Sample viewer

vx.netlux.org/Virus.DOS.Quake.960.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:41:46.427919319Z	53	PC: 12ad4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:46.429717726Z	37	PC: 12add \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:41:46.430939872Z	53	PC: 12ae7 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:46.432219375Z	37	PC: 12af4 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:46.433527753Z	26	PC: 12afe \| Set disk transfer address
2018-12-17T22:41:46.435210523Z	71	PC: 12b22 \| Get current directory
2018-12-17T22:41:46.438152829Z	78	PC: 12c17 \| Find first file
2018-12-17T22:41:46.448245355Z	78	PC: 12c17 \| Find first file
2018-12-17T22:41:46.455683716Z	59	PC: 12b4d \| Change current directory
2018-12-17T22:41:46.459786281Z	59	PC: 12b56 \| Change current directory
2018-12-17T22:41:46.466743719Z	44	PC: 12b5a \| Get time 0x12b5a: or dl, dl 0x12b5c: je 0x12b66 0x12b5e: cmp byte ptr ds:[bp + 0x2b4], 7 0x12b64: jl 0x12bb0 0x12b66: mov ax, 0x3508 0x12b69: int3 0x12b6a: mov word ptr ds:[bp + 0x448], es 0x12b6f: mov word ptr ds:[bp + 0x446], bx 0x12b74: pop es 0x12b75: push es 0x12b76: mov bx, 0xffff 0x12b79: mov ah, 0x4a 0x12b7b: int3 0x12b7c: sub bx, 0xa 0x12b7f: mov ah, 0x4a 0x12b81: int3 0x12b82: jb 0x12bb0 0x12b84: mov ah, 0x48 0x12b86: mov bx, 9 0x12b89: int3
2018-12-17T22:41:46.470073513Z	37	PC: 12bba \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:46.471384936Z	26	PC: 12bc2 \| Set disk transfer address
2018-12-17T22:41:46.472881277Z	53	PC: 12ad4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:46.474509986Z	37	PC: 12add \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:41:46.476336917Z	53	PC: 12ae7 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:46.477628022Z	37	PC: 12af4 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:46.479087663Z	26	PC: 12afe \| Set disk transfer address
2018-12-17T22:41:46.48122591Z	71	PC: 12b22 \| Get current directory
2018-12-17T22:41:46.489526229Z	78	PC: 12c17 \| Find first file
2018-12-17T22:41:46.502260797Z	78	PC: 12c17 \| Find first file
2018-12-17T22:41:46.509320006Z	59	PC: 12b4d \| Change current directory
2018-12-17T22:41:46.514442487Z	59	PC: 12b56 \| Change current directory
2018-12-17T22:41:46.518695254Z	44	PC: 12b5a \| Get time 0x12b5a: or dl, dl 0x12b5c: je 0x12b66 0x12b5e: cmp byte ptr ds:[bp + 0x2b4], 7 0x12b64: jl 0x12bb0 0x12b66: mov ax, 0x3508 0x12b69: int3 0x12b6a: mov word ptr ds:[bp + 0x448], es 0x12b6f: mov word ptr ds:[bp + 0x446], bx 0x12b74: pop es 0x12b75: push es 0x12b76: mov bx, 0xffff 0x12b79: mov ah, 0x4a 0x12b7b: int3 0x12b7c: sub bx, 0xa 0x12b7f: mov ah, 0x4a 0x12b81: int3 0x12b82: jb 0x12bb0 0x12b84: mov ah, 0x48 0x12b86: mov bx, 9 0x12b89: int3
2018-12-17T22:41:46.522164039Z	37	PC: 12bba \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:46.523541767Z	26	PC: 12bc2 \| Set disk transfer address
2018-12-17T22:41:46.525265605Z	53	PC: 12ad4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:46.527515881Z	37	PC: 12add \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:41:46.529100617Z	53	PC: 12ae7 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:46.530717033Z	37	PC: 12af4 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:46.539493607Z	26	PC: 12afe \| Set disk transfer address
2018-12-17T22:41:46.540855455Z	71	PC: 12b22 \| Get current directory
2018-12-17T22:41:46.544172345Z	78	PC: 12c17 \| Find first file
2018-12-17T22:41:46.557603501Z	78	PC: 12c17 \| Find first file
2018-12-17T22:41:46.568780915Z	59	PC: 12b4d \| Change current directory
2018-12-17T22:41:46.578824559Z	59	PC: 12b56 \| Change current directory
2018-12-17T22:41:46.582998529Z	44	PC: 12b5a \| Get time 0x12b5a: or dl, dl 0x12b5c: je 0x12b66 0x12b5e: cmp byte ptr ds:[bp + 0x2b4], 7 0x12b64: jl 0x12bb0 0x12b66: mov ax, 0x3508 0x12b69: int3 0x12b6a: mov word ptr ds:[bp + 0x448], es 0x12b6f: mov word ptr ds:[bp + 0x446], bx 0x12b74: pop es 0x12b75: push es 0x12b76: mov bx, 0xffff 0x12b79: mov ah, 0x4a 0x12b7b: int3 0x12b7c: sub bx, 0xa 0x12b7f: mov ah, 0x4a 0x12b81: int3 0x12b82: jb 0x12bb0 0x12b84: mov ah, 0x48 0x12b86: mov bx, 9 0x12b89: int3
2018-12-17T22:41:46.585634289Z	37	PC: 12bba \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:46.586722062Z	26	PC: 12bc2 \| Set disk transfer address
2018-12-17T22:41:46.588091504Z	53	PC: 12ad4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:46.590058839Z	37	PC: 12add \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:41:46.591289551Z	53	PC: 12ae7 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:46.592589151Z	37	PC: 12af4 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:46.597276866Z	26	PC: 12afe \| Set disk transfer address
2018-12-17T22:41:46.598558623Z	71	PC: 12b22 \| Get current directory
2018-12-17T22:41:46.601774273Z	78	PC: 12c17 \| Find first file
2018-12-17T22:41:46.611852081Z	78	PC: 12c17 \| Find first file
2018-12-17T22:41:46.618120415Z	59	PC: 12b4d \| Change current directory
2018-12-17T22:41:46.628214984Z	59	PC: 12b56 \| Change current directory
2018-12-17T22:41:46.63811641Z	44	PC: 12b5a \| Get time 0x12b5a: or dl, dl 0x12b5c: je 0x12b66 0x12b5e: cmp byte ptr ds:[bp + 0x2b4], 7 0x12b64: jl 0x12bb0 0x12b66: mov ax, 0x3508 0x12b69: int3 0x12b6a: mov word ptr ds:[bp + 0x448], es 0x12b6f: mov word ptr ds:[bp + 0x446], bx 0x12b74: pop es 0x12b75: push es 0x12b76: mov bx, 0xffff 0x12b79: mov ah, 0x4a 0x12b7b: int3 0x12b7c: sub bx, 0xa 0x12b7f: mov ah, 0x4a 0x12b81: int3 0x12b82: jb 0x12bb0 0x12b84: mov ah, 0x48 0x12b86: mov bx, 9 0x12b89: int3
2018-12-17T22:41:46.640441097Z	37	PC: 12bba \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:46.641716192Z	26	PC: 12bc2 \| Set disk transfer address
2018-12-17T22:41:46.64416997Z	53	PC: 12ad4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:46.645621226Z	37	PC: 12add \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:41:46.646962766Z	53	PC: 12ae7 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:46.649103216Z	37	PC: 12af4 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:46.650889692Z	26	PC: 12afe \| Set disk transfer address
2018-12-17T22:41:46.652183932Z	71	PC: 12b22 \| Get current directory
2018-12-17T22:41:46.655258988Z	78	PC: 12c17 \| Find first file
2018-12-17T22:41:46.666907726Z	78	PC: 12c17 \| Find first file
2018-12-17T22:41:46.673394049Z	59	PC: 12b4d \| Change current directory
2018-12-17T22:41:46.678403418Z	59	PC: 12b56 \| Change current directory
2018-12-17T22:41:46.683598986Z	44	PC: 12b5a \| Get time 0x12b5a: or dl, dl 0x12b5c: je 0x12b66 0x12b5e: cmp byte ptr ds:[bp + 0x2b4], 7 0x12b64: jl 0x12bb0 0x12b66: mov ax, 0x3508 0x12b69: int3 0x12b6a: mov word ptr ds:[bp + 0x448], es 0x12b6f: mov word ptr ds:[bp + 0x446], bx 0x12b74: pop es 0x12b75: push es 0x12b76: mov bx, 0xffff 0x12b79: mov ah, 0x4a 0x12b7b: int3 0x12b7c: sub bx, 0xa 0x12b7f: mov ah, 0x4a 0x12b81: int3 0x12b82: jb 0x12bb0 0x12b84: mov ah, 0x48 0x12b86: mov bx, 9 0x12b89: int3
2018-12-17T22:41:46.686166659Z	37	PC: 12bba \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:46.687672487Z	26	PC: 12bc2 \| Set disk transfer address
2018-12-17T22:41:46.690085219Z	53	PC: 12ad4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:46.691362117Z	37	PC: 12add \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:41:46.692629337Z	53	PC: 12ae7 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:46.694563089Z	37	PC: 12af4 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:46.695797127Z	26	PC: 12afe \| Set disk transfer address
2018-12-17T22:41:46.696952667Z	71	PC: 12b22 \| Get current directory
2018-12-17T22:41:46.700184246Z	78	PC: 12c17 \| Find first file
2018-12-17T22:41:46.711637918Z	78	PC: 12c17 \| Find first file
2018-12-17T22:41:46.723220072Z	59	PC: 12b4d \| Change current directory
2018-12-17T22:41:46.728288151Z	59	PC: 12b56 \| Change current directory
2018-12-17T22:41:46.733288082Z	44	PC: 12b5a \| Get time 0x12b5a: or dl, dl 0x12b5c: je 0x12b66 0x12b5e: cmp byte ptr ds:[bp + 0x2b4], 7 0x12b64: jl 0x12bb0 0x12b66: mov ax, 0x3508 0x12b69: int3 0x12b6a: mov word ptr ds:[bp + 0x448], es 0x12b6f: mov word ptr ds:[bp + 0x446], bx 0x12b74: pop es 0x12b75: push es 0x12b76: mov bx, 0xffff 0x12b79: mov ah, 0x4a 0x12b7b: int3 0x12b7c: sub bx, 0xa 0x12b7f: mov ah, 0x4a 0x12b81: int3 0x12b82: jb 0x12bb0 0x12b84: mov ah, 0x48 0x12b86: mov bx, 9 0x12b89: int3
2018-12-17T22:41:46.735488164Z	37	PC: 12bba \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:46.736815256Z	26	PC: 12bc2 \| Set disk transfer address
2018-12-17T22:41:46.739273343Z	53	PC: 12ad4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:46.740719339Z	37	PC: 12add \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:41:46.742047784Z	53	PC: 12ae7 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:46.74396769Z	37	PC: 12af4 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:46.745385713Z	26	PC: 12afe \| Set disk transfer address
2018-12-17T22:41:46.746868579Z	71	PC: 12b22 \| Get current directory
2018-12-17T22:41:46.750987675Z	78	PC: 12c17 \| Find first file
2018-12-17T22:41:46.756923965Z	78	PC: 12c17 \| Find first file
2018-12-17T22:41:46.767877488Z	59	PC: 12b4d \| Change current directory
2018-12-17T22:41:46.778541056Z	59	PC: 12b56 \| Change current directory
2018-12-17T22:41:46.78775386Z	44	PC: 12b5a \| Get time 0x12b5a: or dl, dl 0x12b5c: je 0x12b66 0x12b5e: cmp byte ptr ds:[bp + 0x2b4], 7 0x12b64: jl 0x12bb0 0x12b66: mov ax, 0x3508 0x12b69: int3 0x12b6a: mov word ptr ds:[bp + 0x448], es 0x12b6f: mov word ptr ds:[bp + 0x446], bx 0x12b74: pop es 0x12b75: push es 0x12b76: mov bx, 0xffff 0x12b79: mov ah, 0x4a 0x12b7b: int3 0x12b7c: sub bx, 0xa 0x12b7f: mov ah, 0x4a 0x12b81: int3 0x12b82: jb 0x12bb0 0x12b84: mov ah, 0x48 0x12b86: mov bx, 9 0x12b89: int3
2018-12-17T22:41:46.790744727Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:41:46.79320633Z	74	PC: 12b7c \| Reallocate memory
2018-12-17T22:41:46.794975754Z	74	PC: 12b82 \| Reallocate memory
2018-12-17T22:41:46.796492973Z	72	PC: 12b8a \| Allocate memory
2018-12-17T22:41:46.799282543Z	37	PC: 12bb0 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:41:46.800423185Z	37	PC: 12bba \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:46.801506319Z	26	PC: 12bc2 \| Set disk transfer address
2018-12-17T22:41:46.803207745Z	53	PC: 12ad4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:46.804880236Z	37	PC: 12add \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:41:46.806437211Z	53	PC: 12ae7 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:46.807995828Z	37	PC: 12af4 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:46.809996155Z	26	PC: 12afe \| Set disk transfer address
2018-12-17T22:41:46.811566825Z	71	PC: 12b22 \| Get current directory
2018-12-17T22:41:46.814715749Z	78	PC: 12c17 \| Find first file
2018-12-17T22:41:46.823982574Z	78	PC: 12c17 \| Find first file
2018-12-17T22:41:46.8296457Z	59	PC: 12b4d \| Change current directory
2018-12-17T22:41:46.83462341Z	59	PC: 12b56 \| Change current directory
2018-12-17T22:41:46.839803299Z	44	PC: 12b5a \| Get time 0x12b5a: or dl, dl 0x12b5c: je 0x12b66 0x12b5e: cmp byte ptr ds:[bp + 0x2b4], 7 0x12b64: jl 0x12bb0 0x12b66: mov ax, 0x3508 0x12b69: int3 0x12b6a: mov word ptr ds:[bp + 0x448], es 0x12b6f: mov word ptr ds:[bp + 0x446], bx 0x12b74: pop es 0x12b75: push es 0x12b76: mov bx, 0xffff 0x12b79: mov ah, 0x4a 0x12b7b: int3 0x12b7c: sub bx, 0xa 0x12b7f: mov ah, 0x4a 0x12b81: int3 0x12b82: jb 0x12bb0 0x12b84: mov ah, 0x48 0x12b86: mov bx, 9 0x12b89: int3
2018-12-17T22:41:46.842396129Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:41:46.843939086Z	74	PC: 12b7c \| Reallocate memory
2018-12-17T22:41:46.846632936Z	74	PC: 12b82 \| Reallocate memory
2018-12-17T22:41:46.848397831Z	72	PC: 12b8a \| Allocate memory
2018-12-17T22:41:46.850281559Z	37	PC: 12bb0 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:41:46.852329124Z	37	PC: 12bba \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:46.853836626Z	26	PC: 12bc2 \| Set disk transfer address
2018-12-17T22:41:46.855597633Z	53	PC: 12ad4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:46.857869541Z	37	PC: 12add \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:41:46.859518458Z	53	PC: 12ae7 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:46.861225234Z	37	PC: 12af4 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:46.863098462Z	26	PC: 12afe \| Set disk transfer address
2018-12-17T22:41:46.864808684Z	71	PC: 12b22 \| Get current directory
2018-12-17T22:41:46.868075179Z	78	PC: 12c17 \| Find first file