Sample viewer

vx.netlux.org/Virus.DOS.Mr_D.1024

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:42:28.51140882Z	88	PC: 14351 \| case 0xGet or set allocation strateg:
2018-12-17T22:42:28.513479571Z	88	PC: 1435a \| case 0xGet or set allocation strateg:
2018-12-17T22:42:28.514798221Z	72	PC: 14361 \| Allocate memory
2018-12-17T22:42:28.517157417Z	88	PC: 14369 \| case 0xGet or set allocation strateg:
2018-12-17T22:42:28.518809902Z	81	PC: 14371 \| Get current PSP
2018-12-17T22:42:28.519885693Z	74	PC: 14384 \| Reallocate memory
2018-12-17T22:42:28.52118661Z	88	PC: 14351 \| case 0xGet or set allocation strateg:
2018-12-17T22:42:28.522624195Z	88	PC: 1435a \| case 0xGet or set allocation strateg:
2018-12-17T22:42:28.524316616Z	72	PC: 14361 \| Allocate memory
2018-12-17T22:42:28.525999332Z	88	PC: 14369 \| case 0xGet or set allocation strateg:
2018-12-17T22:42:28.5272111Z	53	PC: 142f2 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:42:28.530034405Z	53	PC: 142ff \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:42:28.531256737Z	37	PC: 1430f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:42:28.532504008Z	37	PC: 14317 \| Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:42:28.539238933Z	81	PC: 142db \| Get current PSP
2018-12-17T22:42:28.540162958Z	48	PC: 12a6d \| Get DOS version
2018-12-17T22:42:28.541203632Z	9	PC: 12a84 \| Display string (Could not find end pointer)
2018-12-17T22:42:28.548395666Z	61	PC: 12cc4 \| Open file (Filename = '')
2018-12-17T22:42:28.552629493Z	9	PC: 12a92 \| Display string (Could not find end pointer)
2018-12-17T22:42:28.554174028Z	93	PC: 12b31 \| File sharing functions
2018-12-17T22:42:28.556068819Z	9	PC: 12b10 \| Display string (String= 'Size change=+040Dh/01037d. Virus might be activ? ')
2018-12-17T22:42:28.559725188Z	76	PC: 12b16 \| Terminate with return code (Return code = '1')