Sample viewer

vx.netlux.org/Virus.DOS.WpcBats.2786

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:35:53.21724283Z 48 PC: 12ea2 | Get DOS version
2018-12-17T22:35:53.218738171Z 72 PC: 12eb1 | Allocate memory
2018-12-17T22:35:53.220660394Z 74 PC: 12ec3 | Reallocate memory
2018-12-17T22:35:53.223303211Z 74 PC: 12ed2 | Reallocate memory
2018-12-17T22:35:53.225738035Z 72 PC: 12ee8 | Allocate memory
2018-12-17T22:35:53.228133047Z 53 PC: 9ef6c | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:35:53.229616751Z 37 PC: 9ef8b | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:35:53.232655476Z 47 PC: 9f747 | Get disk transfer address
2018-12-17T22:35:53.233726495Z 53 PC: 9f747 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:53.235101926Z 37 PC: 9f747 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:53.236672599Z 26 PC: 9f747 | Set disk transfer address
2018-12-17T22:35:53.238453309Z 46 PC: 9f747 | Set verify flag
2018-12-17T22:35:53.239904809Z 78 PC: 9f747 | Find first file
2018-12-17T22:35:53.246049787Z 26 PC: 9f747 | Set disk transfer address
2018-12-17T22:35:53.249395353Z 37 PC: 9f747 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:53.25138671Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=000003E8h/0000001000d bytes. ')
2018-12-17T22:35:53.254577825Z 76 PC: 12a86 | Terminate with return code (Return code = '36')