Sample viewer

vx.netlux.org/Virus.DOS.Ambulance_II.2124

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:02:06.387822204Z	48	PC: 12a44 \| Get DOS version
2018-12-17T23:02:06.389656805Z	48	PC: 12b96 \| Get DOS version
2018-12-17T23:02:06.390880041Z	221	PC: 12bd6 \| UNKNOWN!
2018-12-17T23:02:06.391641814Z	53	PC: 12be7 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:02:06.393325447Z	53	PC: 12bf6 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:02:06.394653211Z	53	PC: 12c05 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:02:06.395800539Z	53	PC: 12c14 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:02:06.397387711Z	53	PC: 12c54 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:02:06.413806377Z	37	PC: 12c60 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:02:06.415130315Z	98	PC: 133cd \| Get current PSP
2018-12-17T23:02:06.415853722Z	37	PC: 12c70 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:02:06.418164325Z	37	PC: 12c8d \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:02:06.419323954Z	37	PC: 12c95 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:02:06.420513583Z	37	PC: 12c9d \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:02:06.422042476Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T23:02:06.424528229Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')