Sample viewer

vx.netlux.org/Virus.DOS.Dada_II.786

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:15:31.414893424Z	53	PC: 1410e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:15:31.417714868Z	53	PC: 1411d \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:15:31.420646007Z	82	PC: 1412b \| Get DOS internal pointers (SYSVARS)
2018-12-17T23:15:31.422427796Z	37	PC: 14189 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:15:31.424510661Z	37	PC: 14193 \| Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:15:31.427146065Z	48	PC: 12a63 \| Get DOS version
2018-12-17T23:15:31.428836793Z	9	PC: 12a7a \| Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-17T23:15:31.437025034Z	53	PC: 9fa34 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:15:31.439785843Z	53	PC: 9fa47 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:15:31.441374939Z	37	PC: 9fa5d \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:15:31.442861684Z	37	PC: 9fa69 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:15:31.444510183Z	67	PC: 9fa7e \| Get or set file attributes
2018-12-17T23:15:31.449628664Z	67	PC: 9fa93 \| Get or set file attributes
2018-12-17T23:15:33.489619041Z	61	PC: 9faa1 \| Open file (Filename = '')
2018-12-17T23:15:33.497755935Z	87	PC: 9fab1 \| Get or set file date and time
2018-12-17T23:15:33.499095162Z	63	PC: 9fad0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:15:33.502113275Z	66	PC: 9faf7 \| Move file pointer
2018-12-17T23:15:33.504842655Z	66	PC: 9fb1a \| Move file pointer
2018-12-17T23:15:33.506722028Z	63	PC: 9fb2a \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T23:15:33.510038762Z	87	PC: 9fb75 \| Get or set file date and time
2018-12-17T23:15:33.511884461Z	62	PC: 9fb7d \| Close file
2018-12-17T23:15:33.570548769Z	67	PC: 9fb97 \| Get or set file attributes
2018-12-17T23:15:33.6125039Z	37	PC: 9fbac \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:15:33.614246195Z	37	PC: 9fbc1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:15:33.618266892Z	61	PC: 12cb7 \| Open file (Filename = '')
2018-12-17T23:15:33.62571396Z	9	PC: 12a88 \| Display string (String= 'Self test: ')
2018-12-17T23:15:33.629759725Z	93	PC: 12b24 \| File sharing functions
2018-12-17T23:15:33.634004764Z	9	PC: 12b03 \| Display string (String= 'Size change=+0312h/00786d. Virus might be activ? ')
2018-12-17T23:15:33.641752066Z	76	PC: 12b09 \| Terminate with return code (Return code = '1')