Sample viewer

vx.netlux.org/Virus.DOS.StoneHeart.1524

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:29:33.926738481Z	98	PC: 14ed4 \| Get current PSP
2018-12-17T22:29:33.927630404Z	42	PC: 14ef6 \| Get date 0x14ef6: cmp bx, 0x4b4c 0x14efa: je 0x14f32 0x14efc: pop si 0x14efd: push si 0x14efe: sub si, 0x1f 0x14f01: push es 0x14f02: mov ax, word ptr [2] 0x14f05: sub ax, 0x60 0x14f08: mov es, ax 0x14f0a: call 0x15017 0x14f0d: pop ds 0x14f0e: mov si, 0xa 0x14f11: mov di, 0x17c 0x14f14: movsw word ptr es:[di], word ptr [si] 0x14f15: movsw word ptr es:[di], word ptr [si] 0x14f16: mov word ptr [si - 4], 0x15e 0x14f1b: mov word ptr [si - 2], es 0x14f1e: mov ds, cx 0x14f20: mov si, 0x84 0x14f23: mov di, 0x19e
2018-12-17T22:29:33.930380367Z	53	PC: 14fa3 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:29:33.931765961Z	37	PC: 14fad \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:29:33.933334598Z	47	PC: 14fb1 \| Get disk transfer address
2018-12-17T22:29:33.935943777Z	26	PC: 14fbb \| Set disk transfer address
2018-12-17T22:29:33.937421973Z	78	PC: 14fc9 \| Find first file
2018-12-17T22:29:33.941109067Z	47	PC: 14fcf \| Get disk transfer address
2018-12-17T22:29:33.94262011Z	79	PC: 14ffb \| Find next file
2018-12-17T22:29:33.944475493Z	47	PC: 14fcf \| Get disk transfer address
2018-12-17T22:29:33.945467781Z	79	PC: 14ffb \| Find next file
2018-12-17T22:29:33.948003993Z	47	PC: 14fcf \| Get disk transfer address
2018-12-17T22:29:33.948984264Z	79	PC: 14ffb \| Find next file
2018-12-17T22:29:33.950830348Z	47	PC: 14fcf \| Get disk transfer address
2018-12-17T22:29:33.952427523Z	79	PC: 14ffb \| Find next file
2018-12-17T22:29:33.954178051Z	47	PC: 14fcf \| Get disk transfer address
2018-12-17T22:29:33.955113702Z	79	PC: 14ffb \| Find next file
2018-12-17T22:29:33.957240377Z	78	PC: 14fc9 \| Find first file
2018-12-17T22:29:33.974415973Z	26	PC: 1500d \| Set disk transfer address
2018-12-17T22:29:33.976067106Z	37	PC: 15014 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:29:33.977086142Z	9	PC: 12a47 \| Display string (String= 'GOAT File Generator 1.20 � (c) 1994-97 by ROSE, Ralph Roth! (02.01.1998) File: ROSEAAE.EXE - 9.775 (262Fh) Bytes length! ')
2018-12-17T22:29:33.983002092Z	72	PC: 51d65 \| Allocate memory