Sample viewer

vx.netlux.org/Virus.DOS.MtE.Mother

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:05:03.611694777Z	26	PC: 12bfd \| Set disk transfer address
2018-12-17T22:05:03.613450095Z	53	PC: 12c02 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:05:03.615659493Z	37	PC: 12c0c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:05:03.617555848Z	78	PC: 12c25 \| Find first file
2018-12-17T22:05:03.62433318Z	67	PC: 12c6c \| Get or set file attributes
2018-12-17T22:05:03.64072695Z	61	PC: 12c73 \| Open file (Filename = '�t��6��I��\|�6��:�>')
2018-12-17T22:05:03.647228078Z	63	PC: 12c80 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:05:03.654737146Z	66	PC: 12c98 \| Move file pointer
2018-12-17T22:05:03.656921152Z	87	PC: 12cae \| Get or set file date and time
2018-12-17T22:05:03.664177709Z	64	PC: 12ce1 \| Write file or device (Write 4201 bytes on handle 5)
2018-12-17T22:05:03.675756831Z	66	PC: 12cf0 \| Move file pointer
2018-12-17T22:05:03.677672499Z	64	PC: 12cfa \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:05:03.680574869Z	87	PC: 12d01 \| Get or set file date and time
2018-12-17T22:05:03.682271138Z	62	PC: 12d05 \| Close file
2018-12-17T22:05:03.690635229Z	79	PC: 12c25 \| Find next file
2018-12-17T22:05:03.693507716Z	67	PC: 12c6c \| Get or set file attributes
2018-12-17T22:05:03.70367385Z	61	PC: 12c73 \| Open file
2018-12-17T22:05:03.710838481Z	63	PC: 12c80 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:05:03.723262806Z	66	PC: 12c98 \| Move file pointer
2018-12-17T22:05:03.724369811Z	87	PC: 12cae \| Get or set file date and time
2018-12-17T22:05:03.728982567Z	64	PC: 12ce1 \| Write file or device (Write 4069 bytes on handle 5)
2018-12-17T22:05:03.739683423Z	66	PC: 12cf0 \| Move file pointer
2018-12-17T22:05:03.740688027Z	64	PC: 12cfa \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:05:03.743108874Z	87	PC: 12d01 \| Get or set file date and time
2018-12-17T22:05:03.744904691Z	62	PC: 12d05 \| Close file
2018-12-17T22:05:03.749762698Z	79	PC: 12c25 \| Find next file
2018-12-17T22:05:03.751896075Z	67	PC: 12c6c \| Get or set file attributes
2018-12-17T22:05:03.758495756Z	61	PC: 12c73 \| Open file (Filename = 'Q��:��B��u�[X��+�H� x�3��*��n`A��Tܳ��W�X3��׊::t玂<A]Q�?T�C�u�G;�s$:\|u��X�:�')
2018-12-17T22:05:03.763285666Z	63	PC: 12c80 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:05:03.768587369Z	66	PC: 12c98 \| Move file pointer
2018-12-17T22:05:03.769987143Z	87	PC: 12cae \| Get or set file date and time
2018-12-17T22:05:03.774257304Z	64	PC: 12ce1 \| Write file or device (Write 4260 bytes on handle 5)
2018-12-17T22:05:03.77997085Z	66	PC: 12cf0 \| Move file pointer
2018-12-17T22:05:03.781490441Z	64	PC: 12cfa \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:05:03.785858686Z	87	PC: 12d01 \| Get or set file date and time
2018-12-17T22:05:03.787148199Z	62	PC: 12d05 \| Close file
2018-12-17T22:05:03.792477213Z	79	PC: 12c25 \| Find next file
2018-12-17T22:05:03.795071561Z	67	PC: 12c6c \| Get or set file attributes
2018-12-17T22:05:03.805021015Z	61	PC: 12c73 \| Open file (Filename = '� �R��PBd��1��!+q�ea��g�F��1��E �G @��^s�� G��lR�R� y�^��=X/� ��DCz��rҬecU-�F��
2018-12-17T22:05:03.811686449Z	63	PC: 12c80 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:05:03.817959608Z	66	PC: 12c98 \| Move file pointer
2018-12-17T22:05:03.819934992Z	87	PC: 12cae \| Get or set file date and time
2018-12-17T22:05:03.826643362Z	64	PC: 12ce1 \| Write file or device (Write 4067 bytes on handle 5)
2018-12-17T22:05:03.835751313Z	66	PC: 12cf0 \| Move file pointer
2018-12-17T22:05:03.837247936Z	64	PC: 12cfa \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:05:03.840793118Z	87	PC: 12d01 \| Get or set file date and time
2018-12-17T22:05:03.842494785Z	62	PC: 12d05 \| Close file
2018-12-17T22:05:03.850397527Z	37	PC: 12c55 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:05:03.85233419Z	26	PC: 12c5e \| Set disk transfer address