-12-17T22:02:18.072316604Z 25 PC: 12d13 | Get default drive
2018-12-17T22:02:18.075302898Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:02:18.077116171Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:02:18.078640304Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:02:18.081922661Z 80 PC: 1301d | Set current PSP
2018-12-17T22:02:18.083461819Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T22:02:18.085014298Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:02:18.087313298Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:02:18.089216603Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-17T22:02:18.091518223Z 72 PC: 130ec | Allocate memory
2018-12-17T22:02:18.094802851Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-17T22:02:18.101822163Z 62 PC: 131ba | Close file
2018-12-17T22:02:18.104150402Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-17T22:02:18.106331889Z 74 PC: 1197c | Reallocate memory
2018-12-17T22:02:18.108373233Z 72 PC: 11991 | Allocate memory
2018-12-17T22:02:18.110991372Z 73 PC: 119b2 | Release memory
2018-12-17T22:02:18.112793167Z 72 PC: 119bd | Allocate memory
2018-12-17T22:02:18.115593018Z 73 PC: 119df | Release memory
2018-12-17T22:02:18.117167799Z 72 PC: 119f5 | Allocate memory
2018-12-17T22:02:18.119183587Z 72 PC: 119fd | Allocate memory