Sample viewer

vx.netlux.org/Virus.DOS.Warsaw.850

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:01:58.394665493Z 47 PC: 12a95 | Get disk transfer address
2018-12-17T23:01:58.396972327Z 26 PC: 12aa7 | Set disk transfer address
2018-12-17T23:01:58.399881684Z 78 PC: 12aae | Find first file
2018-12-17T23:01:58.406759587Z 47 PC: 12ab7 | Get disk transfer address
2018-12-17T23:01:58.408471644Z 67 PC: 12b16 | Get or set file attributes
2018-12-17T23:01:58.423878974Z 67 PC: 12b1e | Get or set file attributes
2018-12-17T23:01:58.443528385Z 61 PC: 12b25 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:01:58.450559146Z 63 PC: 12b3c | Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:01:58.459310288Z 66 PC: 12bea | Move file pointer
2018-12-17T23:01:58.461622443Z 66 PC: 12c02 | Move file pointer
2018-12-17T23:01:58.463737357Z 64 PC: 12c42 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:01:58.468346898Z 66 PC: 12c7c | Move file pointer
2018-12-17T23:01:58.470512467Z 64 PC: 12c91 | Write file or device (Write 850 bytes on handle 5)
2018-12-17T23:01:58.479846996Z 87 PC: 12cae | Get or set file date and time
2018-12-17T23:01:58.482887469Z 62 PC: 12cb4 | Close file
2018-12-17T23:01:58.492073049Z 26 PC: 12cef | Set disk transfer address
2018-12-17T23:02:00.703759523Z 72 PC: 8f1b9 | Allocate memory
2018-12-17T23:02:00.706094501Z 72 PC: 8f1bd | Allocate memory
2018-12-17T23:02:00.709840419Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-17T23:02:00.71337482Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-17T23:02:00.725352786Z 66 PC: 91f95 | Move file pointer
2018-12-17T23:02:00.728205846Z 62 PC: 91fc1 | Close file
2018-12-17T23:02:00.730903586Z 75 PC: 91fe0 | Execute program
2018-12-17T23:02:00.748548259Z 98 PC: 916f1 | Get current PSP
2018-12-17T23:02:00.751154126Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-17T23:02:00.756088087Z 48 PC: c609 | Get DOS version
2018-12-17T23:02:00.76002826Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-17T23:02:00.764045699Z 2 PC: c38c | Character output (Char = '32')
2018-12-17T23:02:00.766304042Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-17T23:02:00.77531842Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-17T23:02:00.780593842Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-17T23:02:00.786160862Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\SMARTDRV.EXE')
2018-12-17T23:02:00.797027781Z 66 PC: 91f95 | Move file pointer
2018-12-17T23:02:00.798672391Z 62 PC: 91fc1 | Close file
2018-12-17T23:02:00.802310927Z 75 PC: 91fe0 | Execute program
2018-12-17T23:02:00.822809514Z 98 PC: 916f1 | Get current PSP
2018-12-17T23:02:00.826015177Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-17T23:02:00.828064949Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:02:00.831345683Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:02:00.833511072Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:02:00.836403646Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:02:00.837681066Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-17T23:02:00.846606237Z 62 PC: 8f8eb | Close file
2018-12-17T23:02:00.849732261Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.852092175Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.854109536Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.856016539Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.858777716Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.860669411Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.862604046Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.865591129Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.867947366Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.870233282Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.873519927Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.876583683Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.878783356Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.88209543Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.884210163Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.886047195Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.895755066Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.897800128Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.899809945Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.901880085Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.905439743Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.9082318Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.910771231Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.913133549Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.915372426Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.91779064Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.92152684Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.923690085Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.925830988Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.928715948Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:00.931131126Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-17T23:02:00.937173009Z 62 PC: 8f90e | Close file
2018-12-17T23:02:00.940592093Z 69 PC: 8f915 | Duplicate handle
2018-12-17T23:02:00.942565732Z 69 PC: 8f919 | Duplicate handle
2018-12-17T23:02:00.944434824Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T23:02:00.950587163Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T23:02:00.952261409Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T23:02:00.95731776Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T23:02:00.960135114Z 74 PC: 8f9c4 | Reallocate memory
2018-12-17T23:02:00.962126406Z 72 PC: 8f9e0 | Allocate memory
2018-12-17T23:02:00.964166288Z 72 PC: 8f9e4 | Allocate memory
2018-12-17T23:02:00.965929642Z 74 PC: 8f9fb | Reallocate memory
2018-12-17T23:02:00.968475194Z 72 PC: 8fa02 | Allocate memory
2018-12-17T23:02:00.970826883Z 72 PC: 8fa06 | Allocate memory
2018-12-17T23:02:00.97297532Z 73 PC: 8fa11 | Release memory
2018-12-17T23:02:00.975470418Z 73 PC: 8efea | Release memory
2018-12-17T23:02:00.97705218Z 74 PC: 8f003 | Reallocate memory
2018-12-17T23:02:00.97882444Z 72 PC: 8f054 | Allocate memory
2018-12-17T23:02:00.981631896Z 72 PC: 8f058 | Allocate memory
2018-12-17T23:02:00.983857347Z 73 PC: 8f060 | Release memory
2018-12-17T23:02:00.985878644Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-17T23:02:00.996373354Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:02:01.002895539Z 66 PC: 8f0ad | Move file pointer
2018-12-17T23:02:01.005078611Z 62 PC: 8f0d1 | Close file
2018-12-17T23:02:01.008273834Z 75 PC: 8f0f2 | Execute program
2018-12-17T23:02:01.032547464Z 80 PC: 12be9 | Set current PSP
2018-12-17T23:02:01.034407078Z 48 PC: 12bee | Get DOS version
2018-12-17T23:02:01.037364205Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-17T23:02:01.040489517Z 101 PC: 12c74 | Get extended country info
2018-12-17T23:02:01.04246607Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-17T23:02:01.044602645Z 74 PC: 12cdc | Reallocate memory
2018-12-17T23:02:01.046637809Z 72 PC: 1355d | Allocate memory
2018-12-17T23:02:01.04853272Z 25 PC: 13596 | Get default drive
2018-12-17T23:02:01.049853151Z 71 PC: 135ad | Get current directory
2018-12-17T23:02:01.053097196Z 59 PC: 135ba | Change current directory
2018-12-17T23:02:01.058836169Z 59 PC: 135c8 | Change current directory
2018-12-17T23:02:01.064993539Z 59 PC: 135d3 | Change current directory
2018-12-17T23:02:01.069760366Z 25 PC: 12d13 | Get default drive
2018-12-17T23:02:01.071315808Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:02:01.072663391Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:02:01.074899692Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:01.077512281Z 80 PC: 1301d | Set current PSP
2018-12-17T23:02:01.078695083Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T23:02:01.081342137Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:02:01.082891308Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:02:01.084362162Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-17T23:02:01.087914577Z 72 PC: 130ec | Allocate memory
2018-12-17T23:02:01.090514772Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-17T23:02:01.098392594Z 62 PC: 131ba | Close file
2018-12-17T23:02:01.101214717Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-17T23:02:01.103071386Z 74 PC: 1197c | Reallocate memory
2018-12-17T23:02:01.104715615Z 72 PC: 11991 | Allocate memory
2018-12-17T23:02:01.106880072Z 73 PC: 119b2 | Release memory
2018-12-17T23:02:01.110089443Z 72 PC: 119bd | Allocate memory
2018-12-17T23:02:01.111801639Z 73 PC: 119df | Release memory
2018-12-17T23:02:01.113012154Z 72 PC: 119f5 | Allocate memory
2018-12-17T23:02:01.116802035Z 72 PC: 119fd | Allocate memory