Sample viewer

vx.netlux.org/Virus.DOS.Screen_II.1387

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:03:30.564932005Z 42 PC: 16ab7 | Get date 0x16ab7: mov al, 0
0x16ab9: mov byte ptr cs:[0x24], al
0x16abd: cmp dl, 0xa
0x16ac0: ja 0x16ac5
0x16ac2: jmp 0x16acb
0x16ac4: nop
0x16ac5: mov al, 1
0x16ac7: mov byte ptr cs:[0x24], al
0x16acb: mov al, 0
0x16acd: mov byte ptr cs:[0x20], al
0x16ad1: mov ah, 0
0x16ad3: mov word ptr cs:[0x1c], ax
0x16ad7: mov word ptr cs:[0x1e], ax
0x16adb: mov ah, 0xf
0x16add: int 0x10
0x16adf: and al, 0x7f
0x16ae1: cmp al, 4
0x16ae3: jb 0x16aee
0x16ae5: mov al, 1
0x16ae7: mov byte ptr cs:[0x22], al
2018-12-17T23:03:30.568229498Z 53 PC: 16af9 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:30.569845874Z 53 PC: 16b09 | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T23:03:30.572086804Z 53 PC: 16b19 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:03:30.573573225Z 37 PC: 16b58 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:30.575384699Z 37 PC: 16b60 | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T23:03:30.577257916Z 37 PC: 16b68 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:03:30.579217599Z 37 PC: 16b70 | Set interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-17T23:03:30.584406806Z 99 PC: 13726 | Get DBCS lead byte table pointer
2018-12-17T23:03:30.586565059Z 68 PC: 13740 | I/O control for devices (Set for = '')
2018-12-17T23:03:30.58856859Z 68 PC: 1374b | I/O control for devices (Set for = '')
2018-12-17T23:03:30.59167978Z 68 PC: 13756 | I/O control for devices (Set for = '')
2018-12-17T23:03:30.593378768Z 68 PC: 1375e | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-17T23:03:30.595337694Z 48 PC: 13763 | Get DOS version
2018-12-17T23:03:30.597532088Z 37 PC: 1666f | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:03:30.599239586Z 53 PC: 16678 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:30.600918771Z 37 PC: 1668f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:30.610704266Z 25 PC: 165ed | Get default drive
2018-12-17T23:03:30.612672895Z 71 PC: 165f7 | Get current directory
2018-12-17T23:03:30.617089662Z 64 PC: 139e5 | Write file or device (Write 30 bytes on handle 2)
2018-12-17T23:03:30.623898409Z 64 PC: 139e5 | Write file or device (Write 9 bytes on handle 1)
2018-12-17T23:03:30.628228432Z 64 PC: 139e5 | Write file or device (Write 17 bytes on handle 1)
2018-12-17T23:03:30.633752076Z 76 PC: 147f8 | Terminate with return code (Return code = '4')