Sample viewer

vx.netlux.org/Virus.DOS.Steatoda.1623

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:16:29.217436757Z	47	PC: 12a77 \| Get disk transfer address
2018-12-17T22:16:29.218999342Z	26	PC: 12a82 \| Set disk transfer address
2018-12-17T22:16:29.220517651Z	78	PC: 12a8d \| Find first file
2018-12-17T22:16:29.226241504Z	26	PC: 12a93 \| Set disk transfer address
2018-12-17T22:16:29.227564721Z	53	PC: 12ab6 \| Get interrupt vector (Interrupt = '153' AKA 'UNKNOWN!')
2018-12-17T22:16:29.231312143Z	44	PC: 12ff6 \| Get time 0x12ff6: xor ax, ax 0x12ff8: mov al, ch 0x12ffa: inc al 0x12ffc: mov bl, cl 0x12ffe: inc bl 0x13000: mul bl 0x13002: mov bl, dh 0x13004: inc bl 0x13006: mul bl 0x13008: mov bl, dl 0x1300a: inc bl 0x1300c: mul bl 0x1300e: mov word ptr cs:[si + 0x165], ax 0x13013: popaw 0x13014: ret 0x13015: push dx 0x13016: mov ax, word ptr cs:[0x165] 0x1301a: mov dx, 0x8405 0x1301d: mul dx 0x1301f: xor dx, dx
2018-12-17T22:16:29.233570217Z	37	PC: 12ae0 \| Set interrupt vector (Interrupt = '153' AKA 'UNKNOWN!')
2018-12-17T22:16:29.234762057Z	73	PC: 12ae4 \| Release memory
2018-12-17T22:16:29.236832776Z	72	PC: 12aeb \| Allocate memory
2018-12-17T22:16:29.238795099Z	74	PC: 12af3 \| Reallocate memory
2018-12-17T22:16:29.240415902Z	72	PC: 12afa \| Allocate memory
2018-12-17T22:16:29.243296614Z	53	PC: 12b01 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:16:29.244669905Z	37	PC: 12b35 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:29.245853736Z	37	PC: 12b3d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:16:29.261349973Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-17T22:16:29.266753349Z	48	PC: 12a8f \| Get DOS version
2018-12-17T22:16:29.268172476Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-17T22:16:29.274952957Z	93	PC: 12afe \| File sharing functions
2018-12-17T22:16:29.276785923Z	9	PC: 12a86 \| Display string (String= 'Size change=0657h/01623d. ')
2018-12-17T22:16:29.28067965Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')