Sample viewer

vx.netlux.org/Virus.DOS.Jabb.1000

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:58:13.823027903Z 75 PC: 12a40 | Execute program
2018-12-17T22:58:16.02639243Z 72 PC: 8f1b9 | Allocate memory
2018-12-17T22:58:16.028114526Z 72 PC: 8f1bd | Allocate memory
2018-12-17T22:58:16.030792838Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-17T22:58:16.034168196Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-17T22:58:16.044620566Z 66 PC: 91f95 | Move file pointer
2018-12-17T22:58:16.046325066Z 62 PC: 91fc1 | Close file
2018-12-17T22:58:16.04970876Z 75 PC: 91fe0 | Execute program
2018-12-17T22:58:16.065603019Z 98 PC: 916f1 | Get current PSP
2018-12-17T22:58:16.066808845Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-17T22:58:16.071313934Z 48 PC: c609 | Get DOS version
2018-12-17T22:58:16.07444168Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-17T22:58:16.076730147Z 2 PC: c38c | Character output (Char = '32')
2018-12-17T22:58:16.07897997Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-17T22:58:16.082727459Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-17T22:58:16.086300542Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-17T22:58:16.091800345Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\SMARTDRV.EXE')
2018-12-17T22:58:16.10330697Z 66 PC: 91f95 | Move file pointer
2018-12-17T22:58:16.104658589Z 62 PC: 91fc1 | Close file
2018-12-17T22:58:16.106637332Z 75 PC: 91fe0 | Execute program
2018-12-17T22:58:16.129593019Z 98 PC: 916f1 | Get current PSP
2018-12-17T22:58:16.133238358Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:58:16.134513719Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:58:16.136673763Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:58:16.137638285Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:58:16.138638074Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:58:16.140460937Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-17T22:58:16.147764437Z 62 PC: 8f8eb | Close file
2018-12-17T22:58:16.149353275Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.15254311Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.153979192Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.155338275Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.157644214Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.160610401Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.162009246Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.165042638Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.166347898Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.167529164Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.16967268Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.171368664Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.173540425Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.176263868Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.178033994Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.179753656Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.181708223Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.184412064Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.186189038Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.18841911Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.191154793Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.19293223Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.194678618Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.196966729Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.198660863Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.200429948Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.203065833Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.204827524Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.206502894Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.209075777Z 62 PC: 8f8f2 | Close file
2018-12-17T22:58:16.210759165Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-17T22:58:16.215732905Z 62 PC: 8f90e | Close file
2018-12-17T22:58:16.218704196Z 69 PC: 8f915 | Duplicate handle
2018-12-17T22:58:16.220547898Z 69 PC: 8f919 | Duplicate handle
2018-12-17T22:58:16.222346932Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T22:58:16.22753456Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T22:58:16.228792121Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T22:58:16.233352341Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T22:58:16.24179121Z 74 PC: 8f9c4 | Reallocate memory
2018-12-17T22:58:16.243100638Z 72 PC: 8f9e0 | Allocate memory
2018-12-17T22:58:16.244677698Z 72 PC: 8f9e4 | Allocate memory
2018-12-17T22:58:16.247180722Z 74 PC: 8f9fb | Reallocate memory
2018-12-17T22:58:16.248467017Z 72 PC: 8fa02 | Allocate memory
2018-12-17T22:58:16.25010021Z 72 PC: 8fa06 | Allocate memory
2018-12-17T22:58:16.252108626Z 73 PC: 8fa11 | Release memory
2018-12-17T22:58:16.254858916Z 73 PC: 8efea | Release memory
2018-12-17T22:58:16.256324151Z 74 PC: 8f003 | Reallocate memory
2018-12-17T22:58:16.258251762Z 72 PC: 8f054 | Allocate memory
2018-12-17T22:58:16.261163631Z 72 PC: 8f058 | Allocate memory
2018-12-17T22:58:16.262616583Z 73 PC: 8f060 | Release memory
2018-12-17T22:58:16.269286082Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-17T22:58:16.278102085Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:58:16.283402277Z 66 PC: 8f0ad | Move file pointer
2018-12-17T22:58:16.285776619Z 62 PC: 8f0d1 | Close file
2018-12-17T22:58:16.287509969Z 75 PC: 8f0f2 | Execute program
2018-12-17T22:58:16.307688335Z 80 PC: 12be9 | Set current PSP
2018-12-17T22:58:16.308775449Z 48 PC: 12bee | Get DOS version
2018-12-17T22:58:16.310375117Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-17T22:58:16.312652725Z 101 PC: 12c74 | Get extended country info
2018-12-17T22:58:16.314289563Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-17T22:58:16.315530104Z 74 PC: 12cdc | Reallocate memory
2018-12-17T22:58:16.316868056Z 72 PC: 1355d | Allocate memory
2018-12-17T22:58:16.318836833Z 25 PC: 13596 | Get default drive
2018-12-17T22:58:16.319762163Z 71 PC: 135ad | Get current directory
2018-12-17T22:58:16.321875682Z 59 PC: 135ba | Change current directory
2018-12-17T22:58:16.328774094Z 59 PC: 135c8 | Change current directory
2018-12-17T22:58:16.334199094Z 59 PC: 135d3 | Change current directory
2018-12-17T22:58:16.337654153Z 25 PC: 12d13 | Get default drive
2018-12-17T22:58:16.339777775Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:58:16.340864284Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:16.342126534Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:16.344905512Z 80 PC: 1301d | Set current PSP
2018-12-17T22:58:16.34560861Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T22:58:16.346759263Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:58:16.348207768Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:58:16.349233464Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-17T22:58:16.350934656Z 72 PC: 130ec | Allocate memory
2018-12-17T22:58:16.352815844Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-17T22:58:16.358500719Z 62 PC: 131ba | Close file
2018-12-17T22:58:16.360286156Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-17T22:58:16.361667034Z 74 PC: 1197c | Reallocate memory
2018-12-17T22:58:16.362972201Z 72 PC: 11991 | Allocate memory
2018-12-17T22:58:16.364393376Z 73 PC: 119b2 | Release memory
2018-12-17T22:58:16.366024934Z 72 PC: 119bd | Allocate memory
2018-12-17T22:58:16.367481597Z 73 PC: 119df | Release memory
2018-12-17T22:58:16.36876194Z 72 PC: 119f5 | Allocate memory
2018-12-17T22:58:16.371544475Z 72 PC: 119fd | Allocate memory