Sample viewer

vx.netlux.org/Virus.DOS.Caterpillar.1739

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:03:27.798419635Z 53 PC: 130e4 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:03:27.800307011Z 53 PC: 130f1 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:27.801737009Z 53 PC: 130fe | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:27.803228205Z 61 PC: 12e4d | Open file (Filename = 'C:\DOS\MODE.COM')
2018-12-17T23:03:27.82162501Z 67 PC: 12f3c | Get or set file attributes
2018-12-17T23:03:27.827853181Z 61 PC: 12e4d | Open file (Filename = 'C:\DOS\MODE.COM')
2018-12-17T23:03:27.834949956Z 42 PC: 12bd5 | Get date 0x12bd5: pop ax
0x12bd6: cmp cx, 0x7cb
0x12bda: ja 0x12bee
0x12bdc: je 0x12be0
0x12bde: jmp 0x12c00
0x12be0: cmp dh, 0xb
0x12be3: ja 0x12bee
0x12be5: je 0x12be9
0x12be7: jmp 0x12c00
0x12be9: cmp dl, 0xd
0x12bec: jb 0x12c00
0x12bee: mov ds, ax
0x12bf0: mov dx, 0x674
0x12bf3: mov ax, 0x251c
0x12bf6: int 0x21
0x12bf8: mov dx, 0x661
0x12bfb: mov ax, 0x2509
0x12bfe: int 0x21
0x12c00: pop ds
0x12c01: pop es
2018-12-17T23:03:27.845204463Z 37 PC: 12bf8 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:03:27.846453665Z 37 PC: 12c00 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:03:27.848249458Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=00000064h/0000000100d bytes. ')
2018-12-17T23:03:27.85237771Z 76 PC: 12a86 | Terminate with return code (Return code = '36')