Sample viewer

vx.netlux.org/Virus.DOS.AdiPop.485

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:01:27.277676872Z	53	PC: 14114 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:01:27.279591039Z	37	PC: 14123 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:01:27.281844974Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.283601865Z	37	PC: 1412a \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:01:27.28562109Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.313613708Z	48	PC: 12a63 \| Get DOS version
2018-12-17T23:01:27.315770611Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.317956478Z	9	PC: 12a7a \| Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-17T23:01:27.338020049Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.339605688Z	61	PC: 12cb7 \| Open file (Filename = '')
2018-12-17T23:01:27.347186413Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.349382028Z	9	PC: 12a88 \| Display string (String= 'Self test: ')
2018-12-17T23:01:27.352229028Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.353637224Z	93	PC: 12b24 \| File sharing functions
2018-12-17T23:01:27.356667768Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.359273825Z	9	PC: 12b03 \| Display string (String= 'Size change=+01E5h/00485d. Virus might be activ? ')
2018-12-17T23:01:27.36559376Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.367438497Z	76	PC: 12b09 \| Terminate with return code (Return code = '1')
2018-12-17T23:01:27.383233927Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.385281404Z	77	PC: 11fe0 \| Get program return code
2018-12-17T23:01:27.387294597Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.390236315Z	72	PC: 12174 \| Allocate memory
2018-12-17T23:01:27.393494036Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.394850956Z	72	PC: 1218d \| Allocate memory
2018-12-17T23:01:27.397986127Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.399138442Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:01:27.400191591Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.404058668Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:01:27.405452557Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.406741809Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.408243862Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.409837927Z	62	PC: 122ab \| Close file
2018-12-17T23:01:27.411295826Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.412508224Z	62	PC: 122ab \| Close file
2018-12-17T23:01:27.415051273Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.417072871Z	62	PC: 122ab \| Close file
2018-12-17T23:01:27.41941379Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.422125525Z	62	PC: 122ab \| Close file
2018-12-17T23:01:27.42405989Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.425585186Z	62	PC: 122ab \| Close file
2018-12-17T23:01:27.428221961Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.430081525Z	62	PC: 122ab \| Close file
2018-12-17T23:01:27.432278954Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.435058366Z	62	PC: 122ab \| Close file
2018-12-17T23:01:27.437254723Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.439036942Z	62	PC: 122ab \| Close file
2018-12-17T23:01:27.442050154Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.447351927Z	62	PC: 122ab \| Close file
2018-12-17T23:01:27.449664342Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.451571115Z	62	PC: 122ab \| Close file
2018-12-17T23:01:27.454731594Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.456712546Z	62	PC: 122ab \| Close file
2018-12-17T23:01:27.458756807Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.461465126Z	62	PC: 122ab \| Close file
2018-12-17T23:01:27.46530456Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.469133235Z	62	PC: 122ab \| Close file
2018-12-17T23:01:27.477057595Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.479210109Z	62	PC: 122ab \| Close file
2018-12-17T23:01:27.481229313Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.485278041Z	62	PC: 122ab \| Close file
2018-12-17T23:01:27.489367455Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.491042442Z	99	PC: 9a5d7 \| Get DBCS lead byte table pointer
2018-12-17T23:01:27.492922144Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.496524704Z	56	PC: 94df9 \| Get or set country info
2018-12-17T23:01:27.498725469Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.500053846Z	64	PC: 9a848 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T23:01:27.505680929Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.507258814Z	25	PC: 94e62 \| Get default drive
2018-12-17T23:01:27.509312874Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.51171133Z	71	PC: 970dd \| Get current directory
2018-12-17T23:01:27.516451988Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.518192028Z	64	PC: 9a848 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T23:01:27.522736447Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.52457927Z	2	PC: 970b2 \| Character output (Char = '3e')
2018-12-17T23:01:27.527562685Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.530056321Z	93	PC: 94f20 \| File sharing functions
2018-12-17T23:01:27.532529699Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.534235093Z	93	PC: 94f27 \| File sharing functions
2018-12-17T23:01:27.536869243Z	37	PC: 3bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:27.538774312Z	10	PC: 94f39 \| Buffered keyboard input