Sample viewer

vx.netlux.org/Virus.DOS.Alabama

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:01:50.648588404Z	74	PC: 12c17 \| Reallocate memory
2018-12-17T22:01:50.65071182Z	44	PC: 12c43 \| Get time 0x12c43: mov byte ptr es:[5], ch 0x12c48: pop word ptr es:[0x518] 0x12c4d: pop word ptr es:[0x51a] 0x12c52: xor bx, bx 0x12c54: mov ds, bx 0x12c56: mov word ptr [bx + 0x84], 0x51c 0x12c5c: mov word ptr [bx + 0x86], es 0x12c60: call 0x12cf1 0x12c63: pop bp 0x12c64: pop si 0x12c65: pop di 0x12c66: pop es 0x12c67: pop ds 0x12c68: pop dx 0x12c69: pop cx 0x12c6a: pop bx 0x12c6b: pop ax 0x12c6c: push cs 0x12c6d: pop ax 0x12c6e: sub ax, 9
2018-12-17T22:01:50.652889119Z	44	PC: 98884 \| Get time 0x98884: cmp ch, byte ptr cs:[5] 0x98889: je 0x98902 0x9888b: cmp word ptr cs:[3], 0x2a3 0x98892: jbe 0x98902 0x98894: mov ax, 3 0x98897: int 0x10 0x98899: call 0x98907 0x9889c: mov ax, 0xb800 0x9889f: call 0x988aa 0x988a2: mov ax, 0xb000 0x988a5: call 0x988aa 0x988a8: cli 0x988a9: hlt 0x988aa: mov es, ax 0x988ac: xor di, di 0x988ae: mov ax, 0x8cc9 0x988b1: stosw word ptr es:[di], ax 0x988b2: mov al, 0xcd 0x988b4: mov cx, 0x4e 0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:01:50.65494227Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')
2018-12-17T22:01:50.658146543Z	44	PC: 98884 \| Get time 0x98884: cmp ch, byte ptr cs:[5] 0x98889: je 0x98902 0x9888b: cmp word ptr cs:[3], 0x2a3 0x98892: jbe 0x98902 0x98894: mov ax, 3 0x98897: int 0x10 0x98899: call 0x98907 0x9889c: mov ax, 0xb800 0x9889f: call 0x988aa 0x988a2: mov ax, 0xb000 0x988a5: call 0x988aa 0x988a8: cli 0x988a9: hlt 0x988aa: mov es, ax 0x988ac: xor di, di 0x988ae: mov ax, 0x8cc9 0x988b1: stosw word ptr es:[di], ax 0x988b2: mov al, 0xcd 0x988b4: mov cx, 0x4e 0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:01:50.660521396Z	77	PC: 11fe0 \| Get program return code
2018-12-17T22:01:50.661592985Z	44	PC: 98884 \| Get time 0x98884: cmp ch, byte ptr cs:[5] 0x98889: je 0x98902 0x9888b: cmp word ptr cs:[3], 0x2a3 0x98892: jbe 0x98902 0x98894: mov ax, 3 0x98897: int 0x10 0x98899: call 0x98907 0x9889c: mov ax, 0xb800 0x9889f: call 0x988aa 0x988a2: mov ax, 0xb000 0x988a5: call 0x988aa 0x988a8: cli 0x988a9: hlt 0x988aa: mov es, ax 0x988ac: xor di, di 0x988ae: mov ax, 0x8cc9 0x988b1: stosw word ptr es:[di], ax 0x988b2: mov al, 0xcd 0x988b4: mov cx, 0x4e 0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:01:50.663488217Z	72	PC: 12174 \| Allocate memory
2018-12-17T22:01:50.666168523Z	44	PC: 98884 \| Get time 0x98884: cmp ch, byte ptr cs:[5] 0x98889: je 0x98902 0x9888b: cmp word ptr cs:[3], 0x2a3 0x98892: jbe 0x98902 0x98894: mov ax, 3 0x98897: int 0x10 0x98899: call 0x98907 0x9889c: mov ax, 0xb800 0x9889f: call 0x988aa 0x988a2: mov ax, 0xb000 0x988a5: call 0x988aa 0x988a8: cli 0x988a9: hlt 0x988aa: mov es, ax 0x988ac: xor di, di 0x988ae: mov ax, 0x8cc9 0x988b1: stosw word ptr es:[di], ax 0x988b2: mov al, 0xcd 0x988b4: mov cx, 0x4e 0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:01:50.668174496Z	72	PC: 1218d \| Allocate memory
2018-12-17T22:01:50.669639712Z	44	PC: 98884 \| Get time 0x98884: cmp ch, byte ptr cs:[5] 0x98889: je 0x98902 0x9888b: cmp word ptr cs:[3], 0x2a3 0x98892: jbe 0x98902 0x98894: mov ax, 3 0x98897: int 0x10 0x98899: call 0x98907 0x9889c: mov ax, 0xb800 0x9889f: call 0x988aa 0x988a2: mov ax, 0xb000 0x988a5: call 0x988aa 0x988a8: cli 0x988a9: hlt 0x988aa: mov es, ax 0x988ac: xor di, di 0x988ae: mov ax, 0x8cc9 0x988b1: stosw word ptr es:[di], ax 0x988b2: mov al, 0xcd 0x988b4: mov cx, 0x4e 0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:01:50.672707784Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:01:50.673994905Z	44	PC: 98884 \| Get time 0x98884: cmp ch, byte ptr cs:[5] 0x98889: je 0x98902 0x9888b: cmp word ptr cs:[3], 0x2a3 0x98892: jbe 0x98902 0x98894: mov ax, 3 0x98897: int 0x10 0x98899: call 0x98907 0x9889c: mov ax, 0xb800 0x9889f: call 0x988aa 0x988a2: mov ax, 0xb000 0x988a5: call 0x988aa 0x988a8: cli 0x988a9: hlt 0x988aa: mov es, ax 0x988ac: xor di, di 0x988ae: mov ax, 0x8cc9 0x988b1: stosw word ptr es:[di], ax 0x988b2: mov al, 0xcd 0x988b4: mov cx, 0x4e 0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:01:50.675940822Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:01:50.677356345Z	44	PC: 98884 \| Get time 0x98884: cmp ch, byte ptr cs:[5] 0x98889: je 0x98902 0x9888b: cmp word ptr cs:[3], 0x2a3 0x98892: jbe 0x98902 0x98894: mov ax, 3 0x98897: int 0x10 0x98899: call 0x98907 0x9889c: mov ax, 0xb800 0x9889f: call 0x988aa 0x988a2: mov ax, 0xb000 0x988a5: call 0x988aa 0x988a8: cli 0x988a9: hlt 0x988aa: mov es, ax 0x988ac: xor di, di 0x988ae: mov ax, 0x8cc9 0x988b1: stosw word ptr es:[di], ax 0x988b2: mov al, 0xcd 0x988b4: mov cx, 0x4e 0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:01:50.679538141Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:01:50.680992662Z	44	PC: 98884 \| Get time 0x98884: cmp ch, byte ptr cs:[5] 0x98889: je 0x98902 0x9888b: cmp word ptr cs:[3], 0x2a3 0x98892: jbe 0x98902 0x98894: mov ax, 3 0x98897: int 0x10 0x98899: call 0x98907 0x9889c: mov ax, 0xb800 0x9889f: call 0x988aa 0x988a2: mov ax, 0xb000 0x988a5: call 0x988aa 0x988a8: cli 0x988a9: hlt 0x988aa: mov es, ax 0x988ac: xor di, di 0x988ae: mov ax, 0x8cc9 0x988b1: stosw word ptr es:[di], ax 0x988b2: mov al, 0xcd 0x988b4: mov cx, 0x4e 0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:01:50.684092276Z	62	PC: 122ab \| Close file
2018-12-17T22:01:50.685858534Z	44	PC: 98884 \| Get time 0x98884: cmp ch, byte ptr cs:[5] 0x98889: je 0x98902 0x9888b: cmp word ptr cs:[3], 0x2a3 0x98892: jbe 0x98902 0x98894: mov ax, 3 0x98897: int 0x10 0x98899: call 0x98907 0x9889c: mov ax, 0xb800 0x9889f: call 0x988aa 0x988a2: mov ax, 0xb000 0x988a5: call 0x988aa 0x988a8: cli 0x988a9: hlt 0x988aa: mov es, ax 0x988ac: xor di, di 0x988ae: mov ax, 0x8cc9 0x988b1: stosw word ptr es:[di], ax 0x988b2: mov al, 0xcd 0x988b4: mov cx, 0x4e 0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:01:50.68817912Z	62	PC: 122ab \| Close file
2018-12-17T22:01:50.690431752Z	44	PC: 98884 \| Get time 0x98884: cmp ch, byte ptr cs:[5] 0x98889: je 0x98902 0x9888b: cmp word ptr cs:[3], 0x2a3 0x98892: jbe 0x98902 0x98894: mov ax, 3 0x98897: int 0x10 0x98899: call 0x98907 0x9889c: mov ax, 0xb800 0x9889f: call 0x988aa 0x988a2: mov ax, 0xb000 0x988a5: call 0x988aa 0x988a8: cli 0x988a9: hlt 0x988aa: mov es, ax 0x988ac: xor di, di 0x988ae: mov ax, 0x8cc9 0x988b1: stosw word ptr es:[di], ax 0x988b2: mov al, 0xcd 0x988b4: mov cx, 0x4e 0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:01:50.692506539Z	62	PC: 122ab \| Close file
2018-12-17T22:01:50.693970366Z	44	PC: 98884 \| Get time 0x98884: cmp ch, byte ptr cs:[5] 0x98889: je 0x98902 0x9888b: cmp word ptr cs:[3], 0x2a3 0x98892: jbe 0x98902 0x98894: mov ax, 3 0x98897: int 0x10 0x98899: call 0x98907 0x9889c: mov ax, 0xb800 0x9889f: call 0x988aa 0x988a2: mov ax, 0xb000 0x988a5: call 0x988aa 0x988a8: cli 0x988a9: hlt 0x988aa: mov es, ax 0x988ac: xor di, di 0x988ae: mov ax, 0x8cc9 0x988b1: stosw word ptr es:[di], ax 0x988b2: mov al, 0xcd 0x988b4: mov cx, 0x4e 0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:01:50.69693643Z	62	PC: 122ab \| Close file
2018-12-17T22:01:50.698380164Z	44	PC: 98884 \| Get time 0x98884: cmp ch, byte ptr cs:[5] 0x98889: je 0x98902 0x9888b: cmp word ptr cs:[3], 0x2a3 0x98892: jbe 0x98902 0x98894: mov ax, 3 0x98897: int 0x10 0x98899: call 0x98907 0x9889c: mov ax, 0xb800 0x9889f: call 0x988aa 0x988a2: mov ax, 0xb000 0x988a5: call 0x988aa 0x988a8: cli 0x988a9: hlt 0x988aa: mov es, ax 0x988ac: xor di, di 0x988ae: mov ax, 0x8cc9 0x988b1: stosw word ptr es:[di], ax 0x988b2: mov al, 0xcd 0x988b4: mov cx, 0x4e 0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:01:50.700367656Z	62	PC: 122ab \| Close file
2018-12-17T22:01:50.703043058Z	44	PC: 98884 \| Get time 0x98884: cmp ch, byte ptr cs:[5] 0x98889: je 0x98902 0x9888b: cmp word ptr cs:[3], 0x2a3 0x98892: jbe 0x98902 0x98894: mov ax, 3 0x98897: int 0x10 0x98899: call 0x98907 0x9889c: mov ax, 0xb800 0x9889f: call 0x988aa 0x988a2: mov ax, 0xb000 0x988a5: call 0x988aa 0x988a8: cli 0x988a9: hlt 0x988aa: mov es, ax 0x988ac: xor di, di 0x988ae: mov ax, 0x8cc9 0x988b1: stosw word ptr es:[di], ax 0x988b2: mov al, 0xcd 0x988b4: mov cx, 0x4e 0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:01:50.704962299Z	62	PC: 122ab \| Close file
2018-12-17T22:01:50.706279767Z	44	PC: 98884 \| Get time 0x98884: cmp ch, byte ptr cs:[5] 0x98889: je 0x98902 0x9888b: cmp word ptr cs:[3], 0x2a3 0x98892: jbe 0x98902 0x98894: mov ax, 3 0x98897: int 0x10 0x98899: call 0x98907 0x9889c: mov ax, 0xb800 0x9889f: call 0x988aa 0x988a2: mov ax, 0xb000 0x988a5: call 0x988aa 0x988a8: cli 0x988a9: hlt 0x988aa: mov es, ax 0x988ac: xor di, di 0x988ae: mov ax, 0x8cc9 0x988b1: stosw word ptr es:[di], ax 0x988b2: mov al, 0xcd 0x988b4: mov cx, 0x4e 0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:01:50.708738994Z	62	PC: 122ab \| Close file
2018-12-17T22:01:50.710162141Z	44	PC: 98884 \| Get time 0x98884: cmp ch, byte ptr cs:[5] 0x98889: je 0x98902 0x9888b: cmp word ptr cs:[3], 0x2a3 0x98892: jbe 0x98902 0x98894: mov ax, 3 0x98897: int 0x10 0x98899: call 0x98907 0x9889c: mov ax, 0xb800 0x9889f: call 0x988aa 0x988a2: mov ax, 0xb000 0x988a5: call 0x988aa 0x988a8: cli 0x988a9: hlt 0x988aa: mov es, ax 0x988ac: xor di, di 0x988ae: mov ax, 0x8cc9 0x988b1: stosw word ptr es:[di], ax 0x988b2: mov al, 0xcd 0x988b4: mov cx, 0x4e 0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:01:50.712026831Z	62	PC: 122ab \| Close file
2018-12-17T22:01:50.713624468Z	44	PC: 98884 \| Get time 0x98884: cmp ch, byte ptr cs:[5] 0x98889: je 0x98902 0x9888b: cmp word ptr cs:[3], 0x2a3 0x98892: jbe 0x98902 0x98894: mov ax, 3 0x98897: int 0x10 0x98899: call 0x98907 0x9889c: mov ax, 0xb800 0x9889f: call 0x988aa 0x988a2: mov ax, 0xb000 0x988a5: call 0x988aa 0x988a8: cli 0x988a9: hlt 0x988aa: mov es, ax 0x988ac: xor di, di 0x988ae: mov ax, 0x8cc9 0x988b1: stosw word ptr es:[di], ax 0x988b2: mov al, 0xcd 0x988b4: mov cx, 0x4e 0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:01:50.715862569Z	62	PC: 122ab \| Close file
2018-12-17T22:01:50.717839994Z	44	PC: 98884 \| Get time 0x98884: cmp ch, byte ptr cs:[5] 0x98889: je 0x98902 0x9888b: cmp word ptr cs:[3], 0x2a3 0x98892: jbe 0x98902 0x98894: mov ax, 3 0x98897: int 0x10 0x98899: call 0x98907 0x9889c: mov ax, 0xb800 0x9889f: call 0x988aa 0x988a2: mov ax, 0xb000 0x988a5: call 0x988aa 0x988a8: cli 0x988a9: hlt 0x988aa: mov es, ax 0x988ac: xor di, di 0x988ae: mov ax, 0x8cc9 0x988b1: stosw word ptr es:[di], ax 0x988b2: mov al, 0xcd 0x988b4: mov cx, 0x4e 0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:01:50.720161118Z	62	PC: 122ab \| Close file
2018-12-17T22:01:50.722483855Z	44	PC: 98884 \| Get time 0x98884: cmp ch, byte ptr cs:[5] 0x98889: je 0x98902 0x9888b: cmp word ptr cs:[3], 0x2a3 0x98892: jbe 0x98902 0x98894: mov ax, 3 0x98897: int 0x10 0x98899: call 0x98907 0x9889c: mov ax, 0xb800 0x9889f: call 0x988aa 0x988a2: mov ax, 0xb000 0x988a5: call 0x988aa 0x988a8: cli 0x988a9: hlt 0x988aa: mov es, ax 0x988ac: xor di, di 0x988ae: mov ax, 0x8cc9 0x988b1: stosw word ptr es:[di], ax 0x988b2: mov al, 0xcd 0x988b4: mov cx, 0x4e 0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:01:50.726360122Z	62	PC: 122ab \| Close file
2018-12-17T22:01:50.729835767Z	44	PC: 98884 \| Get time 0x98884: cmp ch, byte ptr cs:[5] 0x98889: je 0x98902 0x9888b: cmp word ptr cs:[3], 0x2a3 0x98892: jbe 0x98902 0x98894: mov ax, 3 0x98897: int 0x10 0x98899: call 0x98907 0x9889c: mov ax, 0xb800 0x9889f: call 0x988aa 0x988a2: mov ax, 0xb000 0x988a5: call 0x988aa 0x988a8: cli 0x988a9: hlt 0x988aa: mov es, ax 0x988ac: xor di, di 0x988ae: mov ax, 0x8cc9 0x988b1: stosw word ptr es:[di], ax 0x988b2: mov al, 0xcd 0x988b4: mov cx, 0x4e 0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:01:50.734036236Z	62	PC: 122ab \| Close file
2018-12-17T22:01:50.736183015Z	44	PC: 98884 \| Get time 0x98884: cmp ch, byte ptr cs:[5] 0x98889: je 0x98902 0x9888b: cmp word ptr cs:[3], 0x2a3 0x98892: jbe 0x98902 0x98894: mov ax, 3 0x98897: int 0x10 0x98899: call 0x98907 0x9889c: mov ax, 0xb800 0x9889f: call 0x988aa 0x988a2: mov ax, 0xb000 0x988a5: call 0x988aa 0x988a8: cli 0x988a9: hlt 0x988aa: mov es, ax 0x988ac: xor di, di 0x988ae: mov ax, 0x8cc9 0x988b1: stosw word ptr es:[di], ax 0x988b2: mov al, 0xcd 0x988b4: mov cx, 0x4e 0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:01:50.738695334Z	62	PC: 122ab \| Close file
2018-12-17T22:01:50.740744119Z	44	PC: 98884 \| Get time 0x98884: cmp ch, byte ptr cs:[5] 0x98889: je 0x98902 0x9888b: cmp word ptr cs:[3], 0x2a3 0x98892: jbe 0x98902 0x98894: mov ax, 3 0x98897: int 0x10 0x98899: call 0x98907 0x9889c: mov ax, 0xb800 0x9889f: call 0x988aa 0x988a2: mov ax, 0xb000 0x988a5: call 0x988aa 0x988a8: cli 0x988a9: hlt 0x988aa: mov es, ax 0x988ac: xor di, di 0x988ae: mov ax, 0x8cc9 0x988b1: stosw word ptr es:[di], ax 0x988b2: mov al, 0xcd 0x988b4: mov cx, 0x4e 0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:01:50.743117025Z	62	PC: 122ab \| Close file
2018-12-17T22:01:50.744983984Z	44	PC: 98884 \| Get time 0x98884: cmp ch, byte ptr cs:[5] 0x98889: je 0x98902 0x9888b: cmp word ptr cs:[3], 0x2a3 0x98892: jbe 0x98902 0x98894: mov ax, 3 0x98897: int 0x10 0x98899: call 0x98907 0x9889c: mov ax, 0xb800 0x9889f: call 0x988aa 0x988a2: mov ax, 0xb000 0x988a5: call 0x988aa 0x988a8: cli 0x988a9: hlt 0x988aa: mov es, ax 0x988ac: xor di, di 0x988ae: mov ax, 0x8cc9 0x988b1: stosw word ptr es:[di], ax 0x988b2: mov al, 0xcd 0x988b4: mov cx, 0x4e 0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:01:50.74807802Z	62	PC: 122ab \| Close file
2018-12-17T22:01:50.750844151Z	44	PC: 98884 \| Get time 0x98884: cmp ch, byte ptr cs:[5] 0x98889: je 0x98902 0x9888b: cmp word ptr cs:[3], 0x2a3 0x98892: jbe 0x98902 0x98894: mov ax, 3 0x98897: int 0x10 0x98899: call 0x98907 0x9889c: mov ax, 0xb800 0x9889f: call 0x988aa 0x988a2: mov ax, 0xb000 0x988a5: call 0x988aa 0x988a8: cli 0x988a9: hlt 0x988aa: mov es, ax 0x988ac: xor di, di 0x988ae: mov ax, 0x8cc9 0x988b1: stosw word ptr es:[di], ax 0x988b2: mov al, 0xcd 0x988b4: mov cx, 0x4e 0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:01:50.75298782Z	17	PC: 9869d \| Find first file
2018-12-17T22:01:50.759008611Z	61	PC: 12354 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:01:50.764938138Z	44	PC: 98884 \| Get time 0x98884: cmp ch, byte ptr cs:[5] 0x98889: je 0x98902 0x9888b: cmp word ptr cs:[3], 0x2a3 0x98892: jbe 0x98902 0x98894: mov ax, 3 0x98897: int 0x10 0x98899: call 0x98907 0x9889c: mov ax, 0xb800 0x9889f: call 0x988aa 0x988a2: mov ax, 0xb000 0x988a5: call 0x988aa 0x988a8: cli 0x988a9: hlt 0x988aa: mov es, ax 0x988ac: xor di, di 0x988ae: mov ax, 0x8cc9 0x988b1: stosw word ptr es:[di], ax 0x988b2: mov al, 0xcd 0x988b4: mov cx, 0x4e 0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:01:50.767019189Z	66	PC: 12372 \| Move file pointer
2018-12-17T22:01:50.768968858Z	44	PC: 98884 \| Get time 0x98884: cmp ch, byte ptr cs:[5] 0x98889: je 0x98902 0x9888b: cmp word ptr cs:[3], 0x2a3 0x98892: jbe 0x98902 0x98894: mov ax, 3 0x98897: int 0x10 0x98899: call 0x98907 0x9889c: mov ax, 0xb800 0x9889f: call 0x988aa 0x988a2: mov ax, 0xb000 0x988a5: call 0x988aa 0x988a8: cli 0x988a9: hlt 0x988aa: mov es, ax 0x988ac: xor di, di 0x988ae: mov ax, 0x8cc9 0x988b1: stosw word ptr es:[di], ax 0x988b2: mov al, 0xcd 0x988b4: mov cx, 0x4e 0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:01:50.770954112Z	63	PC: 12383 \| Read file or device (Read 44693 bytes on handle 5)