Sample viewer

vx.netlux.org/Virus.DOS.BrokenHeart.445

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:02:18.677511634Z 65 PC: 12a67 | Delete file (Filename = 'C:\CONFIG.SYS')
2018-12-17T23:02:19.518902579Z 60 PC: 12a70 | Create or truncate file
2018-12-17T23:02:19.533048047Z 64 PC: 12a7f | Write file or device (Write 28 bytes on handle 5)
2018-12-17T23:02:19.542088924Z 62 PC: 12a83 | Close file
2018-12-17T23:02:19.550484208Z 60 PC: 12a8c | Create or truncate file
2018-12-17T23:02:19.563325877Z 64 PC: 12a9b | Write file or device (Write 129 bytes on handle 5)
2018-12-17T23:02:19.567854105Z 62 PC: 12a9f | Close file
2018-12-17T23:02:21.779753893Z 72 PC: 8f1b9 | Allocate memory
2018-12-17T23:02:21.783104218Z 72 PC: 8f1bd | Allocate memory
2018-12-17T23:02:21.786236333Z 68 PC: 8f730 | I/O control for devices (Set for = '������������������������')
2018-12-17T23:02:21.788865263Z 68 PC: 8f747 | I/O control for devices (Set for = '�ED�_�X�B�������u�&�E@t��~<t�~� ��|3�����|V�"^6���u�6�}����u�s��/��o')
2018-12-17T23:02:21.794551236Z 62 PC: 8f8eb | Close file
2018-12-17T23:02:21.797129711Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:21.799484866Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:21.8018711Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:21.804868051Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:21.807000828Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:21.809122545Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:21.812479101Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:21.814981072Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:21.816951405Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-17T23:02:21.823342863Z 62 PC: 8f90e | Close file
2018-12-17T23:02:21.825821862Z 69 PC: 8f915 | Duplicate handle
2018-12-17T23:02:21.828084744Z 69 PC: 8f919 | Duplicate handle
2018-12-17T23:02:21.831986274Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T23:02:21.837305118Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T23:02:21.839186433Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T23:02:21.845472684Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T23:02:21.848128835Z 74 PC: 8f9c4 | Reallocate memory
2018-12-17T23:02:21.850010591Z 72 PC: 8f9e0 | Allocate memory
2018-12-17T23:02:21.853231843Z 72 PC: 8f9e4 | Allocate memory
2018-12-17T23:02:21.855304948Z 74 PC: 8f9fb | Reallocate memory
2018-12-17T23:02:21.857286411Z 72 PC: 8fa02 | Allocate memory
2018-12-17T23:02:21.859489471Z 72 PC: 8fa06 | Allocate memory
2018-12-17T23:02:21.863442819Z 73 PC: 8fa11 | Release memory
2018-12-17T23:02:21.866011996Z 73 PC: 8efea | Release memory
2018-12-17T23:02:21.868199256Z 74 PC: 8f003 | Reallocate memory
2018-12-17T23:02:21.871843362Z 72 PC: 8f054 | Allocate memory
2018-12-17T23:02:21.87438077Z 72 PC: 8f058 | Allocate memory
2018-12-17T23:02:21.876660644Z 73 PC: 8f060 | Release memory
2018-12-17T23:02:21.879970613Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-17T23:02:21.887334028Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:02:21.894309485Z 66 PC: 8f0ad | Move file pointer
2018-12-17T23:02:21.897799522Z 62 PC: 8f0d1 | Close file
2018-12-17T23:02:21.90044368Z 75 PC: 8f0f2 | Execute program
2018-12-17T23:02:21.925268495Z 80 PC: f979 | Set current PSP
2018-12-17T23:02:21.926882898Z 48 PC: f97e | Get DOS version
2018-12-17T23:02:21.930254132Z 99 PC: 16160 | Get DBCS lead byte table pointer
2018-12-17T23:02:21.933406485Z 101 PC: fa04 | Get extended country info
2018-12-17T23:02:21.935475853Z 99 PC: fa0a | Get DBCS lead byte table pointer
2018-12-17T23:02:21.939266315Z 74 PC: fa6c | Reallocate memory
2018-12-17T23:02:21.94150404Z 72 PC: 102ed | Allocate memory
2018-12-17T23:02:21.943866759Z 25 PC: 10326 | Get default drive
2018-12-17T23:02:21.94651243Z 71 PC: 1033d | Get current directory
2018-12-17T23:02:21.949702945Z 59 PC: 1034a | Change current directory
2018-12-17T23:02:21.955553337Z 59 PC: 10358 | Change current directory
2018-12-17T23:02:21.962507804Z 59 PC: 10363 | Change current directory
2018-12-17T23:02:21.966841868Z 25 PC: faa3 | Get default drive
2018-12-17T23:02:21.968202173Z 37 PC: f563 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:02:21.969481136Z 37 PC: f56a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:02:21.971491965Z 37 PC: f571 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:21.974171109Z 80 PC: fdad | Set current PSP
2018-12-17T23:02:21.975198219Z 37 PC: fdd1 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T23:02:21.977654314Z 53 PC: 100f2 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:02:21.979241656Z 37 PC: 10113 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:02:21.980628662Z 51 PC: 101a7 | Get or set Ctrl-Break
2018-12-17T23:02:21.983704571Z 72 PC: fe7c | Allocate memory
2018-12-17T23:02:21.985714879Z 61 PC: ff42 | Open file (Filename = '')
2018-12-17T23:02:21.992268592Z 62 PC: ff4a | Close file
2018-12-17T23:02:21.995974957Z 51 PC: 101dc | Get or set Ctrl-Break
2018-12-17T23:02:21.997604729Z 74 PC: e70c | Reallocate memory
2018-12-17T23:02:21.999493167Z 72 PC: e721 | Allocate memory
2018-12-17T23:02:22.001817213Z 73 PC: e742 | Release memory
2018-12-17T23:02:22.003961623Z 72 PC: e74d | Allocate memory
2018-12-17T23:02:22.005885398Z 73 PC: e76f | Release memory
2018-12-17T23:02:22.007417547Z 72 PC: e785 | Allocate memory
2018-12-17T23:02:22.010310683Z 72 PC: e78d | Allocate memory