Sample viewer

vx.netlux.org/Virus.DOS.Int12.818

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:51:21.950307621Z	53	PC: 12c47 \| Get interrupt vector (Interrupt = '18' AKA 'Find next file')
2018-12-17T21:51:21.9519685Z	53	PC: 12c55 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:51:21.953433025Z	37	PC: 12c5e \| Set interrupt vector (Interrupt = '18' AKA 'Find next file')
2018-12-17T21:51:21.955060873Z	47	PC: 12c63 \| Get disk transfer address
2018-12-17T21:51:21.956899495Z	26	PC: 12c72 \| Set disk transfer address
2018-12-17T21:51:21.958267623Z	53	PC: 12c77 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:51:21.960011702Z	37	PC: 12c89 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:51:21.962248833Z	98	PC: 12c8f \| Get current PSP
2018-12-17T21:51:21.963728263Z	96	PC: 12cf0 \| Qualify filename
2018-12-17T21:51:21.968381876Z	78	PC: 12cfa \| Find first file
2018-12-17T21:51:21.975450097Z	44	PC: 12d72 \| Get time 0x12d72: add cx, dx 0x12d74: mov bx, cx 0x12d76: mov ah, 0x2a 0x12d78: int 0x21 0x12d7a: add cx, dx 0x12d7c: add bx, cx 0x12d7e: add word ptr [0x44a], bx 0x12d82: mov dl, 0 0x12d84: cmp byte ptr [0x44d], 0x3a 0x12d89: jne 0x12d92 0x12d8b: mov dl, byte ptr [0x44c] 0x12d8f: sub dl, 0x40 0x12d92: mov ah, 0x36 0x12d94: int 0x21 0x12d96: mul bx 0x12d98: mul cx 0x12d9a: or dx, dx 0x12d9c: jne 0x12da7 0x12d9e: cmp ax, word ptr [0x44a] 0x12da2: ja 0x12da7
2018-12-17T21:51:21.977938368Z	42	PC: 12d7a \| Get date 0x12d7a: add cx, dx 0x12d7c: add bx, cx 0x12d7e: add word ptr [0x44a], bx 0x12d82: mov dl, 0 0x12d84: cmp byte ptr [0x44d], 0x3a 0x12d89: jne 0x12d92 0x12d8b: mov dl, byte ptr [0x44c] 0x12d8f: sub dl, 0x40 0x12d92: mov ah, 0x36 0x12d94: int 0x21 0x12d96: mul bx 0x12d98: mul cx 0x12d9a: or dx, dx 0x12d9c: jne 0x12da7 0x12d9e: cmp ax, word ptr [0x44a] 0x12da2: ja 0x12da7 0x12da4: jmp 0x12f2b 0x12da7: cld 0x12da8: mov cx, 0xa 0x12dab: mov di, 0x504
2018-12-17T21:51:21.980504243Z	54	PC: 12d96 \| Get free disk space
2018-12-17T21:51:21.990353888Z	67	PC: 12de8 \| Get or set file attributes
2018-12-17T21:51:22.006575353Z	61	PC: 12df5 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:51:22.01312973Z	63	PC: 12e0b \| Read file or device (Read 24 bytes on handle 5)
2018-12-17T21:51:22.016896879Z	42	PC: 12e2b \| Get date 0x12e2b: cmp dl, byte ptr [0x4e1] 0x12e2f: jne 0x12e82 0x12e31: jmp 0x12f2b 0x12e34: mov ax, word ptr [0x4e4] 0x12e37: mov word ptr [0x426], ax 0x12e3a: mov ax, word ptr [0x4e2] 0x12e3d: cmp ax, 0x100 0x12e40: je 0x12e82 0x12e42: mov word ptr [0x424], ax 0x12e45: mov ax, word ptr [0x4dc] 0x12e48: mov word ptr [0x428], ax 0x12e4b: mov ax, word ptr [0x4de] 0x12e4e: mov word ptr [0x42a], ax 0x12e51: mov ax, word ptr [0x500] 0x12e54: mov dx, word ptr [0x502] 0x12e58: mov cx, 0x10 0x12e5b: div cx 0x12e5d: sub ax, word ptr [0x4d6] 0x12e61: sub ax, 0x10 0x12e64: inc ax
2018-12-17T21:51:22.019630796Z	42	PC: 12eb7 \| Get date 0x12eb7: mov byte ptr [0x4e1], dl 0x12ebb: xor dx, dx 0x12ebd: xor cx, cx 0x12ebf: mov bx, word ptr [0x4cc] 0x12ec3: mov ax, 0x4200 0x12ec6: int 0x12 0x12ec8: mov dx, 0x4ce 0x12ecb: mov cl, 0x18 0x12ecd: mov ah, 0x40 0x12ecf: int 0x12 0x12ed1: jb 0x12f2b 0x12ed3: xor dx, dx 0x12ed5: xor cx, cx 0x12ed7: mov ax, 0x4202 0x12eda: int 0x12 0x12edc: mov dx, 0x100 0x12edf: sub dx, word ptr [0x448] 0x12ee3: mov cx, 0x332 0x12ee6: add cx, word ptr [0x448] 0x12eea: mov ah, 0x40
2018-12-17T21:51:22.022260005Z	66	PC: 12ec8 \| Move file pointer
2018-12-17T21:51:22.025260698Z	64	PC: 12ed1 \| Write file or device (Write 24 bytes on handle 5)
2018-12-17T21:51:22.028282351Z	66	PC: 12edc \| Move file pointer
2018-12-17T21:51:22.030827116Z	64	PC: 12eee \| Write file or device (Write 818 bytes on handle 5)
2018-12-17T21:51:22.046903692Z	64	PC: 12efa \| Write file or device (Write 16688 bytes on handle 5)
2018-12-17T21:51:22.056809064Z	67	PC: 12f24 \| Get or set file attributes
2018-12-17T21:51:22.062936213Z	65	PC: 12f2b \| Delete file (Filename = 'A:\TEST._XE')
2018-12-17T21:51:22.069862335Z	87	PC: 12f3c \| Get or set file date and time
2018-12-17T21:51:22.071833934Z	62	PC: 12f40 \| Close file
2018-12-17T21:51:22.079803898Z	67	PC: 12f4e \| Get or set file attributes
2018-12-17T21:51:22.092208336Z	37	PC: 12d2c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:51:22.093766891Z	26	PC: 12d36 \| Set disk transfer address
2018-12-17T21:51:22.095272493Z	37	PC: 12d41 \| Set interrupt vector (Interrupt = '18' AKA 'Find next file')
2018-12-17T21:51:22.105038947Z	76	PC: 12aa4 \| Terminate with return code (Return code = '18')