Sample viewer

vx.netlux.org/Virus.DOS.Cha.1533.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:55:13.456910264Z 255 PC: 12a86 | UNKNOWN!
2018-12-17T22:55:13.458455891Z 53 PC: 12af5 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:55:13.46171434Z 53 PC: 12b0b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:13.463739439Z 37 PC: 12b2d | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:55:13.467431514Z 37 PC: 12b39 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:55:15.664548187Z 72 PC: 8f1b9 | Allocate memory
2018-12-17T22:55:15.667078476Z 72 PC: 8f1bd | Allocate memory
2018-12-17T22:55:15.670131429Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-17T22:55:15.674506949Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-17T22:55:15.686790111Z 66 PC: 91f95 | Move file pointer
2018-12-17T22:55:15.689045684Z 62 PC: 91fc1 | Close file
2018-12-17T22:55:15.692228771Z 75 PC: 91fe0 | Execute program
2018-12-17T22:55:15.711550052Z 98 PC: 916f1 | Get current PSP
2018-12-17T22:55:15.713589538Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-17T22:55:15.718735968Z 48 PC: c609 | Get DOS version
2018-12-17T22:55:15.723188453Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-17T22:55:15.726153359Z 2 PC: c38c | Character output (Char = '32')
2018-12-17T22:55:15.7288969Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-17T22:55:15.734214652Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-17T22:55:15.738639244Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-17T22:55:15.744023842Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\SMARTDRV.EXE')
2018-12-17T22:55:15.75684671Z 66 PC: 91f95 | Move file pointer
2018-12-17T22:55:15.758799713Z 62 PC: 91fc1 | Close file
2018-12-17T22:55:15.761384315Z 75 PC: 91fe0 | Execute program
2018-12-17T22:55:15.78792233Z 98 PC: 916f1 | Get current PSP
2018-12-17T22:55:15.793001784Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:55:15.794771703Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:55:15.797837569Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:55:15.800143907Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:55:15.802047227Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:55:15.804744861Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-17T22:55:15.814225583Z 62 PC: 8f8eb | Close file
2018-12-17T22:55:15.816484802Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.818700921Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.820874309Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.822481992Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.824035424Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.826549974Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.828087536Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.829580654Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.831745536Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.833346718Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.83501734Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.838123352Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.839874065Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.841280129Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.843793346Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.845208538Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.846621025Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.848215755Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.849814321Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.851175492Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.852944609Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.855830417Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.857632787Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.85925045Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.862037562Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.863938468Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.865877314Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.868693551Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.870969982Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.872862753Z 62 PC: 8f8f2 | Close file
2018-12-17T22:55:15.880620624Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-17T22:55:15.898289096Z 62 PC: 8f90e | Close file
2018-12-17T22:55:15.90202335Z 69 PC: 8f915 | Duplicate handle
2018-12-17T22:55:15.904342943Z 69 PC: 8f919 | Duplicate handle
2018-12-17T22:55:15.907316526Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T22:55:15.912612327Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T22:55:15.914367839Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T22:55:15.920435602Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T22:55:15.92264073Z 74 PC: 8f9c4 | Reallocate memory
2018-12-17T22:55:15.924510948Z 72 PC: 8f9e0 | Allocate memory
2018-12-17T22:55:15.927665921Z 72 PC: 8f9e4 | Allocate memory
2018-12-17T22:55:15.929472228Z 74 PC: 8f9fb | Reallocate memory
2018-12-17T22:55:15.931052871Z 72 PC: 8fa02 | Allocate memory
2018-12-17T22:55:15.933802663Z 72 PC: 8fa06 | Allocate memory
2018-12-17T22:55:15.935630131Z 73 PC: 8fa11 | Release memory
2018-12-17T22:55:15.93748011Z 73 PC: 8efea | Release memory
2018-12-17T22:55:15.940380085Z 74 PC: 8f003 | Reallocate memory
2018-12-17T22:55:15.942555938Z 72 PC: 8f054 | Allocate memory
2018-12-17T22:55:15.944748482Z 72 PC: 8f058 | Allocate memory
2018-12-17T22:55:15.946847259Z 73 PC: 8f060 | Release memory
2018-12-17T22:55:15.949741283Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-17T22:55:15.959749046Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:55:15.966680573Z 66 PC: 8f0ad | Move file pointer
2018-12-17T22:55:15.969033639Z 62 PC: 8f0d1 | Close file
2018-12-17T22:55:15.971083014Z 75 PC: 8f0f2 | Execute program
2018-12-17T22:55:15.992795292Z 80 PC: 12be9 | Set current PSP
2018-12-17T22:55:15.995405361Z 48 PC: 12bee | Get DOS version
2018-12-17T22:55:15.99686155Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-17T22:55:15.998887601Z 101 PC: 12c74 | Get extended country info
2018-12-17T22:55:16.001004813Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-17T22:55:16.002397883Z 74 PC: 12cdc | Reallocate memory
2018-12-17T22:55:16.003707226Z 72 PC: 1355d | Allocate memory
2018-12-17T22:55:16.005906272Z 25 PC: 13596 | Get default drive
2018-12-17T22:55:16.007098525Z 71 PC: 135ad | Get current directory
2018-12-17T22:55:16.009135156Z 59 PC: 135ba | Change current directory
2018-12-17T22:55:16.014006037Z 59 PC: 135c8 | Change current directory
2018-12-17T22:55:16.018567606Z 59 PC: 135d3 | Change current directory
2018-12-17T22:55:16.021354488Z 25 PC: 12d13 | Get default drive
2018-12-17T22:55:16.022782634Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:55:16.024414223Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:55:16.025525874Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:16.027512321Z 80 PC: 1301d | Set current PSP
2018-12-17T22:55:16.02889445Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T22:55:16.030149932Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:55:16.031322076Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:55:16.033225246Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-17T22:55:16.034697185Z 72 PC: 130ec | Allocate memory
2018-12-17T22:55:16.036294549Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-17T22:55:16.042402286Z 62 PC: 131ba | Close file
2018-12-17T22:55:16.044233661Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-17T22:55:16.045387752Z 74 PC: 1197c | Reallocate memory
2018-12-17T22:55:16.047513721Z 72 PC: 11991 | Allocate memory
2018-12-17T22:55:16.049021587Z 73 PC: 119b2 | Release memory
2018-12-17T22:55:16.050624722Z 72 PC: 119bd | Allocate memory
2018-12-17T22:55:16.053760059Z 73 PC: 119df | Release memory
2018-12-17T22:55:16.055540088Z 72 PC: 119f5 | Allocate memory
2018-12-17T22:55:16.0577848Z 72 PC: 119fd | Allocate memory