Sample viewer

vx.netlux.org/Virus.DOS.Derd.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:09:32.945662643Z	53	PC: 1430a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:09:32.947242185Z	53	PC: 1430a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:09:32.948297366Z	53	PC: 1430a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:09:32.949357942Z	53	PC: 1430a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:09:32.950955069Z	53	PC: 1430a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:09:32.951994914Z	53	PC: 1430a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:09:32.953004208Z	53	PC: 1430a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:09:32.95528472Z	53	PC: 1430a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:09:32.956587593Z	53	PC: 1430a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:09:32.957854131Z	53	PC: 1430a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:09:32.959094788Z	53	PC: 1430a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:09:32.961269094Z	53	PC: 1430a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:09:32.962580434Z	53	PC: 1430a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:09:32.963829401Z	53	PC: 1430a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:09:32.965667995Z	53	PC: 1430a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:09:32.966976803Z	53	PC: 1430a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:09:32.968130048Z	53	PC: 1430a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:09:32.973739634Z	53	PC: 1430a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:09:32.975294714Z	53	PC: 1430a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:09:32.976412605Z	37	PC: 1431f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:09:32.978508056Z	37	PC: 14327 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:09:32.979739671Z	37	PC: 1432f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:09:32.980840327Z	37	PC: 14337 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:09:32.986719355Z	68	PC: 14c25 \| I/O control for devices (Set for = '')
2018-12-17T22:09:33.025927558Z	37	PC: 13d31 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:09:33.027311539Z	44	PC: 14d5c \| Get time 0x14d5c: mov word ptr [0xf3e], cx 0x14d60: mov word ptr [0xf40], dx 0x14d64: retf 0x14d65: mov cx, di 0x14d67: mov si, 0xa 0x14d6a: mov bx, dx 0x14d6c: or bx, bx 0x14d6e: jns 0x14d81 0x14d70: neg bx 0x14d72: neg ax 0x14d74: sbb bx, 0 0x14d77: call 0x14d81 0x14d7a: dec di 0x14d7b: mov byte ptr es:[di], 0x2d 0x14d7f: inc cx 0x14d80: ret 0x14d81: xor dx, dx 0x14d83: xchg ax, bx 0x14d84: div si 0x14d86: xchg ax, bx
2018-12-17T22:09:33.031721363Z	26	PC: 13a25 \| Set disk transfer address
2018-12-17T22:09:33.032783411Z	78	PC: 13a31 \| Find first file
2018-12-17T22:09:33.038855626Z	25	PC: 13aab \| Get default drive
2018-12-17T22:09:33.040350815Z	71	PC: 13aca \| Get current directory
2018-12-17T22:09:33.043695732Z	26	PC: 13a49 \| Set disk transfer address
2018-12-17T22:09:33.04474983Z	79	PC: 13a4e \| Find next file
2018-12-17T22:09:33.048201214Z	60	PC: 14c09 \| Create or truncate file
2018-12-17T22:09:33.071607755Z	68	PC: 14c25 \| I/O control for devices (Set for = '')
2018-12-17T22:09:33.074319215Z	60	PC: 14c09 \| Create or truncate file