Sample viewer

vx.netlux.org/Virus.DOS.Ukraine.3537

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:04:57.721871817Z 75 PC: 1c4bc | Execute program
2018-12-17T23:04:57.724186019Z 74 PC: 1b8e1 | Reallocate memory
2018-12-17T23:04:57.725964954Z 72 PC: 1b8e8 | Allocate memory
2018-12-17T23:04:57.728157558Z 82 PC: 1b913 | Get DOS internal pointers (SYSVARS)
2018-12-17T23:04:57.730677277Z 78 PC: 1c4f2 | Find first file
2018-12-17T23:04:57.737569097Z 78 PC: 1c4f2 | Find first file
2018-12-17T23:04:57.743700258Z 78 PC: 1c4f2 | Find first file
2018-12-17T23:04:57.749664004Z 26 PC: 1b69d | Set disk transfer address
2018-12-17T23:04:57.756280867Z 61 PC: 1b6b1 | Open file (Filename = 'A:\TEST.COM')
2018-12-17T23:04:57.758893961Z 53 PC: 9ef38 | Get interrupt vector (Interrupt = '42' AKA 'Get date')
2018-12-17T23:04:57.787987565Z 69 PC: 1b6b8 | Duplicate handle
2018-12-17T23:04:57.790890294Z 62 PC: 1b6bf | Close file
2018-12-17T23:04:57.793295066Z 63 PC: 1b6d1 | Read file or device (Read 24 bytes on handle 6)
2018-12-17T23:04:57.805919367Z 62 PC: 1b6d5 | Close file
2018-12-17T23:04:57.808268335Z 26 PC: 1b6e8 | Set disk transfer address