Sample viewer

vx.netlux.org/Virus.DOS.BatMan_II.3372

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:03:53.688990593Z 53 PC: 1698e | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:03:53.690374025Z 37 PC: 1699e | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:03:53.691291778Z 53 PC: 169a3 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:03:53.692297124Z 37 PC: 169b3 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:03:53.693970974Z 53 PC: 169b8 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:53.694939495Z 53 PC: 169c5 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:03:53.705760674Z 53 PC: 169d2 | Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-17T23:03:53.707359825Z 37 PC: 169e2 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:03:53.709721252Z 74 PC: 12e74 | Reallocate memory
2018-12-17T23:03:53.711714786Z 53 PC: 12e81 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:03:53.714655025Z 53 PC: 132c5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:53.731895179Z 51 PC: 12e93 | Get or set Ctrl-Break
2018-12-17T23:03:53.732778496Z 88 PC: 1314c | case 0xGet or set allocation strateg:
2018-12-17T23:03:53.735198453Z 88 PC: 13157 | case 0xGet or set allocation strateg:
2018-12-17T23:03:53.736828768Z 88 PC: 1313b | case 0xGet or set allocation strateg:
2018-12-17T23:03:53.738104706Z 88 PC: 13145 | case 0xGet or set allocation strateg:
2018-12-17T23:03:53.739287459Z 88 PC: 13125 | case 0xGet or set allocation strateg:
2018-12-17T23:03:53.740919575Z 88 PC: 13131 | case 0xGet or set allocation strateg:
2018-12-17T23:03:53.742888065Z 37 PC: 130a4 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:03:53.744271737Z 37 PC: 1317e | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:03:53.746552802Z 25 PC: 13190 | Get default drive
2018-12-17T23:03:53.747563127Z 14 PC: 1319d | Set default drive (Drive = 'A')
2018-12-17T23:03:53.748970997Z 54 PC: 13582 | Get free disk space
2018-12-17T23:03:53.760076981Z 37 PC: 132e7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:53.761195579Z 57 PC: 13164 | Create subdirectory
2018-12-17T23:03:53.780161396Z 58 PC: 1316c | Remove subdirectory
2018-12-17T23:03:53.801660251Z 47 PC: 131cb | Get disk transfer address
2018-12-17T23:03:53.803134041Z 26 PC: 13647 | Set disk transfer address
2018-12-17T23:03:53.804527332Z 71 PC: 13656 | Get current directory
2018-12-17T23:03:53.809171457Z 78 PC: 13242 | Find first file
2018-12-17T23:03:53.815682152Z 61 PC: 1324c | Open file (Filename = '')
2018-12-17T23:03:53.823519973Z 66 PC: 1325c | Move file pointer
2018-12-17T23:03:53.826372334Z 63 PC: 13266 | Read file or device (Read 12 bytes on handle 5)
2018-12-17T23:03:53.83035157Z 62 PC: 135c0 | Close file
2018-12-17T23:03:53.832977989Z 79 PC: 13295 | Find next file
2018-12-17T23:03:53.84000232Z 66 PC: 132af | Move file pointer
2018-12-17T23:03:53.84200607Z 63 PC: 132b9 | Read file or device (Read 32 bytes on handle 5)
2018-12-17T23:03:53.843821898Z 59 PC: 1364c | Change current directory
2018-12-17T23:03:53.848666102Z 78 PC: 13242 | Find first file
2018-12-17T23:03:53.854381136Z 61 PC: 1324c | Open file (Filename = 'TEST.EXE')
2018-12-17T23:03:53.86040752Z 66 PC: 1325c | Move file pointer
2018-12-17T23:03:53.862543265Z 63 PC: 13266 | Read file or device (Read 12 bytes on handle 5)
2018-12-17T23:03:53.864565467Z 62 PC: 135c0 | Close file
2018-12-17T23:03:53.866170993Z 79 PC: 13295 | Find next file
2018-12-17T23:03:53.868125672Z 66 PC: 132af | Move file pointer
2018-12-17T23:03:53.87053845Z 63 PC: 132b9 | Read file or device (Read 32 bytes on handle 5)
2018-12-17T23:03:53.872234979Z 26 PC: 1363f | Set disk transfer address
2018-12-17T23:03:53.873739189Z 78 PC: 135de | Find first file
2018-12-17T23:03:53.87802378Z 67 PC: 135e8 | Get or set file attributes
2018-12-17T23:03:53.882353053Z 79 PC: 13613 | Find next file
2018-12-17T23:03:53.884827439Z 67 PC: 1361d | Get or set file attributes
2018-12-17T23:03:53.889019404Z 79 PC: 13613 | Find next file
2018-12-17T23:03:53.890933027Z 67 PC: 1361d | Get or set file attributes
2018-12-17T23:03:53.895942894Z 79 PC: 13613 | Find next file
2018-12-17T23:03:53.897703649Z 67 PC: 1361d | Get or set file attributes
2018-12-17T23:03:53.90184496Z 79 PC: 13613 | Find next file
2018-12-17T23:03:53.904061449Z 67 PC: 1361d | Get or set file attributes
2018-12-17T23:03:53.907607151Z 79 PC: 13613 | Find next file
2018-12-17T23:03:53.909218653Z 67 PC: 1361d | Get or set file attributes
2018-12-17T23:03:53.917684821Z 79 PC: 13613 | Find next file
2018-12-17T23:03:53.91942029Z 67 PC: 1361d | Get or set file attributes
2018-12-17T23:03:53.923012956Z 79 PC: 13613 | Find next file
2018-12-17T23:03:53.925814647Z 67 PC: 1361d | Get or set file attributes
2018-12-17T23:03:53.929435599Z 79 PC: 13613 | Find next file
2018-12-17T23:03:53.931233091Z 67 PC: 1361d | Get or set file attributes
2018-12-17T23:03:53.935043623Z 79 PC: 13613 | Find next file
2018-12-17T23:03:53.93716246Z 26 PC: 13647 | Set disk transfer address
2018-12-17T23:03:53.938163953Z 26 PC: 13212 | Set disk transfer address
2018-12-17T23:03:53.946641112Z 59 PC: 1364c | Change current directory
2018-12-17T23:03:53.950927058Z 59 PC: 1364c | Change current directory
2018-12-17T23:03:53.952619555Z 37 PC: 132f8 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:53.954788108Z 14 PC: 13231 | Set default drive (Drive = 'A')
2018-12-17T23:03:53.956023474Z 37 PC: 13227 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:03:53.957130824Z 37 PC: 12df9 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:03:53.959572224Z 37 PC: 12e0a | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:03:53.960878842Z 37 PC: 12e1b | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:03:53.962140746Z 75 PC: 136de | Execute program
2018-12-17T23:03:53.972481643Z 53 PC: 1783e | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:03:53.973588455Z 37 PC: 1784e | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:03:53.974719834Z 53 PC: 17853 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:03:53.976264007Z 37 PC: 17863 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:03:53.977232664Z 53 PC: 17868 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:53.978189589Z 53 PC: 17875 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:03:53.979698628Z 53 PC: 17882 | Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-17T23:03:53.980702812Z 37 PC: 17892 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:03:53.981805091Z 37 PC: 17999 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:03:53.988782877Z 37 PC: 179aa | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:03:53.989804134Z 37 PC: 179bb | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:03:53.998039507Z 99 PC: 160b9 | Get DBCS lead byte table pointer
2018-12-17T23:03:54.000081448Z 68 PC: 160d3 | I/O control for devices (Set for = '')
2018-12-17T23:03:54.001610597Z 68 PC: 160de | I/O control for devices (Set for = '')
2018-12-17T23:03:54.003349957Z 68 PC: 160e9 | I/O control for devices (Set for = '')
2018-12-17T23:03:54.005547559Z 68 PC: 160f1 | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-17T23:03:54.00728779Z 48 PC: 160f6 | Get DOS version
2018-12-17T23:03:54.008636699Z 53 PC: 13a22 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:03:54.02210998Z 53 PC: 13a31 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:03:54.02331256Z 81 PC: 13a67 | Get current PSP
2018-12-17T23:03:54.024030653Z 37 PC: 13bfa | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:03:54.026122508Z 53 PC: 13a7f | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:54.027218602Z 37 PC: 13a90 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:54.028241429Z 37 PC: 13a97 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:03:54.030348518Z 38 PC: 138f4 | Create PSP
2018-12-17T23:03:54.031595599Z 26 PC: 13ad8 | Set disk transfer address
2018-12-17T23:03:54.03290472Z 99 PC: 13e3d | Get DBCS lead byte table pointer
2018-12-17T23:03:54.034765238Z 41 PC: 13b65 | Parse filename
2018-12-17T23:03:54.036100207Z 55 PC: 14e5b | Get or set switch character
2018-12-17T23:03:54.037282039Z 41 PC: 1443a | Parse filename
2018-12-17T23:03:54.039486698Z 55 PC: 14e5b | Get or set switch character
2018-12-17T23:03:54.04065265Z 41 PC: 14448 | Parse filename
2018-12-17T23:03:54.043171104Z 64 PC: 161fb | Write file or device (Write 1 bytes on handle 1)
2018-12-17T23:03:54.046405752Z 10 PC: 13d7a | Buffered keyboard input