Sample viewer

vx.netlux.org/Virus.DOS.DNA.1206

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:55:11.909091369Z 48 PC: 12a50 | Get DOS version
2018-12-17T22:55:11.910436773Z 44 PC: 12a55 | Get time 0x12a55: cmp dl, 0
0x12a58: je 0x12a51
0x12a5a: ret
0x12a5b: add al, ch
0x12a5d: add byte ptr [bx + si], al
0x12a5f: pop bp
0x12a60: sub bp, 4
0x12a63: mov dl, byte ptr [bp]
0x12a66: lea bx, word ptr [bp + 0x27]
0x12a69: nop
0x12a6a: cmp dl, 0
0x12a6d: je 0x12a7e
0x12a6f: mov dh, dl
0x12a71: mov cx, 0x477
0x12a74: xor byte ptr [bx], dl
0x12a76: sub dl, dh
0x12a78: sub dh, 0x2e
0x12a7b: inc bx
0x12a7c: loop 0x12a74
0x12a7e: ret
2018-12-17T22:55:11.912188087Z 48 PC: 12a50 | Get DOS version
2018-12-17T22:55:11.913057154Z 25 PC: 12bd8 | Get default drive
2018-12-17T22:55:11.923349231Z 71 PC: 12c5a | Get current directory
2018-12-17T22:55:11.925620655Z 222 PC: 12dda | UNKNOWN!
2018-12-17T22:55:11.926259665Z 61 PC: 12de7 | Open file (Filename = '����H�+�e���&�>|')
2018-12-17T22:55:11.930933427Z 53 PC: 12df4 | Get interrupt vector (Interrupt = '208' AKA 'UNKNOWN!')
2018-12-17T22:55:11.931878529Z 37 PC: 12e17 | Set interrupt vector (Interrupt = '208' AKA 'UNKNOWN!')
2018-12-17T22:55:11.932678285Z 53 PC: 12c78 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:11.934380962Z 37 PC: 12c88 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:11.935489291Z 53 PC: 12ca6 | Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T22:55:11.936532821Z 44 PC: 12a55 | Get time 0x12a55: cmp dl, 0
0x12a58: je 0x12a51
0x12a5a: ret
0x12a5b: add al, ch
0x12a5d: add byte ptr [bx + si], al
0x12a5f: pop bp
0x12a60: sub bp, 4
0x12a63: mov dl, byte ptr [bp]
0x12a66: lea bx, word ptr [bp + 0x27]
0x12a69: nop
0x12a6a: cmp dl, 0
0x12a6d: je 0x12a7e
0x12a6f: mov dh, dl
0x12a71: mov cx, 0x477
0x12a74: xor byte ptr [bx], dl
0x12a76: sub dl, dh
0x12a78: sub dh, 0x2e
0x12a7b: inc bx
0x12a7c: loop 0x12a74
0x12a7e: ret
2018-12-17T22:55:11.938523128Z 47 PC: 12c5f | Get disk transfer address
2018-12-17T22:55:11.93993131Z 26 PC: 12c6b | Set disk transfer address
2018-12-17T22:55:11.941257127Z 44 PC: 12a55 | Get time 0x12a55: cmp dl, 0
0x12a58: je 0x12a51
0x12a5a: ret
0x12a5b: cmp bp, ax
0x12a5d: add byte ptr [bx + si], al
0x12a5f: pop bp
0x12a60: sub bp, 4
0x12a63: mov dl, byte ptr [bp]
0x12a66: lea bx, word ptr [bp + 0x27]
0x12a69: nop
0x12a6a: cmp dl, 0
0x12a6d: je 0x12a7e
0x12a6f: mov dh, dl
0x12a71: mov cx, 0x477
0x12a74: xor byte ptr [bx], dl
0x12a76: sub dl, dh
0x12a78: sub dh, 0x2e
0x12a7b: inc bx
0x12a7c: loop 0x12a74
0x12a7e: ret
2018-12-17T22:55:11.944200191Z 14 PC: 12d47 | Set default drive (Drive = 'C')
2018-12-17T22:55:11.946114923Z 59 PC: 12da6 | Change current directory
2018-12-17T22:55:11.951544669Z 78 PC: 12ac0 | Find first file
2018-12-17T22:55:11.959819026Z 61 PC: 12b90 | Open file (Filename = 'EDIT.COM')
2018-12-17T22:55:11.971209863Z 66 PC: 12b9b | Move file pointer
2018-12-17T22:55:11.972503615Z 66 PC: 12ba5 | Move file pointer
2018-12-17T22:55:11.974192069Z 63 PC: 12bb0 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:55:11.985368453Z 66 PC: 12d71 | Move file pointer
2018-12-17T22:55:11.991511313Z 62 PC: 12b85 | Close file
2018-12-17T22:55:12.003199052Z 79 PC: 12b33 | Find next file
2018-12-17T22:55:12.007368334Z 61 PC: 12b90 | Open file (Filename = 'FORMAT.COM')
2018-12-17T22:55:12.013960963Z 66 PC: 12b9b | Move file pointer
2018-12-17T22:55:12.01534139Z 66 PC: 12ba5 | Move file pointer
2018-12-17T22:55:12.017274507Z 63 PC: 12bb0 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:55:12.023904114Z 66 PC: 12d71 | Move file pointer
2018-12-17T22:55:12.025572717Z 62 PC: 12bc8 | Close file
2018-12-17T22:55:12.027606Z 67 PC: 12d7b | Get or set file attributes
2018-12-17T22:55:12.033959433Z 67 PC: 12d88 | Get or set file attributes
2018-12-17T22:55:12.599724905Z 86 PC: 12c27 | Rename file
2018-12-17T22:55:12.610700691Z 78 PC: 12aee | Find first file
2018-12-17T22:55:12.615010399Z 61 PC: 12af7 | Open file (Filename = 'FORMAT.TXT')
2018-12-17T22:55:12.621451523Z 87 PC: 12d5f | Get or set file date and time
2018-12-17T22:55:12.622659112Z 63 PC: 12b09 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:55:12.628550353Z 66 PC: 12d71 | Move file pointer
2018-12-17T22:55:12.62975898Z 66 PC: 12b1e | Move file pointer
2018-12-17T22:55:12.630932928Z 64 PC: 12b29 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:55:12.634222706Z 66 PC: 12d71 | Move file pointer
2018-12-17T22:55:12.635804133Z 64 PC: 552 | Write file or device (Write 1206 bytes on handle 5)
2018-12-17T22:55:12.643583271Z 87 PC: 12d55 | Get or set file date and time
2018-12-17T22:55:12.647573677Z 62 PC: 12b44 | Close file
2018-12-17T22:55:12.654099602Z 86 PC: 12c3e | Rename file
2018-12-17T22:55:12.664749979Z 67 PC: 12d9d | Get or set file attributes
2018-12-17T22:55:12.674579555Z 78 PC: 12d1e | Find first file
2018-12-17T22:55:12.680329868Z 78 PC: 12d1e | Find first file
2018-12-17T22:55:12.686080397Z 78 PC: 12d1e | Find first file
2018-12-17T22:55:12.692920262Z 26 PC: 12b55 | Set disk transfer address
2018-12-17T22:55:12.693857701Z 14 PC: 12b5d | Set default drive (Drive = 'A')
2018-12-17T22:55:12.69492008Z 59 PC: 12b65 | Change current directory
2018-12-17T22:55:12.699172762Z 37 PC: 12c9f | Set interrupt vector (Interrupt = '208' AKA 'UNKNOWN!')
2018-12-17T22:55:12.700128777Z 37 PC: 12c93 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')