Sample viewer

vx.netlux.org/Virus.DOS.Sirius.Annihilator.404

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:34:22.783161059Z 26 PC: 14114 | Set disk transfer address
2018-12-17T22:34:22.785114889Z 25 PC: 14122 | Get default drive
2018-12-17T22:34:22.786383019Z 14 PC: 1412c | Set default drive (Drive = 'C')
2018-12-17T22:34:22.787752998Z 78 PC: 14136 | Find first file
2018-12-17T22:34:22.795191486Z 61 PC: 14143 | Open file (Filename = 'COMMAND.COM')
2018-12-17T22:34:22.801048983Z 66 PC: 1420c | Move file pointer
2018-12-17T22:34:22.802542802Z 62 PC: 14167 | Close file
2018-12-17T22:34:22.804376523Z 79 PC: 14136 | Find next file
2018-12-17T22:34:22.806695179Z 26 PC: 141f9 | Set disk transfer address
2018-12-17T22:34:22.807894404Z 14 PC: 14201 | Set default drive (Drive = 'A')
2018-12-17T22:34:22.809284772Z 48 PC: 12a63 | Get DOS version
2018-12-17T22:34:22.812107593Z 9 PC: 12a7a | Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-17T22:34:22.821967819Z 61 PC: 12cb7 | Open file (Filename = '')
2018-12-17T22:34:22.826148461Z 9 PC: 12a88 | Display string (String= 'Self test: ')
2018-12-17T22:34:22.832555774Z 93 PC: 12b24 | File sharing functions
2018-12-17T22:34:22.834409632Z 9 PC: 12b03 | Display string (String= 'Size change=+0194h/00404d. Virus might be activ? ')
2018-12-17T22:34:22.840014045Z 76 PC: 12b09 | Terminate with return code (Return code = '1')