Sample viewer

vx.netlux.org/Virus.DOS.Zerobug.1536.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:03:38.013321832Z 53 PC: 12a7a | Get interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-17T23:03:38.015105537Z 67 PC: 12ac7 | Get or set file attributes
2018-12-17T23:03:38.022056344Z 67 PC: 12ad1 | Get or set file attributes
2018-12-17T23:03:38.432883409Z 61 PC: 12ad9 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T23:03:38.44001214Z 87 PC: 12ae3 | Get or set file date and time
2018-12-17T23:03:38.442966227Z 63 PC: 12b02 | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T23:03:38.458002935Z 66 PC: 12b24 | Move file pointer
2018-12-17T23:03:38.459887912Z 64 PC: 12b3a | Write file or device (Write 56181 bytes on handle 5)
2018-12-17T23:03:38.47758766Z 87 PC: 12b46 | Get or set file date and time
2018-12-17T23:03:38.479122327Z 62 PC: 12b4a | Close file
2018-12-17T23:03:38.484894837Z 67 PC: 12b53 | Get or set file attributes
2018-12-17T23:03:38.493019832Z 37 PC: 12b70 | Set interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-17T23:03:38.494157542Z 74 PC: 12b88 | Reallocate memory
2018-12-17T23:03:38.495422763Z 53 PC: 12b90 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:38.49703759Z 37 PC: 12ba6 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:38.498677606Z 75 PC: 12bf2 | Execute program
2018-12-17T23:03:38.510505568Z 53 PC: 131da | Get interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-17T23:03:38.511931901Z 9 PC: 12d73 | Display string (String= '')
2018-12-17T23:03:38.513705307Z 53 PC: 12d99 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:03:38.514890707Z 37 PC: 12db0 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:03:38.51601433Z 37 PC: 12c0d | Set interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-17T23:03:38.518309017Z 9 PC: 131e5 | Display string (String= ' ')
2018-12-17T23:03:38.522499862Z 0 PC: 131e9 | Program terminate
2018-12-17T23:03:38.525185814Z 49 PC: 12bf8 | Terminate and stay resident (Return code = '0' | Memory size = '112')