Sample viewer

vx.netlux.org/Virus.DOS.MAD.4340

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:13:07.47321534Z	37	PC: 12ca4 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:13:07.479593246Z	255	PC: 12d44 \| UNKNOWN!
2018-12-17T22:13:07.480770905Z	37	PC: 12eb6 \| Set interrupt vector (Interrupt = '101' AKA 'Get extended country info')
2018-12-17T22:13:07.481876693Z	82	PC: 12ebb \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:13:07.483419051Z	37	PC: 12f5f \| Set interrupt vector (Interrupt = '100' AKA 'Set wait for external event flag')
2018-12-17T22:13:07.489958664Z	37	PC: 12f7b \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:13:07.491201553Z	37	PC: 12f83 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:13:07.492774571Z	37	PC: 12fa0 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:13:07.498186717Z	77	PC: 11fe0 \| Get program return code
2018-12-17T22:13:07.500570073Z	72	PC: 12174 \| Allocate memory
2018-12-17T22:13:07.503431203Z	72	PC: 1218d \| Allocate memory
2018-12-17T22:13:07.508040989Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:13:07.510226932Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:13:07.512385332Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:13:07.515236871Z	66	PC: 9c960 \| Move file pointer
2018-12-17T22:13:07.516735392Z	62	PC: 9c948 \| Close file
2018-12-17T22:13:07.519579651Z	62	PC: 122ab \| Close file
2018-12-17T22:13:07.523215542Z	62	PC: 122ab \| Close file
2018-12-17T22:13:07.525619892Z	62	PC: 122ab \| Close file
2018-12-17T22:13:07.528021884Z	62	PC: 122ab \| Close file
2018-12-17T22:13:07.531285366Z	62	PC: 122ab \| Close file
2018-12-17T22:13:07.533625036Z	62	PC: 122ab \| Close file
2018-12-17T22:13:07.536009603Z	62	PC: 122ab \| Close file
2018-12-17T22:13:07.53950319Z	62	PC: 122ab \| Close file
2018-12-17T22:13:07.543206075Z	62	PC: 122ab \| Close file
2018-12-17T22:13:07.54676652Z	62	PC: 122ab \| Close file
2018-12-17T22:13:07.554016004Z	62	PC: 122ab \| Close file
2018-12-17T22:13:07.556686421Z	62	PC: 122ab \| Close file
2018-12-17T22:13:07.559379458Z	62	PC: 122ab \| Close file
2018-12-17T22:13:07.563106157Z	62	PC: 122ab \| Close file
2018-12-17T22:13:07.566751935Z	61	PC: 12354 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:13:07.574089208Z	66	PC: 12372 \| Move file pointer
2018-12-17T22:13:07.577022411Z	63	PC: 12383 \| Read file or device (Read 44693 bytes on handle 5)
2018-12-17T22:13:07.591747752Z	62	PC: 1238a \| Close file
2018-12-17T22:13:07.595618186Z	99	PC: 96dd7 \| Get DBCS lead byte table pointer
2018-12-17T22:13:07.598142051Z	56	PC: 915f9 \| Get or set country info
2018-12-17T22:13:07.601052524Z	64	PC: 97048 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:13:07.607075146Z	25	PC: 91662 \| Get default drive
2018-12-17T22:13:07.611298369Z	71	PC: 938dd \| Get current directory
2018-12-17T22:13:07.61830813Z	64	PC: 97048 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:13:07.630103558Z	2	PC: 938b2 \| Character output (Char = '3e')
2018-12-17T22:13:07.63340491Z	93	PC: 91720 \| File sharing functions
2018-12-17T22:13:07.639692888Z	93	PC: 91727 \| File sharing functions
2018-12-17T22:13:07.642284904Z	10	PC: 91739 \| Buffered keyboard input
2018-12-17T22:13:22.463421607Z	0	PC: 0 \| Program terminate
2018-12-17T22:13:23.817542486Z	0	PC: 0 \| Program terminate
2018-12-17T22:13:23.921800516Z	64	PC: 97048 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:13:23.928208431Z	41	PC: 917ae \| Parse filename
2018-12-17T22:13:23.93088533Z	41	PC: 9182f \| Parse filename
2018-12-17T22:13:23.934447982Z	41	PC: 9184c \| Parse filename
2018-12-17T22:13:23.937811367Z	26	PC: 94cf7 \| Set disk transfer address
2018-12-17T22:13:23.940317256Z	71	PC: 94ef3 \| Get current directory
2018-12-17T22:13:23.949902302Z	78	PC: 9c8a4 \| Find first file
2018-12-17T22:13:23.959793778Z	47	PC: 9c8ae \| Get disk transfer address
2018-12-17T22:13:23.962636909Z	71	PC: 94d6c \| Get current directory
2018-12-17T22:13:23.96650218Z	73	PC: 94409 \| Release memory
2018-12-17T22:13:23.968905046Z	75	PC: 11821 \| Execute program
2018-12-17T22:13:23.985195788Z	9	PC: 12a47 \| Display string (String= 'Hello, World! ')
2018-12-17T22:13:23.989820253Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')