Sample viewer

vx.netlux.org/Virus.DOS.Kirti.2000

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:02:17.394558506Z	53	PC: 12a86 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:17.395953617Z	37	PC: 12a96 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:17.397533726Z	53	PC: 12aa6 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:02:17.398933287Z	53	PC: 12ab3 \| Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:02:17.400132436Z	37	PC: 12ac3 \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:02:17.402123311Z	47	PC: 12ad8 \| Get disk transfer address
2018-12-17T23:02:17.403214761Z	26	PC: 12c7c \| Set disk transfer address
2018-12-17T23:02:17.404940525Z	65	PC: 12c82 \| Delete file (Filename = 'TEMPFILE.VIR')
2018-12-17T23:02:17.413343385Z	78	PC: 12c8b \| Find first file
2018-12-17T23:02:17.420103957Z	26	PC: 12c98 \| Set disk transfer address
2018-12-17T23:02:17.421684851Z	79	PC: 12c9b \| Find next file
2018-12-17T23:02:17.425798536Z	26	PC: 12c98 \| Set disk transfer address
2018-12-17T23:02:17.42714155Z	79	PC: 12c9b \| Find next file
2018-12-17T23:02:17.430461519Z	26	PC: 12c98 \| Set disk transfer address
2018-12-17T23:02:17.432870513Z	79	PC: 12c9b \| Find next file
2018-12-17T23:02:17.436420809Z	26	PC: 12c98 \| Set disk transfer address
2018-12-17T23:02:17.438052158Z	79	PC: 12c9b \| Find next file
2018-12-17T23:02:17.442248466Z	26	PC: 12c98 \| Set disk transfer address
2018-12-17T23:02:17.444024958Z	79	PC: 12c9b \| Find next file
2018-12-17T23:02:17.447264277Z	26	PC: 12c98 \| Set disk transfer address
2018-12-17T23:02:17.448789731Z	79	PC: 12c9b \| Find next file
2018-12-17T23:02:17.462265028Z	26	PC: 12c98 \| Set disk transfer address
2018-12-17T23:02:17.463955673Z	79	PC: 12c9b \| Find next file
2018-12-17T23:02:17.467131488Z	53	PC: 12eb9 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:02:17.470833283Z	37	PC: 12ec8 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:02:17.472528749Z	13	PC: 12ecb \| Disk reset
2018-12-17T23:02:17.474990224Z	26	PC: 12ed3 \| Set disk transfer address
2018-12-17T23:02:17.477478575Z	78	PC: 12ee9 \| Find first file
2018-12-17T23:02:17.490398218Z	37	PC: 12ef8 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:02:17.491693119Z	67	PC: 12de0 \| Get or set file attributes
2018-12-17T23:02:17.510628231Z	61	PC: 12d1b \| Open file (Filename = 'TEMPFILE.VIR')
2018-12-17T23:02:17.523317239Z	63	PC: 12d31 \| Read file or device (Read 2000 bytes on handle 5)
2018-12-17T23:02:17.533587532Z	66	PC: 12dda \| Move file pointer
2018-12-17T23:02:17.536282296Z	64	PC: 12d8a \| Write file or device (Write 2000 bytes on handle 5)
2018-12-17T23:02:17.547373499Z	66	PC: 12dda \| Move file pointer
2018-12-17T23:02:17.549001916Z	64	PC: 12da5 \| Write file or device (Write 2000 bytes on handle 5)
2018-12-17T23:02:17.557802454Z	62	PC: 12dad \| Close file
2018-12-17T23:02:17.577787924Z	53	PC: 12eb9 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:02:17.579266171Z	37	PC: 12ec8 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:02:17.58079413Z	13	PC: 12ecb \| Disk reset
2018-12-17T23:02:17.585229878Z	26	PC: 12ed3 \| Set disk transfer address
2018-12-17T23:02:17.586606992Z	78	PC: 12ee9 \| Find first file
2018-12-17T23:02:17.597432114Z	37	PC: 12ef8 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:02:17.600213651Z	67	PC: 12de0 \| Get or set file attributes
2018-12-17T23:02:17.611419168Z	26	PC: 12c98 \| Set disk transfer address
2018-12-17T23:02:17.61261999Z	79	PC: 12c9b \| Find next file
2018-12-17T23:02:17.615878604Z	26	PC: 12af0 \| Set disk transfer address
2018-12-17T23:02:17.61732269Z	78	PC: 12b01 \| Find first file
2018-12-17T23:02:17.624380476Z	42	PC: 12efc \| Get date 0x12efc: cmp dx, 0x708 0x12f00: mov si, 0x69a 0x12f03: je 0x12f0e 0x12f05: cmp dx, 0x816 0x12f09: mov si, 0x6a5 0x12f0c: jne 0x12f19 0x12f0e: push si 0x12f0f: mov si, 0x687 0x12f12: call 0x12fed 0x12f15: pop si 0x12f16: call 0x12fed 0x12f19: mov dx, 0x27f 0x12f1c: mov ah, 0x1a 0x12f1e: int3 0x12f1f: mov dx, 0x634 0x12f22: mov cx, 8 0x12f25: mov ah, 0x4e 0x12f27: int3 0x12f28: jb 0x12f6d 0x12f2a: mov di, 0x29d
2018-12-17T23:02:17.628546946Z	26	PC: 12f1f \| Set disk transfer address
2018-12-17T23:02:17.630663109Z	78	PC: 12f28 \| Find first file
2018-12-17T23:02:17.637927433Z	37	PC: 12b52 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:17.640506533Z	37	PC: 12b62 \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:02:17.642211973Z	26	PC: 12b70 \| Set disk transfer address
2018-12-17T23:02:17.644139888Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=00002710h/0000010000d bytes. ')
2018-12-17T23:02:17.649426194Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')