Sample viewer

vx.netlux.org/Virus.DOS.WpcBats.3198

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:25.705825973Z	48	PC: 12eb6 \| Get DOS version
2018-12-17T22:43:25.707866792Z	72	PC: 12ec5 \| Allocate memory
2018-12-17T22:43:25.709486348Z	74	PC: 12ed7 \| Reallocate memory
2018-12-17T22:43:25.711504587Z	74	PC: 12ee6 \| Reallocate memory
2018-12-17T22:43:25.712968804Z	72	PC: 12efc \| Allocate memory
2018-12-17T22:43:25.71512295Z	53	PC: 9edd0 \| Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T22:43:25.716207761Z	53	PC: 9eddc \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:43:25.717519845Z	37	PC: 9edfc \| Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T22:43:25.718972236Z	37	PC: 9ee03 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:43:25.720713572Z	47	PC: 9f5fe \| Get disk transfer address
2018-12-17T22:43:25.721836934Z	53	PC: 9f5fe \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:25.723611661Z	37	PC: 9f5fe \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:25.724729255Z	26	PC: 9f5fe \| Set disk transfer address
2018-12-17T22:43:25.72585812Z	46	PC: 9f5fe \| Set verify flag
2018-12-17T22:43:25.727593291Z	78	PC: 9f5fe \| Find first file
2018-12-17T22:43:25.733450783Z	26	PC: 9f5fe \| Set disk transfer address
2018-12-17T22:43:25.734544289Z	37	PC: 9f5fe \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:25.737462303Z	9	PC: 12ad3 \| Display string (String= ' Mabuhay! This program came from Bahay Kawayan at http://come.to/hexfiles Putoksa Kawayan [email protected] ')
2018-12-17T22:43:25.745166978Z	76	PC: 12ad7 \| Terminate with return code (Return code = '36')