Sample viewer

vx.netlux.org/Virus.DOS.Gotcha.627.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:44:21.499366024Z	218	PC: 12a8b \| UNKNOWN!
2018-12-17T22:44:21.500603808Z	48	PC: 12a95 \| Get DOS version
2018-12-17T22:44:21.503052888Z	37	PC: 12ad6 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:44:21.506805766Z	77	PC: 11fe0 \| Get program return code
2018-12-17T22:44:21.508524755Z	72	PC: 12174 \| Allocate memory
2018-12-17T22:44:21.511381711Z	72	PC: 1218d \| Allocate memory
2018-12-17T22:44:21.514050373Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:44:21.515693338Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:44:21.518088858Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:21.520100296Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:21.522176796Z	62	PC: 122ab \| Close file
2018-12-17T22:44:21.52445783Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:21.527047494Z	62	PC: 122ab \| Close file
2018-12-17T22:44:21.52903676Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:21.531101488Z	62	PC: 122ab \| Close file
2018-12-17T22:44:21.533863996Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:21.535634902Z	62	PC: 122ab \| Close file
2018-12-17T22:44:21.537368247Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:21.540109777Z	62	PC: 122ab \| Close file
2018-12-17T22:44:21.542183291Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:21.546188804Z	62	PC: 122ab \| Close file
2018-12-17T22:44:21.549219507Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:21.556476075Z	62	PC: 122ab \| Close file
2018-12-17T22:44:21.558485669Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:21.5615045Z	62	PC: 122ab \| Close file
2018-12-17T22:44:21.563617318Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:21.565663911Z	62	PC: 122ab \| Close file
2018-12-17T22:44:21.56770242Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:21.571169532Z	62	PC: 122ab \| Close file
2018-12-17T22:44:21.573068178Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:21.57502367Z	62	PC: 122ab \| Close file
2018-12-17T22:44:21.577796698Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:21.579539141Z	62	PC: 122ab \| Close file
2018-12-17T22:44:21.58125833Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:21.584657104Z	62	PC: 122ab \| Close file
2018-12-17T22:44:21.586528228Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:21.588810674Z	62	PC: 122ab \| Close file
2018-12-17T22:44:21.592647611Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:21.594780777Z	62	PC: 122ab \| Close file
2018-12-17T22:44:21.604463413Z	99	PC: 9a127 \| Get DBCS lead byte table pointer
2018-12-17T22:44:21.606696377Z	56	PC: 94949 \| Get or set country info
2018-12-17T22:44:21.608863457Z	64	PC: 9a398 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:44:21.613579004Z	25	PC: 949b2 \| Get default drive
2018-12-17T22:44:21.6157388Z	71	PC: 96c2d \| Get current directory
2018-12-17T22:44:21.626216499Z	64	PC: 9a398 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:44:21.629971872Z	2	PC: 96c02 \| Character output (Char = '3e')
2018-12-17T22:44:21.632856159Z	93	PC: 94a70 \| File sharing functions
2018-12-17T22:44:21.635204179Z	93	PC: 94a77 \| File sharing functions
2018-12-17T22:44:21.638140985Z	10	PC: 94a89 \| Buffered keyboard input
2018-12-17T22:44:36.45356831Z	0	PC: 0 \| Program terminate
2018-12-17T22:44:37.808687833Z	0	PC: 0 \| Program terminate
2018-12-17T22:44:37.911596401Z	64	PC: 9a398 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:44:37.925308334Z	41	PC: 94afe \| Parse filename
2018-12-17T22:44:37.930425044Z	41	PC: 94b7f \| Parse filename
2018-12-17T22:44:37.932521091Z	41	PC: 94b9c \| Parse filename
2018-12-17T22:44:37.936488212Z	26	PC: 98047 \| Set disk transfer address
2018-12-17T22:44:37.939036758Z	71	PC: 98243 \| Get current directory
2018-12-17T22:44:37.947874557Z	78	PC: 9824e \| Find first file
2018-12-17T22:44:37.959348166Z	71	PC: 980bc \| Get current directory
2018-12-17T22:44:37.964129797Z	73	PC: 97759 \| Release memory
2018-12-17T22:44:37.966249878Z	61	PC: 9f909 \| Open file (Filename = 'A:\PRINT.COM')
2018-12-17T22:44:37.975032053Z	98	PC: 9f930 \| Get current PSP
2018-12-17T22:44:37.97661197Z	51	PC: 9f957 \| Get or set Ctrl-Break
2018-12-17T22:44:37.978053357Z	51	PC: 9f95d \| Get or set Ctrl-Break
2018-12-17T22:44:37.980273667Z	53	PC: 9f964 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:37.981954474Z	37	PC: 9f972 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:37.984037026Z	63	PC: 9f9e6 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:44:37.992636176Z	63	PC: 9f9f7 \| Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:44:37.995951112Z	62	PC: 9f929 \| Close file
2018-12-17T22:44:37.998592523Z	37	PC: 9fa7f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:38.000542796Z	51	PC: 9fa83 \| Get or set Ctrl-Break
2018-12-17T22:44:38.003091764Z	75	PC: 11821 \| Execute program
2018-12-17T22:44:38.014710345Z	9	PC: 12a47 \| Display string (String= 'Hello, World! ')
2018-12-17T22:44:38.019448223Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')
2018-12-17T22:44:38.024413439Z	77	PC: 11fe0 \| Get program return code
2018-12-17T22:44:38.026404218Z	72	PC: 12174 \| Allocate memory
2018-12-17T22:44:38.028903942Z	72	PC: 1218d \| Allocate memory
2018-12-17T22:44:38.032095938Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:44:38.034328431Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:44:38.036167986Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:38.03886474Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:38.040996825Z	62	PC: 122ab \| Close file
2018-12-17T22:44:38.043749054Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:38.045714125Z	62	PC: 122ab \| Close file
2018-12-17T22:44:38.048594074Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:38.05056747Z	62	PC: 122ab \| Close file
2018-12-17T22:44:38.052499047Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:38.055449419Z	62	PC: 122ab \| Close file
2018-12-17T22:44:38.057433936Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:38.059449001Z	62	PC: 122ab \| Close file
2018-12-17T22:44:38.065767138Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:38.067867683Z	62	PC: 122ab \| Close file
2018-12-17T22:44:38.070045172Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:38.072850771Z	62	PC: 122ab \| Close file
2018-12-17T22:44:38.075169346Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:38.077120541Z	62	PC: 122ab \| Close file
2018-12-17T22:44:38.079082877Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:38.082007569Z	62	PC: 122ab \| Close file
2018-12-17T22:44:38.083924509Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:38.085894089Z	62	PC: 122ab \| Close file
2018-12-17T22:44:38.088932375Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:38.090717057Z	62	PC: 122ab \| Close file
2018-12-17T22:44:38.092962084Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:38.095546548Z	62	PC: 122ab \| Close file
2018-12-17T22:44:38.097492733Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:38.099464947Z	62	PC: 122ab \| Close file
2018-12-17T22:44:38.102104535Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:38.104207885Z	62	PC: 122ab \| Close file
2018-12-17T22:44:38.113647484Z	69	PC: 9f909 \| Duplicate handle
2018-12-17T22:44:38.115915614Z	62	PC: 122ab \| Close file
2018-12-17T22:44:38.119649988Z	99	PC: 9a127 \| Get DBCS lead byte table pointer
2018-12-17T22:44:38.121374687Z	56	PC: 94949 \| Get or set country info
2018-12-17T22:44:38.123790805Z	64	PC: 9a398 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:44:38.129843162Z	25	PC: 949b2 \| Get default drive
2018-12-17T22:44:38.131935602Z	71	PC: 96c2d \| Get current directory
2018-12-17T22:44:38.136395137Z	64	PC: 9a398 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:44:38.140538199Z	2	PC: 96c02 \| Character output (Char = '3e')
2018-12-17T22:44:38.146934923Z	93	PC: 94a70 \| File sharing functions
2018-12-17T22:44:38.149131147Z	93	PC: 94a77 \| File sharing functions
2018-12-17T22:44:38.152263391Z	10	PC: 94a89 \| Buffered keyboard input