Sample viewer

vx.netlux.org/Virus.DOS.Brontozavr.5632.d

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:12:35.089773805Z 170 PC: 190ba | UNKNOWN!
2018-12-17T23:12:35.091891497Z 37 PC: 1910a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:35.093533415Z 53 PC: 1910f | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:12:35.095188838Z 37 PC: 1911f | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:12:35.097356814Z 53 PC: 19124 | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T23:12:35.099158983Z 37 PC: 19134 | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T23:12:35.100950692Z 9 PC: 12a86 | Display string (String= 'Goat file (EXE/9...). Size=00005B7Ch/0000023420d bytes. ')
2018-12-17T23:12:35.107815951Z 48 PC: 12a8f | Get DOS version
2018-12-17T23:12:35.111935056Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-17T23:12:35.11965353Z 93 PC: 12afe | File sharing functions
2018-12-17T23:12:35.123194007Z 9 PC: 12a86 | Display string (String= 'Size change=1600h/05632d. ')
2018-12-17T23:12:35.130574215Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')