Sample viewer

vx.netlux.org/Virus.DOS.SillyC.436.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:56:13.254158266Z	72	PC: 8f1b9 \| Allocate memory
2018-12-17T22:56:13.256194604Z	72	PC: 8f1bd \| Allocate memory
2018-12-17T22:56:13.257878084Z	99	PC: 90858 \| Get DBCS lead byte table pointer
2018-12-17T22:56:13.259834204Z	61	PC: 91f88 \| Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-17T22:56:13.267670878Z	66	PC: 91f95 \| Move file pointer
2018-12-17T22:56:13.269667259Z	62	PC: 91fc1 \| Close file
2018-12-17T22:56:13.272119942Z	75	PC: 91fe0 \| Execute program
2018-12-17T22:56:13.288334135Z	98	PC: 916f1 \| Get current PSP
2018-12-17T22:56:13.290883794Z	9	PC: c605 \| Display string (String= '6��r�&;]u')
2018-12-17T22:56:13.295471875Z	48	PC: c609 \| Get DOS version
2018-12-17T22:56:13.299109314Z	9	PC: c382 \| Display string (String= ' Installed A20 handler number ')
2018-12-17T22:56:13.302404426Z	2	PC: c38c \| Character output (Char = '32')
2018-12-17T22:56:13.304500104Z	2	PC: c3a7 \| Character output (Char = '2e')
2018-12-17T22:56:13.308147949Z	9	PC: c6d9 \| Display string (String= '��VH�VD��V@����_��Ku��t1��D��t �� a1��Z��W��5��\|��(��ǋ�(��p�^')
2018-12-17T22:56:13.312661448Z	9	PC: c6e0 \| Display string (String= '�5��\|��(��ǋ�(��p�^')
2018-12-17T22:56:13.317159037Z	61	PC: 91f88 \| Open file (Filename = 'C:\WINDOWS\SMARTDRV.EXE')
2018-12-17T22:56:13.327738041Z	66	PC: 91f95 \| Move file pointer
2018-12-17T22:56:13.33024468Z	62	PC: 91fc1 \| Close file
2018-12-17T22:56:13.332266273Z	75	PC: 91fe0 \| Execute program
2018-12-17T22:56:13.352018532Z	98	PC: 916f1 \| Get current PSP
2018-12-17T22:56:13.356881686Z	82	PC: 13d46 \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:56:13.358190239Z	53	PC: 13ac3 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:56:13.359619349Z	37	PC: 13ad6 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:56:13.361349897Z	53	PC: 13ae0 \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:56:13.363182635Z	37	PC: 13af3 \| Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:56:13.364607242Z	9	PC: 13a0d \| Display string (Could not find end pointer)
2018-12-17T22:56:13.372668843Z	62	PC: 8f8eb \| Close file
2018-12-17T22:56:13.374677923Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.37672744Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.379094798Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.385885506Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.387522251Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.389497805Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.391277082Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.392773386Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.394168531Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.398638743Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.400002764Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.401675283Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.409521414Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.410854824Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.412124087Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.416913816Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.418280919Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.419594068Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.422032603Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.423706873Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.425284017Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.428231115Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.429878959Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.43149609Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.433130473Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.435559801Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.436952906Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.438362251Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.441506858Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.443109142Z	62	PC: 8f8f2 \| Close file
2018-12-17T22:56:13.444684624Z	61	PC: 8f8ff \| Open file (Filename = '')
2018-12-17T22:56:13.44989564Z	62	PC: 8f90e \| Close file
2018-12-17T22:56:13.45143974Z	69	PC: 8f915 \| Duplicate handle
2018-12-17T22:56:13.452876386Z	69	PC: 8f919 \| Duplicate handle
2018-12-17T22:56:13.45519938Z	61	PC: 9387b \| Open file (Filename = '')
2018-12-17T22:56:13.459669805Z	68	PC: 9386b \| I/O control for devices (Set for = '')
2018-12-17T22:56:13.46093981Z	61	PC: 9387b \| Open file (Filename = '')
2018-12-17T22:56:13.466598554Z	68	PC: 9386b \| I/O control for devices (Set for = '')
2018-12-17T22:56:13.468757315Z	74	PC: 8f9c4 \| Reallocate memory
2018-12-17T22:56:13.470516764Z	72	PC: 8f9e0 \| Allocate memory
2018-12-17T22:56:13.473674959Z	72	PC: 8f9e4 \| Allocate memory
2018-12-17T22:56:13.475527633Z	74	PC: 8f9fb \| Reallocate memory
2018-12-17T22:56:13.477281852Z	72	PC: 8fa02 \| Allocate memory
2018-12-17T22:56:13.480340311Z	72	PC: 8fa06 \| Allocate memory
2018-12-17T22:56:13.482149062Z	73	PC: 8fa11 \| Release memory
2018-12-17T22:56:13.483936261Z	73	PC: 8efea \| Release memory
2018-12-17T22:56:13.48608632Z	74	PC: 8f003 \| Reallocate memory
2018-12-17T22:56:13.488396876Z	72	PC: 8f054 \| Allocate memory
2018-12-17T22:56:13.490477313Z	72	PC: 8f058 \| Allocate memory
2018-12-17T22:56:13.49294544Z	73	PC: 8f060 \| Release memory
2018-12-17T22:56:13.494660452Z	61	PC: 8f080 \| Open file (Filename = '')
2018-12-17T22:56:13.504247782Z	63	PC: 8f095 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:56:13.51028548Z	66	PC: 8f0ad \| Move file pointer
2018-12-17T22:56:13.512009992Z	62	PC: 8f0d1 \| Close file
2018-12-17T22:56:13.514049717Z	75	PC: 8f0f2 \| Execute program
2018-12-17T22:56:13.534662692Z	80	PC: 12be9 \| Set current PSP
2018-12-17T22:56:13.536429859Z	48	PC: 12bee \| Get DOS version
2018-12-17T22:56:13.538053742Z	99	PC: 193d0 \| Get DBCS lead byte table pointer
2018-12-17T22:56:13.540473493Z	101	PC: 12c74 \| Get extended country info
2018-12-17T22:56:13.542511993Z	99	PC: 12c7a \| Get DBCS lead byte table pointer
2018-12-17T22:56:13.543779931Z	74	PC: 12cdc \| Reallocate memory
2018-12-17T22:56:13.545577453Z	72	PC: 1355d \| Allocate memory
2018-12-17T22:56:13.548265313Z	25	PC: 13596 \| Get default drive
2018-12-17T22:56:13.549719111Z	71	PC: 135ad \| Get current directory
2018-12-17T22:56:13.552339887Z	59	PC: 135ba \| Change current directory
2018-12-17T22:56:13.558749253Z	59	PC: 135c8 \| Change current directory
2018-12-17T22:56:13.564278452Z	59	PC: 135d3 \| Change current directory
2018-12-17T22:56:13.568432925Z	25	PC: 12d13 \| Get default drive
2018-12-17T22:56:13.570290254Z	37	PC: 127d3 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:56:13.571396252Z	37	PC: 127da \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:56:13.572394622Z	37	PC: 127e1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:13.575326465Z	80	PC: 1301d \| Set current PSP
2018-12-17T22:56:13.576128456Z	37	PC: 13041 \| Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T22:56:13.577313033Z	53	PC: 13362 \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:56:13.578967933Z	37	PC: 13383 \| Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:56:13.580111336Z	51	PC: 13417 \| Get or set Ctrl-Break
2018-12-17T22:56:13.581992618Z	72	PC: 130ec \| Allocate memory
2018-12-17T22:56:13.58427204Z	61	PC: 131b2 \| Open file (Filename = '')
2018-12-17T22:56:13.590465191Z	62	PC: 131ba \| Close file
2018-12-17T22:56:13.592712469Z	51	PC: 1344c \| Get or set Ctrl-Break
2018-12-17T22:56:13.594612795Z	74	PC: 1197c \| Reallocate memory
2018-12-17T22:56:13.595857891Z	72	PC: 11991 \| Allocate memory
2018-12-17T22:56:13.597291183Z	73	PC: 119b2 \| Release memory
2018-12-17T22:56:13.599444788Z	72	PC: 119bd \| Allocate memory
2018-12-17T22:56:13.601000108Z	73	PC: 119df \| Release memory
2018-12-17T22:56:13.602569624Z	72	PC: 119f5 \| Allocate memory
2018-12-17T22:56:13.604970955Z	72	PC: 119fd \| Allocate memory