Sample viewer

vx.netlux.org/Virus.DOS.Made.334.c

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:51:16.492183542Z	44	PC: 13e88 \| Get time 0x13e88: cmp word ptr [si + 0x11b], 0 0x13e8d: je 0x13e9b 0x13e8f: cmp word ptr [si + 0x11c], 0 0x13e94: je 0x13e9b 0x13e96: cmp dh, 0xf 0x13e99: jle 0x13ea9 0x13e9b: cmp dl, 0 0x13e9e: je 0x13e84 0x13ea0: cmp dh, 0 0x13ea3: je 0x13e84 0x13ea5: mov word ptr [si + 0x11b], dx 0x13ea9: mov bp, word ptr [si + 0x236] 0x13ead: add bp, 0x103 0x13eb1: lea dx, word ptr [si + 0x238] 0x13eb5: xor cx, cx 0x13eb7: mov ah, 0x4e 0x13eb9: int 0x21 0x13ebb: jb 0x13f39 0x13ebd: mov ax, 0x3d02 0x13ec0: mov dx, 0x9e
2018-12-17T21:51:16.495579001Z	78	PC: 13ebb \| Find first file
2018-12-17T21:51:16.501777483Z	61	PC: 13ec5 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T21:51:16.508447576Z	63	PC: 13f42 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:51:16.515638765Z	79	PC: 13ebb \| Find next file
2018-12-17T21:51:16.518573756Z	61	PC: 13ec5 \| Open file (Filename = 'PRINT.COM')
2018-12-17T21:51:16.525326907Z	63	PC: 13f42 \| Read file or device (Read 3 bytes on handle 6)
2018-12-17T21:51:16.533144717Z	79	PC: 13ebb \| Find next file
2018-12-17T21:51:16.536861479Z	61	PC: 13ec5 \| Open file (Filename = 'HELLO.COM')
2018-12-17T21:51:16.544906783Z	63	PC: 13f42 \| Read file or device (Read 3 bytes on handle 7)
2018-12-17T21:51:16.551620727Z	79	PC: 13ebb \| Find next file
2018-12-17T21:51:16.554695314Z	61	PC: 13ec5 \| Open file (Filename = 'PHANG.COM')
2018-12-17T21:51:16.56219049Z	63	PC: 13f42 \| Read file or device (Read 3 bytes on handle 8)
2018-12-17T21:51:16.569006858Z	79	PC: 13ebb \| Find next file
2018-12-17T21:51:16.571921118Z	61	PC: 13ec5 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T21:51:16.578461473Z	63	PC: 13f42 \| Read file or device (Read 3 bytes on handle 9)
2018-12-17T21:51:16.585042282Z	79	PC: 13ebb \| Find next file
2018-12-17T21:51:16.588974332Z	61	PC: 13ec5 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T21:51:16.595479401Z	63	PC: 13f42 \| Read file or device (Read 3 bytes on handle 10)
2018-12-17T21:51:16.60192838Z	79	PC: 13ebb \| Find next file
2018-12-17T21:51:16.605141878Z	61	PC: 13ec5 \| Open file (Filename = 'PAH.COM')
2018-12-17T21:51:16.612395453Z	63	PC: 13f42 \| Read file or device (Read 3 bytes on handle 11)
2018-12-17T21:51:16.618506573Z	79	PC: 13ebb \| Find next file
2018-12-17T21:51:16.621484925Z	61	PC: 13ec5 \| Open file (Filename = 'TEST.COM')
2018-12-17T21:51:16.637237007Z	63	PC: 13f42 \| Read file or device (Read 3 bytes on handle 12)
2018-12-17T21:51:16.639972559Z	66	PC: 13f42 \| Move file pointer
2018-12-17T21:51:16.642205611Z	63	PC: 13f42 \| Read file or device (Read 2 bytes on handle 12)
2018-12-17T21:51:16.644208955Z	79	PC: 13ebb \| Find next file
2018-12-17T21:51:16.645865681Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=00001400h/0000005120d bytes. ')
2018-12-17T21:51:16.649052905Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')