Sample viewer

vx.netlux.org/Virus.DOS.Crawler.545

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:28:55.384215167Z	53	PC: 12e45 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:28:55.385707452Z	37	PC: 12e50 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:28:55.388309609Z	47	PC: 12e54 \| Get disk transfer address
2018-12-17T22:28:55.389679738Z	26	PC: 12e5e \| Set disk transfer address
2018-12-17T22:28:55.390978651Z	71	PC: 12e68 \| Get current directory
2018-12-17T22:28:55.395272822Z	78	PC: 12e81 \| Find first file
2018-12-17T22:28:55.399333902Z	62	PC: 12e89 \| Close file
2018-12-17T22:28:55.400432567Z	26	PC: 12e9a \| Set disk transfer address
2018-12-17T22:28:55.4017973Z	79	PC: 12ea2 \| Find next file
2018-12-17T22:28:55.403860831Z	62	PC: 12e89 \| Close file
2018-12-17T22:28:55.40491194Z	26	PC: 12e9a \| Set disk transfer address
2018-12-17T22:28:55.40569424Z	79	PC: 12ea2 \| Find next file
2018-12-17T22:28:55.416894971Z	62	PC: 12e89 \| Close file
2018-12-17T22:28:55.419201078Z	26	PC: 12e9a \| Set disk transfer address
2018-12-17T22:28:55.420969396Z	79	PC: 12ea2 \| Find next file
2018-12-17T22:28:55.424988142Z	62	PC: 12e89 \| Close file
2018-12-17T22:28:55.42704202Z	26	PC: 12e9a \| Set disk transfer address
2018-12-17T22:28:55.428645498Z	79	PC: 12ea2 \| Find next file
2018-12-17T22:28:55.433334444Z	62	PC: 12e89 \| Close file
2018-12-17T22:28:55.434939913Z	26	PC: 12e9a \| Set disk transfer address
2018-12-17T22:28:55.436835626Z	79	PC: 12ea2 \| Find next file
2018-12-17T22:28:55.440292685Z	62	PC: 12e89 \| Close file
2018-12-17T22:28:55.442646198Z	26	PC: 12e9a \| Set disk transfer address
2018-12-17T22:28:55.444065408Z	79	PC: 12ea2 \| Find next file
2018-12-17T22:28:55.447891605Z	62	PC: 12e89 \| Close file
2018-12-17T22:28:55.455334616Z	26	PC: 12e9a \| Set disk transfer address
2018-12-17T22:28:55.45689243Z	79	PC: 12ea2 \| Find next file
2018-12-17T22:28:55.460439998Z	67	PC: 12fc2 \| Get or set file attributes
2018-12-17T22:28:55.477229818Z	61	PC: 12ee6 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:28:55.484943073Z	66	PC: 12fcd \| Move file pointer
2018-12-17T22:28:55.487033114Z	63	PC: 12efb \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:28:55.493170603Z	62	PC: 12e8f \| Close file
2018-12-17T22:28:55.49572163Z	67	PC: 12fc2 \| Get or set file attributes
2018-12-17T22:28:55.506785754Z	26	PC: 12e9a \| Set disk transfer address
2018-12-17T22:28:55.509043993Z	79	PC: 12ea2 \| Find next file
2018-12-17T22:28:55.511128171Z	59	PC: 12eac \| Change current directory
2018-12-17T22:28:55.515812207Z	59	PC: 12f9b \| Change current directory
2018-12-17T22:28:55.518707901Z	26	PC: 12fa1 \| Set disk transfer address
2018-12-17T22:28:55.52027514Z	37	PC: 12fa8 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:28:55.521775325Z	9	PC: 12e26 \| Display string (String= ' Phalcon/Skism COM host file - 1000 bytes (c) 1995, Night Crawler ')