Sample viewer

vx.netlux.org/Virus.DOS.IVP.Debef.1229

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:57:03.04191864Z 26 PC: 15401 | Set disk transfer address
2018-12-17T22:57:03.043191594Z 53 PC: 151ac | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:03.044467793Z 37 PC: 151be | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:03.045382362Z 71 PC: 151ca | Get current directory
2018-12-17T22:57:03.048285801Z 42 PC: 151cf | Get date 0x151cf: push dx
0x151d0: mov ax, 0x7bc
0x151d3: sub ax, cx
0x151d5: mov word ptr cs:[bp + 0x676], 0
0x151dc: neg ax
0x151de: mov cx, 0x16e
0x151e1: mul cx
0x151e3: mov cx, 0x1f
0x151e6: xchg ax, cx
0x151e7: pop bx
0x151e8: mul bh
0x151ea: xor bh, bh
0x151ec: add ax, bx
0x151ee: add cx, ax
0x151f0: cmp cx, 0x1ad4
0x151f4: jl 0x151fd
0x151f6: mov word ptr cs:[bp + 0x676], 0xffff
0x151fd: mov word ptr cs:[bp + 0x674], 0
0x15204: lea dx, word ptr [bp + 0x462]
0x15208: call 0x1528f
2018-12-17T22:57:03.05111504Z 78 PC: 15296 | Find first file
2018-12-17T22:57:03.057489775Z 78 PC: 15296 | Find first file
2018-12-17T22:57:03.063552583Z 61 PC: 1540a | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:57:03.071407572Z 63 PC: 152bd | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:57:03.078371995Z 62 PC: 152c1 | Close file
2018-12-17T22:57:03.080734637Z 67 PC: 15415 | Get or set file attributes
2018-12-17T22:57:03.100973787Z 61 PC: 1540a | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:57:03.113360575Z 64 PC: 153ac | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:57:03.120601428Z 66 PC: 153fc | Move file pointer
2018-12-17T22:57:03.122934034Z 44 PC: 153be | Get time 0x153be: or dh, dh
0x153c0: je 0x153ba
0x153c2: mov byte ptr cs:[bp + 0x5cf], dh
0x153c7: ror dh, 1
0x153c9: ror dh, 1
0x153cb: ror dh, 1
0x153cd: mov byte ptr cs:[bp + 0x111], dh
0x153d2: call 0x155b5
0x153d5: mov ax, 0x5701
0x153d8: mov cx, word ptr cs:[bp + 0x642]
0x153dd: mov dx, word ptr cs:[bp + 0x644]
0x153e2: int 0x21
0x153e4: mov ah, 0x3e
0x153e6: int 0x21
0x153e8: xor cx, cx
0x153ea: mov cl, byte ptr cs:[bp + 0x641]
0x153ef: call 0x1540c
0x153f2: ret
0x153f3: mov ax, 0x4202
0x153f6: xor cx, cx
2018-12-17T22:57:03.126092973Z 64 PC: 15630 | Write file or device (Write 1229 bytes on handle 5)
2018-12-17T22:57:03.137918576Z 87 PC: 153e4 | Get or set file date and time
2018-12-17T22:57:03.140448261Z 62 PC: 153e8 | Close file
2018-12-17T22:57:03.149242595Z 67 PC: 15415 | Get or set file attributes
2018-12-17T22:57:03.160234591Z 79 PC: 15296 | Find next file
2018-12-17T22:57:03.163213852Z 61 PC: 1540a | Open file (Filename = 'PRINT.COM')
2018-12-17T22:57:03.169117301Z 63 PC: 152bd | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:57:03.177022282Z 62 PC: 152c1 | Close file
2018-12-17T22:57:03.179545125Z 67 PC: 15415 | Get or set file attributes
2018-12-17T22:57:03.191337937Z 61 PC: 1540a | Open file (Filename = 'PRINT.COM')
2018-12-17T22:57:03.198756774Z 64 PC: 153ac | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:57:03.202061889Z 66 PC: 153fc | Move file pointer
2018-12-17T22:57:03.210225476Z 44 PC: 153be | Get time 0x153be: or dh, dh
0x153c0: je 0x153ba
0x153c2: mov byte ptr cs:[bp + 0x5cf], dh
0x153c7: ror dh, 1
0x153c9: ror dh, 1
0x153cb: ror dh, 1
0x153cd: mov byte ptr cs:[bp + 0x111], dh
0x153d2: call 0x155b5
0x153d5: mov ax, 0x5701
0x153d8: mov cx, word ptr cs:[bp + 0x642]
0x153dd: mov dx, word ptr cs:[bp + 0x644]
0x153e2: int 0x21
0x153e4: mov ah, 0x3e
0x153e6: int 0x21
0x153e8: xor cx, cx
0x153ea: mov cl, byte ptr cs:[bp + 0x641]
0x153ef: call 0x1540c
0x153f2: ret
0x153f3: mov ax, 0x4202
0x153f6: xor cx, cx
2018-12-17T22:57:03.213353537Z 64 PC: 15630 | Write file or device (Write 1229 bytes on handle 5)
2018-12-17T22:57:03.223270862Z 87 PC: 153e4 | Get or set file date and time
2018-12-17T22:57:03.226368676Z 62 PC: 153e8 | Close file
2018-12-17T22:57:03.234845764Z 67 PC: 15415 | Get or set file attributes
2018-12-17T22:57:03.245796732Z 79 PC: 15296 | Find next file
2018-12-17T22:57:03.250800609Z 61 PC: 1540a | Open file (Filename = 'HELLO.COM')
2018-12-17T22:57:03.260417239Z 63 PC: 152bd | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:57:03.268595154Z 62 PC: 152c1 | Close file
2018-12-17T22:57:03.271238314Z 67 PC: 15415 | Get or set file attributes
2018-12-17T22:57:03.283514824Z 61 PC: 1540a | Open file (Filename = 'HELLO.COM')
2018-12-17T22:57:03.291566742Z 64 PC: 153ac | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:57:03.294822192Z 66 PC: 153fc | Move file pointer
2018-12-17T22:57:03.297293899Z 44 PC: 153be | Get time 0x153be: or dh, dh
0x153c0: je 0x153ba
0x153c2: mov byte ptr cs:[bp + 0x5cf], dh
0x153c7: ror dh, 1
0x153c9: ror dh, 1
0x153cb: ror dh, 1
0x153cd: mov byte ptr cs:[bp + 0x111], dh
0x153d2: call 0x155b5
0x153d5: mov ax, 0x5701
0x153d8: mov cx, word ptr cs:[bp + 0x642]
0x153dd: mov dx, word ptr cs:[bp + 0x644]
0x153e2: int 0x21
0x153e4: mov ah, 0x3e
0x153e6: int 0x21
0x153e8: xor cx, cx
0x153ea: mov cl, byte ptr cs:[bp + 0x641]
0x153ef: call 0x1540c
0x153f2: ret
0x153f3: mov ax, 0x4202
0x153f6: xor cx, cx
2018-12-17T22:57:03.302215052Z 64 PC: 15630 | Write file or device (Write 1229 bytes on handle 5)
2018-12-17T22:57:03.312996972Z 87 PC: 153e4 | Get or set file date and time
2018-12-17T22:57:03.316892846Z 62 PC: 153e8 | Close file
2018-12-17T22:57:03.325772511Z 67 PC: 15415 | Get or set file attributes
2018-12-17T22:57:03.336568919Z 79 PC: 15296 | Find next file
2018-12-17T22:57:03.340524395Z 61 PC: 1540a | Open file (Filename = 'PHANG.COM')
2018-12-17T22:57:03.348121207Z 63 PC: 152bd | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:57:03.355134312Z 62 PC: 152c1 | Close file
2018-12-17T22:57:03.358219192Z 67 PC: 15415 | Get or set file attributes
2018-12-17T22:57:03.369404982Z 61 PC: 1540a | Open file (Filename = 'PHANG.COM')
2018-12-17T22:57:03.376655954Z 64 PC: 153ac | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:57:03.380667286Z 66 PC: 153fc | Move file pointer
2018-12-17T22:57:03.383296619Z 44 PC: 153be | Get time 0x153be: or dh, dh
0x153c0: je 0x153ba
0x153c2: mov byte ptr cs:[bp + 0x5cf], dh
0x153c7: ror dh, 1
0x153c9: ror dh, 1
0x153cb: ror dh, 1
0x153cd: mov byte ptr cs:[bp + 0x111], dh
0x153d2: call 0x155b5
0x153d5: mov ax, 0x5701
0x153d8: mov cx, word ptr cs:[bp + 0x642]
0x153dd: mov dx, word ptr cs:[bp + 0x644]
0x153e2: int 0x21
0x153e4: mov ah, 0x3e
0x153e6: int 0x21
0x153e8: xor cx, cx
0x153ea: mov cl, byte ptr cs:[bp + 0x641]
0x153ef: call 0x1540c
0x153f2: ret
0x153f3: mov ax, 0x4202
0x153f6: xor cx, cx
2018-12-17T22:57:03.394715777Z 64 PC: 15630 | Write file or device (Write 1229 bytes on handle 5)
2018-12-17T22:57:03.405027624Z 87 PC: 153e4 | Get or set file date and time
2018-12-17T22:57:03.408448476Z 62 PC: 153e8 | Close file
2018-12-17T22:57:03.417176835Z 67 PC: 15415 | Get or set file attributes
2018-12-17T22:57:03.431576738Z 79 PC: 15296 | Find next file
2018-12-17T22:57:03.435783848Z 61 PC: 1540a | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:57:03.445451063Z 63 PC: 152bd | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:57:03.45374169Z 62 PC: 152c1 | Close file
2018-12-17T22:57:03.457190614Z 67 PC: 15415 | Get or set file attributes
2018-12-17T22:57:03.46211418Z 61 PC: 1540a | Open file (Filename = 'PRINTA~1.COM�')
2018-12-17T22:57:03.467197427Z 64 PC: 153ac | Write file or device (Write 3 bytes on handle 2)
2018-12-17T22:57:03.473069416Z 66 PC: 153fc | Move file pointer
2018-12-17T22:57:03.475017078Z 44 PC: 153be | Get time 0x153be: or dh, dh
0x153c0: je 0x153ba
0x153c2: mov byte ptr cs:[bp + 0x5cf], dh
0x153c7: ror dh, 1
0x153c9: ror dh, 1
0x153cb: ror dh, 1
0x153cd: mov byte ptr cs:[bp + 0x111], dh
0x153d2: call 0x155b5
0x153d5: mov ax, 0x5701
0x153d8: mov cx, word ptr cs:[bp + 0x642]
0x153dd: mov dx, word ptr cs:[bp + 0x644]
0x153e2: int 0x21
0x153e4: mov ah, 0x3e
0x153e6: int 0x21
0x153e8: xor cx, cx
0x153ea: mov cl, byte ptr cs:[bp + 0x641]
0x153ef: call 0x1540c
0x153f2: ret
0x153f3: mov ax, 0x4202
0x153f6: xor cx, cx
2018-12-17T22:57:03.47799113Z 64 PC: 15630 | Write file or device (Write 1229 bytes on handle 2)
2018-12-17T22:57:03.499423033Z 87 PC: 153e4 | Get or set file date and time
2018-12-17T22:57:03.502079186Z 62 PC: 153e8 | Close file
2018-12-17T22:57:03.504412363Z 67 PC: 15415 | Get or set file attributes
2018-12-17T22:57:03.510698291Z 79 PC: 15296 | Find next file
2018-12-17T22:57:03.514425809Z 61 PC: 1540a | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:57:03.522322896Z 63 PC: 152bd | Read file or device (Read 26 bytes on handle 2)
2018-12-17T22:57:03.529321002Z 62 PC: 152c1 | Close file
2018-12-17T22:57:03.532362811Z 67 PC: 15415 | Get or set file attributes
2018-12-17T22:57:03.543650954Z 61 PC: 1540a | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:57:03.551442642Z 64 PC: 153ac | Write file or device (Write 3 bytes on handle 2)
2018-12-17T22:57:03.555627991Z 66 PC: 153fc | Move file pointer
2018-12-17T22:57:03.557947722Z 44 PC: 153be | Get time 0x153be: or dh, dh
0x153c0: je 0x153ba
0x153c2: mov byte ptr cs:[bp + 0x5cf], dh
0x153c7: ror dh, 1
0x153c9: ror dh, 1
0x153cb: ror dh, 1
0x153cd: mov byte ptr cs:[bp + 0x111], dh
0x153d2: call 0x155b5
0x153d5: mov ax, 0x5701
0x153d8: mov cx, word ptr cs:[bp + 0x642]
0x153dd: mov dx, word ptr cs:[bp + 0x644]
0x153e2: int 0x21
0x153e4: mov ah, 0x3e
0x153e6: int 0x21
0x153e8: xor cx, cx
0x153ea: mov cl, byte ptr cs:[bp + 0x641]
0x153ef: call 0x1540c
0x153f2: ret
0x153f3: mov ax, 0x4202
0x153f6: xor cx, cx
2018-12-17T22:57:03.56095749Z 64 PC: 15630 | Write file or device (Write 1229 bytes on handle 2)
2018-12-17T22:57:03.574345771Z 87 PC: 153e4 | Get or set file date and time
2018-12-17T22:57:03.577141267Z 62 PC: 153e8 | Close file
2018-12-17T22:57:03.592084952Z 67 PC: 15415 | Get or set file attributes
2018-12-17T22:57:03.603131951Z 79 PC: 15296 | Find next file
2018-12-17T22:57:03.606824613Z 61 PC: 1540a | Open file (Filename = 'PAH.COM')
2018-12-17T22:57:03.61522179Z 63 PC: 152bd | Read file or device (Read 26 bytes on handle 2)
2018-12-17T22:57:03.622378916Z 62 PC: 152c1 | Close file
2018-12-17T22:57:03.6257424Z 67 PC: 15415 | Get or set file attributes
2018-12-17T22:57:03.636791422Z 61 PC: 1540a | Open file (Filename = 'PAH.COM')
2018-12-17T22:57:03.644837439Z 64 PC: 153ac | Write file or device (Write 3 bytes on handle 2)
2018-12-17T22:57:03.649145368Z 66 PC: 153fc | Move file pointer
2018-12-17T22:57:03.650744385Z 44 PC: 153be | Get time 0x153be: or dh, dh
0x153c0: je 0x153ba
0x153c2: mov byte ptr cs:[bp + 0x5cf], dh
0x153c7: ror dh, 1
0x153c9: ror dh, 1
0x153cb: ror dh, 1
0x153cd: mov byte ptr cs:[bp + 0x111], dh
0x153d2: call 0x155b5
0x153d5: mov ax, 0x5701
0x153d8: mov cx, word ptr cs:[bp + 0x642]
0x153dd: mov dx, word ptr cs:[bp + 0x644]
0x153e2: int 0x21
0x153e4: mov ah, 0x3e
0x153e6: int 0x21
0x153e8: xor cx, cx
0x153ea: mov cl, byte ptr cs:[bp + 0x641]
0x153ef: call 0x1540c
0x153f2: ret
0x153f3: mov ax, 0x4202
0x153f6: xor cx, cx
2018-12-17T22:57:03.653680726Z 64 PC: 15630 | Write file or device (Write 1229 bytes on handle 2)
2018-12-17T22:57:03.665378838Z 87 PC: 153e4 | Get or set file date and time
2018-12-17T22:57:03.667306933Z 62 PC: 153e8 | Close file
2018-12-17T22:57:03.675846468Z 67 PC: 15415 | Get or set file attributes
2018-12-17T22:57:03.691114963Z 79 PC: 15296 | Find next file
2018-12-17T22:57:03.694665539Z 61 PC: 1540a | Open file (Filename = 'TEST.COM')
2018-12-17T22:57:03.7022883Z 63 PC: 152bd | Read file or device (Read 26 bytes on handle 2)
2018-12-17T22:57:03.710940867Z 62 PC: 152c1 | Close file
2018-12-17T22:57:03.713811093Z 79 PC: 15296 | Find next file
2018-12-17T22:57:03.716583155Z 78 PC: 15296 | Find first file
2018-12-17T22:57:03.722892647Z 59 PC: 15231 | Change current directory
2018-12-17T22:57:03.727869113Z 37 PC: 1523d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:03.729167955Z 59 PC: 15247 | Change current directory
2018-12-17T22:57:03.731325872Z 26 PC: 15401 | Set disk transfer address
2018-12-17T22:57:03.733395333Z 9 PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)')
2018-12-17T22:57:03.735865637Z 76 PC: 12a56 | Terminate with return code (Return code = '0')