Sample viewer

vx.netlux.org/Virus.DOS.Vanish.1635

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:02:14.279257658Z	48	PC: 1ced4 \| Get DOS version
2018-12-17T23:02:14.280828812Z	82	PC: 1cf28 \| Get DOS internal pointers (SYSVARS)
2018-12-17T23:02:14.290830442Z	48	PC: 18800 \| Get DOS version
2018-12-17T23:02:14.29208166Z	74	PC: 18879 \| Reallocate memory
2018-12-17T23:02:14.294918711Z	53	PC: 188f7 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:02:14.296108061Z	37	PC: 18909 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:02:14.297049826Z	68	PC: 18999 \| I/O control for devices
2018-12-17T23:02:14.299145852Z	68	PC: 18999 \| I/O control for devices (Set for = '^ï¿½')
2018-12-17T23:02:14.300497911Z	68	PC: 18999 \| I/O control for devices (Set for = 'Fï¿½@ï¿½Fï¿½ï¿½vï¿½ï¿½')
2018-12-17T23:02:14.301947707Z	68	PC: 18999 \| I/O control for devices (Set for = 'ï¿½ï¿½ï¿½ RQï¿½Nï¿½ï¿½ï¿½RQï¿½Nï¿½ï¿½RQï¿½rï¿½ï¿½vï¿½ï¿½')
2018-12-17T23:02:14.304110434Z	68	PC: 18999 \| I/O control for devices (Set for = 'ï¿½ï¿½ï¿½ RQï¿½Nï¿½ï¿½ï¿½RQï¿½Nï¿½ï¿½RQï¿½rï¿½ï¿½vï¿½ï¿½')
2018-12-17T23:02:14.316166927Z	56	PC: 18e06 \| Get or set country info
2018-12-17T23:02:14.318493023Z	68	PC: 16d11 \| I/O control for devices (Set for = 'ï¿½ï¿½ï¿½=ï¿½ZÒ¼ß±ï¿½(Ú27ï¿½ï¿½Êº9U*Cï¿½Z ï¿½ï¿½ï¿½ï¿½ï¿½Tï¿½ï¿½ï¿½:ï¿½zï¿½{$ï¿½ï¿½ï¿½@ï¿½W`yï¿½ï¿½ã¨†pï¿½ï¿½wï¿½qï¿½ï¿½. ï¿½[ÉŒ44Rï¿½ï¿½Rï¿½~ï¿½ï¿½')
2018-12-17T23:02:14.320745533Z	68	PC: 16d26 \| I/O control for devices (Set for = '*eg?\I8ï¿½`ï¿½{9Uï¿½ï¿½jlï¿½ï¿½ËsWkbï¿½ï¿½bhï¿½ï¿½+"`gï¿½>ï¿½:ï¿½eï¿½ï¿½=ï¿½ï¿½R2hï¿½ï¿½hï¿½!ï¿½Ü…ï¿½ï¿½ï¿½Nï¿½ï¿½S"Þ¿DYï¿½ï¿½ugï¿½yï¿½ï¿½ï¿½yï¿½ï¿½rï¿½ï¿½ï¿½ï¿½0eqUÅ¢m8u1ï¿½ï¿½Pï¿½ï¿½ï¿½Nï¿½~l'ï¿½ï¿½dï¿½Nï¿½ï¿½sï¿½aï¿½+ï¿½jï¿½ï¿½ï¿½ï¿½')
2018-12-17T23:02:14.32216062Z	84	PC: 174f7 \| Get verify flag
2018-12-17T23:02:14.323171842Z	51	PC: 174ff \| Get or set Ctrl-Break
2018-12-17T23:02:14.324627143Z	51	PC: 1750a \| Get or set Ctrl-Break
2018-12-17T23:02:14.325473712Z	37	PC: 17514 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:02:14.32764325Z	53	PC: 17046 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:14.330227791Z	37	PC: 17056 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:14.332420778Z	55	PC: 16d4c \| Get or set switch character
2018-12-17T23:02:14.334397955Z	43	PC: 174db \| Set date
2018-12-17T23:02:14.337768968Z	61	PC: 18f65 \| Open file (Filename = 'ï¿½:*Oï¿½k')
2018-12-17T23:02:14.344929921Z	61	PC: 18f65 \| Open file (Filename = 'A:/PKZIP.CFG')
2018-12-17T23:02:14.351426414Z	68	PC: 169f5 \| I/O control for devices (Set for = '!')
2018-12-17T23:02:14.368371273Z	61	PC: 17292 \| Open file (Filename = 'ï¿½LNfï¿½ï¿½Æšï¿½juFï¿½Dï¿½ï¿½ ï¿½iUï¿½Uï¿½ï¿½ï¿½tï¿½ï¿½eï¿½ï¿½ï¿½Nï¿½Pï¿½ï¿½/ï¿½ï¿½ï¿½g/!ï¿½ï¿½"wï¿½ï¿½9>ï¿½ï¿½Nï¿½gfWï¿½cï¿½LEgï¿½qOvï¿½ï¿½ï¿½ï¿½ï¿½Ó· ï¿½Øµï¿½ï¿½ï¿½ï¿½Aï¿½ï¿½1Mï¿½ï¿½ï¿½Yï¿½ï¿½A3ï¿½tï¿½ï¿½ï¿½Q]*ï¿½?ï¿½ï¿½Ë‡9ï¿½ï¿½CBï¿½'ï¿½ï¿½,ï¿½aï¿½7ï¿½5ï¿½CÃ„#ï¿½9tï¿½4ï¿½ï¿½ ÖŒ_cï¿½ï¿½pï¿½cï¿½ï¿½ï¿½2ï¿½ï¿½ï¿½ï¿½Qï¿½ia/ï¿½ï¿½
2018-12-17T23:02:14.376031454Z	227	PC: 16df6 \| UNKNOWN!
2018-12-17T23:02:14.377264649Z	96	PC: 16dac \| Qualify filename
2018-12-17T23:02:14.38355549Z	64	PC: 17184 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T23:02:14.389071499Z	64	PC: 17184 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T23:02:14.421173377Z	12	PC: 18e06 \| Flush input buffer and input