Sample viewer

vx.netlux.org/Virus.DOS.MAD.4344

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:45:26.026359449Z	37	PC: 1bda5 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:45:26.032800407Z	255	PC: 1be44 \| UNKNOWN!
2018-12-17T22:45:26.034678876Z	37	PC: 1bfb5 \| Set interrupt vector (Interrupt = '101' AKA 'Get extended country info')
2018-12-17T22:45:26.035755337Z	82	PC: 1bfba \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:45:26.03767541Z	37	PC: 1c05b \| Set interrupt vector (Interrupt = '100' AKA 'Set wait for external event flag')
2018-12-17T22:45:26.040007335Z	37	PC: 1c077 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:45:26.041932984Z	37	PC: 1c07f \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:45:26.044598642Z	37	PC: 1c09b \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:45:26.047114096Z	9	PC: 1bb44 \| Display string (Could not find end pointer)
2018-12-17T22:45:26.054102279Z	76	PC: 1bb48 \| Terminate with return code (Return code = '36')
2018-12-17T22:45:26.058679917Z	77	PC: 11fe0 \| Get program return code
2018-12-17T22:45:26.069848986Z	72	PC: 12174 \| Allocate memory
2018-12-17T22:45:26.072462381Z	72	PC: 1218d \| Allocate memory
2018-12-17T22:45:26.082151186Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:45:26.084057519Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:45:26.085990019Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:45:26.088399945Z	66	PC: 9c956 \| Move file pointer
2018-12-17T22:45:26.089863488Z	62	PC: 9c93e \| Close file
2018-12-17T22:45:26.101746166Z	62	PC: 122ab \| Close file
2018-12-17T22:45:26.105909801Z	62	PC: 122ab \| Close file
2018-12-17T22:45:26.108166864Z	62	PC: 122ab \| Close file
2018-12-17T22:45:26.110486434Z	62	PC: 122ab \| Close file
2018-12-17T22:45:26.11324113Z	62	PC: 122ab \| Close file
2018-12-17T22:45:26.116316209Z	62	PC: 122ab \| Close file
2018-12-17T22:45:26.121735307Z	62	PC: 122ab \| Close file
2018-12-17T22:45:26.124615524Z	62	PC: 122ab \| Close file
2018-12-17T22:45:26.128445368Z	62	PC: 122ab \| Close file
2018-12-17T22:45:26.131140615Z	62	PC: 122ab \| Close file
2018-12-17T22:45:26.133976168Z	62	PC: 122ab \| Close file
2018-12-17T22:45:26.137783805Z	62	PC: 122ab \| Close file
2018-12-17T22:45:26.148885856Z	62	PC: 122ab \| Close file
2018-12-17T22:45:26.151574798Z	62	PC: 122ab \| Close file
2018-12-17T22:45:26.15560988Z	61	PC: 12354 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:45:26.163440859Z	66	PC: 12372 \| Move file pointer
2018-12-17T22:45:26.166060536Z	63	PC: 12383 \| Read file or device (Read 44693 bytes on handle 5)
2018-12-17T22:45:26.181979638Z	62	PC: 1238a \| Close file
2018-12-17T22:45:26.186168415Z	99	PC: 96dd7 \| Get DBCS lead byte table pointer
2018-12-17T22:45:26.188663284Z	56	PC: 915f9 \| Get or set country info
2018-12-17T22:45:26.193190044Z	64	PC: 97048 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:45:26.19840858Z	25	PC: 91662 \| Get default drive
2018-12-17T22:45:26.200791667Z	71	PC: 938dd \| Get current directory
2018-12-17T22:45:26.206178367Z	64	PC: 97048 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:45:26.211373819Z	2	PC: 938b2 \| Character output (Char = '3e')
2018-12-17T22:45:26.21440193Z	93	PC: 91720 \| File sharing functions
2018-12-17T22:45:26.217735182Z	93	PC: 91727 \| File sharing functions
2018-12-17T22:45:26.220583108Z	10	PC: 91739 \| Buffered keyboard input
2018-12-17T22:45:40.987704153Z	0	PC: 0 \| Program terminate
2018-12-17T22:45:42.342747036Z	0	PC: 0 \| Program terminate
2018-12-17T22:45:42.446034493Z	64	PC: 97048 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:45:42.454585362Z	41	PC: 917ae \| Parse filename
2018-12-17T22:45:42.459151296Z	41	PC: 9182f \| Parse filename
2018-12-17T22:45:42.462017805Z	41	PC: 9184c \| Parse filename
2018-12-17T22:45:42.466793344Z	26	PC: 94cf7 \| Set disk transfer address
2018-12-17T22:45:42.469990087Z	71	PC: 94ef3 \| Get current directory
2018-12-17T22:45:42.479694367Z	78	PC: 9c89a \| Find first file
2018-12-17T22:45:42.490666509Z	47	PC: 9c8a4 \| Get disk transfer address
2018-12-17T22:45:42.499497015Z	71	PC: 94d6c \| Get current directory
2018-12-17T22:45:42.503878989Z	73	PC: 94409 \| Release memory
2018-12-17T22:45:42.50738773Z	75	PC: 11821 \| Execute program
2018-12-17T22:45:42.525571073Z	9	PC: 12a47 \| Display string (String= 'Hello, World! ')
2018-12-17T22:45:42.52939495Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')