Sample viewer

vx.netlux.org/Virus.DOS.Steatoda.1455

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:08:29.600070246Z	78	PC: 12a84 \| Find first file
2018-12-17T23:08:29.606884772Z	53	PC: 12a99 \| Get interrupt vector (Interrupt = '153' AKA 'UNKNOWN!')
2018-12-17T23:08:29.608592797Z	44	PC: 12f4e \| Get time 0x12f4e: xor ax, ax 0x12f50: mov al, ch 0x12f52: inc al 0x12f54: mov bl, cl 0x12f56: inc bl 0x12f58: mul bl 0x12f5a: mov bl, dh 0x12f5c: inc bl 0x12f5e: mul bl 0x12f60: mov bl, dl 0x12f62: inc bl 0x12f64: mul bl 0x12f66: mov word ptr cs:[si + 0x146], ax 0x12f6b: popaw 0x12f6c: ret 0x12f6d: push dx 0x12f6e: mov ax, word ptr cs:[0x146] 0x12f72: mov dx, 0x8405 0x12f75: mul dx 0x12f77: xor dx, dx
2018-12-17T23:08:29.611471181Z	37	PC: 12abd \| Set interrupt vector (Interrupt = '153' AKA 'UNKNOWN!')
2018-12-17T23:08:29.613400479Z	73	PC: 12ac1 \| Release memory
2018-12-17T23:08:29.627562544Z	72	PC: 12ac8 \| Allocate memory
2018-12-17T23:08:29.629834254Z	74	PC: 12ad0 \| Reallocate memory
2018-12-17T23:08:29.631750856Z	72	PC: 12ad7 \| Allocate memory
2018-12-17T23:08:29.635063079Z	53	PC: 12ade \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:29.636916203Z	37	PC: 12b12 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:29.638931407Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-17T23:08:29.645624291Z	48	PC: 12a8f \| Get DOS version
2018-12-17T23:08:29.646938541Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-17T23:08:29.656400181Z	93	PC: 12afe \| File sharing functions
2018-12-17T23:08:29.659543284Z	9	PC: 12a86 \| Display string (String= 'Size change=05AFh/01455d. ')
2018-12-17T23:08:29.664667444Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')