Sample viewer

vx.netlux.org/Virus.DOS.Beer.3192.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:02:28.675955281Z 48 PC: 1499a | Get DOS version
2018-12-17T23:02:28.680909872Z 53 PC: 14a19 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:02:28.687669458Z 37 PC: 14a50 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:02:28.689442522Z 48 PC: 14ad5 | Get DOS version
2018-12-17T23:02:28.692082433Z 53 PC: 14adf | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:28.694010116Z 37 PC: 14af4 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:28.695606875Z 47 PC: 14afa | Get disk transfer address
2018-12-17T23:02:28.697171907Z 26 PC: 14b0a | Set disk transfer address
2018-12-17T23:02:28.699100141Z 78 PC: 14b14 | Find first file
2018-12-17T23:02:28.705606965Z 53 PC: 9ef6d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:28.707828771Z 37 PC: 9ef6d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:28.710081054Z 67 PC: 9ef6d | Get or set file attributes
2018-12-17T23:02:28.716179359Z 67 PC: 9ef6d | Get or set file attributes
2018-12-17T23:02:28.733528011Z 61 PC: 9ef6d | Open file (Filename = '5KE.EXE')
2018-12-17T23:02:28.742494674Z 87 PC: 9ef6d | Get or set file date and time
2018-12-17T23:02:28.74413198Z 66 PC: 9ef6d | Move file pointer
2018-12-17T23:02:28.745634086Z 66 PC: 9ef6d | Move file pointer
2018-12-17T23:02:28.747990278Z 63 PC: 9ef6d | Read file or device (Read 28 bytes on handle 5)
2018-12-17T23:02:28.750761551Z 66 PC: 9ef6d | Move file pointer
2018-12-17T23:02:28.752239593Z 63 PC: 9ef6d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:02:28.759926918Z 62 PC: 9ef6d | Close file
2018-12-17T23:02:28.762122563Z 42 PC: 9ef6d | Get date 0x9ef6d: ret
0x9ef6e: push ds
0x9ef6f: pop es
0x9ef70: push ds
0x9ef71: pop word ptr cs:[0xd8e]
0x9ef76: mov word ptr cs:[0xd8c], dx
0x9ef7b: mov ax, 0x4300
0x9ef7e: call 0xaef67
0x9ef81: jb 0x9ef52
0x9ef83: test cx, 0x1e
0x9ef87: jne 0x9ef52
0x9ef89: mov word ptr cs:[0xd92], cx
0x9ef8e: and cx, 0xfe
0x9ef92: mov dx, word ptr cs:[0xd8c]
0x9ef97: mov ax, 0x4301
0x9ef9a: call 0xaef67
0x9ef9d: jb 0x9ef52
0x9ef9f: mov dx, word ptr cs:[0xd8c]
0x9efa4: mov di, dx
0x9efa6: xor al, al
2018-12-17T23:02:28.7643635Z 37 PC: 9ef6d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:28.766238294Z 61 PC: 14b1e | Open file (Filename = '')
2018-12-17T23:02:28.773963722Z 62 PC: 14b26 | Close file
2018-12-17T23:02:28.775826969Z 79 PC: 14b32 | Find next file
2018-12-17T23:02:28.778599936Z 37 PC: 14b44 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:28.780320224Z 26 PC: 14b4d | Set disk transfer address
2018-12-17T23:02:28.782109201Z 26 PC: 13c8d | Set disk transfer address
2018-12-17T23:02:28.78396894Z 71 PC: 13d41 | Get current directory
2018-12-17T23:02:28.787564816Z 78 PC: 13d72 | Find first file
2018-12-17T23:02:28.794101282Z 67 PC: 13ddb | Get or set file attributes
2018-12-17T23:02:28.799641704Z 67 PC: 13e83 | Get or set file attributes
2018-12-17T23:02:28.810016345Z 53 PC: 9ef6d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:28.811315148Z 37 PC: 9ef6d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:28.812445063Z 67 PC: 9ef6d | Get or set file attributes
2018-12-17T23:02:28.818717004Z 67 PC: 9ef6d | Get or set file attributes
2018-12-17T23:02:28.828606055Z 61 PC: 9ef6d | Open file (Filename = 'B�3���rԣ� �� ���')
2018-12-17T23:02:28.835140305Z 87 PC: 9ef6d | Get or set file date and time
2018-12-17T23:02:28.837219272Z 66 PC: 9ef6d | Move file pointer
2018-12-17T23:02:28.83860662Z 66 PC: 9ef6d | Move file pointer
2018-12-17T23:02:28.839905328Z 63 PC: 9ef6d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:02:28.84673459Z 66 PC: 9ef6d | Move file pointer
2018-12-17T23:02:28.848644275Z 64 PC: 9ef6d | Write file or device (Write 3192 bytes on handle 5)
2018-12-17T23:02:28.85849845Z 66 PC: 9ef6d | Move file pointer
2018-12-17T23:02:28.860462404Z 64 PC: 9ef6d | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:02:28.8668019Z 87 PC: 9ef6d | Get or set file date and time
2018-12-17T23:02:28.868193456Z 62 PC: 9ef6d | Close file
2018-12-17T23:02:28.877298156Z 42 PC: 9ef6d | Get date 0x9ef6d: ret
0x9ef6e: push ds
0x9ef6f: pop es
0x9ef70: push ds
0x9ef71: pop word ptr cs:[0xd8e]
0x9ef76: mov word ptr cs:[0xd8c], dx
0x9ef7b: mov ax, 0x4300
0x9ef7e: call 0xaef67
0x9ef81: jb 0x9ef52
0x9ef83: test cx, 0x1e
0x9ef87: jne 0x9ef52
0x9ef89: mov word ptr cs:[0xd92], cx
0x9ef8e: and cx, 0xfe
0x9ef92: mov dx, word ptr cs:[0xd8c]
0x9ef97: mov ax, 0x4301
0x9ef9a: call 0xaef67
0x9ef9d: jb 0x9ef52
0x9ef9f: mov dx, word ptr cs:[0xd8c]
0x9efa4: mov di, dx
0x9efa6: xor al, al
2018-12-17T23:02:28.87940268Z 37 PC: 9ef6d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:28.880994834Z 61 PC: 13de8 | Open file (Filename = 'IG SYS ')
2018-12-17T23:02:28.887739796Z 87 PC: 13df3 | Get or set file date and time
2018-12-17T23:02:28.88900335Z 63 PC: 13e0b | Read file or device (Read 28 bytes on handle 5)
2018-12-17T23:02:28.890787981Z 66 PC: 13e8f | Move file pointer
2018-12-17T23:02:28.893423528Z 64 PC: 13e4c | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:02:28.895595052Z 64 PC: 13e55 | Write file or device (Write 1407 bytes on handle 5)
2018-12-17T23:02:28.901051232Z 66 PC: 13e8f | Move file pointer
2018-12-17T23:02:28.902713672Z 64 PC: 13e60 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:02:28.905386598Z 87 PC: 13e6d | Get or set file date and time
2018-12-17T23:02:28.906893026Z 67 PC: 13e83 | Get or set file attributes
2018-12-17T23:02:28.918394179Z 62 PC: 13e7c | Close file
2018-12-17T23:02:28.925694143Z 79 PC: 13d87 | Find next file
2018-12-17T23:02:28.928225644Z 79 PC: 13d87 | Find next file
2018-12-17T23:02:28.931516812Z 67 PC: 13ddb | Get or set file attributes
2018-12-17T23:02:28.937019632Z 67 PC: 13e83 | Get or set file attributes
2018-12-17T23:02:28.946826905Z 53 PC: 9ef6d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:28.94874473Z 37 PC: 9ef6d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:28.949875524Z 67 PC: 9ef6d | Get or set file attributes
2018-12-17T23:02:28.955452668Z 67 PC: 9ef6d | Get or set file attributes
2018-12-17T23:02:28.966182246Z 61 PC: 9ef6d | Open file (Filename = 'B�3���rԣ� �� ���')
2018-12-17T23:02:28.977409012Z 87 PC: 9ef6d | Get or set file date and time
2018-12-17T23:02:28.979068894Z 66 PC: 9ef6d | Move file pointer
2018-12-17T23:02:28.980886898Z 66 PC: 9ef6d | Move file pointer
2018-12-17T23:02:28.98235515Z 63 PC: 9ef6d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:02:28.988889245Z 66 PC: 9ef6d | Move file pointer
2018-12-17T23:02:28.991388594Z 64 PC: 9ef6d | Write file or device (Write 3192 bytes on handle 5)
2018-12-17T23:02:29.000710546Z 66 PC: 9ef6d | Move file pointer
2018-12-17T23:02:29.002492979Z 64 PC: 9ef6d | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:02:29.009980997Z 87 PC: 9ef6d | Get or set file date and time
2018-12-17T23:02:29.011719314Z 62 PC: 9ef6d | Close file
2018-12-17T23:02:29.019826534Z 42 PC: 9ef6d | Get date 0x9ef6d: ret
0x9ef6e: push ds
0x9ef6f: pop es
0x9ef70: push ds
0x9ef71: pop word ptr cs:[0xd8e]
0x9ef76: mov word ptr cs:[0xd8c], dx
0x9ef7b: mov ax, 0x4300
0x9ef7e: call 0xaef67
0x9ef81: jb 0x9ef52
0x9ef83: test cx, 0x1e
0x9ef87: jne 0x9ef52
0x9ef89: mov word ptr cs:[0xd92], cx
0x9ef8e: and cx, 0xfe
0x9ef92: mov dx, word ptr cs:[0xd8c]
0x9ef97: mov ax, 0x4301
0x9ef9a: call 0xaef67
0x9ef9d: jb 0x9ef52
0x9ef9f: mov dx, word ptr cs:[0xd8c]
0x9efa4: mov di, dx
0x9efa6: xor al, al
2018-12-17T23:02:29.022866986Z 37 PC: 9ef6d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:29.024656228Z 61 PC: 13de8 | Open file (Filename = 'IG SYS ')
2018-12-17T23:02:29.031735221Z 87 PC: 13df3 | Get or set file date and time
2018-12-17T23:02:29.034202675Z 63 PC: 13e0b | Read file or device (Read 28 bytes on handle 5)
2018-12-17T23:02:29.037175695Z 66 PC: 13e8f | Move file pointer
2018-12-17T23:02:29.040843169Z 64 PC: 13e4c | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:02:29.045221304Z 64 PC: 13e55 | Write file or device (Write 1404 bytes on handle 5)
2018-12-17T23:02:29.054416204Z 66 PC: 13e8f | Move file pointer
2018-12-17T23:02:29.055798129Z 64 PC: 13e60 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:02:29.060033619Z 87 PC: 13e6d | Get or set file date and time
2018-12-17T23:02:29.062072956Z 67 PC: 13e83 | Get or set file attributes
2018-12-17T23:02:29.068922708Z 62 PC: 13e7c | Close file
2018-12-17T23:02:29.074685058Z 79 PC: 13d87 | Find next file
2018-12-17T23:02:29.076768322Z 67 PC: 13ddb | Get or set file attributes
2018-12-17T23:02:29.080634117Z 67 PC: 13e83 | Get or set file attributes
2018-12-17T23:02:29.088424094Z 53 PC: 9ef6d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:29.089470641Z 37 PC: 9ef6d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:29.090477483Z 67 PC: 9ef6d | Get or set file attributes
2018-12-17T23:02:29.09477777Z 67 PC: 9ef6d | Get or set file attributes
2018-12-17T23:02:29.105723235Z 61 PC: 9ef6d | Open file (Filename = 'B�3���rԣ� �� ���')
2018-12-17T23:02:29.11682919Z 87 PC: 9ef6d | Get or set file date and time
2018-12-17T23:02:29.119365854Z 66 PC: 9ef6d | Move file pointer
2018-12-17T23:02:29.121433788Z 66 PC: 9ef6d | Move file pointer
2018-12-17T23:02:29.123146057Z 63 PC: 9ef6d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:02:29.128550029Z 66 PC: 9ef6d | Move file pointer
2018-12-17T23:02:29.130484332Z 64 PC: 9ef6d | Write file or device (Write 3192 bytes on handle 5)
2018-12-17T23:02:29.137041073Z 66 PC: 9ef6d | Move file pointer
2018-12-17T23:02:29.138331693Z 64 PC: 9ef6d | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:02:29.14291146Z 87 PC: 9ef6d | Get or set file date and time
2018-12-17T23:02:29.144118605Z 62 PC: 9ef6d | Close file
2018-12-17T23:02:29.149496264Z 42 PC: 9ef6d | Get date 0x9ef6d: ret
0x9ef6e: push ds
0x9ef6f: pop es
0x9ef70: push ds
0x9ef71: pop word ptr cs:[0xd8e]
0x9ef76: mov word ptr cs:[0xd8c], dx
0x9ef7b: mov ax, 0x4300
0x9ef7e: call 0xaef67
0x9ef81: jb 0x9ef52
0x9ef83: test cx, 0x1e
0x9ef87: jne 0x9ef52
0x9ef89: mov word ptr cs:[0xd92], cx
0x9ef8e: and cx, 0xfe
0x9ef92: mov dx, word ptr cs:[0xd8c]
0x9ef97: mov ax, 0x4301
0x9ef9a: call 0xaef67
0x9ef9d: jb 0x9ef52
0x9ef9f: mov dx, word ptr cs:[0xd8c]
0x9efa4: mov di, dx
0x9efa6: xor al, al
2018-12-17T23:02:29.151490418Z 37 PC: 9ef6d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:29.15286419Z 61 PC: 13de8 | Open file (Filename = 'IG SYS ')
2018-12-17T23:02:29.157261451Z 87 PC: 13df3 | Get or set file date and time
2018-12-17T23:02:29.158917982Z 63 PC: 13e0b | Read file or device (Read 28 bytes on handle 5)
2018-12-17T23:02:29.160773544Z 66 PC: 13e8f | Move file pointer
2018-12-17T23:02:29.163223953Z 64 PC: 13e4c | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:02:29.166289271Z 64 PC: 13e55 | Write file or device (Write 1409 bytes on handle 5)
2018-12-17T23:02:29.172069861Z 66 PC: 13e8f | Move file pointer
2018-12-17T23:02:29.173563922Z 64 PC: 13e60 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:02:29.176279994Z 87 PC: 13e6d | Get or set file date and time
2018-12-17T23:02:29.177645391Z 67 PC: 13e83 | Get or set file attributes
2018-12-17T23:02:29.185415836Z 62 PC: 13e7c | Close file
2018-12-17T23:02:29.190630862Z 53 PC: 9ef6d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:29.1916505Z 37 PC: 9ef6d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:29.192548748Z 47 PC: 9ef6d | Get disk transfer address
2018-12-17T23:02:29.194047121Z 26 PC: 9ef6d | Set disk transfer address
2018-12-17T23:02:29.194962103Z 67 PC: 9ef6d | Get or set file attributes
2018-12-17T23:02:29.199066453Z 67 PC: 9ef6d | Get or set file attributes
2018-12-17T23:02:29.203257546Z 67 PC: 9ef6d | Get or set file attributes
2018-12-17T23:02:29.206847093Z 42 PC: 9ef6d | Get date 0x9ef6d: ret
0x9ef6e: push ds
0x9ef6f: pop es
0x9ef70: push ds
0x9ef71: pop word ptr cs:[0xd8e]
0x9ef76: mov word ptr cs:[0xd8c], dx
0x9ef7b: mov ax, 0x4300
0x9ef7e: call 0xaef67
0x9ef81: jb 0x9ef52
0x9ef83: test cx, 0x1e
0x9ef87: jne 0x9ef52
0x9ef89: mov word ptr cs:[0xd92], cx
0x9ef8e: and cx, 0xfe
0x9ef92: mov dx, word ptr cs:[0xd8c]
0x9ef97: mov ax, 0x4301
0x9ef9a: call 0xaef67
0x9ef9d: jb 0x9ef52
0x9ef9f: mov dx, word ptr cs:[0xd8c]
0x9efa4: mov di, dx
0x9efa6: xor al, al
2018-12-17T23:02:29.208340798Z 78 PC: 9ef6d | Find first file
2018-12-17T23:02:29.212677271Z 53 PC: 9ef6d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:29.21362938Z 37 PC: 9ef6d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:29.214707698Z 67 PC: 9ef6d | Get or set file attributes
2018-12-17T23:02:29.218893503Z 67 PC: 9ef6d | Get or set file attributes
2018-12-17T23:02:29.225130704Z 61 PC: 9ef6d | Open file (Filename = 'TEST.EXE')
2018-12-17T23:02:29.229277021Z 87 PC: 9ef6d | Get or set file date and time
2018-12-17T23:02:29.230844919Z 66 PC: 9ef6d | Move file pointer
2018-12-17T23:02:29.231921337Z 66 PC: 9ef6d | Move file pointer
2018-12-17T23:02:29.23294482Z 63 PC: 9ef6d | Read file or device (Read 28 bytes on handle 5)
2018-12-17T23:02:29.237550066Z 66 PC: 9ef6d | Move file pointer
2018-12-17T23:02:29.238603966Z 63 PC: 9ef6d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:02:29.242779266Z 62 PC: 9ef6d | Close file
2018-12-17T23:02:29.244267342Z 42 PC: 9ef6d | Get date 0x9ef6d: ret
0x9ef6e: push ds
0x9ef6f: pop es
0x9ef70: push ds
0x9ef71: pop word ptr cs:[0xd8e]
0x9ef76: mov word ptr cs:[0xd8c], dx
0x9ef7b: mov ax, 0x4300
0x9ef7e: call 0xaef67
0x9ef81: jb 0x9ef52
0x9ef83: test cx, 0x1e
0x9ef87: jne 0x9ef52
0x9ef89: mov word ptr cs:[0xd92], cx
0x9ef8e: and cx, 0xfe
0x9ef92: mov dx, word ptr cs:[0xd8c]
0x9ef97: mov ax, 0x4301
0x9ef9a: call 0xaef67
0x9ef9d: jb 0x9ef52
0x9ef9f: mov dx, word ptr cs:[0xd8c]
0x9efa4: mov di, dx
0x9efa6: xor al, al
2018-12-17T23:02:29.245914117Z 37 PC: 9ef6d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:29.247585107Z 61 PC: 9eefd | Open file
2018-12-17T23:02:29.2514409Z 37 PC: 9ef6d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:29.252433739Z 26 PC: 9ef6d | Set disk transfer address
2018-12-17T23:02:29.253418506Z 59 PC: 13d68 | Change current directory
2018-12-17T23:02:29.257717511Z 26 PC: 13cd4 | Set disk transfer address
2018-12-17T23:02:29.25869395Z 9 PC: 12a5c | Display string (Could not find end pointer)
2018-12-17T23:02:29.262039012Z 76 PC: 12a61 | Terminate with return code (Return code = '0')