Sample viewer

vx.netlux.org/Virus.DOS.Barcelona

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:00:52.923424355Z	25	PC: 12d27 \| Get default drive
2018-12-17T23:00:52.925025423Z	44	PC: 12d33 \| Get time 0x12d33: mov ax, 0x3c 0x12d36: mul ch 0x12d38: mov ch, 0 0x12d3a: add ax, cx 0x12d3c: mov word ptr cs:[0x3d3], ax 0x12d40: mov bx, 0x80 0x12d43: mov ah, 0x4a 0x12d45: push cs 0x12d46: pop es 0x12d47: int 0x21 0x12d49: cld 0x12d4a: mov ax, 0 0x12d4d: mov ds, ax 0x12d4f: mov ax, word ptr [0x84] 0x12d52: mov word ptr cs:[0x10c], ax 0x12d56: mov ax, word ptr [0x86] 0x12d59: mov word ptr cs:[0x10e], ax 0x12d5d: cli 0x12d5e: mov word ptr [0x84], 0x49a 0x12d64: mov word ptr [0x86], cs
2018-12-17T23:00:52.927380188Z	74	PC: 12d49 \| Reallocate memory
2018-12-17T23:00:52.929062931Z	61	PC: 130ee \| Open file (Filename = 'A:\TEST.COM')
2018-12-17T23:00:52.936778599Z	66	PC: 130ff \| Move file pointer
2018-12-17T23:00:52.939098648Z	63	PC: 13111 \| Read file or device (Read 9 bytes on handle 5)
2018-12-17T23:00:52.942505691Z	62	PC: 1311a \| Close file
2018-12-17T23:00:52.945146994Z	44	PC: 12e57 \| Get time 0x12e57: mov ax, 0x3c 0x12e5a: mul ch 0x12e5c: mov ch, 0 0x12e5e: add ax, cx 0x12e60: mov bx, ax 0x12e62: sub ax, word ptr cs:[0x3d3] 0x12e67: cmp ax, 0x14 0x12e6a: jg 0x12e6f 0x12e6c: jmp 0x12f1b 0x12e6f: mov ah, 0xf 0x12e71: int 0x10 0x12e73: mov byte ptr cs:[0x16a], bh 0x12e78: mov ax, 0x600 0x12e7b: mov bh, 0 0x12e7d: mov cx, 0 0x12e80: mov dh, 0x19 0x12e82: mov dl, 0x50 0x12e84: int 0x10 0x12e86: mov dh, 0 0x12e88: mov bh, byte ptr cs:[0x16a]
2018-12-17T23:00:52.949052143Z	75	PC: 12da4 \| Execute program
2018-12-17T23:00:52.967243706Z	25	PC: 13587 \| Get default drive
2018-12-17T23:00:52.970852017Z	48	PC: 13efb \| Get DOS version
2018-12-17T23:00:52.973856723Z	9	PC: 13f07 \| Display string (String= ' Incorrect DOS version ')
2018-12-17T23:00:52.982779971Z	73	PC: 12dc0 \| Release memory
2018-12-17T23:00:52.984363156Z	77	PC: 12dc4 \| Get program return code
2018-12-17T23:00:52.987665672Z	49	PC: 12dcb \| Terminate and stay resident (Return code = '0' \| Memory size = '128')