Sample viewer

vx.netlux.org/Virus.DOS.Sina.1208

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:52:55.375794793Z	255	PC: 12e37 \| UNKNOWN!
2018-12-17T22:52:55.377764834Z	53	PC: 12aa6 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:52:55.379841044Z	37	PC: 12ab8 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:52:55.381428616Z	74	PC: 12ac9 \| Reallocate memory
2018-12-17T22:52:55.383317585Z	75	PC: 12b76 \| Execute program
2018-12-17T22:52:55.406180311Z	76	PC: 13068 \| Terminate with return code (Return code = '76')
2018-12-17T22:52:55.409843573Z	53	PC: 12b76 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.41158292Z	37	PC: 12b76 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.41503798Z	67	PC: 12b76 \| Get or set file attributes
2018-12-17T22:52:55.424826819Z	67	PC: 12b76 \| Get or set file attributes
2018-12-17T22:52:55.773933072Z	61	PC: 12b76 \| Open file (Filename = 'C:\DOS\KEYB.COM')
2018-12-17T22:52:55.783039719Z	87	PC: 12b76 \| Get or set file date and time
2018-12-17T22:52:55.785821043Z	63	PC: 12b76 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:52:55.79202664Z	66	PC: 12b76 \| Move file pointer
2018-12-17T22:52:55.793918835Z	63	PC: 12b76 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:52:55.801607788Z	64	PC: 12b76 \| Write file or device (Write 1208 bytes on handle 5)
2018-12-17T22:52:55.811835981Z	66	PC: 12b76 \| Move file pointer
2018-12-17T22:52:55.813764283Z	64	PC: 12b76 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:52:55.817869485Z	87	PC: 12b76 \| Get or set file date and time
2018-12-17T22:52:55.82831679Z	62	PC: 12b76 \| Close file
2018-12-17T22:52:55.836567599Z	67	PC: 12b76 \| Get or set file attributes
2018-12-17T22:52:55.848491027Z	37	PC: 12b76 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.849750573Z	75	PC: 12afe \| Execute program
2018-12-17T22:52:55.851020689Z	65	PC: 12b76 \| Delete file (Filename = 'C:\DOS\CHKLIST.MS')
2018-12-17T22:52:55.858668415Z	65	PC: 12b76 \| Delete file (Filename = 'C:\DOS\CHKLIST.CPS')
2018-12-17T22:52:55.863901655Z	65	PC: 12b76 \| Delete file (Filename = 'C:\DOS\ANYCHECK.VAL')
2018-12-17T22:52:55.870342003Z	65	PC: 12b76 \| Delete file (Filename = 'C:\DOS\DOS.SIG')
2018-12-17T22:52:55.878281477Z	42	PC: 12b76 \| Get date 0x12b76: ret 0x12b77: nop 0x12b78: iret 0x12b79: push bp 0x12b7a: add word ptr [bx + 0x11], dx 0x12b7d: push ax 0x12b7e: push bx 0x12b7f: push ds 0x12b80: push dx 0x12b81: push es 0x12b82: mov ax, 0x3524 0x12b85: call 0x22b70 0x12b88: mov word ptr cs:[0x239], bx 0x12b8d: mov word ptr cs:[0x23b], es 0x12b92: push cs 0x12b93: pop ds 0x12b94: mov dx, 0x237 0x12b97: mov ax, 0x2524 0x12b9a: call 0x22b70 0x12b9d: pop es
2018-12-17T22:52:55.882258017Z	77	PC: 12b46 \| Get program return code
2018-12-17T22:52:55.883913216Z	49	PC: 12b55 \| Terminate and stay resident (Return code = '76' \| Memory size = '92')