Sample viewer

vx.netlux.org/Virus.DOS.Kaszana.1848

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:01:45.447740771Z	26	PC: 131df \| Set disk transfer address
2018-12-17T23:01:45.449318315Z	53	PC: 131e5 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:45.452240806Z	37	PC: 131f3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:45.454103576Z	78	PC: 13286 \| Find first file
2018-12-17T23:01:45.462982429Z	79	PC: 1329a \| Find next file
2018-12-17T23:01:45.466938302Z	79	PC: 1329a \| Find next file
2018-12-17T23:01:45.469983193Z	79	PC: 1329a \| Find next file
2018-12-17T23:01:45.472778145Z	79	PC: 1329a \| Find next file
2018-12-17T23:01:45.477478577Z	79	PC: 1329a \| Find next file
2018-12-17T23:01:45.480288587Z	79	PC: 1329a \| Find next file
2018-12-17T23:01:45.486281318Z	79	PC: 1329a \| Find next file
2018-12-17T23:01:45.48964064Z	67	PC: 132c6 \| Get or set file attributes
2018-12-17T23:01:45.508215392Z	61	PC: 132cd \| Open file (Filename = 'TEST.COM')
2018-12-17T23:01:45.516746081Z	63	PC: 132de \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:01:45.51989091Z	66	PC: 132e9 \| Move file pointer
2018-12-17T23:01:45.522834311Z	64	PC: 13422 \| Write file or device (Write 924 bytes on handle 5)
2018-12-17T23:01:45.532356954Z	66	PC: 13473 \| Move file pointer
2018-12-17T23:01:45.534285998Z	63	PC: 13480 \| Read file or device (Read 924 bytes on handle 5)
2018-12-17T23:01:45.551189079Z	66	PC: 13493 \| Move file pointer
2018-12-17T23:01:45.553732097Z	64	PC: 1349d \| Write file or device (Write 924 bytes on handle 5)
2018-12-17T23:01:45.563179429Z	66	PC: 134b0 \| Move file pointer
2018-12-17T23:01:45.565462048Z	64	PC: 134c1 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:01:45.569043257Z	87	PC: 13314 \| Get or set file date and time
2018-12-17T23:01:45.570789949Z	62	PC: 1331f \| Close file
2018-12-17T23:01:45.580148885Z	67	PC: 1332e \| Get or set file attributes
2018-12-17T23:01:45.591363397Z	78	PC: 13286 \| Find first file
2018-12-17T23:01:45.597331129Z	26	PC: 1333e \| Set disk transfer address
2018-12-17T23:01:45.599598891Z	37	PC: 1334a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:45.601010703Z	9	PC: 12e26 \| Display string (String= 'BCDEF- This is a 1000 byte COM test, 1994 ')