Sample viewer

vx.netlux.org/Virus.DOS.Khrusha.1505

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:12:15.102086893Z	53	PC: 12e08 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:12:15.103647971Z	37	PC: 12e75 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:12:15.104907361Z	48	PC: 12e95 \| Get DOS version
2018-12-17T22:12:15.105903305Z	74	PC: 12ea7 \| Reallocate memory
2018-12-17T22:12:15.107622967Z	37	PC: 12eb1 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:12:15.108780123Z	53	PC: 12f9f \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:12:15.10992006Z	37	PC: 12fb1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:12:15.11151638Z	61	PC: 12fbf \| Open file (Filename = '')
2018-12-17T22:12:15.118311491Z	87	PC: 12fd4 \| Get or set file date and time
2018-12-17T22:12:15.119637529Z	63	PC: 12ff9 \| Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:12:15.122191563Z	66	PC: 1300c \| Move file pointer
2018-12-17T22:12:15.124149661Z	64	PC: 130b0 \| Write file or device (Write 28 bytes on handle 5)
2018-12-17T22:12:15.126618524Z	66	PC: 130ce \| Move file pointer
2018-12-17T22:12:15.12793571Z	64	PC: 130ee \| Write file or device (Write 1505 bytes on handle 5)
2018-12-17T22:12:15.142682381Z	87	PC: 1310d \| Get or set file date and time
2018-12-17T22:12:15.144096517Z	62	PC: 13116 \| Close file
2018-12-17T22:12:15.151448145Z	37	PC: 13120 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:12:15.153433587Z	75	PC: 12ed9 \| Execute program
2018-12-17T22:12:15.167699364Z	53	PC: 13f08 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:12:15.168883498Z	53	PC: 13938 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:12:15.170768158Z	9	PC: 13752 \| Display string (Could not find end pointer)
2018-12-17T22:12:15.175433424Z	76	PC: 13758 \| Terminate with return code (Return code = '0')
2018-12-17T22:12:15.178250333Z	49	PC: 12ef4 \| Terminate and stay resident (Return code = '1' \| Memory size = '124')