Sample viewer

vx.netlux.org/Virus.DOS.Datacrime.1480

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:50:30.747756298Z	26	PC: 12c9b \| Set disk transfer address
2018-12-17T22:50:30.749492257Z	42	PC: 12d60 \| Get date 0x12d60: cmp word ptr cs:[si + 0x1b4], dx 0x12d65: jl 0x12d6a 0x12d67: jmp 0x12de8 0x12d69: nop 0x12d6a: cmp al, byte ptr cs:[si + 0x1ae] 0x12d6f: jne 0x12d74 0x12d71: jmp 0x12de8 0x12d73: nop 0x12d74: lea bx, word ptr [si + 0x28f] 0x12d78: mov cx, 0x19 0x12d7b: mov dl, byte ptr cs:[bx] 0x12d7e: xor dl, 0x55 0x12d81: mov ah, 2 0x12d83: int 0x21 0x12d85: inc bx 0x12d86: loop 0x12d7b 0x12d88: lea bx, word ptr [si + 0x6c8] 0x12d8c: mov ax, 0x100 0x12d8f: xor cx, cx 0x12d91: mov word ptr cs:[bx], ax
2018-12-17T22:50:30.753328058Z	25	PC: 12dec \| Get default drive
2018-12-17T22:50:30.754972703Z	71	PC: 12dfc \| Get current directory
2018-12-17T22:50:30.75861152Z	14	PC: 12e3c \| Set default drive (Drive = 'C')
2018-12-17T22:50:30.761545645Z	71	PC: 12e47 \| Get current directory
2018-12-17T22:50:30.76461171Z	78	PC: 12f83 \| Find first file
2018-12-17T22:50:30.771006076Z	78	PC: 12fa1 \| Find first file
2018-12-17T22:50:30.785549778Z	47	PC: 12fba \| Get disk transfer address
2018-12-17T22:50:30.786974559Z	47	PC: 12fcb \| Get disk transfer address
2018-12-17T22:50:30.788430911Z	47	PC: 12ffd \| Get disk transfer address
2018-12-17T22:50:30.79063099Z	47	PC: 1311d \| Get disk transfer address
2018-12-17T22:50:30.792658883Z	67	PC: 13127 \| Get or set file attributes
2018-12-17T22:50:30.799210452Z	67	PC: 13137 \| Get or set file attributes
2018-12-17T22:50:31.147999205Z	61	PC: 1300e \| Open file (Filename = 'COMMAND.COM')
2018-12-17T22:50:31.155591117Z	63	PC: 1301d \| Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:50:31.158882433Z	66	PC: 130d1 \| Move file pointer
2018-12-17T22:50:31.161263976Z	64	PC: 1325a \| Write file or device (Write 1480 bytes on handle 5)
2018-12-17T22:50:31.173798029Z	66	PC: 130dd \| Move file pointer
2018-12-17T22:50:31.175921274Z	47	PC: 130e3 \| Get disk transfer address
2018-12-17T22:50:31.17780829Z	64	PC: 130fe \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:50:31.181904125Z	87	PC: 13105 \| Get or set file date and time
2018-12-17T22:50:31.184286907Z	62	PC: 13109 \| Close file
2018-12-17T22:50:31.192245748Z	47	PC: 13143 \| Get disk transfer address
2018-12-17T22:50:31.195303684Z	67	PC: 1314d \| Get or set file attributes
2018-12-17T22:50:31.205453695Z	59	PC: 13114 \| Change current directory
2018-12-17T22:50:31.211304531Z	14	PC: 13159 \| Set default drive (Drive = 'A')
2018-12-17T22:50:31.217603159Z	59	PC: 13161 \| Change current directory
2018-12-17T22:50:31.230003508Z	26	PC: 1316d \| Set disk transfer address
2018-12-17T22:50:31.231557344Z	9	PC: 12a4a \| Display string (Could not find end pointer)
2018-12-17T22:50:31.23831833Z	76	PC: 12a4f \| Terminate with return code (Return code = '0')