Sample viewer

vx.netlux.org/Virus.DOS.VCL.BadCommand.541

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:57:37.735447547Z 71 PC: 12af0 | Get current directory
2018-12-17T22:57:37.738626253Z 59 PC: 12af7 | Change current directory
2018-12-17T22:57:37.747073142Z 47 PC: 12b0c | Get disk transfer address
2018-12-17T22:57:37.748367325Z 26 PC: 12b1a | Set disk transfer address
2018-12-17T22:57:37.749693738Z 78 PC: 12b24 | Find first file
2018-12-17T22:57:37.762948896Z 79 PC: 12b4b | Find next file
2018-12-17T22:57:37.765926814Z 79 PC: 12b4b | Find next file
2018-12-17T22:57:37.769105619Z 79 PC: 12b4b | Find next file
2018-12-17T22:57:37.772741294Z 79 PC: 12b4b | Find next file
2018-12-17T22:57:37.776170951Z 79 PC: 12b4b | Find next file
2018-12-17T22:57:37.77955343Z 79 PC: 12b4b | Find next file
2018-12-17T22:57:37.783293921Z 79 PC: 12b4b | Find next file
2018-12-17T22:57:37.797250508Z 79 PC: 12b4b | Find next file
2018-12-17T22:57:37.801164255Z 79 PC: 12b4b | Find next file
2018-12-17T22:57:37.804478666Z 47 PC: 12b6e | Get disk transfer address
2018-12-17T22:57:37.807106846Z 26 PC: 12b7d | Set disk transfer address
2018-12-17T22:57:37.808817091Z 78 PC: 12b85 | Find first file
2018-12-17T22:57:37.815637583Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:57:37.81805624Z 79 PC: 12b85 | Find next file
2018-12-17T22:57:37.82127492Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:57:37.823033376Z 79 PC: 12b85 | Find next file
2018-12-17T22:57:37.828130608Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:57:37.830153781Z 79 PC: 12b85 | Find next file
2018-12-17T22:57:37.833508097Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:57:37.836646115Z 79 PC: 12b85 | Find next file
2018-12-17T22:57:37.840046959Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:57:37.841828027Z 79 PC: 12b85 | Find next file
2018-12-17T22:57:37.845458772Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:57:37.847477226Z 79 PC: 12b85 | Find next file
2018-12-17T22:57:37.851549642Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:57:37.853733046Z 79 PC: 12b85 | Find next file
2018-12-17T22:57:37.860891133Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:57:37.862600526Z 61 PC: 12bc0 | Open file (Filename = 'TEST.COM')
2018-12-17T22:57:37.870163915Z 63 PC: 12bcb | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:37.878304307Z 62 PC: 12bcf | Close file
2018-12-17T22:57:37.884042855Z 79 PC: 12b85 | Find next file
2018-12-17T22:57:37.887358127Z 26 PC: 12b97 | Set disk transfer address
2018-12-17T22:57:37.89043457Z 26 PC: 12b5a | Set disk transfer address
2018-12-17T22:57:37.89235501Z 59 PC: 12b01 | Change current directory
2018-12-17T22:57:37.894965297Z 44 PC: 12c28 | Get time 0x12c28: mov al, ch
0x12c2a: cwde
0x12c2b: ret
0x12c2c: mov ah, 0x2c
0x12c2e: int 0x21
0x12c30: mov al, cl
0x12c32: cwde
0x12c33: ret
0x12c34: mov ah, 0x2c
0x12c36: int 0x21
0x12c38: mov al, dh
0x12c3a: cwde
0x12c3b: ret
0x12c3c: mov ah, 0x2a
0x12c3e: int 0x21
0x12c40: cwde
0x12c41: ret
0x12c42: inc dx
0x12c43: popaw
0x12c44: and byte ptr fs:[bp + di + 0x6f], ah
2018-12-17T22:57:37.901278365Z 71 PC: 12af0 | Get current directory
2018-12-17T22:57:37.904958493Z 59 PC: 12af7 | Change current directory
2018-12-17T22:57:37.909785808Z 47 PC: 12b0c | Get disk transfer address
2018-12-17T22:57:37.912462659Z 26 PC: 12b1a | Set disk transfer address
2018-12-17T22:57:37.914187261Z 78 PC: 12b24 | Find first file
2018-12-17T22:57:37.920951187Z 79 PC: 12b4b | Find next file
2018-12-17T22:57:37.924569299Z 79 PC: 12b4b | Find next file
2018-12-17T22:57:37.927914367Z 79 PC: 12b4b | Find next file
2018-12-17T22:57:37.932737173Z 79 PC: 12b4b | Find next file
2018-12-17T22:57:37.937802595Z 79 PC: 12b4b | Find next file
2018-12-17T22:57:37.941266316Z 79 PC: 12b4b | Find next file
2018-12-17T22:57:37.944635721Z 79 PC: 12b4b | Find next file
2018-12-17T22:57:37.947981049Z 79 PC: 12b4b | Find next file
2018-12-17T22:57:37.952007378Z 79 PC: 12b4b | Find next file
2018-12-17T22:57:37.95516284Z 47 PC: 12b6e | Get disk transfer address
2018-12-17T22:57:37.956808443Z 26 PC: 12b7d | Set disk transfer address
2018-12-17T22:57:37.959320105Z 78 PC: 12b85 | Find first file
2018-12-17T22:57:37.965747157Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:57:37.968505502Z 79 PC: 12b85 | Find next file
2018-12-17T22:57:37.972378843Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:57:37.973916644Z 79 PC: 12b85 | Find next file
2018-12-17T22:57:37.976319251Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:57:37.97848367Z 79 PC: 12b85 | Find next file
2018-12-17T22:57:37.980652567Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:57:37.981836984Z 79 PC: 12b85 | Find next file
2018-12-17T22:57:37.984368172Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:57:37.985736163Z 79 PC: 12b85 | Find next file
2018-12-17T22:57:37.987842904Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:57:37.989352782Z 79 PC: 12b85 | Find next file
2018-12-17T22:57:37.991738747Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:57:37.992831982Z 79 PC: 12b85 | Find next file
2018-12-17T22:57:37.99494761Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:57:37.996449673Z 61 PC: 12bc0 | Open file (Filename = 'TEST.COM')
2018-12-17T22:57:38.001776527Z 63 PC: 12bcb | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:38.004791765Z 62 PC: 12bcf | Close file
2018-12-17T22:57:38.00941211Z 79 PC: 12b85 | Find next file
2018-12-17T22:57:38.013153865Z 26 PC: 12b97 | Set disk transfer address
2018-12-17T22:57:38.014616093Z 26 PC: 12b5a | Set disk transfer address
2018-12-17T22:57:38.016951133Z 59 PC: 12b01 | Change current directory
2018-12-17T22:57:38.020042755Z 71 PC: 12af0 | Get current directory
2018-12-17T22:57:38.023175654Z 59 PC: 12af7 | Change current directory
2018-12-17T22:57:38.03100397Z 47 PC: 12b0c | Get disk transfer address
2018-12-17T22:57:38.032858396Z 26 PC: 12b1a | Set disk transfer address
2018-12-17T22:57:38.034099549Z 78 PC: 12b24 | Find first file
2018-12-17T22:57:38.04200501Z 79 PC: 12b4b | Find next file
2018-12-17T22:57:38.047227528Z 79 PC: 12b4b | Find next file
2018-12-17T22:57:38.051742555Z 79 PC: 12b4b | Find next file
2018-12-17T22:57:38.056939775Z 79 PC: 12b4b | Find next file
2018-12-17T22:57:38.061919276Z 79 PC: 12b4b | Find next file
2018-12-17T22:57:38.066090798Z 79 PC: 12b4b | Find next file
2018-12-17T22:57:38.069078104Z 79 PC: 12b4b | Find next file
2018-12-17T22:57:38.073514293Z 79 PC: 12b4b | Find next file
2018-12-17T22:57:38.077276285Z 79 PC: 12b4b | Find next file
2018-12-17T22:57:38.080443449Z 47 PC: 12b6e | Get disk transfer address
2018-12-17T22:57:38.085564576Z 26 PC: 12b7d | Set disk transfer address
2018-12-17T22:57:38.086881912Z 78 PC: 12b85 | Find first file
2018-12-17T22:57:38.098648382Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:57:38.102180431Z 79 PC: 12b85 | Find next file
2018-12-17T22:57:38.104959235Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:57:38.106310776Z 79 PC: 12b85 | Find next file
2018-12-17T22:57:38.110208352Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:57:38.112241655Z 79 PC: 12b85 | Find next file
2018-12-17T22:57:38.116950306Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:57:38.118478449Z 79 PC: 12b85 | Find next file
2018-12-17T22:57:38.122766721Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:57:38.124494398Z 79 PC: 12b85 | Find next file
2018-12-17T22:57:38.127620906Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:57:38.130052968Z 79 PC: 12b85 | Find next file
2018-12-17T22:57:38.133117448Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:57:38.134849574Z 79 PC: 12b85 | Find next file
2018-12-17T22:57:38.138997362Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:57:38.141182709Z 61 PC: 12bc0 | Open file (Filename = 'TEST.COM')
2018-12-17T22:57:38.149243202Z 63 PC: 12bcb | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:38.153759462Z 62 PC: 12bcf | Close file
2018-12-17T22:57:38.156325967Z 79 PC: 12b85 | Find next file
2018-12-17T22:57:38.159513629Z 26 PC: 12b97 | Set disk transfer address
2018-12-17T22:57:38.162394595Z 26 PC: 12b5a | Set disk transfer address
2018-12-17T22:57:38.164214867Z 59 PC: 12b01 | Change current directory
2018-12-17T22:57:38.166732119Z 44 PC: 12c28 | Get time 0x12c28: mov al, ch
0x12c2a: cwde
0x12c2b: ret
0x12c2c: mov ah, 0x2c
0x12c2e: int 0x21
0x12c30: mov al, cl
0x12c32: cwde
0x12c33: ret
0x12c34: mov ah, 0x2c
0x12c36: int 0x21
0x12c38: mov al, dh
0x12c3a: cwde
0x12c3b: ret
0x12c3c: mov ah, 0x2a
0x12c3e: int 0x21
0x12c40: cwde
0x12c41: ret
0x12c42: inc dx
0x12c43: popaw
0x12c44: and byte ptr fs:[bp + di + 0x6f], ah
2018-12-17T22:57:38.169806618Z 42 PC: 12c40 | Get date 0x12c40: cwde
0x12c41: ret
0x12c42: inc dx
0x12c43: popaw
0x12c44: and byte ptr fs:[bp + di + 0x6f], ah
0x12c48: insw word ptr es:[di], dx
0x12c49: insw word ptr es:[di], dx
0x12c4a: popaw
0x12c4b: outsb dx, byte ptr [si]
0x12c4c: and byte ptr fs:[bx + 0x72], ch
0x12c50: and byte ptr [bp + 0x69], ah
0x12c53: insb byte ptr es:[di], dx
0x12c54: and byte ptr gs:[bp + 0x61], ch
0x12c58: insw word ptr es:[di], dx
0x12c59: or ax, 0xa
2018-12-17T22:57:40.372073861Z 72 PC: 8f1b9 | Allocate memory
2018-12-17T22:57:40.374104037Z 72 PC: 8f1bd | Allocate memory
2018-12-17T22:57:40.376787161Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-17T22:57:40.381007414Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-17T22:57:40.39387336Z 66 PC: 91f95 | Move file pointer
2018-12-17T22:57:40.395809901Z 62 PC: 91fc1 | Close file
2018-12-17T22:57:40.399226644Z 75 PC: 91fe0 | Execute program
2018-12-17T22:57:40.416985337Z 98 PC: 916f1 | Get current PSP
2018-12-17T22:57:40.418668641Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-17T22:57:40.424426766Z 48 PC: c609 | Get DOS version
2018-12-17T22:57:40.428263989Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-17T22:57:40.431237028Z 2 PC: c38c | Character output (Char = '32')
2018-12-17T22:57:40.434747156Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-17T22:57:40.439698013Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-17T22:57:40.444324019Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-17T22:57:40.449605468Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\SMARTDRV.EXE')
2018-12-17T22:57:40.463239698Z 66 PC: 91f95 | Move file pointer
2018-12-17T22:57:40.465594644Z 62 PC: 91fc1 | Close file
2018-12-17T22:57:40.468344323Z 75 PC: 91fe0 | Execute program
2018-12-17T22:57:40.493792863Z 98 PC: 916f1 | Get current PSP
2018-12-17T22:57:40.498565344Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:57:40.503243719Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:57:40.505846291Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:57:40.507201609Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:57:40.50894129Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:57:40.511257363Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-17T22:57:40.5209855Z 62 PC: 8f8eb | Close file
2018-12-17T22:57:40.52303316Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.526141823Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.528589224Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.53033698Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.532921037Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.535812533Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.538046392Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.540921787Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.543113758Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.544754012Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.547523117Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.549185582Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.550942074Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.554102816Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.556256454Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.558193596Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.56047807Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.568290226Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.570348766Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.572320492Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.574967378Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.577832543Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.580988967Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.583377016Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.585519914Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.587518061Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.590623288Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.593626574Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.595570378Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.598852949Z 62 PC: 8f8f2 | Close file
2018-12-17T22:57:40.600977412Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-17T22:57:40.606756967Z 62 PC: 8f90e | Close file
2018-12-17T22:57:40.609486508Z 69 PC: 8f915 | Duplicate handle
2018-12-17T22:57:40.611465659Z 69 PC: 8f919 | Duplicate handle
2018-12-17T22:57:40.613598809Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T22:57:40.619835302Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T22:57:40.621713583Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T22:57:40.627896737Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T22:57:40.630760961Z 74 PC: 8f9c4 | Reallocate memory
2018-12-17T22:57:40.63270213Z 72 PC: 8f9e0 | Allocate memory
2018-12-17T22:57:40.635020678Z 72 PC: 8f9e4 | Allocate memory
2018-12-17T22:57:40.638177763Z 74 PC: 8f9fb | Reallocate memory
2018-12-17T22:57:40.640173635Z 72 PC: 8fa02 | Allocate memory
2018-12-17T22:57:40.64261247Z 72 PC: 8fa06 | Allocate memory
2018-12-17T22:57:40.645491311Z 73 PC: 8fa11 | Release memory
2018-12-17T22:57:40.647920207Z 73 PC: 8efea | Release memory
2018-12-17T22:57:40.649740229Z 74 PC: 8f003 | Reallocate memory
2018-12-17T22:57:40.65257084Z 72 PC: 8f054 | Allocate memory
2018-12-17T22:57:40.654602208Z 72 PC: 8f058 | Allocate memory
2018-12-17T22:57:40.65639049Z 73 PC: 8f060 | Release memory
2018-12-17T22:57:40.658834194Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-17T22:57:40.670117034Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:40.67645046Z 66 PC: 8f0ad | Move file pointer
2018-12-17T22:57:40.678977931Z 62 PC: 8f0d1 | Close file
2018-12-17T22:57:40.68101979Z 75 PC: 8f0f2 | Execute program
2018-12-17T22:57:40.703989268Z 80 PC: 12be9 | Set current PSP
2018-12-17T22:57:40.706056033Z 48 PC: 12bee | Get DOS version
2018-12-17T22:57:40.710603852Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-17T22:57:40.71323054Z 101 PC: 12c74 | Get extended country info
2018-12-17T22:57:40.71517191Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-17T22:57:40.716705463Z 74 PC: 12cdc | Reallocate memory
2018-12-17T22:57:40.71834772Z 72 PC: 1355d | Allocate memory
2018-12-17T22:57:40.720112748Z 25 PC: 13596 | Get default drive
2018-12-17T22:57:40.721782116Z 71 PC: 135ad | Get current directory
2018-12-17T22:57:40.724992862Z 59 PC: 135ba | Change current directory
2018-12-17T22:57:40.732507338Z 59 PC: 135c8 | Change current directory
2018-12-17T22:57:40.739481057Z 59 PC: 135d3 | Change current directory
2018-12-17T22:57:40.743904312Z 25 PC: 12d13 | Get default drive
2018-12-17T22:57:40.745132891Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:57:40.746817759Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:57:40.747885355Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:40.751141096Z 80 PC: 1301d | Set current PSP
2018-12-17T22:57:40.753346532Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T22:57:40.75510098Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:57:40.756644802Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:57:40.759135644Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-17T22:57:40.761363533Z 72 PC: 130ec | Allocate memory
2018-12-17T22:57:40.763582484Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-17T22:57:40.770898407Z 62 PC: 131ba | Close file
2018-12-17T22:57:40.773369221Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-17T22:57:40.774838223Z 74 PC: 1197c | Reallocate memory
2018-12-17T22:57:40.777709771Z 72 PC: 11991 | Allocate memory
2018-12-17T22:57:40.779704561Z 73 PC: 119b2 | Release memory
2018-12-17T22:57:40.781425445Z 72 PC: 119bd | Allocate memory
2018-12-17T22:57:40.784314657Z 73 PC: 119df | Release memory
2018-12-17T22:57:40.786398474Z 72 PC: 119f5 | Allocate memory
2018-12-17T22:57:40.78853999Z 72 PC: 119fd | Allocate memory