Sample viewer

vx.netlux.org/Virus.DOS.Hidenowt.1741.c

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:20:24.861425748Z	53	PC: 200af \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:20:24.862720725Z	61	PC: 20276 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:20:24.867170627Z	66	PC: 20276 \| Move file pointer
2018-12-17T22:20:24.870434207Z	66	PC: 20276 \| Move file pointer
2018-12-17T22:20:24.871565647Z	63	PC: 20276 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:20:24.873859051Z	62	PC: 20276 \| Close file
2018-12-17T22:20:24.877074111Z	51	PC: 20276 \| Get or set Ctrl-Break
2018-12-17T22:20:24.878284282Z	51	PC: 20276 \| Get or set Ctrl-Break
2018-12-17T22:20:24.879434Z	67	PC: 20276 \| Get or set file attributes
2018-12-17T22:20:24.884900797Z	61	PC: 20276 \| Open file (Filename = '�')
2018-12-17T22:20:24.893487673Z	87	PC: 20276 \| Get or set file date and time
2018-12-17T22:20:24.894905572Z	63	PC: 20276 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:20:24.897692607Z	66	PC: 20276 \| Move file pointer
2018-12-17T22:20:24.899398614Z	64	PC: 20276 \| Write file or device (Write 1752 bytes on handle 5)
2018-12-17T22:20:25.261269594Z	66	PC: 20276 \| Move file pointer
2018-12-17T22:20:25.26260179Z	64	PC: 20276 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:20:25.265277724Z	87	PC: 20276 \| Get or set file date and time
2018-12-17T22:20:25.26659269Z	62	PC: 20276 \| Close file
2018-12-17T22:20:25.271720093Z	51	PC: 20276 \| Get or set Ctrl-Break
2018-12-17T22:20:25.273140109Z	47	PC: 20276 \| Get disk transfer address
2018-12-17T22:20:25.274557266Z	80	PC: 13fb9 \| Set current PSP
2018-12-17T22:20:25.275448321Z	48	PC: 13fbe \| Get DOS version
2018-12-17T22:20:25.277260424Z	101	PC: 14044 \| Get extended country info
2018-12-17T22:20:25.278520591Z	99	PC: 1404a \| Get DBCS lead byte table pointer
2018-12-17T22:20:25.279753718Z	74	PC: 140ac \| Reallocate memory
2018-12-17T22:20:25.281387973Z	25	PC: 140e3 \| Get default drive
2018-12-17T22:20:25.282268602Z	37	PC: 13ba3 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:20:25.283232969Z	37	PC: 13baa \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:20:25.284915601Z	37	PC: 13bb1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:20:25.287775654Z	2	PC: 13e6c \| Character output (Char = '0d')
2018-12-17T22:20:25.289891723Z	2	PC: 13e6c \| Character output (Char = '0a')
2018-12-17T22:20:25.294352884Z	2	PC: 13e6c \| Character output (Char = '0d')
2018-12-17T22:20:25.296174669Z	2	PC: 13e6c \| Character output (Char = '0a')
2018-12-17T22:20:25.299686431Z	2	PC: 13e6c \| Character output (Char = '4d')
2018-12-17T22:20:25.302178521Z	2	PC: 13e6c \| Character output (Char = '69')
2018-12-17T22:20:25.304127401Z	2	PC: 13e6c \| Character output (Char = '63')
2018-12-17T22:20:25.306200452Z	2	PC: 13e6c \| Character output (Char = '72')
2018-12-17T22:20:25.308020338Z	2	PC: 13e6c \| Character output (Char = '6f')
2018-12-17T22:20:25.310001353Z	2	PC: 13e6c \| Character output (Char = '73')
2018-12-17T22:20:25.312059039Z	2	PC: 13e6c \| Character output (Char = '6f')
2018-12-17T22:20:25.314458514Z	2	PC: 13e6c \| Character output (Char = '66')
2018-12-17T22:20:25.316624932Z	2	PC: 13e6c \| Character output (Char = '74')
2018-12-17T22:20:25.318829321Z	2	PC: 13e6c \| Character output (Char = '28')
2018-12-17T22:20:25.321319266Z	2	PC: 13e6c \| Character output (Char = '52')
2018-12-17T22:20:25.323156641Z	2	PC: 13e6c \| Character output (Char = '29')
2018-12-17T22:20:25.32541087Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:25.328119809Z	2	PC: 13e6c \| Character output (Char = '4d')
2018-12-17T22:20:25.33021758Z	2	PC: 13e6c \| Character output (Char = '53')
2018-12-17T22:20:25.332368134Z	2	PC: 13e6c \| Character output (Char = '2d')
2018-12-17T22:20:25.335778955Z	2	PC: 13e6c \| Character output (Char = '44')
2018-12-17T22:20:25.337868633Z	2	PC: 13e6c \| Character output (Char = '4f')
2018-12-17T22:20:25.339796877Z	2	PC: 13e6c \| Character output (Char = '53')
2018-12-17T22:20:25.34256953Z	2	PC: 13e6c \| Character output (Char = '28')
2018-12-17T22:20:25.344494034Z	2	PC: 13e6c \| Character output (Char = '52')
2018-12-17T22:20:25.34641564Z	2	PC: 13e6c \| Character output (Char = '29')
2018-12-17T22:20:25.348783354Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:25.350708356Z	2	PC: 13e6c \| Character output (Char = '56')
2018-12-17T22:20:25.352605768Z	2	PC: 13e6c \| Character output (Char = '65')
2018-12-17T22:20:25.355219321Z	2	PC: 13e6c \| Character output (Char = '72')
2018-12-17T22:20:25.357147574Z	2	PC: 13e6c \| Character output (Char = '73')
2018-12-17T22:20:25.359267147Z	2	PC: 13e6c \| Character output (Char = '69')
2018-12-17T22:20:25.36188079Z	2	PC: 13e6c \| Character output (Char = '6f')
2018-12-17T22:20:25.364007347Z	2	PC: 13e6c \| Character output (Char = '6e')
2018-12-17T22:20:25.366838883Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:25.369464831Z	2	PC: 13e6c \| Character output (Char = '36')
2018-12-17T22:20:25.371599332Z	2	PC: 13e6c \| Character output (Char = '2e')
2018-12-17T22:20:25.373613224Z	2	PC: 13e6c \| Character output (Char = '32')
2018-12-17T22:20:25.376586965Z	2	PC: 13e6c \| Character output (Char = '32')
2018-12-17T22:20:25.378879692Z	2	PC: 13e6c \| Character output (Char = '0d')
2018-12-17T22:20:25.381017185Z	2	PC: 13e6c \| Character output (Char = '0a')
2018-12-17T22:20:25.385774303Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:25.388059724Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:25.390966697Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:25.403231152Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:25.405529144Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:25.408683198Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:25.412030442Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:25.4154944Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:25.417955134Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:25.421345007Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:25.423746523Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:25.426122384Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:25.429111117Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:25.431327836Z	2	PC: 13e6c \| Character output (Char = '28')
2018-12-17T22:20:25.433418522Z	2	PC: 13e6c \| Character output (Char = '43')
2018-12-17T22:20:25.436753258Z	2	PC: 13e6c \| Character output (Char = '29')
2018-12-17T22:20:25.441009292Z	2	PC: 13e6c \| Character output (Char = '43')
2018-12-17T22:20:25.443422833Z	2	PC: 13e6c \| Character output (Char = '6f')
2018-12-17T22:20:25.446653404Z	2	PC: 13e6c \| Character output (Char = '70')
2018-12-17T22:20:25.449242209Z	2	PC: 13e6c \| Character output (Char = '79')
2018-12-17T22:20:25.451351057Z	2	PC: 13e6c \| Character output (Char = '72')
2018-12-17T22:20:25.454377595Z	2	PC: 13e6c \| Character output (Char = '69')
2018-12-17T22:20:25.456456991Z	2	PC: 13e6c \| Character output (Char = '67')
2018-12-17T22:20:25.459356373Z	2	PC: 13e6c \| Character output (Char = '68')
2018-12-17T22:20:25.462207352Z	2	PC: 13e6c \| Character output (Char = '74')
2018-12-17T22:20:25.464341995Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:25.466356029Z	2	PC: 13e6c \| Character output (Char = '4d')
2018-12-17T22:20:25.468645973Z	2	PC: 13e6c \| Character output (Char = '69')
2018-12-17T22:20:25.470804523Z	2	PC: 13e6c \| Character output (Char = '63')
2018-12-17T22:20:25.472744544Z	2	PC: 13e6c \| Character output (Char = '72')
2018-12-17T22:20:25.475278988Z	2	PC: 13e6c \| Character output (Char = '6f')
2018-12-17T22:20:25.477481081Z	2	PC: 13e6c \| Character output (Char = '73')
2018-12-17T22:20:25.479456963Z	2	PC: 13e6c \| Character output (Char = '6f')
2018-12-17T22:20:25.482116212Z	2	PC: 13e6c \| Character output (Char = '66')
2018-12-17T22:20:25.484103108Z	2	PC: 13e6c \| Character output (Char = '74')
2018-12-17T22:20:25.486175097Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:25.489864947Z	2	PC: 13e6c \| Character output (Char = '43')
2018-12-17T22:20:25.491859665Z	2	PC: 13e6c \| Character output (Char = '6f')
2018-12-17T22:20:25.493869529Z	2	PC: 13e6c \| Character output (Char = '72')
2018-12-17T22:20:25.496267107Z	2	PC: 13e6c \| Character output (Char = '70')
2018-12-17T22:20:25.498251278Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:25.500221923Z	2	PC: 13e6c \| Character output (Char = '31')
2018-12-17T22:20:25.502527565Z	2	PC: 13e6c \| Character output (Char = '39')
2018-12-17T22:20:25.504480889Z	2	PC: 13e6c \| Character output (Char = '38')
2018-12-17T22:20:25.506624402Z	2	PC: 13e6c \| Character output (Char = '31')
2018-12-17T22:20:25.508992594Z	2	PC: 13e6c \| Character output (Char = '2d')
2018-12-17T22:20:25.511207114Z	2	PC: 13e6c \| Character output (Char = '31')
2018-12-17T22:20:25.513657401Z	2	PC: 13e6c \| Character output (Char = '39')
2018-12-17T22:20:25.51644716Z	2	PC: 13e6c \| Character output (Char = '39')
2018-12-17T22:20:25.518849757Z	2	PC: 13e6c \| Character output (Char = '34')
2018-12-17T22:20:25.521292239Z	2	PC: 13e6c \| Character output (Char = '2e')
2018-12-17T22:20:25.523565378Z	2	PC: 13e6c \| Character output (Char = '0d')
2018-12-17T22:20:25.525341006Z	2	PC: 13e6c \| Character output (Char = '0a')
2018-12-17T22:20:25.529792993Z	74	PC: 12d4c \| Reallocate memory
2018-12-17T22:20:25.531082931Z	72	PC: 12d8d \| Allocate memory
2018-12-17T22:20:25.532425465Z	72	PC: 12dc5 \| Allocate memory
2018-12-17T22:20:25.534400219Z	72	PC: 12dcd \| Allocate memory