Sample viewer

vx.netlux.org/Virus.DOS.Steppen.428

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:00:02.693131413Z 26 PC: 12a84 | Set disk transfer address
2018-12-17T23:00:02.694874529Z 71 PC: 12a8e | Get current directory
2018-12-17T23:00:02.699208413Z 53 PC: 12a98 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:02.700980914Z 37 PC: 12aa8 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:02.702650883Z 78 PC: 12ab5 | Find first file
2018-12-17T23:00:02.710820726Z 61 PC: 12bd2 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:00:02.723759972Z 63 PC: 12ac7 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:00:02.731245319Z 62 PC: 12acb | Close file
2018-12-17T23:00:02.735484525Z 67 PC: 12bdd | Get or set file attributes
2018-12-17T23:00:02.755094237Z 61 PC: 12bd2 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:00:02.762920094Z 64 PC: 12b5a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:00:02.766550166Z 66 PC: 12b62 | Move file pointer
2018-12-17T23:00:02.769911213Z 44 PC: 12b66 | Get time 0x12b66: or dx, dx
0x12b68: je 0x12b62
0x12b6a: mov word ptr [bp + 0x110], dx
0x12b6e: lea di, word ptr [bp + 0x2b0]
0x12b72: mov ax, 0x5355
0x12b75: stosw word ptr es:[di], ax
0x12b76: lea si, word ptr [bp + 0x104]
0x12b7a: mov cx, 0x15
0x12b7d: push si
0x12b7e: push cx
0x12b7f: rep movsb byte ptr es:[di], byte ptr [si]
0x12b81: xor byte ptr [bp + 0x10e], 0x28
0x12b86: lea si, word ptr [bp + 0x29e]
0x12b8a: mov cx, 0xf
0x12b8d: rep movsb byte ptr es:[di], byte ptr [si]
0x12b8f: pop cx
0x12b90: pop si
0x12b91: pop dx
0x12b92: push di
0x12b93: push si
2018-12-17T23:00:02.773218368Z 64 PC: 12c14 | Write file or device (Write 428 bytes on handle 5)
2018-12-17T23:00:02.782882559Z 87 PC: 12bba | Get or set file date and time
2018-12-17T23:00:02.785944634Z 62 PC: 12bbe | Close file
2018-12-17T23:00:02.794915783Z 67 PC: 12bdd | Get or set file attributes
2018-12-17T23:00:02.806308793Z 79 PC: 12ab5 | Find next file
2018-12-17T23:00:02.811299873Z 61 PC: 12bd2 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:00:02.818592177Z 63 PC: 12ac7 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:00:02.825611979Z 62 PC: 12acb | Close file
2018-12-17T23:00:02.828808305Z 79 PC: 12ab5 | Find next file
2018-12-17T23:00:02.832187385Z 61 PC: 12bd2 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:00:02.84019811Z 63 PC: 12ac7 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:00:02.847451741Z 62 PC: 12acb | Close file
2018-12-17T23:00:02.850369965Z 67 PC: 12bdd | Get or set file attributes
2018-12-17T23:00:02.861945999Z 61 PC: 12bd2 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:00:02.869775794Z 64 PC: 12b5a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:00:02.874247437Z 66 PC: 12b62 | Move file pointer
2018-12-17T23:00:02.876035046Z 44 PC: 12b66 | Get time 0x12b66: or dx, dx
0x12b68: je 0x12b62
0x12b6a: mov word ptr [bp + 0x110], dx
0x12b6e: lea di, word ptr [bp + 0x2b0]
0x12b72: mov ax, 0x5355
0x12b75: stosw word ptr es:[di], ax
0x12b76: lea si, word ptr [bp + 0x104]
0x12b7a: mov cx, 0x15
0x12b7d: push si
0x12b7e: push cx
0x12b7f: rep movsb byte ptr es:[di], byte ptr [si]
0x12b81: xor byte ptr [bp + 0x10e], 0x28
0x12b86: lea si, word ptr [bp + 0x29e]
0x12b8a: mov cx, 0xf
0x12b8d: rep movsb byte ptr es:[di], byte ptr [si]
0x12b8f: pop cx
0x12b90: pop si
0x12b91: pop dx
0x12b92: push di
0x12b93: push si
2018-12-17T23:00:02.87976743Z 64 PC: 12c14 | Write file or device (Write 428 bytes on handle 5)
2018-12-17T23:00:02.890460676Z 87 PC: 12bba | Get or set file date and time
2018-12-17T23:00:02.892332233Z 62 PC: 12bbe | Close file
2018-12-17T23:00:02.90131326Z 67 PC: 12bdd | Get or set file attributes
2018-12-17T23:00:02.913186654Z 79 PC: 12ab5 | Find next file
2018-12-17T23:00:02.934227905Z 61 PC: 12bd2 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:00:02.942400444Z 63 PC: 12ac7 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:00:02.950537816Z 62 PC: 12acb | Close file
2018-12-17T23:00:02.953102946Z 79 PC: 12ab5 | Find next file
2018-12-17T23:00:02.956359326Z 61 PC: 12bd2 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:00:02.964033207Z 63 PC: 12ac7 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:00:02.971775918Z 62 PC: 12acb | Close file
2018-12-17T23:00:02.974089686Z 79 PC: 12ab5 | Find next file
2018-12-17T23:00:02.977290691Z 61 PC: 12bd2 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:00:02.98515987Z 63 PC: 12ac7 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:00:02.992380719Z 62 PC: 12acb | Close file
2018-12-17T23:00:02.994783545Z 67 PC: 12bdd | Get or set file attributes
2018-12-17T23:00:03.006888743Z 61 PC: 12bd2 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:00:03.014481111Z 64 PC: 12b5a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:00:03.017826998Z 66 PC: 12b62 | Move file pointer
2018-12-17T23:00:03.02053094Z 44 PC: 12b66 | Get time 0x12b66: or dx, dx
0x12b68: je 0x12b62
0x12b6a: mov word ptr [bp + 0x110], dx
0x12b6e: lea di, word ptr [bp + 0x2b0]
0x12b72: mov ax, 0x5355
0x12b75: stosw word ptr es:[di], ax
0x12b76: lea si, word ptr [bp + 0x104]
0x12b7a: mov cx, 0x15
0x12b7d: push si
0x12b7e: push cx
0x12b7f: rep movsb byte ptr es:[di], byte ptr [si]
0x12b81: xor byte ptr [bp + 0x10e], 0x28
0x12b86: lea si, word ptr [bp + 0x29e]
0x12b8a: mov cx, 0xf
0x12b8d: rep movsb byte ptr es:[di], byte ptr [si]
0x12b8f: pop cx
0x12b90: pop si
0x12b91: pop dx
0x12b92: push di
0x12b93: push si
2018-12-17T23:00:03.02359094Z 64 PC: 12c14 | Write file or device (Write 428 bytes on handle 5)
2018-12-17T23:00:03.033085493Z 87 PC: 12bba | Get or set file date and time
2018-12-17T23:00:03.036054382Z 62 PC: 12bbe | Close file
2018-12-17T23:00:03.045288556Z 67 PC: 12bdd | Get or set file attributes
2018-12-17T23:00:03.056334824Z 79 PC: 12ab5 | Find next file
2018-12-17T23:00:03.060432946Z 61 PC: 12bd2 | Open file (Filename = 'PAH.COM')
2018-12-17T23:00:03.068371795Z 63 PC: 12ac7 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:00:03.076193494Z 62 PC: 12acb | Close file
2018-12-17T23:00:03.079614162Z 79 PC: 12ab5 | Find next file
2018-12-17T23:00:03.083039429Z 61 PC: 12bd2 | Open file (Filename = 'TEST.COM')
2018-12-17T23:00:03.090642287Z 63 PC: 12ac7 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:00:03.097922067Z 62 PC: 12acb | Close file
2018-12-17T23:00:03.101493689Z 67 PC: 12bdd | Get or set file attributes
2018-12-17T23:00:03.112692324Z 61 PC: 12bd2 | Open file (Filename = 'TEST.COM')
2018-12-17T23:00:03.122186887Z 64 PC: 12b5a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:00:03.126175603Z 66 PC: 12b62 | Move file pointer
2018-12-17T23:00:03.128304303Z 44 PC: 12b66 | Get time 0x12b66: or dx, dx
0x12b68: je 0x12b62
0x12b6a: mov word ptr [bp + 0x110], dx
0x12b6e: lea di, word ptr [bp + 0x2b0]
0x12b72: mov ax, 0x5355
0x12b75: stosw word ptr es:[di], ax
0x12b76: lea si, word ptr [bp + 0x104]
0x12b7a: mov cx, 0x15
0x12b7d: push si
0x12b7e: push cx
0x12b7f: rep movsb byte ptr es:[di], byte ptr [si]
0x12b81: xor byte ptr [bp + 0x10e], 0x28
0x12b86: lea si, word ptr [bp + 0x29e]
0x12b8a: mov cx, 0xf
0x12b8d: rep movsb byte ptr es:[di], byte ptr [si]
0x12b8f: pop cx
0x12b90: pop si
0x12b91: pop dx
0x12b92: push di
0x12b93: push si
2018-12-17T23:00:03.13123985Z 64 PC: 12c14 | Write file or device (Write 428 bytes on handle 5)
2018-12-17T23:00:03.141844098Z 87 PC: 12bba | Get or set file date and time
2018-12-17T23:00:03.14371288Z 62 PC: 12bbe | Close file
2018-12-17T23:00:03.15246134Z 67 PC: 12bdd | Get or set file attributes
2018-12-17T23:00:03.164411638Z 79 PC: 12ab5 | Find next file
2018-12-17T23:00:03.167467361Z 37 PC: 12b08 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:03.169176252Z 59 PC: 12b12 | Change current directory
2018-12-17T23:00:03.177021926Z 26 PC: 12b19 | Set disk transfer address