Sample viewer

vx.netlux.org/Virus.DOS.Yankee.2895

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:00:54.720585022Z	32	PC: 13d94 \| Reserved
2018-12-17T23:00:54.722356654Z	74	PC: 13dc9 \| Reallocate memory
2018-12-17T23:00:54.723995852Z	72	PC: 13dd5 \| Allocate memory
2018-12-17T23:00:54.725918437Z	53	PC: 13deb \| Get interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T23:00:54.727662989Z	53	PC: 13e0a \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:00:54.729379342Z	53	PC: 13e17 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:00:54.730541934Z	53	PC: 13e24 \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:00:54.731743375Z	53	PC: 13e31 \| Get interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T23:00:54.734117749Z	53	PC: 13e47 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:00:54.73570473Z	37	PC: 13e54 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:00:54.737427477Z	53	PC: 13e69 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:00:54.740802021Z	37	PC: 13eb0 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:00:54.742565852Z	37	PC: 13f2a \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:00:54.744035409Z	37	PC: 13f32 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:00:54.746508855Z	9	PC: 133f2 \| Display string (Could not find end pointer)
2018-12-17T23:00:54.750861763Z	76	PC: 133f8 \| Terminate with return code (Return code = '0')
2018-12-17T23:00:54.754694999Z	77	PC: 11fe0 \| Get program return code
2018-12-17T23:00:54.756830349Z	72	PC: 9e763 \| Allocate memory
2018-12-17T23:00:54.76114183Z	72	PC: 9e763 \| Allocate memory
2018-12-17T23:00:54.762792828Z	37	PC: 9e763 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:00:54.764423915Z	37	PC: 9e763 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')