Sample viewer

vx.netlux.org/Virus.DOS.Sirius.623

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:56:17.669902473Z	53	PC: 1de7f \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:17.67236871Z	37	PC: 1de93 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:17.673772279Z	47	PC: 1de98 \| Get disk transfer address
2018-12-17T22:56:17.675055793Z	26	PC: 1deaa \| Set disk transfer address
2018-12-17T22:56:17.677061865Z	25	PC: 1deae \| Get default drive
2018-12-17T22:56:17.678751803Z	71	PC: 1debb \| Get current directory
2018-12-17T22:56:17.682339709Z	14	PC: 1ded1 \| Set default drive (Drive = 'C')
2018-12-17T22:56:17.68415911Z	59	PC: 1e066 \| Change current directory
2018-12-17T22:56:17.689584472Z	44	PC: 1ded8 \| Get time 0x1ded8: shr dl, 1 0x1deda: shr dl, 1 0x1dedc: add dl, 0x40 0x1dedf: mov byte ptr [bp + 0x245], dl 0x1dee3: xor bx, bx 0x1dee5: mov ah, 0x4e 0x1dee7: lea dx, word ptr [bp + 0x245] 0x1deeb: mov cx, 0x11 0x1deee: int 0x21 0x1def0: jae 0x1df0d 0x1def2: mov al, byte ptr [bp + 0x245] 0x1def6: inc al 0x1def8: cmp al, 0x90 0x1defa: jbe 0x1defe 0x1defc: sub al, 0x26 0x1defe: mov byte ptr [bp + 0x245], al 0x1df02: inc bh 0x1df04: cmp bh, 0x1b 0x1df07: je 0x1debb 0x1df09: jmp 0x1dee5
2018-12-17T22:56:17.691972753Z	78	PC: 1def0 \| Find first file
2018-12-17T22:56:17.698050832Z	78	PC: 1def0 \| Find first file
2018-12-17T22:56:17.704368942Z	78	PC: 1def0 \| Find first file
2018-12-17T22:56:17.71029214Z	78	PC: 1def0 \| Find first file
2018-12-17T22:56:17.71696099Z	78	PC: 1def0 \| Find first file
2018-12-17T22:56:17.724447557Z	78	PC: 1def0 \| Find first file
2018-12-17T22:56:17.730094927Z	78	PC: 1def0 \| Find first file
2018-12-17T22:56:17.735942331Z	78	PC: 1def0 \| Find first file
2018-12-17T22:56:17.742512436Z	59	PC: 1df14 \| Change current directory
2018-12-17T22:56:17.752003913Z	78	PC: 1df1f \| Find first file
2018-12-17T22:56:17.761495451Z	67	PC: 1df7b \| Get or set file attributes
2018-12-17T22:56:17.769020951Z	67	PC: 1df88 \| Get or set file attributes
2018-12-17T22:56:18.107421417Z	61	PC: 1df90 \| Open file (Filename = 'WIN.COM')
2018-12-17T22:56:18.115724841Z	87	PC: 1df96 \| Get or set file date and time
2018-12-17T22:56:18.118453111Z	44	PC: 1dfa9 \| Get time 0x1dfa9: add dx, bp 0x1dfab: or dx, dx 0x1dfad: je 0x1dfa5 0x1dfaf: mov word ptr [bp + 0x25c], dx 0x1dfb3: mov ah, 0x3f 0x1dfb5: lea dx, word ptr [bp + 0x23c] 0x1dfb9: mov cx, 3 0x1dfbc: int 0x21 0x1dfbe: mov ax, 0x4202 0x1dfc1: xor cx, cx 0x1dfc3: cdq 0x1dfc4: int 0x21 0x1dfc6: sub ax, 3 0x1dfc9: mov word ptr cs:[0xfa79], ax 0x1dfcd: mov byte ptr cs:[0xfa78], 0xe9 0x1dfd3: nop 0x1dfd4: nop 0x1dfd5: nop 0x1dfd6: lea si, word ptr [bp - 5] 0x1dfd9: mov di, 0xfb2c
2018-12-17T22:56:18.12096284Z	63	PC: 1dfbe \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:56:18.126411826Z	66	PC: 1dfc6 \| Move file pointer
2018-12-17T22:56:18.128827338Z	64	PC: 1dff2 \| Write file or device (Write 623 bytes on handle 5)
2018-12-17T22:56:18.135583482Z	66	PC: 1dffa \| Move file pointer
2018-12-17T22:56:18.136910467Z	64	PC: 1e004 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:56:18.13979434Z	87	PC: 1e019 \| Get or set file date and time
2018-12-17T22:56:18.142073496Z	62	PC: 1e01d \| Close file
2018-12-17T22:56:18.14790471Z	67	PC: 1e02a \| Get or set file attributes
2018-12-17T22:56:18.156421615Z	14	PC: 1e070 \| Set default drive (Drive = 'A')
2018-12-17T22:56:18.158502618Z	59	PC: 1e066 \| Change current directory
2018-12-17T22:56:18.162803285Z	59	PC: 1e078 \| Change current directory
2018-12-17T22:56:18.164268399Z	37	PC: 1e043 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:18.166546343Z	26	PC: 1e053 \| Set disk transfer address
2018-12-17T22:56:18.167596938Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000B400h/0000046080d bytes. ')
2018-12-17T22:56:18.170667041Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')