Sample viewer

vx.netlux.org/Virus.DOS.Kusumah.3967

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:02:34.343105043Z 51 PC: 203a8 | Get or set Ctrl-Break
2018-12-17T22:02:34.345610832Z 61 PC: 205fc | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:02:34.352047681Z 66 PC: 205fc | Move file pointer
2018-12-17T22:02:34.353627059Z 66 PC: 205fc | Move file pointer
2018-12-17T22:02:34.355739459Z 64 PC: 205fc | Write file or device (Write 58623 bytes on handle 5)
2018-12-17T22:02:34.401334646Z 64 PC: 205fc | Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:02:34.409007143Z 62 PC: 205fc | Close file
2018-12-17T22:02:34.416740423Z 48 PC: 205fc | Get DOS version
2018-12-17T22:02:34.417760883Z 98 PC: 205fc | Get current PSP
2018-12-17T22:02:34.419379599Z 44 PC: 205fc | Get time 0x205fc: ret
0x205fd: cli
0x205fe: mov word ptr cs:[0x800], 0x40f8
0x20605: mov word ptr cs:[0x802], 0x19
0x2060c: sti
0x2060d: ret
0x2060e: mov dl, byte ptr [0x10c0]
0x20612: mov ax, 0x201
0x20615: mov bx, 0x119c
0x20618: mov di, bx
0x2061a: xor dh, dh
0x2061c: mov cx, 1
0x2061f: int 0x13
0x20621: jb 0x20656
0x20623: add di, 0x15
0x20626: mov ax, word ptr [di]
0x20628: inc dh
0x2062a: cmp ax, 0x7f9
0x2062d: je 0x20640
0x2062f: inc cx
2018-12-17T22:02:34.421399435Z 42 PC: 205fc | Get date 0x205fc: ret
0x205fd: cli
0x205fe: mov word ptr cs:[0x800], 0x40f8
0x20605: mov word ptr cs:[0x802], 0x19
0x2060c: sti
0x2060d: ret
0x2060e: mov dl, byte ptr [0x10c0]
0x20612: mov ax, 0x201
0x20615: mov bx, 0x119c
0x20618: mov di, bx
0x2061a: xor dh, dh
0x2061c: mov cx, 1
0x2061f: int 0x13
0x20621: jb 0x20656
0x20623: add di, 0x15
0x20626: mov ax, word ptr [di]
0x20628: inc dh
0x2062a: cmp ax, 0x7f9
0x2062d: je 0x20640
0x2062f: inc cx
2018-12-17T22:02:34.424303441Z 53 PC: 9ef6c | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:02:34.425272117Z 53 PC: 9ef6c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:02:34.426345492Z 37 PC: 9ef6c | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:02:34.427271221Z 37 PC: 9ef6c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:02:34.428248257Z 54 PC: 9ef6c | Get free disk space
2018-12-17T22:02:34.469412062Z 67 PC: 9ef6c | Get or set file attributes
2018-12-17T22:02:34.476643904Z 67 PC: 9ef6c | Get or set file attributes
2018-12-17T22:02:34.840135145Z 61 PC: 9ef6c | Open file (Filename = 'R�ދ�3Ɋ���')
2018-12-17T22:02:34.847502971Z 87 PC: 9ef6c | Get or set file date and time
2018-12-17T22:02:34.849299346Z 63 PC: 9ef6c | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:02:34.852773253Z 66 PC: 9ef6c | Move file pointer
2018-12-17T22:02:34.855115833Z 63 PC: 9ef6c | Read file or device (Read 108 bytes on handle 5)
2018-12-17T22:02:34.87404027Z 66 PC: 9ef6c | Move file pointer
2018-12-17T22:02:34.876063676Z 66 PC: 9ef6c | Move file pointer
2018-12-17T22:02:34.879029506Z 64 PC: 9ef6c | Write file or device (Write 3951 bytes on handle 5)
2018-12-17T22:02:34.889826228Z 64 PC: 9ef6c | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:02:34.892911685Z 66 PC: 9ef6c | Move file pointer
2018-12-17T22:02:34.894957623Z 64 PC: 9ef6c | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:02:34.898571641Z 87 PC: 9ef6c | Get or set file date and time
2018-12-17T22:02:34.900269424Z 62 PC: 9ef6c | Close file
2018-12-17T22:02:34.908480667Z 67 PC: 9ef6c | Get or set file attributes
2018-12-17T22:02:34.917696754Z 44 PC: 9ef6c | Get time 0x9ef6c: ret
0x9ef6d: cli
0x9ef6e: mov word ptr cs:[0x800], 0x40f8
0x9ef75: mov word ptr cs:[0x802], 0x19
0x9ef7c: sti
0x9ef7d: ret
0x9ef7e: mov dl, byte ptr [0x10c0]
0x9ef82: mov ax, 0x201
0x9ef85: mov bx, 0x119c
0x9ef88: mov di, bx
0x9ef8a: xor dh, dh
0x9ef8c: mov cx, 1
0x9ef8f: int 0x13
0x9ef91: jb 0x9efc6
0x9ef93: add di, 0x15
0x9ef96: mov ax, word ptr [di]
0x9ef98: inc dh
0x9ef9a: cmp ax, 0x7f9
0x9ef9d: je 0x9efb0
0x9ef9f: inc cx
2018-12-17T22:02:34.920011615Z 37 PC: 9ef6c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:02:34.922064067Z 37 PC: 9ef6c | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:02:34.923998207Z 67 PC: 204f3 | Get or set file attributes
2018-12-17T22:02:34.929528728Z 80 PC: 13fb9 | Set current PSP
2018-12-17T22:02:34.931429831Z 48 PC: 13fbe | Get DOS version
2018-12-17T22:02:34.933300902Z 101 PC: 14044 | Get extended country info
2018-12-17T22:02:34.935108704Z 99 PC: 1404a | Get DBCS lead byte table pointer
2018-12-17T22:02:34.937557403Z 74 PC: 140ac | Reallocate memory
2018-12-17T22:02:34.93909199Z 25 PC: 140e3 | Get default drive
2018-12-17T22:02:34.940335986Z 37 PC: 13ba3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:02:34.942425527Z 37 PC: 13baa | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:02:34.943554127Z 37 PC: 13bb1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:02:34.946502958Z 2 PC: 13e6c | Character output (Char = '0d')
2018-12-17T22:02:34.949288012Z 2 PC: 13e6c | Character output (Char = '0a')
2018-12-17T22:02:34.95348038Z 2 PC: 13e6c | Character output (Char = '0d')
2018-12-17T22:02:34.955790372Z 2 PC: 13e6c | Character output (Char = '0a')
2018-12-17T22:02:34.965832884Z 2 PC: 13e6c | Character output (Char = '4d')
2018-12-17T22:02:34.968006804Z 2 PC: 13e6c | Character output (Char = '69')
2018-12-17T22:02:34.970231528Z 2 PC: 13e6c | Character output (Char = '63')
2018-12-17T22:02:34.973221762Z 2 PC: 13e6c | Character output (Char = '72')
2018-12-17T22:02:34.975349218Z 2 PC: 13e6c | Character output (Char = '6f')
2018-12-17T22:02:34.977574723Z 2 PC: 13e6c | Character output (Char = '73')
2018-12-17T22:02:34.981724844Z 2 PC: 13e6c | Character output (Char = '6f')
2018-12-17T22:02:34.984236372Z 2 PC: 13e6c | Character output (Char = '66')
2018-12-17T22:02:34.986757015Z 2 PC: 13e6c | Character output (Char = '74')
2018-12-17T22:02:34.98996675Z 2 PC: 13e6c | Character output (Char = '28')
2018-12-17T22:02:34.992142862Z 2 PC: 13e6c | Character output (Char = '52')
2018-12-17T22:02:34.99435344Z 2 PC: 13e6c | Character output (Char = '29')
2018-12-17T22:02:34.997120562Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:02:34.999452499Z 2 PC: 13e6c | Character output (Char = '4d')
2018-12-17T22:02:35.001696861Z 2 PC: 13e6c | Character output (Char = '53')
2018-12-17T22:02:35.004404634Z 2 PC: 13e6c | Character output (Char = '2d')
2018-12-17T22:02:35.006635184Z 2 PC: 13e6c | Character output (Char = '44')
2018-12-17T22:02:35.008906875Z 2 PC: 13e6c | Character output (Char = '4f')
2018-12-17T22:02:35.010928907Z 2 PC: 13e6c | Character output (Char = '53')
2018-12-17T22:02:35.012773512Z 2 PC: 13e6c | Character output (Char = '28')
2018-12-17T22:02:35.014947415Z 2 PC: 13e6c | Character output (Char = '52')
2018-12-17T22:02:35.017321405Z 2 PC: 13e6c | Character output (Char = '29')
2018-12-17T22:02:35.019646627Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:02:35.021809631Z 2 PC: 13e6c | Character output (Char = '56')
2018-12-17T22:02:35.024094983Z 2 PC: 13e6c | Character output (Char = '65')
2018-12-17T22:02:35.026164543Z 2 PC: 13e6c | Character output (Char = '72')
2018-12-17T22:02:35.028481499Z 2 PC: 13e6c | Character output (Char = '73')
2018-12-17T22:02:35.030693218Z 2 PC: 13e6c | Character output (Char = '69')
2018-12-17T22:02:35.032772091Z 2 PC: 13e6c | Character output (Char = '6f')
2018-12-17T22:02:35.034861969Z 2 PC: 13e6c | Character output (Char = '6e')
2018-12-17T22:02:35.037371534Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:02:35.039553791Z 2 PC: 13e6c | Character output (Char = '36')
2018-12-17T22:02:35.041647537Z 2 PC: 13e6c | Character output (Char = '2e')
2018-12-17T22:02:35.044080954Z 2 PC: 13e6c | Character output (Char = '32')
2018-12-17T22:02:35.046185659Z 2 PC: 13e6c | Character output (Char = '32')
2018-12-17T22:02:35.048276673Z 2 PC: 13e6c | Character output (Char = '0d')
2018-12-17T22:02:35.050572329Z 2 PC: 13e6c | Character output (Char = '0a')
2018-12-17T22:02:35.054863663Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:02:35.057035898Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:02:35.058931785Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:02:35.061198515Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:02:35.063261172Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:02:35.065931041Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:02:35.067702746Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:02:35.069305635Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:02:35.072213895Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:02:35.074019667Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:02:35.075840761Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:02:35.077709854Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:02:35.079211306Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:02:35.081055426Z 2 PC: 13e6c | Character output (Char = '28')
2018-12-17T22:02:35.083395458Z 2 PC: 13e6c | Character output (Char = '43')
2018-12-17T22:02:35.085582872Z 2 PC: 13e6c | Character output (Char = '29')
2018-12-17T22:02:35.090663122Z 2 PC: 13e6c | Character output (Char = '43')
2018-12-17T22:02:35.093507177Z 2 PC: 13e6c | Character output (Char = '6f')
2018-12-17T22:02:35.096184905Z 2 PC: 13e6c | Character output (Char = '70')
2018-12-17T22:02:35.101553231Z 2 PC: 13e6c | Character output (Char = '79')
2018-12-17T22:02:35.104891537Z 2 PC: 13e6c | Character output (Char = '72')
2018-12-17T22:02:35.107498743Z 2 PC: 13e6c | Character output (Char = '69')
2018-12-17T22:02:35.110296527Z 2 PC: 13e6c | Character output (Char = '67')
2018-12-17T22:02:35.113321859Z 2 PC: 13e6c | Character output (Char = '68')
2018-12-17T22:02:35.115856116Z 2 PC: 13e6c | Character output (Char = '74')
2018-12-17T22:02:35.119383969Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:02:35.12195423Z 2 PC: 13e6c | Character output (Char = '4d')
2018-12-17T22:02:35.12464326Z 2 PC: 13e6c | Character output (Char = '69')
2018-12-17T22:02:35.127559495Z 2 PC: 13e6c | Character output (Char = '63')
2018-12-17T22:02:35.129762154Z 2 PC: 13e6c | Character output (Char = '72')
2018-12-17T22:02:35.131898003Z 2 PC: 13e6c | Character output (Char = '6f')
2018-12-17T22:02:35.134710762Z 2 PC: 13e6c | Character output (Char = '73')
2018-12-17T22:02:35.136853009Z 2 PC: 13e6c | Character output (Char = '6f')
2018-12-17T22:02:35.139696094Z 2 PC: 13e6c | Character output (Char = '66')
2018-12-17T22:02:35.142597083Z 2 PC: 13e6c | Character output (Char = '74')
2018-12-17T22:02:35.144727883Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:02:35.147011741Z 2 PC: 13e6c | Character output (Char = '43')
2018-12-17T22:02:35.150365263Z 2 PC: 13e6c | Character output (Char = '6f')
2018-12-17T22:02:35.152997926Z 2 PC: 13e6c | Character output (Char = '72')
2018-12-17T22:02:35.155197462Z 2 PC: 13e6c | Character output (Char = '70')
2018-12-17T22:02:35.157796421Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:02:35.160128877Z 2 PC: 13e6c | Character output (Char = '31')
2018-12-17T22:02:35.162623622Z 2 PC: 13e6c | Character output (Char = '39')
2018-12-17T22:02:35.169375839Z 2 PC: 13e6c | Character output (Char = '38')
2018-12-17T22:02:35.170901618Z 2 PC: 13e6c | Character output (Char = '31')
2018-12-17T22:02:35.17253262Z 2 PC: 13e6c | Character output (Char = '2d')
2018-12-17T22:02:35.174526285Z 2 PC: 13e6c | Character output (Char = '31')
2018-12-17T22:02:35.176930032Z 2 PC: 13e6c | Character output (Char = '39')
2018-12-17T22:02:35.179652286Z 2 PC: 13e6c | Character output (Char = '39')
2018-12-17T22:02:35.183429622Z 2 PC: 13e6c | Character output (Char = '34')
2018-12-17T22:02:35.185996173Z 2 PC: 13e6c | Character output (Char = '2e')
2018-12-17T22:02:35.188547589Z 2 PC: 13e6c | Character output (Char = '0d')
2018-12-17T22:02:35.19204398Z 2 PC: 13e6c | Character output (Char = '0a')
2018-12-17T22:02:35.196469222Z 74 PC: 12d4c | Reallocate memory
2018-12-17T22:02:35.198361182Z 72 PC: 12d8d | Allocate memory
2018-12-17T22:02:35.213606074Z 72 PC: 12dc5 | Allocate memory
2018-12-17T22:02:35.215717655Z 72 PC: 12dcd | Allocate memory