Sample viewer

vx.netlux.org/Virus.DOS.T_Power.Zarma.2322

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:48:59.484001067Z	48	PC: 13278 \| Get DOS version
2018-12-17T22:48:59.486628434Z	53	PC: 13a01 \| Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-17T22:48:59.4878959Z	53	PC: 13a01 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:59.489172692Z	74	PC: 133d9 \| Reallocate memory
2018-12-17T22:48:59.490931512Z	88	PC: 133e1 \| case 0xGet or set allocation strateg:
2018-12-17T22:48:59.492504218Z	72	PC: 133ee \| Allocate memory
2018-12-17T22:48:59.494488976Z	53	PC: 13a01 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:48:59.49601493Z	53	PC: 13a01 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:59.506862674Z	37	PC: 13a06 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:59.514501421Z	37	PC: 13a06 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:48:59.516355067Z	74	PC: 13466 \| Reallocate memory
2018-12-17T22:48:59.517753255Z	88	PC: 13470 \| case 0xGet or set allocation strateg:
2018-12-17T22:48:59.519386393Z	250	PC: 13488 \| UNKNOWN!
2018-12-17T22:48:59.521340704Z	47	PC: 1348c \| Get disk transfer address
2018-12-17T22:48:59.522500288Z	26	PC: 1349c \| Set disk transfer address
2018-12-17T22:48:59.523756026Z	71	PC: 134a6 \| Get current directory
2018-12-17T22:48:59.528941826Z	53	PC: 13a01 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:59.530134529Z	37	PC: 13a06 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:59.531676957Z	88	PC: 9eb9c \| case 0xGet or set allocation strateg:
2018-12-17T22:48:59.534372524Z	250	PC: 9ebb4 \| UNKNOWN!
2018-12-17T22:48:59.541059069Z	47	PC: 9ebb8 \| Get disk transfer address
2018-12-17T22:48:59.548280886Z	26	PC: 9ebc8 \| Set disk transfer address
2018-12-17T22:48:59.549872373Z	71	PC: 9ebd2 \| Get current directory
2018-12-17T22:48:59.5519317Z	53	PC: 9f12d \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:59.553175184Z	37	PC: 9f132 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:59.554839022Z	67	PC: 9f140 \| Get or set file attributes
2018-12-17T22:48:59.905536988Z	61	PC: 9ec38 \| Open file (Filename = '')
2018-12-17T22:48:59.909595373Z	87	PC: 9ecbb \| Get or set file date and time
2018-12-17T22:48:59.911736983Z	63	PC: 9f11e \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:48:59.913816746Z	66	PC: 9f10c \| Move file pointer
2018-12-17T22:48:59.915725444Z	66	PC: 9f10c \| Move file pointer
2018-12-17T22:48:59.919090381Z	64	PC: 9f0b0 \| Write file or device (Write 2322 bytes on handle 5)
2018-12-17T22:48:59.928388648Z	66	PC: 9ed0c \| Move file pointer
2018-12-17T22:48:59.929529911Z	64	PC: 9f115 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:48:59.931853523Z	78	PC: 9ee51 \| Find first file
2018-12-17T22:48:59.935688147Z	78	PC: 9ee51 \| Find first file
2018-12-17T22:48:59.939840114Z	78	PC: 9ee51 \| Find first file
2018-12-17T22:48:59.945796245Z	78	PC: 9ee51 \| Find first file
2018-12-17T22:48:59.951648328Z	78	PC: 9ee51 \| Find first file
2018-12-17T22:48:59.957279609Z	78	PC: 9ee51 \| Find first file
2018-12-17T22:48:59.963002973Z	78	PC: 9ee51 \| Find first file
2018-12-17T22:48:59.967221748Z	87	PC: 9ee72 \| Get or set file date and time
2018-12-17T22:48:59.968150839Z	87	PC: 9ee80 \| Get or set file date and time
2018-12-17T22:48:59.969637082Z	62	PC: 9ee88 \| Close file
2018-12-17T22:48:59.974304045Z	59	PC: 9f137 \| Change current directory
2018-12-17T22:48:59.977062617Z	59	PC: 9f137 \| Change current directory
2018-12-17T22:48:59.979146097Z	37	PC: 9f132 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:59.980260198Z	26	PC: 9eeb8 \| Set disk transfer address
2018-12-17T22:48:59.981574993Z	61	PC: 134f6 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:48:59.987284572Z	62	PC: 134fb \| Close file
2018-12-17T22:48:59.989197447Z	59	PC: 13a0b \| Change current directory
2018-12-17T22:48:59.992748992Z	59	PC: 13a0b \| Change current directory
2018-12-17T22:48:59.994386296Z	37	PC: 13a06 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:59.995968846Z	26	PC: 1378c \| Set disk transfer address
2018-12-17T22:48:59.99722571Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-17T22:49:00.000883598Z	48	PC: 12a8f \| Get DOS version
2018-12-17T22:49:00.002329669Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-17T22:49:00.007372496Z	93	PC: 12afe \| File sharing functions
2018-12-17T22:49:00.008766294Z	9	PC: 12a86 \| Display string (String= 'Size change=0912h/02322d. ')
2018-12-17T22:49:00.014122832Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')