Sample viewer

vx.netlux.org/Virus.DOS.Tabulero.2048.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:05:30.093799429Z 224 PC: 1b2c9 | UNKNOWN!
2018-12-17T23:05:30.095749797Z 74 PC: 12e84 | Reallocate memory
2018-12-17T23:05:30.097820331Z 53 PC: 12e89 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:30.099817586Z 37 PC: 12e9d | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:30.101613984Z 53 PC: 12ea2 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:05:30.103697171Z 37 PC: 12eb6 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:05:30.106102123Z 44 PC: 12eba | Get time 0x12eba: mov byte ptr cs:[0x7d], cl
0x12ebf: mov byte ptr cs:[0x7e], 0
0x12ec5: mov ds, word ptr cs:[0xcf]
0x12eca: mov ax, word ptr [0x2c]
0x12ecd: mov es, ax
0x12ecf: mov ds, ax
0x12ed1: mov di, 0
0x12ed4: mov cx, 0x7fff
0x12ed7: mov al, 0
0x12ed9: cld
0x12eda: repne scasb al, byte ptr es:[di]
0x12edc: cmp byte ptr es:[di], 0
0x12ee0: jne 0x12eda
0x12ee2: mov dx, di
0x12ee4: add dx, 3
0x12ee7: mov es, word ptr cs:[0xcf]
0x12eec: mov word ptr cs:[0x93], 0
0x12ef3: mov word ptr cs:[0x95], 0x80
0x12efa: mov word ptr cs:[0x97], es
0x12eff: mov word ptr cs:[0x99], 0x5c
2018-12-17T23:05:30.108540899Z 75 PC: 12f26 | Execute program
2018-12-17T23:05:30.139889797Z 48 PC: 133b3 | Get DOS version
2018-12-17T23:05:30.142650939Z 74 PC: 13579 | Reallocate memory
2018-12-17T23:05:30.144798517Z 53 PC: 13455 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:30.146334846Z 37 PC: 13468 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:30.147792037Z 53 PC: 1346e | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:05:30.150839387Z 37 PC: 13481 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:05:30.153027081Z 68 PC: 19c41 | I/O control for devices (Set for = '')
2018-12-17T23:05:30.155397898Z 68 PC: 19c41 | I/O control for devices (Set for = '')
2018-12-17T23:05:30.159065485Z 68 PC: 19c41 | I/O control for devices (Set for = '')
2018-12-17T23:05:30.162199819Z 68 PC: 19c41 | I/O control for devices (Set for = '')
2018-12-17T23:05:30.165624028Z 68 PC: 19c41 | I/O control for devices (Set for = 'LSI C-86 Run-Time Library Division by 0')
2018-12-17T23:05:30.169043087Z 74 PC: 13579 | Reallocate memory
2018-12-17T23:05:30.172540864Z 51 PC: 19c82 | Get or set Ctrl-Break
2018-12-17T23:05:30.174038439Z 51 PC: 19c82 | Get or set Ctrl-Break
2018-12-17T23:05:30.176093434Z 55 PC: 19c82 | Get or set switch character
2018-12-17T23:05:30.180591492Z 74 PC: 13579 | Reallocate memory
2018-12-17T23:05:30.183493499Z 72 PC: 19cc3 | Allocate memory
2018-12-17T23:05:30.190814506Z 68 PC: 19c82 | I/O control for devices (Set for = '����')
2018-12-17T23:05:30.193983163Z 68 PC: 19c82 | I/O control for devices (Set for = '')
2018-12-17T23:05:30.199690616Z 69 PC: 19b57 | Duplicate handle
2018-12-17T23:05:30.203127879Z 68 PC: 19c41 | I/O control for devices (Set for = 'SI C-86 Run-Time Library Division by 0')
2018-12-17T23:05:30.215765262Z 64 PC: 17c71 | Write file or device (Write 1504 bytes on handle 5)
2018-12-17T23:05:30.243248482Z 51 PC: 19c82 | Get or set Ctrl-Break
2018-12-17T23:05:30.244452435Z 62 PC: 19bc9 | Close file
2018-12-17T23:05:30.246921408Z 62 PC: 19bc9 | Close file
2018-12-17T23:05:30.248758813Z 37 PC: 13522 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:05:30.2499802Z 37 PC: 13532 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:30.251747984Z 62 PC: 1353e | Close file
2018-12-17T23:05:30.253859134Z 76 PC: 1354a | Terminate with return code (Return code = '2')
2018-12-17T23:05:30.257135605Z 73 PC: 12f2c | Release memory
2018-12-17T23:05:30.263755092Z 77 PC: 12f30 | Get program return code
2018-12-17T23:05:30.266422327Z 49 PC: 12f37 | Terminate and stay resident (Return code = '2' | Memory size = '128')