Sample viewer

vx.netlux.org/Virus.DOS.Flash.695

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:59:56.112319263Z 72 PC: 8f1b9 | Allocate memory
2018-12-17T21:59:56.115158759Z 72 PC: 8f1bd | Allocate memory
2018-12-17T21:59:56.117293588Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-17T21:59:56.119947208Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-17T21:59:56.130680656Z 66 PC: 91f95 | Move file pointer
2018-12-17T21:59:56.132104115Z 62 PC: 91fc1 | Close file
2018-12-17T21:59:56.13413491Z 75 PC: 91fe0 | Execute program
2018-12-17T21:59:56.150593559Z 98 PC: 916f1 | Get current PSP
2018-12-17T21:59:56.151807386Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-17T21:59:56.155815501Z 48 PC: c609 | Get DOS version
2018-12-17T21:59:56.159144781Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-17T21:59:56.16174225Z 2 PC: c38c | Character output (Char = '32')
2018-12-17T21:59:56.164034547Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-17T21:59:56.167493939Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-17T21:59:56.172354927Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-17T21:59:56.177615499Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\SMARTDRV.EXE')
2018-12-17T21:59:56.187376339Z 66 PC: 91f95 | Move file pointer
2018-12-17T21:59:56.190376686Z 62 PC: 91fc1 | Close file
2018-12-17T21:59:56.192509523Z 75 PC: 91fe0 | Execute program
2018-12-17T21:59:56.212081179Z 98 PC: 916f1 | Get current PSP
2018-12-17T21:59:56.217674907Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-17T21:59:56.218957325Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:59:56.220100652Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:59:56.221941399Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T21:59:56.223502587Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T21:59:56.224865768Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-17T21:59:56.23372284Z 62 PC: 8f8eb | Close file
2018-12-17T21:59:56.235614048Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.237296984Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.239355229Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.240694414Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.242022951Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.245215544Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.246550321Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.247990731Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.24944909Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.25102206Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.253147386Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.254449432Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.25651417Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.257933374Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.259328395Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.261747007Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.26319799Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.264640531Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.266647327Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.268008103Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.269411591Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.272056361Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.273500406Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.274888103Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.277073779Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.278853398Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.280717255Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.283420105Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.285292732Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.287271276Z 62 PC: 8f8f2 | Close file
2018-12-17T21:59:56.289934688Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-17T21:59:56.294962938Z 62 PC: 8f90e | Close file
2018-12-17T21:59:56.297033877Z 69 PC: 8f915 | Duplicate handle
2018-12-17T21:59:56.299730802Z 69 PC: 8f919 | Duplicate handle
2018-12-17T21:59:56.301469529Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T21:59:56.306073653Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T21:59:56.308819547Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T21:59:56.313461365Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T21:59:56.31521191Z 74 PC: 8f9c4 | Reallocate memory
2018-12-17T21:59:56.31718302Z 72 PC: 8f9e0 | Allocate memory
2018-12-17T21:59:56.319066924Z 72 PC: 8f9e4 | Allocate memory
2018-12-17T21:59:56.320714317Z 74 PC: 8f9fb | Reallocate memory
2018-12-17T21:59:56.322706007Z 72 PC: 8fa02 | Allocate memory
2018-12-17T21:59:56.324313017Z 72 PC: 8fa06 | Allocate memory
2018-12-17T21:59:56.325743521Z 73 PC: 8fa11 | Release memory
2018-12-17T21:59:56.327563338Z 73 PC: 8efea | Release memory
2018-12-17T21:59:56.328776016Z 74 PC: 8f003 | Reallocate memory
2018-12-17T21:59:56.330218374Z 72 PC: 8f054 | Allocate memory
2018-12-17T21:59:56.332424164Z 72 PC: 8f058 | Allocate memory
2018-12-17T21:59:56.334738279Z 73 PC: 8f060 | Release memory
2018-12-17T21:59:56.336108953Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-17T21:59:56.347283355Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T21:59:56.352820271Z 66 PC: 8f0ad | Move file pointer
2018-12-17T21:59:56.354589693Z 62 PC: 8f0d1 | Close file
2018-12-17T21:59:56.356769059Z 75 PC: 8f0f2 | Execute program
2018-12-17T21:59:56.379431313Z 80 PC: 12be9 | Set current PSP
2018-12-17T21:59:56.380487683Z 48 PC: 12bee | Get DOS version
2018-12-17T21:59:56.382170236Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-17T21:59:56.384973228Z 101 PC: 12c74 | Get extended country info
2018-12-17T21:59:56.386090227Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-17T21:59:56.387170591Z 74 PC: 12cdc | Reallocate memory
2018-12-17T21:59:56.388620465Z 72 PC: 1355d | Allocate memory
2018-12-17T21:59:56.390135107Z 25 PC: 13596 | Get default drive
2018-12-17T21:59:56.391245202Z 71 PC: 135ad | Get current directory
2018-12-17T21:59:56.394118819Z 59 PC: 135ba | Change current directory
2018-12-17T21:59:56.39927046Z 59 PC: 135c8 | Change current directory
2018-12-17T21:59:56.404900087Z 59 PC: 135d3 | Change current directory
2018-12-17T21:59:56.409229508Z 25 PC: 12d13 | Get default drive
2018-12-17T21:59:56.411474579Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T21:59:56.41284826Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:59:56.415638289Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:59:56.417937099Z 80 PC: 1301d | Set current PSP
2018-12-17T21:59:56.419096474Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T21:59:56.421544037Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T21:59:56.422927419Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T21:59:56.424032502Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-17T21:59:56.427202296Z 72 PC: 130ec | Allocate memory
2018-12-17T21:59:56.42915874Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-17T21:59:56.434986772Z 62 PC: 131ba | Close file
2018-12-17T21:59:56.437384813Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-17T21:59:56.438373768Z 74 PC: 1197c | Reallocate memory
2018-12-17T21:59:56.439816656Z 72 PC: 11991 | Allocate memory
2018-12-17T21:59:56.442301138Z 73 PC: 119b2 | Release memory
2018-12-17T21:59:56.444209596Z 72 PC: 119bd | Allocate memory
2018-12-17T21:59:56.445972208Z 73 PC: 119df | Release memory
2018-12-17T21:59:56.44839982Z 72 PC: 119f5 | Allocate memory
2018-12-17T21:59:56.450349627Z 72 PC: 119fd | Allocate memory