Sample viewer

vx.netlux.org/Virus.DOS.Claire.821

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:04:17.050583231Z 53 PC: 166fd | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:17.052280694Z 99 PC: 16718 | Get DBCS lead byte table pointer
2018-12-17T23:04:17.054227295Z 82 PC: 1675d | Get DOS internal pointers (SYSVARS)
2018-12-17T23:04:17.055687852Z 37 PC: 167b5 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:17.057087505Z 76 PC: 12a48 | Terminate with return code (Return code = '76')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14814,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:42.487162077Z 53 PC: 166fd | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:42.489448408Z 99 PC: 16718 | Get DBCS lead byte table pointer
2018-12-25T12:41:42.490619259Z 82 PC: 1675d | Get DOS internal pointers (SYSVARS)
2018-12-25T12:41:42.49177185Z 37 PC: 167b5 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:42.493974027Z 76 PC: 12a48 | Terminate with return code (Return code = '76')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":13,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14814,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:42.942672061Z 53 PC: 166fd | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:42.944601397Z 99 PC: 16718 | Get DBCS lead byte table pointer
2018-12-25T12:41:42.945744877Z 82 PC: 1675d | Get DOS internal pointers (SYSVARS)
2018-12-25T12:41:42.946992096Z 37 PC: 167b5 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:42.949747057Z 76 PC: 12a48 | Terminate with return code (Return code = '76')