Sample viewer

vx.netlux.org/Virus.DOS.Amuck.3184.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:54:37.627213178Z	48	PC: 13570 \| Get DOS version
2018-12-17T21:54:37.628780126Z	82	PC: 1357d \| Get DOS internal pointers (SYSVARS)
2018-12-17T21:54:37.630799497Z	53	PC: 13629 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:54:37.631940356Z	37	PC: 13639 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:54:37.63375156Z	42	PC: 1363d \| Get date 0x1363d: mov byte ptr [0x4e9], al 0x13640: mov word ptr [0x4e6], dx 0x13644: sub cx, 0x7bc 0x13648: mov al, 0xc 0x1364a: xchg cl, al 0x1364c: mul cl 0x1364e: shr dx, 8 0x13651: add ax, dx 0x13653: mov bx, ax 0x13655: mov word ptr [0x46a], 0xea60 0x1365b: sub bx, word ptr [0x468] 0x1365f: mov word ptr [0x468], ax 0x13662: jb 0x136a5 0x13664: cmp bx, 4 0x13667: jb 0x136a5 0x13669: mov ax, 0x3510 0x1366c: int 0x21 0x1366e: mov word ptr [0x470], bx 0x13672: mov word ptr [0x472], es 0x13676: mov ax, 0x2510
2018-12-17T21:54:37.636237Z	53	PC: 1366e \| Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T21:54:37.63781395Z	37	PC: 1367e \| Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T21:54:37.641914362Z	82	PC: 13c98 \| Get DOS internal pointers (SYSVARS)
2018-12-17T21:54:37.643101636Z	25	PC: 13c9c \| Get default drive
2018-12-17T21:54:37.655284322Z	37	PC: 13cbb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:54:37.657442495Z	67	PC: 13cc3 \| Get or set file attributes
2018-12-17T21:54:37.662950016Z	61	PC: 13ce4 \| Open file (Filename = '')
2018-12-17T21:54:37.669459713Z	87	PC: 13cf5 \| Get or set file date and time
2018-12-17T21:54:37.673079286Z	63	PC: 13d14 \| Read file or device (Read 24 bytes on handle 5)
2018-12-17T21:54:37.675831062Z	66	PC: 13d43 \| Move file pointer
2018-12-17T21:54:37.677272908Z	63	PC: 13d4d \| Read file or device (Read 24 bytes on handle 5)
2018-12-17T21:54:37.683928476Z	66	PC: 13d56 \| Move file pointer
2018-12-17T21:54:37.687580166Z	64	PC: 138bf \| Write file or device (Write 3206 bytes on handle 5)
2018-12-17T21:54:38.050954909Z	66	PC: 13d9b \| Move file pointer
2018-12-17T21:54:38.052505888Z	64	PC: 13da5 \| Write file or device (Write 10 bytes on handle 5)
2018-12-17T21:54:38.05604045Z	87	PC: 13e73 \| Get or set file date and time
2018-12-17T21:54:38.05735874Z	62	PC: 13e77 \| Close file
2018-12-17T21:54:38.063112815Z	53	PC: 134d5 \| Get interrupt vector (Interrupt = '121' AKA 'UNKNOWN!')
2018-12-17T21:54:38.065086933Z	53	PC: 13493 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T21:54:38.066244584Z	37	PC: 134a4 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T21:54:38.067349951Z	53	PC: 134a9 \| Get interrupt vector (Interrupt = '121' AKA 'UNKNOWN!')
2018-12-17T21:54:38.069001378Z	37	PC: 134b9 \| Set interrupt vector (Interrupt = '121' AKA 'UNKNOWN!')
2018-12-17T21:54:38.070504882Z	73	PC: 134c1 \| Release memory
2018-12-17T21:54:38.071846694Z	9	PC: 134c8 \| Display string (Could not find end pointer)
2018-12-17T21:54:38.07900182Z	49	PC: 134cd \| Terminate and stay resident (Return code = '0' \| Memory size = '246')