Sample viewer

vx.netlux.org/Virus.DOS.Vienna.604.dam

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:15:56.268157503Z	72	PC: 8f1b9 \| Allocate memory
2018-12-17T23:15:56.270278171Z	72	PC: 8f1bd \| Allocate memory
2018-12-17T23:15:56.272791177Z	99	PC: 90858 \| Get DBCS lead byte table pointer
2018-12-17T23:15:56.275827115Z	61	PC: 91f88 \| Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-17T23:15:56.288210236Z	66	PC: 91f95 \| Move file pointer
2018-12-17T23:15:56.289804358Z	62	PC: 91fc1 \| Close file
2018-12-17T23:15:56.29214113Z	75	PC: 91fe0 \| Execute program
2018-12-17T23:15:56.310267337Z	98	PC: 916f1 \| Get current PSP
2018-12-17T23:15:56.31199268Z	9	PC: c605 \| Display string (String= '6��r�&;]u')
2018-12-17T23:15:56.316641186Z	48	PC: c609 \| Get DOS version
2018-12-17T23:15:56.320261332Z	9	PC: c382 \| Display string (String= ' Installed A20 handler number ')
2018-12-17T23:15:56.323542069Z	2	PC: c38c \| Character output (Char = '32')
2018-12-17T23:15:56.325774163Z	2	PC: c3a7 \| Character output (Char = '2e')
2018-12-17T23:15:56.329312177Z	9	PC: c6d9 \| Display string (String= '��VH�VD��V@����_��Ku��t1��D��t �� a1��Z��W��5��\|��(��ǋ�(��p�^')
2018-12-17T23:15:56.334394446Z	9	PC: c6e0 \| Display string (String= '�5��\|��(��ǋ�(��p�^')
2018-12-17T23:15:56.339445755Z	61	PC: 91f88 \| Open file (Filename = 'C:\WINDOWS\SMARTDRV.EXE')
2018-12-17T23:15:56.351391557Z	66	PC: 91f95 \| Move file pointer
2018-12-17T23:15:56.356489555Z	62	PC: 91fc1 \| Close file
2018-12-17T23:15:56.358988157Z	75	PC: 91fe0 \| Execute program
2018-12-17T23:15:56.383086989Z	98	PC: 916f1 \| Get current PSP
2018-12-17T23:15:56.387912167Z	82	PC: 13d46 \| Get DOS internal pointers (SYSVARS)
2018-12-17T23:15:56.389291964Z	53	PC: 13ac3 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:15:56.390462582Z	37	PC: 13ad6 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:15:56.391790485Z	53	PC: 13ae0 \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:15:56.393378553Z	37	PC: 13af3 \| Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:15:56.39465152Z	9	PC: 13a0d \| Display string (Could not find end pointer)
2018-12-17T23:15:56.403331939Z	62	PC: 8f8eb \| Close file
2018-12-17T23:15:56.405428117Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.407198916Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.408629959Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.410591363Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.411819424Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.413017703Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.414631062Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.415783492Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.416802434Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.418424751Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.419810644Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.421106054Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.423328633Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.425408239Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.426646145Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.428307389Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.429473921Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.430626141Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.432081942Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.433433733Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.435033297Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.436903321Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.438496399Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.439932388Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.441460967Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.443153192Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.444663685Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.446128459Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.448119977Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.449680375Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:15:56.451152569Z	61	PC: 8f8ff \| Open file (Filename = '')
2018-12-17T23:15:56.456654718Z	62	PC: 8f90e \| Close file
2018-12-17T23:15:56.45841336Z	69	PC: 8f915 \| Duplicate handle
2018-12-17T23:15:56.460060893Z	69	PC: 8f919 \| Duplicate handle
2018-12-17T23:15:56.46207143Z	61	PC: 9387b \| Open file (Filename = '')
2018-12-17T23:15:56.465341036Z	68	PC: 9386b \| I/O control for devices (Set for = '')
2018-12-17T23:15:56.466345877Z	61	PC: 9387b \| Open file (Filename = '')
2018-12-17T23:15:56.469741249Z	68	PC: 9386b \| I/O control for devices (Set for = '')
2018-12-17T23:15:56.47097169Z	74	PC: 8f9c4 \| Reallocate memory
2018-12-17T23:15:56.471949769Z	72	PC: 8f9e0 \| Allocate memory
2018-12-17T23:15:56.474013988Z	72	PC: 8f9e4 \| Allocate memory
2018-12-17T23:15:56.476569561Z	74	PC: 8f9fb \| Reallocate memory
2018-12-17T23:15:56.477985763Z	72	PC: 8fa02 \| Allocate memory
2018-12-17T23:15:56.480160543Z	72	PC: 8fa06 \| Allocate memory
2018-12-17T23:15:56.481767397Z	73	PC: 8fa11 \| Release memory
2018-12-17T23:15:56.483360797Z	73	PC: 8efea \| Release memory
2018-12-17T23:15:56.485138565Z	74	PC: 8f003 \| Reallocate memory
2018-12-17T23:15:56.486503774Z	72	PC: 8f054 \| Allocate memory
2018-12-17T23:15:56.488128445Z	72	PC: 8f058 \| Allocate memory
2018-12-17T23:15:56.498146226Z	73	PC: 8f060 \| Release memory
2018-12-17T23:15:56.499721039Z	61	PC: 8f080 \| Open file (Filename = '')
2018-12-17T23:15:56.509388004Z	63	PC: 8f095 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:15:56.515802298Z	66	PC: 8f0ad \| Move file pointer
2018-12-17T23:15:56.517373779Z	62	PC: 8f0d1 \| Close file
2018-12-17T23:15:56.51927466Z	75	PC: 8f0f2 \| Execute program
2018-12-17T23:15:56.543113495Z	80	PC: 12be9 \| Set current PSP
2018-12-17T23:15:56.544447242Z	48	PC: 12bee \| Get DOS version
2018-12-17T23:15:56.546534916Z	99	PC: 193d0 \| Get DBCS lead byte table pointer
2018-12-17T23:15:56.549637747Z	101	PC: 12c74 \| Get extended country info
2018-12-17T23:15:56.552113992Z	99	PC: 12c7a \| Get DBCS lead byte table pointer
2018-12-17T23:15:56.553430217Z	74	PC: 12cdc \| Reallocate memory
2018-12-17T23:15:56.554792671Z	72	PC: 1355d \| Allocate memory
2018-12-17T23:15:56.556611151Z	25	PC: 13596 \| Get default drive
2018-12-17T23:15:56.557688521Z	71	PC: 135ad \| Get current directory
2018-12-17T23:15:56.560212974Z	59	PC: 135ba \| Change current directory
2018-12-17T23:15:56.566289388Z	59	PC: 135c8 \| Change current directory
2018-12-17T23:15:56.569968841Z	59	PC: 135d3 \| Change current directory
2018-12-17T23:15:56.573740415Z	25	PC: 12d13 \| Get default drive
2018-12-17T23:15:56.575207354Z	37	PC: 127d3 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:15:56.580846118Z	37	PC: 127da \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:15:56.581687109Z	37	PC: 127e1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:15:56.584183543Z	80	PC: 1301d \| Set current PSP
2018-12-17T23:15:56.58487264Z	37	PC: 13041 \| Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T23:15:56.585807202Z	53	PC: 13362 \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:15:56.587742444Z	37	PC: 13383 \| Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:15:56.588740447Z	51	PC: 13417 \| Get or set Ctrl-Break
2018-12-17T23:15:56.590081374Z	72	PC: 130ec \| Allocate memory
2018-12-17T23:15:56.591807733Z	61	PC: 131b2 \| Open file (Filename = '')
2018-12-17T23:15:56.598584931Z	62	PC: 131ba \| Close file
2018-12-17T23:15:56.600727724Z	51	PC: 1344c \| Get or set Ctrl-Break
2018-12-17T23:15:56.602279674Z	74	PC: 1197c \| Reallocate memory
2018-12-17T23:15:56.603787858Z	72	PC: 11991 \| Allocate memory
2018-12-17T23:15:56.605635794Z	73	PC: 119b2 \| Release memory
2018-12-17T23:15:56.607524352Z	72	PC: 119bd \| Allocate memory
2018-12-17T23:15:56.609295018Z	73	PC: 119df \| Release memory
2018-12-17T23:15:56.610643895Z	72	PC: 119f5 \| Allocate memory
2018-12-17T23:15:56.612829133Z	72	PC: 119fd \| Allocate memory