Sample viewer

vx.netlux.org/Virus.DOS.Won.2339

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:46:25.543231693Z	88	PC: 13a6a \| case 0xGet or set allocation strateg:
2018-12-17T22:46:25.545105087Z	72	PC: 13a73 \| Allocate memory
2018-12-17T22:46:25.547017091Z	74	PC: 13a3e \| Reallocate memory
2018-12-17T22:46:25.548379403Z	72	PC: 13a73 \| Allocate memory
2018-12-17T22:46:25.549950128Z	88	PC: 13a7e \| case 0xGet or set allocation strateg:
2018-12-17T22:46:25.55160725Z	82	PC: 139a0 \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:46:25.552701691Z	54	PC: 13ab4 \| Get free disk space
2018-12-17T22:46:25.595311776Z	50	PC: 13acc \| Get disk parameter block for specified drive
2018-12-17T22:46:25.922163681Z	53	PC: 13b88 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:46:25.92388072Z	37	PC: 13b98 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:46:25.925026497Z	53	PC: 13b88 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:46:25.926934173Z	37	PC: 13b98 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:46:25.928063581Z	53	PC: 13b88 \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:46:25.929199125Z	37	PC: 13b98 \| Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:46:25.930939554Z	37	PC: 139f4 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:46:25.932235583Z	82	PC: 139a0 \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:46:25.934518135Z	98	PC: 13a12 \| Get current PSP
2018-12-17T22:46:25.937035824Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-17T22:46:25.94425306Z	48	PC: 12a8f \| Get DOS version
2018-12-17T22:46:25.946285848Z	98	PC: 9f61b \| Get current PSP
2018-12-17T22:46:25.947775459Z	67	PC: 9f674 \| Get or set file attributes
2018-12-17T22:46:25.958633318Z	67	PC: 9f6a1 \| Get or set file attributes
2018-12-17T22:46:25.972879703Z	61	PC: 9f6b5 \| Open file (Filename = ' ty stara dupo!! $�L')
2018-12-17T22:46:25.978010115Z	87	PC: 9f6c9 \| Get or set file date and time
2018-12-17T22:46:25.980187863Z	63	PC: 9f6e2 \| Read file or device (Read 27 bytes on handle 0)
2018-12-17T22:46:25.988398159Z	66	PC: 9f76a \| Move file pointer
2018-12-17T22:46:25.989963604Z	63	PC: 9f78e \| Read file or device (Read 2 bytes on handle 0)
2018-12-17T22:46:25.998657622Z	62	PC: 9f920 \| Close file
2018-12-17T22:46:26.000637958Z	67	PC: 9f936 \| Get or set file attributes
2018-12-17T22:46:26.012057869Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-17T22:46:26.020867567Z	93	PC: 12afe \| File sharing functions
2018-12-17T22:46:26.023565845Z	9	PC: 12a86 \| Display string (String= 'Size change=092Fh/02351d. ')
2018-12-17T22:46:26.028669603Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')