Sample viewer

vx.netlux.org/Virus.DOS.Dotter.3961

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:57:09.682650275Z 81 PC: 260ec | Get current PSP
2018-12-17T22:57:09.683385098Z 98 PC: 260f7 | Get current PSP
2018-12-17T22:57:09.684409787Z 74 PC: 26100 | Reallocate memory
2018-12-17T22:57:09.686415281Z 74 PC: 2610b | Reallocate memory
2018-12-17T22:57:09.687548428Z 72 PC: 2611f | Allocate memory
2018-12-17T22:57:09.688774531Z 53 PC: 9ec19 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:09.690460191Z 37 PC: 9ec2e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:09.691254785Z 44 PC: 9ec32 | Get time 0x9ec32: mov word ptr cs:[0x130], cx
0x9ec37: retf
0x9ec38: clc
0x9ec39: inc ax
0x9ec3a: sbb word ptr [bx + si], ax
0x9ec3c: add byte ptr [bx + si], al
0x9ec3e: add byte ptr [bx + si], al
0x9ec40: pop ds
0x9ec41: adc ax, 0x8001
0x9ec44: cld
0x9ec45: dec bx
0x9ec46: je 0x9ec59
0x9ec48: cmp ax, 0x5151
0x9ec4b: je 0x9ec52
0x9ec4d: ljmp ptr cs:[0x128]
0x9ec52: mov ax, 0x4950
0x9ec55: mov bx, 0x64
0x9ec58: iret
0x9ec59: sti
0x9ec5a: push ax
2018-12-17T22:57:09.69833229Z 74 PC: 12adf | Reallocate memory
2018-12-17T22:57:09.701739608Z 48 PC: 12af9 | Get DOS version
2018-12-17T22:57:09.703058424Z 55 PC: 12b08 | Get or set switch character
2018-12-17T22:57:09.70454701Z 56 PC: 29627 | Get or set country info
2018-12-17T22:57:09.707731245Z 2 PC: 28c3c | Character output (Char = '54')
2018-12-17T22:57:09.715874257Z 2 PC: 28c3c | Character output (Char = '68')
2018-12-17T22:57:09.717660764Z 2 PC: 28c3c | Character output (Char = '65')
2018-12-17T22:57:09.719832859Z 2 PC: 28c3c | Character output (Char = '20')
2018-12-17T22:57:09.721845109Z 2 PC: 28c3c | Character output (Char = '4e')
2018-12-17T22:57:09.723497618Z 2 PC: 28c3c | Character output (Char = '6f')
2018-12-17T22:57:09.725686009Z 2 PC: 28c3c | Character output (Char = '72')
2018-12-17T22:57:09.727368153Z 2 PC: 28c3c | Character output (Char = '74')
2018-12-17T22:57:09.728919957Z 2 PC: 28c3c | Character output (Char = '6f')
2018-12-17T22:57:09.731157439Z 2 PC: 28c3c | Character output (Char = '6e')
2018-12-17T22:57:09.732599845Z 2 PC: 28c3c | Character output (Char = '20')
2018-12-17T22:57:09.734394194Z 2 PC: 28c3c | Character output (Char = '55')
2018-12-17T22:57:09.736362733Z 2 PC: 28c3c | Character output (Char = '74')
2018-12-17T22:57:09.738110145Z 2 PC: 28c3c | Character output (Char = '69')
2018-12-17T22:57:09.739842417Z 2 PC: 28c3c | Character output (Char = '6c')
2018-12-17T22:57:09.742015933Z 2 PC: 28c3c | Character output (Char = '69')
2018-12-17T22:57:09.743902453Z 2 PC: 28c3c | Character output (Char = '74')
2018-12-17T22:57:09.745300274Z 2 PC: 28c3c | Character output (Char = '69')
2018-12-17T22:57:09.747463993Z 2 PC: 28c3c | Character output (Char = '65')
2018-12-17T22:57:09.749453653Z 2 PC: 28c3c | Character output (Char = '73')
2018-12-17T22:57:09.751498913Z 2 PC: 28c3c | Character output (Char = '2c')
2018-12-17T22:57:09.753506086Z 2 PC: 28c3c | Character output (Char = '20')
2018-12-17T22:57:09.756287655Z 2 PC: 28c3c | Character output (Char = '41')
2018-12-17T22:57:09.762100377Z 2 PC: 28c3c | Character output (Char = '64')
2018-12-17T22:57:09.768144972Z 2 PC: 28c3c | Character output (Char = '76')
2018-12-17T22:57:09.769930094Z 2 PC: 28c3c | Character output (Char = '61')
2018-12-17T22:57:09.77219446Z 2 PC: 28c3c | Character output (Char = '6e')
2018-12-17T22:57:09.775456879Z 2 PC: 28c3c | Character output (Char = '63')
2018-12-17T22:57:09.777499019Z 2 PC: 28c3c | Character output (Char = '65')
2018-12-17T22:57:09.779642957Z 2 PC: 28c3c | Character output (Char = '64')
2018-12-17T22:57:09.782671019Z 2 PC: 28c3c | Character output (Char = '20')
2018-12-17T22:57:09.784650271Z 2 PC: 28c3c | Character output (Char = '45')
2018-12-17T22:57:09.786615681Z 2 PC: 28c3c | Character output (Char = '64')
2018-12-17T22:57:09.789424106Z 2 PC: 28c3c | Character output (Char = '69')
2018-12-17T22:57:09.791716444Z 2 PC: 28c3c | Character output (Char = '74')
2018-12-17T22:57:09.793760876Z 2 PC: 28c3c | Character output (Char = '69')
2018-12-17T22:57:09.797057543Z 2 PC: 28c3c | Character output (Char = '6f')
2018-12-17T22:57:09.799342019Z 2 PC: 28c3c | Character output (Char = '6e')
2018-12-17T22:57:09.80164751Z 2 PC: 28c3c | Character output (Char = '20')
2018-12-17T22:57:09.80694313Z 2 PC: 28c3c | Character output (Char = '34')
2018-12-17T22:57:09.809682388Z 2 PC: 28c3c | Character output (Char = '2e')
2018-12-17T22:57:09.811683925Z 2 PC: 28c3c | Character output (Char = '35')
2018-12-17T22:57:09.814479874Z 2 PC: 28c3c | Character output (Char = '30')
2018-12-17T22:57:09.816965338Z 2 PC: 28c3c | Character output (Char = '2c')
2018-12-17T22:57:09.819397589Z 2 PC: 28c3c | Character output (Char = '20')
2018-12-17T22:57:09.82237695Z 2 PC: 28c3c | Character output (Char = '28')
2018-12-17T22:57:09.824666347Z 2 PC: 28c3c | Character output (Char = '43')
2018-12-17T22:57:09.826966488Z 2 PC: 28c3c | Character output (Char = '29')
2018-12-17T22:57:09.829721635Z 2 PC: 28c3c | Character output (Char = '20')
2018-12-17T22:57:09.831830512Z 2 PC: 28c3c | Character output (Char = '43')
2018-12-17T22:57:09.833930132Z 2 PC: 28c3c | Character output (Char = '6f')
2018-12-17T22:57:09.836638704Z 2 PC: 28c3c | Character output (Char = '70')
2018-12-17T22:57:09.839542441Z 2 PC: 28c3c | Character output (Char = '72')
2018-12-17T22:57:09.84155167Z 2 PC: 28c3c | Character output (Char = '20')
2018-12-17T22:57:09.844589041Z 2 PC: 28c3c | Character output (Char = '31')
2018-12-17T22:57:09.846684255Z 2 PC: 28c3c | Character output (Char = '39')
2018-12-17T22:57:09.848671885Z 2 PC: 28c3c | Character output (Char = '38')
2018-12-17T22:57:09.852836854Z 2 PC: 28c3c | Character output (Char = '37')
2018-12-17T22:57:09.854902597Z 2 PC: 28c3c | Character output (Char = '2d')
2018-12-17T22:57:09.857008454Z 2 PC: 28c3c | Character output (Char = '38')
2018-12-17T22:57:09.859752418Z 2 PC: 28c3c | Character output (Char = '38')
2018-12-17T22:57:09.861923897Z 2 PC: 28c3c | Character output (Char = '2c')
2018-12-17T22:57:09.863909269Z 2 PC: 28c3c | Character output (Char = '20')
2018-12-17T22:57:09.866585526Z 2 PC: 28c3c | Character output (Char = '50')
2018-12-17T22:57:09.869036017Z 2 PC: 28c3c | Character output (Char = '65')
2018-12-17T22:57:09.871451714Z 2 PC: 28c3c | Character output (Char = '74')
2018-12-17T22:57:09.875257625Z 2 PC: 28c3c | Character output (Char = '65')
2018-12-17T22:57:09.877941953Z 2 PC: 28c3c | Character output (Char = '72')
2018-12-17T22:57:09.88011153Z 2 PC: 28c3c | Character output (Char = '20')
2018-12-17T22:57:09.883022488Z 2 PC: 28c3c | Character output (Char = '4e')
2018-12-17T22:57:09.88544886Z 2 PC: 28c3c | Character output (Char = '6f')
2018-12-17T22:57:09.887737195Z 2 PC: 28c3c | Character output (Char = '72')
2018-12-17T22:57:09.890655636Z 2 PC: 28c3c | Character output (Char = '74')
2018-12-17T22:57:09.892947024Z 2 PC: 28c3c | Character output (Char = '6f')
2018-12-17T22:57:09.895235595Z 2 PC: 28c3c | Character output (Char = '6e')
2018-12-17T22:57:09.89826318Z 2 PC: 28c35 | Character output (Char = '0d')
2018-12-17T22:57:09.90073077Z 2 PC: 28c3c | Character output (Char = '0a')
2018-12-17T22:57:09.905864345Z 13 PC: 289a9 | Disk reset
2018-12-17T22:57:09.912586872Z 44 PC: 288da | Get time 0x288da: xor ah, ah
0x288dc: mov si, word ptr [bp + 6]
0x288df: mov al, ch
0x288e1: mov word ptr [si], ax
0x288e3: mov si, word ptr [bp + 8]
0x288e6: mov al, cl
0x288e8: mov word ptr [si], ax
0x288ea: mov si, word ptr [bp + 0xa]
0x288ed: mov al, dh
0x288ef: mov word ptr [si], ax
0x288f1: mov al, dl
0x288f3: pop si
0x288f4: pop bp
0x288f5: retf
0x288f6: push bp
0x288f7: mov bp, sp
0x288f9: push si
0x288fa: push di
0x288fb: push ds
0x288fc: push es
2018-12-17T22:57:09.915723638Z 37 PC: 28879 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:09.918151739Z 25 PC: 2897a | Get default drive
2018-12-17T22:57:09.920173203Z 71 PC: 287cb | Get current directory
2018-12-17T22:57:09.923817636Z 78 PC: 29574 | Find first file
2018-12-17T22:57:09.933724464Z 25 PC: 2897a | Get default drive
2018-12-17T22:57:09.93571165Z 14 PC: 289b7 | Set default drive (Drive = 'C')
2018-12-17T22:57:09.93724841Z 25 PC: 2897a | Get default drive
2018-12-17T22:57:09.938604938Z 41 PC: 2899e | Parse filename
2018-12-17T22:57:09.940837118Z 14 PC: 289b7 | Set default drive (Drive = 'A')
2018-12-17T22:57:09.942235154Z 71 PC: 287cb | Get current directory
2018-12-17T22:57:09.945435974Z 78 PC: 29574 | Find first file
2018-12-17T22:57:10.117499129Z 12 PC: 292ea | Flush input buffer and input
2018-12-17T22:57:10.120923366Z 25 PC: 2897a | Get default drive
2018-12-17T22:57:10.122347998Z 71 PC: 287cb | Get current directory
2018-12-17T22:57:10.126684681Z 68 PC: 28b51 | I/O control for devices (Set for = '�')
2018-12-17T22:57:10.130630783Z 14 PC: 289b7 | Set default drive (Drive = 'A')
2018-12-17T22:57:10.132060341Z 14 PC: 289b7 | Set default drive (Drive = 'A')
2018-12-17T22:57:10.134076236Z 25 PC: 2897a | Get default drive
2018-12-17T22:57:10.135219628Z 41 PC: 2899e | Parse filename
2018-12-17T22:57:10.136883141Z 68 PC: 28b51 | I/O control for devices (Set for = '�')
2018-12-17T22:57:10.139559958Z 14 PC: 289b7 | Set default drive (Drive = 'C')
2018-12-17T22:57:10.140899564Z 25 PC: 2897a | Get default drive
2018-12-17T22:57:10.142493994Z 41 PC: 2899e | Parse filename
2018-12-17T22:57:10.145058162Z 68 PC: 28b51 | I/O control for devices (Set for = '�')
2018-12-17T22:57:10.14673858Z 14 PC: 289b7 | Set default drive (Drive = 'D')
2018-12-17T22:57:10.148212952Z 25 PC: 2897a | Get default drive
2018-12-17T22:57:10.149891125Z 41 PC: 2899e | Parse filename
2018-12-17T22:57:10.151470727Z 14 PC: 289b7 | Set default drive (Drive = 'E')
2018-12-17T22:57:10.152746521Z 25 PC: 2897a | Get default drive
2018-12-17T22:57:10.154471426Z 41 PC: 2899e | Parse filename
2018-12-17T22:57:10.155903924Z 14 PC: 289b7 | Set default drive (Drive = 'A')
2018-12-17T22:57:10.157182801Z 13 PC: 289a9 | Disk reset
2018-12-17T22:57:10.159398605Z 13 PC: 289a9 | Disk reset
2018-12-17T22:57:10.16076919Z 50 PC: 295a2 | Get disk parameter block for specified drive
2018-12-17T22:57:10.164765723Z 72 PC: 29370 | Allocate memory
2018-12-17T22:57:10.171738742Z 73 PC: 2939f | Release memory
2018-12-17T22:57:10.173117141Z 13 PC: 289a9 | Disk reset
2018-12-17T22:57:10.174970579Z 50 PC: 295a2 | Get disk parameter block for specified drive
2018-12-17T22:57:10.183079443Z 71 PC: 287cb | Get current directory
2018-12-17T22:57:10.192648548Z 72 PC: 13337 | Allocate memory
2018-12-17T22:57:10.204335306Z 74 PC: 13392 | Reallocate memory
2018-12-17T22:57:10.206877754Z 74 PC: 13392 | Reallocate memory
2018-12-17T22:57:10.214431093Z 74 PC: 13392 | Reallocate memory
2018-12-17T22:57:10.217288878Z 74 PC: 13392 | Reallocate memory
2018-12-17T22:57:10.230833782Z 53 PC: 29180 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:57:10.232308782Z 53 PC: 2918d | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:57:10.235373385Z 37 PC: 2919f | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:57:10.236737853Z 37 PC: 291a9 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:57:10.244622878Z 44 PC: 288da | Get time 0x288da: xor ah, ah
0x288dc: mov si, word ptr [bp + 6]
0x288df: mov al, ch
0x288e1: mov word ptr [si], ax
0x288e3: mov si, word ptr [bp + 8]
0x288e6: mov al, cl
0x288e8: mov word ptr [si], ax
0x288ea: mov si, word ptr [bp + 0xa]
0x288ed: mov al, dh
0x288ef: mov word ptr [si], ax
0x288f1: mov al, dl
0x288f3: pop si
0x288f4: pop bp
0x288f5: retf
0x288f6: push bp
0x288f7: mov bp, sp
0x288f9: push si
0x288fa: push di
0x288fb: push ds
0x288fc: push es
2018-12-17T22:57:10.247722164Z 42 PC: 288b8 | Get date 0x288b8: mov si, word ptr [bp + 0xa]
0x288bb: mov word ptr [si], cx
0x288bd: xor ch, ch
0x288bf: mov cl, dl
0x288c1: mov si, word ptr [bp + 8]
0x288c4: mov word ptr [si], cx
0x288c6: mov cl, dh
0x288c8: mov si, word ptr [bp + 6]
0x288cb: mov word ptr [si], cx
0x288cd: xor ah, ah
0x288cf: pop si
0x288d0: pop bp
0x288d1: retf
0x288d2: push bp
0x288d3: mov bp, sp
0x288d5: push si
0x288d6: mov ah, 0x2c
0x288d8: int 0x21
0x288da: xor ah, ah
0x288dc: mov si, word ptr [bp + 6]
2018-12-17T22:57:10.255526596Z 7 PC: 28b71 | Direct console input without echo