Sample viewer

vx.netlux.org/Virus.DOS.T_Power.Sodo.5142

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:57:44.78364099Z	74	PC: 12b3b \| Reallocate memory
2018-12-17T22:57:44.786162646Z	53	PC: 131dd \| Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-17T22:57:44.789034525Z	53	PC: 131dd \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:44.790862895Z	74	PC: 12bcd \| Reallocate memory
2018-12-17T22:57:44.793082941Z	88	PC: 12bd5 \| case 0xGet or set allocation strateg:
2018-12-17T22:57:44.79444956Z	88	PC: 12bde \| case 0xGet or set allocation strateg:
2018-12-17T22:57:44.79562264Z	72	PC: 12be9 \| Allocate memory
2018-12-17T22:57:44.797178092Z	88	PC: 12c05 \| case 0xGet or set allocation strateg:
2018-12-17T22:57:44.79985177Z	42	PC: 12c26 \| Get date 0x12c26: test dh, 1 0x12c29: jne 0x12c3b 0x12c2b: nop 0x12c2c: nop 0x12c2d: nop 0x12c2e: test al, 1 0x12c30: je 0x12c3b 0x12c32: nop 0x12c33: nop 0x12c34: nop 0x12c35: or byte ptr [bp + 0x14c1], 0x80 0x12c3a: nop 0x12c3b: push cs 0x12c3c: pop ds 0x12c3d: pop ax 0x12c3e: push ax 0x12c3f: mov si, bp 0x12c41: mov es, ax 0x12c43: xor di, di 0x12c45: mov cx, 0x15b9
2018-12-17T22:57:44.801937356Z	53	PC: 131dd \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:57:44.803765038Z	37	PC: 131e2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:44.805158614Z	37	PC: 131e2 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:57:44.806357484Z	37	PC: 131e2 \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-17T22:57:44.807453638Z	37	PC: 131e2 \| Set interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-17T22:57:44.809003481Z	74	PC: 12c8e \| Reallocate memory
2018-12-17T22:57:44.810769319Z	88	PC: 12c9a \| case 0xGet or set allocation strateg:
2018-12-17T22:57:44.812236627Z	88	PC: 1427a \| case 0xGet or set allocation strateg:
2018-12-17T22:57:44.81807833Z	47	PC: 1429f \| Get disk transfer address
2018-12-17T22:57:44.819348188Z	26	PC: 142ae \| Set disk transfer address
2018-12-17T22:57:44.820217972Z	71	PC: 142b7 \| Get current directory
2018-12-17T22:57:44.824011686Z	53	PC: 149bd \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:44.82518157Z	37	PC: 147c2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:44.826287578Z	59	PC: 147c7 \| Change current directory
2018-12-17T22:57:44.830497075Z	67	PC: 147d0 \| Get or set file attributes
2018-12-17T22:57:45.1728186Z	61	PC: 1434b \| Open file (Filename = '')
2018-12-17T22:57:45.180236037Z	87	PC: 143c1 \| Get or set file date and time
2018-12-17T22:57:45.1884177Z	63	PC: 143d7 \| Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:57:45.191343933Z	66	PC: 147ab \| Move file pointer
2018-12-17T22:57:45.202884114Z	64	PC: 15496 \| Write file or device (Write 5142 bytes on handle 5)
2018-12-17T22:57:45.21599674Z	66	PC: 147ab \| Move file pointer
2018-12-17T22:57:45.217422882Z	64	PC: 147b8 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:57:45.220253326Z	87	PC: 14519 \| Get or set file date and time
2018-12-17T22:57:45.222673515Z	87	PC: 14524 \| Get or set file date and time
2018-12-17T22:57:45.22427863Z	62	PC: 1452c \| Close file
2018-12-17T22:57:45.232322804Z	78	PC: 14547 \| Find first file
2018-12-17T22:57:45.239255384Z	78	PC: 14547 \| Find first file
2018-12-17T22:57:45.244965456Z	78	PC: 14547 \| Find first file
2018-12-17T22:57:45.259545672Z	78	PC: 14547 \| Find first file
2018-12-17T22:57:45.265384103Z	78	PC: 14547 \| Find first file
2018-12-17T22:57:45.271265802Z	78	PC: 14547 \| Find first file
2018-12-17T22:57:45.277158803Z	78	PC: 14547 \| Find first file
2018-12-17T22:57:45.282772871Z	78	PC: 14547 \| Find first file
2018-12-17T22:57:45.288722602Z	78	PC: 14547 \| Find first file
2018-12-17T22:57:45.294440182Z	78	PC: 14547 \| Find first file
2018-12-17T22:57:45.300347032Z	59	PC: 147c7 \| Change current directory
2018-12-17T22:57:45.30440181Z	59	PC: 147c7 \| Change current directory
2018-12-17T22:57:45.306006393Z	37	PC: 147c2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:45.306985503Z	26	PC: 14586 \| Set disk transfer address
2018-12-17T22:57:45.308734853Z	61	PC: 149bd \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:57:45.314853932Z	62	PC: 149bd \| Close file
2018-12-17T22:57:45.316673965Z	0	PC: 12942 \| Program terminate