Sample viewer

vx.netlux.org/Virus.DOS.Pcvanw.6836

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:58:25.226943091Z	53	PC: 1a260 \| Get interrupt vector (Interrupt = '71' AKA 'Get current directory')
2018-12-17T21:58:25.228459278Z	37	PC: 1a277 \| Set interrupt vector (Interrupt = '71' AKA 'Get current directory')
2018-12-17T21:58:25.232019993Z	48	PC: 13fcf \| Get DOS version
2018-12-17T21:58:25.233159975Z	111	PC: 13fdd \| UNKNOWN!
2018-12-17T21:58:25.234722761Z	53	PC: 14004 \| Get interrupt vector (Interrupt = '71' AKA 'Get current directory')
2018-12-17T21:58:25.235882619Z	37	PC: 14025 \| Set interrupt vector (Interrupt = '71' AKA 'Get current directory')
2018-12-17T21:58:25.236889266Z	53	PC: 1402b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:58:25.238489442Z	37	PC: 1403b \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:58:25.239491914Z	37	PC: 13f45 \| Set interrupt vector (Interrupt = '73' AKA 'Release memory')
2018-12-17T21:58:25.240279669Z	37	PC: 13f50 \| Set interrupt vector (Interrupt = '72' AKA 'Allocate memory')
2018-12-17T21:58:25.24259925Z	52	PC: 14047 \| Get InDOS flag pointer
2018-12-17T21:58:25.243798906Z	42	PC: 14053 \| Get date 0x14053: mov word ptr [0x134a], cx 0x14057: mov word ptr [0x134c], dx 0x1405b: mov ax, dx 0x1405d: add ax, 0x8888 0x14060: mul ax 0x14062: and ax, 0x1f1f 0x14065: add ax, 0x4040 0x14068: and dx, 0x1f1f 0x1406c: add dx, 0x4040 0x14070: mov word ptr [0x1346], ax 0x14073: mov word ptr [0x1348], dx 0x14077: cmp word ptr [0x10e6], 0 0x1407c: jne 0x14088 0x1407e: mov word ptr [0x10e6], cx 0x14082: mov ax, word ptr [0x134c] 0x14085: mov word ptr [0x10e8], ax 0x14088: cmp cx, word ptr [0x10e6] 0x1408c: jne 0x14095 0x1408e: mov ax, word ptr [0x134c] 0x14091: cmp ax, word ptr [0x10e8]
2018-12-17T21:58:25.246269326Z	25	PC: 140a0 \| Get default drive
2018-12-17T21:58:25.248069492Z	14	PC: 140a6 \| Set default drive (Drive = 'A')
2018-12-17T21:58:25.249502097Z	53	PC: 141f4 \| Get interrupt vector (Interrupt = '64' AKA 'Write file or device')
2018-12-17T21:58:25.250707601Z	37	PC: 14204 \| Set interrupt vector (Interrupt = '64' AKA 'Write file or device')
2018-12-17T21:58:25.252392237Z	82	PC: 14208 \| Get DOS internal pointers (SYSVARS)
2018-12-17T21:58:25.254881691Z	74	PC: 142df \| Reallocate memory
2018-12-17T21:58:25.256379142Z	75	PC: 1432b \| Execute program
2018-12-17T21:58:25.278683864Z	53	PC: 1bec0 \| Get interrupt vector (Interrupt = '71' AKA 'Get current directory')
2018-12-17T21:58:25.279999344Z	48	PC: 15407 \| Get DOS version
2018-12-17T21:58:25.281214536Z	9	PC: 1541a \| Display string (Could not find end pointer)
2018-12-17T21:58:25.288758201Z	48	PC: 14346 \| Get DOS version
2018-12-17T21:58:25.290523097Z	53	PC: 1448e \| Get interrupt vector (Interrupt = '71' AKA 'Get current directory')
2018-12-17T21:58:25.29218922Z	76	PC: 144a3 \| Terminate with return code (Return code = '0')