Sample viewer

vx.netlux.org/Virus.DOS.MtE.Darkness

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:50:41.508986891Z 48 PC: 13c37 | Get DOS version
2018-12-17T22:50:41.510608792Z 82 PC: 13c56 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:50:41.512577829Z 26 PC: 12a87 | Set disk transfer address
2018-12-17T22:50:41.513677901Z 15 PC: 12a90 | Open file (Filename = ' win TEMP=C:\WINDOWS\TEMP �>ptr to alias list* Dosedit Date_:11-20-83 By Jack Gersbach �* ��!����\�! �up�\�G')
2018-12-17T22:50:41.516171094Z 9 PC: 131e7 | Display string (String= ' Alias List: ')
2018-12-17T22:50:41.519369799Z 2 PC: 12c37 | Character output (Char = '0d')
2018-12-17T22:50:41.520835282Z 2 PC: 12c37 | Character output (Char = '0a')
2018-12-17T22:50:41.526414965Z 49 PC: 13294 | Terminate and stay resident (Return code = '0' | Memory size = '147')
2018-12-17T22:50:41.528137388Z 77 PC: 11fe0 | Get program return code
2018-12-17T22:50:41.529343521Z 72 PC: 12174 | Allocate memory
2018-12-17T22:50:41.531458298Z 72 PC: 1218d | Allocate memory
2018-12-17T22:50:41.53311624Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:50:41.534198376Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:50:41.535811017Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:41.536839975Z 69 PC: 9dcff | Duplicate handle
2018-12-17T22:50:41.538091323Z 62 PC: 122ab | Close file
2018-12-17T22:50:41.539544425Z 69 PC: 9dcff | Duplicate handle
2018-12-17T22:50:41.540987353Z 62 PC: 122ab | Close file
2018-12-17T22:50:41.542165264Z 69 PC: 9dcff | Duplicate handle
2018-12-17T22:50:41.543732941Z 62 PC: 122ab | Close file
2018-12-17T22:50:41.545566314Z 69 PC: 9dcff | Duplicate handle
2018-12-17T22:50:41.546818295Z 62 PC: 122ab | Close file
2018-12-17T22:50:41.54808298Z 69 PC: 9dcff | Duplicate handle
2018-12-17T22:50:41.550049618Z 62 PC: 122ab | Close file
2018-12-17T22:50:41.551796961Z 69 PC: 9dcff | Duplicate handle
2018-12-17T22:50:41.553962759Z 62 PC: 122ab | Close file
2018-12-17T22:50:41.555973978Z 69 PC: 9dcff | Duplicate handle
2018-12-17T22:50:41.557341533Z 62 PC: 122ab | Close file
2018-12-17T22:50:41.558646136Z 69 PC: 9dcff | Duplicate handle
2018-12-17T22:50:41.560509725Z 62 PC: 122ab | Close file
2018-12-17T22:50:41.561868532Z 69 PC: 9dcff | Duplicate handle
2018-12-17T22:50:41.563451412Z 62 PC: 122ab | Close file
2018-12-17T22:50:41.565794349Z 69 PC: 9dcff | Duplicate handle
2018-12-17T22:50:41.568657938Z 62 PC: 122ab | Close file
2018-12-17T22:50:41.57121043Z 69 PC: 9dcff | Duplicate handle
2018-12-17T22:50:41.574628007Z 62 PC: 122ab | Close file
2018-12-17T22:50:41.57641045Z 69 PC: 9dcff | Duplicate handle
2018-12-17T22:50:41.57811276Z 62 PC: 122ab | Close file
2018-12-17T22:50:41.582511873Z 69 PC: 9dcff | Duplicate handle
2018-12-17T22:50:41.584373918Z 62 PC: 122ab | Close file
2018-12-17T22:50:41.586129668Z 69 PC: 9dcff | Duplicate handle
2018-12-17T22:50:41.588887974Z 62 PC: 122ab | Close file
2018-12-17T22:50:41.59052221Z 69 PC: 9dcff | Duplicate handle
2018-12-17T22:50:41.592173261Z 62 PC: 122ab | Close file
2018-12-17T22:50:41.595445733Z 61 PC: 12354 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:50:41.602730747Z 66 PC: 12372 | Move file pointer
2018-12-17T22:50:41.60454698Z 63 PC: 12383 | Read file or device (Read 44693 bytes on handle 5)
2018-12-17T22:50:41.617577978Z 69 PC: 9dcff | Duplicate handle
2018-12-17T22:50:41.619748673Z 51 PC: 9dcff | Get or set Ctrl-Break
2018-12-17T22:50:41.620663532Z 51 PC: 9dcff | Get or set Ctrl-Break
2018-12-17T22:50:41.622180682Z 53 PC: 9dcff | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:41.623629337Z 37 PC: 9dcff | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:41.624939153Z 53 PC: 9dcff | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:50:41.638293382Z 37 PC: 9dcff | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:50:41.640280488Z 98 PC: 9dcff | Get current PSP
2018-12-17T22:50:41.641910942Z 66 PC: 9dcff | Move file pointer
2018-12-17T22:50:41.644471934Z 63 PC: 9dcff | Read file or device (Read 24 bytes on handle 6)
2018-12-17T22:50:41.647774936Z 66 PC: 9dcff | Move file pointer
2018-12-17T22:50:41.656628142Z 64 PC: 9dcff | Write file or device (Write 3479 bytes on handle 6)
2018-12-17T22:50:41.996547261Z 66 PC: 9dcff | Move file pointer
2018-12-17T22:50:41.998550512Z 64 PC: 9dcff | Write file or device (Write 0 bytes on handle 6)
2018-12-17T22:50:42.005700735Z 66 PC: 9dcff | Move file pointer
2018-12-17T22:50:42.008085126Z 64 PC: 9dcff | Write file or device (Write 24 bytes on handle 6)
2018-12-17T22:50:42.020544152Z 66 PC: 9dcff | Move file pointer
2018-12-17T22:50:42.022158237Z 62 PC: 9dcff | Close file
2018-12-17T22:50:42.029039729Z 37 PC: 9dcff | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:50:42.042305414Z 37 PC: 9dcff | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:42.04345245Z 51 PC: 9dcff | Get or set Ctrl-Break
2018-12-17T22:50:42.045087535Z 62 PC: 1238a | Close file
2018-12-17T22:50:42.048263248Z 99 PC: 981c7 | Get DBCS lead byte table pointer
2018-12-17T22:50:42.049755783Z 56 PC: 929e9 | Get or set country info
2018-12-17T22:50:42.052630738Z 64 PC: 98438 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:50:42.057536351Z 25 PC: 92a52 | Get default drive
2018-12-17T22:50:42.059528456Z 71 PC: 94ccd | Get current directory
2018-12-17T22:50:42.071159963Z 64 PC: 98438 | Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:50:42.074821622Z 2 PC: 94ca2 | Character output (Char = '3e')
2018-12-17T22:50:42.07740408Z 93 PC: 92b10 | File sharing functions
2018-12-17T22:50:42.079841149Z 93 PC: 92b17 | File sharing functions
2018-12-17T22:50:42.082887512Z 8 PC: 12da0 | Console input without echo