Sample viewer

vx.netlux.org/Virus.DOS.FatDuck.1644

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:04:00.051834722Z	74	PC: 12aaf \| Reallocate memory
2018-12-17T23:04:00.054589255Z	75	PC: 12b21 \| Execute program
2018-12-17T23:04:00.061220158Z	9	PC: 12b38 \| Display string (String= 'PKLite: Can not run overlay file. ')
2018-12-17T23:04:00.065447114Z	253	PC: 12b3c \| UNKNOWN!
2018-12-17T23:04:00.066972308Z	48	PC: 12cca \| Get DOS version
2018-12-17T23:04:00.068457641Z	53	PC: 12cf3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:00.06952115Z	53	PC: 12d02 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:04:00.070900323Z	61	PC: 12d14 \| Open file (Filename = ' ��')
2018-12-17T23:04:00.082854178Z	66	PC: 12d24 \| Move file pointer
2018-12-17T23:04:00.084626564Z	62	PC: 12d30 \| Close file
2018-12-17T23:04:00.086834565Z	72	PC: 12d48 \| Allocate memory
2018-12-17T23:04:00.089778268Z	72	PC: 12d57 \| Allocate memory
2018-12-17T23:04:00.091855102Z	82	PC: 12d61 \| Get DOS internal pointers (SYSVARS)
2018-12-17T23:04:00.093507416Z	61	PC: 12da2 \| Open file (Filename = '�5�!.��.��')
2018-12-17T23:04:00.100661142Z	63	PC: 12db6 \| Read file or device (Read 112 bytes on handle 5)
2018-12-17T23:04:00.110558169Z	62	PC: 12dbc \| Close file
2018-12-17T23:04:00.11269025Z	37	PC: 12dc6 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:04:00.115699682Z	37	PC: 12ddd \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:00.116973934Z	76	PC: 12b48 \| Terminate with return code (Return code = '255')