Sample viewer

vx.netlux.org/Virus.DOS.Writer.1324

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:02:25.313152345Z	48	PC: 12aa0 \| Get DOS version
2018-12-17T23:02:25.314572357Z	82	PC: 12aad \| Get DOS internal pointers (SYSVARS)
2018-12-17T23:02:25.316876111Z	74	PC: 12aec \| Reallocate memory
2018-12-17T23:02:25.332682194Z	74	PC: 12af4 \| Reallocate memory
2018-12-17T23:02:25.334458143Z	72	PC: 12afb \| Allocate memory
2018-12-17T23:02:25.337443522Z	82	PC: 9f362 \| Get DOS internal pointers (SYSVARS)
2018-12-17T23:02:25.342086079Z	77	PC: 11fe0 \| Get program return code
2018-12-17T23:02:25.343585086Z	72	PC: 12174 \| Allocate memory
2018-12-17T23:02:25.34712299Z	72	PC: 1218d \| Allocate memory
2018-12-17T23:02:25.350007188Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:02:25.35154851Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:02:25.353318167Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:25.355519168Z	62	PC: 122ab \| Close file
2018-12-17T23:02:25.356603468Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:25.358411704Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:25.362407326Z	62	PC: 122ab \| Close file
2018-12-17T23:02:25.363838483Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:25.365987185Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:25.369445809Z	62	PC: 122ab \| Close file
2018-12-17T23:02:25.37146383Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:25.374187183Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:25.377922333Z	62	PC: 122ab \| Close file
2018-12-17T23:02:25.379348625Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:25.381472976Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:25.384397203Z	62	PC: 122ab \| Close file
2018-12-17T23:02:25.3858904Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:25.387719845Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:25.393138886Z	62	PC: 122ab \| Close file
2018-12-17T23:02:25.395511118Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:25.397598191Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:25.399657574Z	62	PC: 122ab \| Close file
2018-12-17T23:02:25.40262217Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:25.405505477Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:25.407785261Z	62	PC: 122ab \| Close file
2018-12-17T23:02:25.410264728Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:25.412259721Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:25.41543997Z	62	PC: 122ab \| Close file
2018-12-17T23:02:25.422200179Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:25.427175062Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:25.429443338Z	62	PC: 122ab \| Close file
2018-12-17T23:02:25.43146002Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:25.434384916Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:25.436570728Z	62	PC: 122ab \| Close file
2018-12-17T23:02:25.438546663Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:25.44308315Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:25.445675894Z	62	PC: 122ab \| Close file
2018-12-17T23:02:25.447030856Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:25.449948193Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:25.452208374Z	62	PC: 122ab \| Close file
2018-12-17T23:02:25.453706213Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:25.456919136Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:25.459172597Z	62	PC: 122ab \| Close file
2018-12-17T23:02:25.460546033Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:25.463113857Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:25.465338466Z	62	PC: 122ab \| Close file
2018-12-17T23:02:25.466895855Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:25.469609712Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:25.474103238Z	99	PC: 99b47 \| Get DBCS lead byte table pointer
2018-12-17T23:02:25.475691761Z	56	PC: 94369 \| Get or set country info
2018-12-17T23:02:25.478242179Z	64	PC: 99db8 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T23:02:25.480100716Z	68	PC: 9f3ed \| I/O control for devices (Set for = ' %1 mm-dd-yy')
2018-12-17T23:02:25.486433816Z	25	PC: 943d2 \| Get default drive
2018-12-17T23:02:25.489312199Z	71	PC: 9664d \| Get current directory
2018-12-17T23:02:25.49466515Z	64	PC: 99db8 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T23:02:25.496116144Z	68	PC: 9f3ed \| I/O control for devices (Set for = 'A:\ win TEMP=C:\WINDOWS\TEMP$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$MS DOS Version 6 (C)Copyright 1981-1994 Microsoft Corp Licensed Material - Property of Microsoft All rights reserved ')
2018-12-17T23:02:25.500403498Z	2	PC: 96622 \| Character output (Char = '3e')
2018-12-17T23:02:25.504372222Z	93	PC: 94490 \| File sharing functions
2018-12-17T23:02:25.515366337Z	93	PC: 94497 \| File sharing functions
2018-12-17T23:02:25.517626233Z	10	PC: 944a9 \| Buffered keyboard input
2018-12-17T23:02:40.288278796Z	0	PC: 0 \| Program terminate
2018-12-17T23:02:41.643165042Z	0	PC: 0 \| Program terminate
2018-12-17T23:02:41.746739333Z	64	PC: 99db8 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T23:02:41.748278698Z	68	PC: 9f3ed \| I/O control for devices (Set for = ' %1 mm-dd-yy')
2018-12-17T23:02:41.755301833Z	41	PC: 9451e \| Parse filename
2018-12-17T23:02:41.760296191Z	41	PC: 9459f \| Parse filename
2018-12-17T23:02:41.762549781Z	41	PC: 945bc \| Parse filename
2018-12-17T23:02:41.766333507Z	26	PC: 97a67 \| Set disk transfer address
2018-12-17T23:02:41.769500485Z	71	PC: 97c63 \| Get current directory
2018-12-17T23:02:41.778901322Z	78	PC: 97c6e \| Find first file
2018-12-17T23:02:41.790067967Z	71	PC: 97adc \| Get current directory
2018-12-17T23:02:41.79520274Z	73	PC: 97179 \| Release memory
2018-12-17T23:02:41.797788955Z	75	PC: 11821 \| Execute program
2018-12-17T23:02:41.814098198Z	9	PC: 12a47 \| Display string (String= 'Hello, World! ')
2018-12-17T23:02:41.819439638Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')
2018-12-17T23:02:41.823220898Z	77	PC: 11fe0 \| Get program return code
2018-12-17T23:02:41.824939233Z	72	PC: 12174 \| Allocate memory
2018-12-17T23:02:41.827565597Z	72	PC: 1218d \| Allocate memory
2018-12-17T23:02:41.829892699Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:02:41.831404468Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:02:41.832889491Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:41.835184479Z	62	PC: 122ab \| Close file
2018-12-17T23:02:41.836234256Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:41.837972667Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:41.840739229Z	62	PC: 122ab \| Close file
2018-12-17T23:02:41.84181332Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:41.843751932Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:41.846729766Z	62	PC: 122ab \| Close file
2018-12-17T23:02:41.848757183Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:41.851281309Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:41.858192224Z	62	PC: 122ab \| Close file
2018-12-17T23:02:41.859607086Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:41.861717812Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:41.864361771Z	62	PC: 122ab \| Close file
2018-12-17T23:02:41.86708248Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:41.869102283Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:41.871244021Z	62	PC: 122ab \| Close file
2018-12-17T23:02:41.87332381Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:41.875460846Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:41.877692282Z	62	PC: 122ab \| Close file
2018-12-17T23:02:41.879627008Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:41.881806294Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:41.884075598Z	62	PC: 122ab \| Close file
2018-12-17T23:02:41.886407273Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:41.888415644Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:41.890535372Z	62	PC: 122ab \| Close file
2018-12-17T23:02:41.892719979Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:41.895180898Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:41.898213507Z	62	PC: 122ab \| Close file
2018-12-17T23:02:41.899770279Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:41.905239574Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:41.907465848Z	62	PC: 122ab \| Close file
2018-12-17T23:02:41.908814774Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:41.912664954Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:41.914867248Z	62	PC: 122ab \| Close file
2018-12-17T23:02:41.916197605Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:41.919041106Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:41.92087487Z	62	PC: 122ab \| Close file
2018-12-17T23:02:41.921776122Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:41.923929444Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:41.926014654Z	62	PC: 122ab \| Close file
2018-12-17T23:02:41.927265801Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:41.930117489Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:41.932244736Z	62	PC: 122ab \| Close file
2018-12-17T23:02:41.933206889Z	68	PC: 9f3ed \| I/O control for devices (Set for = '�6')
2018-12-17T23:02:41.93570351Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:41.938838693Z	61	PC: 12354 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T23:02:41.9461723Z	66	PC: 12372 \| Move file pointer
2018-12-17T23:02:41.948237289Z	63	PC: 12383 \| Read file or device (Read 44693 bytes on handle 5)
2018-12-17T23:02:41.973629576Z	62	PC: 1238a \| Close file
2018-12-17T23:02:41.97510139Z	68	PC: 9f3ed \| I/O control for devices (Set for = '��6')
2018-12-17T23:02:41.977335672Z	66	PC: 9f3ed \| Move file pointer
2018-12-17T23:02:41.980197634Z	63	PC: 9f3ed \| Read file or device (Read 24 bytes on handle 5)
2018-12-17T23:02:41.986361397Z	99	PC: 99b47 \| Get DBCS lead byte table pointer
2018-12-17T23:02:41.988335923Z	56	PC: 94369 \| Get or set country info
2018-12-17T23:02:41.991183972Z	64	PC: 99db8 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T23:02:41.992175094Z	68	PC: 9f3ed \| I/O control for devices (Set for = ' %1 mm-dd-yy')
2018-12-17T23:02:41.997528185Z	25	PC: 943d2 \| Get default drive
2018-12-17T23:02:41.999840765Z	71	PC: 9664d \| Get current directory
2018-12-17T23:02:42.004503147Z	64	PC: 99db8 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T23:02:42.00566162Z	68	PC: 9f3ed \| I/O control for devices (Set for = 'A:\$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$MS DOS Version 6 (C)Copyright 1981-1994 Microsoft Corp Licensed Material - Property of Microsoft All rights reserved ')
2018-12-17T23:02:42.010942573Z	2	PC: 96622 \| Character output (Char = '3e')
2018-12-17T23:02:42.013558596Z	93	PC: 94490 \| File sharing functions
2018-12-17T23:02:42.015705487Z	93	PC: 94497 \| File sharing functions
2018-12-17T23:02:42.018986015Z	10	PC: 944a9 \| Buffered keyboard input