Sample viewer

vx.netlux.org/Virus.DOS.SillyE.943

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:31:16.910616538Z	53	PC: 1702c \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:31:16.912815657Z	37	PC: 1703f \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:31:16.914328573Z	255	PC: 17053 \| UNKNOWN!
2018-12-17T22:31:16.915507083Z	37	PC: 17069 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:31:16.918268066Z	37	PC: 16d25 \| Set interrupt vector (Interrupt = '18' AKA 'Find next file')
2018-12-17T22:31:16.932226645Z	47	PC: 16d2a \| Get disk transfer address
2018-12-17T22:31:16.933731102Z	26	PC: 16d39 \| Set disk transfer address
2018-12-17T22:31:16.935513124Z	53	PC: 16d3e \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:31:16.936908307Z	37	PC: 16d50 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:31:16.938267371Z	98	PC: 16d56 \| Get current PSP
2018-12-17T22:31:16.939973141Z	96	PC: 16db5 \| Qualify filename
2018-12-17T22:31:16.945198478Z	78	PC: 16dbf \| Find first file
2018-12-17T22:31:16.952271021Z	44	PC: 16e38 \| Get time 0x16e38: add cx, dx 0x16e3a: mov bx, cx 0x16e3c: mov ah, 0x2a 0x16e3e: int 0x12 0x16e40: add bx, dx 0x16e42: add bx, cx 0x16e44: add word ptr [0x4cf], bx 0x16e48: mov dl, 0 0x16e4a: cmp byte ptr [0x4d2], 0x3a 0x16e4f: jne 0x16e58 0x16e51: mov dl, byte ptr [0x4d1] 0x16e55: sub dl, 0x40 0x16e58: mov ah, 0x36 0x16e5a: int 0x12 0x16e5c: mul bx 0x16e5e: mul cx 0x16e60: or dx, dx 0x16e62: jne 0x16e6d 0x16e64: cmp ax, word ptr [0x4cf] 0x16e68: ja 0x16e6d
2018-12-17T22:31:16.956028491Z	42	PC: 16e40 \| Get date 0x16e40: add bx, dx 0x16e42: add bx, cx 0x16e44: add word ptr [0x4cf], bx 0x16e48: mov dl, 0 0x16e4a: cmp byte ptr [0x4d2], 0x3a 0x16e4f: jne 0x16e58 0x16e51: mov dl, byte ptr [0x4d1] 0x16e55: sub dl, 0x40 0x16e58: mov ah, 0x36 0x16e5a: int 0x12 0x16e5c: mul bx 0x16e5e: mul cx 0x16e60: or dx, dx 0x16e62: jne 0x16e6d 0x16e64: cmp ax, word ptr [0x4cf] 0x16e68: ja 0x16e6d 0x16e6a: jmp 0x16ffc 0x16e6d: cld 0x16e6e: mov cx, 0xa 0x16e71: mov di, 0x589
2018-12-17T22:31:16.958876659Z	54	PC: 16e5c \| Get free disk space
2018-12-17T22:31:16.969401276Z	79	PC: 16dcd \| Find next file
2018-12-17T22:31:16.972520497Z	25	PC: 16ddb \| Get default drive
2018-12-17T22:31:16.975213264Z	37	PC: 16df6 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:31:16.976876738Z	26	PC: 16dff \| Set disk transfer address
2018-12-17T22:31:16.97849141Z	37	PC: 16e09 \| Set interrupt vector (Interrupt = '18' AKA 'Find next file')