Sample viewer

vx.netlux.org/Virus.DOS.Ukraine.3400

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:02:32.746318611Z	75	PC: 13f0b \| Execute program
2018-12-17T23:02:32.748392908Z	51	PC: 133b1 \| Get or set Ctrl-Break
2018-12-17T23:02:32.750520075Z	82	PC: 133b9 \| Get DOS internal pointers (SYSVARS)
2018-12-17T23:02:32.752037295Z	74	PC: 1340e \| Reallocate memory
2018-12-17T23:02:32.753762677Z	72	PC: 13415 \| Allocate memory
2018-12-17T23:02:32.756844358Z	82	PC: 13441 \| Get DOS internal pointers (SYSVARS)
2018-12-17T23:02:32.761375721Z	26	PC: 13f3f \| Set disk transfer address
2018-12-17T23:02:32.76321637Z	78	PC: 13f48 \| Find first file
2018-12-17T23:02:32.770601345Z	78	PC: 13f48 \| Find first file
2018-12-17T23:02:32.77701742Z	78	PC: 13f48 \| Find first file
2018-12-17T23:02:32.779670195Z	26	PC: 13f88 \| Set disk transfer address
2018-12-17T23:02:32.7823658Z	37	PC: 12a48 \| Set interrupt vector (Interrupt = '160' AKA 'UNKNOWN!')
2018-12-17T23:02:32.783879003Z	15	PC: 12dc8 \| Open file (Filename = 'XXX�^��!=55u�3��&�p��&�r��&��&��]&��&��_��H��&�&�M��CC&)&�&@��&�@&�&�&�IO&� CT&� LD&�RV��3�V��^�P3��X&��&��&�p�&�r��ށ�� '�%CG��P�P�@��&�l&�lX�L�PP')
2018-12-17T23:02:32.78660268Z	47	PC: 13152 \| Get disk transfer address
2018-12-17T23:02:32.7891892Z	26	PC: 13163 \| Set disk transfer address
2018-12-17T23:02:32.790485897Z	78	PC: 13170 \| Find first file
2018-12-17T23:02:32.795327513Z	61	PC: 13095 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:02:32.797670426Z	53	PC: 9f006 \| Get interrupt vector (Interrupt = '42' AKA 'Get date')
2018-12-17T23:02:32.827976829Z	66	PC: 130ad \| Move file pointer
2018-12-17T23:02:32.830180168Z	62	PC: 1314d \| Close file
2018-12-17T23:02:32.832891733Z	79	PC: 13170 \| Find next file
2018-12-17T23:02:32.837329291Z	61	PC: 13095 \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:02:32.839265338Z	53	PC: 9f006 \| Get interrupt vector (Interrupt = '42' AKA 'Get date')
2018-12-17T23:02:32.857754157Z	66	PC: 130ad \| Move file pointer
2018-12-17T23:02:32.866272643Z	62	PC: 1314d \| Close file
2018-12-17T23:02:32.868789712Z	79	PC: 13170 \| Find next file
2018-12-17T23:02:32.872132964Z	61	PC: 13095 \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:02:32.875429538Z	53	PC: 9f006 \| Get interrupt vector (Interrupt = '42' AKA 'Get date')
2018-12-17T23:02:32.893934527Z	66	PC: 130ad \| Move file pointer
2018-12-17T23:02:32.895992103Z	62	PC: 1314d \| Close file
2018-12-17T23:02:32.899276233Z	79	PC: 13170 \| Find next file
2018-12-17T23:02:32.902678266Z	61	PC: 13095 \| Open file (Filename = 'PHANG.COM')
2018-12-17T23:02:32.904956867Z	53	PC: 9f006 \| Get interrupt vector (Interrupt = '42' AKA 'Get date')
2018-12-17T23:02:32.923207037Z	66	PC: 130ad \| Move file pointer
2018-12-17T23:02:32.925197106Z	62	PC: 1314d \| Close file
2018-12-17T23:02:32.927421786Z	79	PC: 13170 \| Find next file
2018-12-17T23:02:32.931362811Z	61	PC: 13095 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:02:32.933894568Z	53	PC: 9f006 \| Get interrupt vector (Interrupt = '42' AKA 'Get date')
2018-12-17T23:02:32.95375802Z	66	PC: 130ad \| Move file pointer
2018-12-17T23:02:32.955729674Z	62	PC: 1314d \| Close file
2018-12-17T23:02:32.958236134Z	79	PC: 13170 \| Find next file
2018-12-17T23:02:32.96202884Z	61	PC: 13095 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T23:02:32.963929361Z	53	PC: 9f006 \| Get interrupt vector (Interrupt = '42' AKA 'Get date')
2018-12-17T23:02:32.981704509Z	66	PC: 130ad \| Move file pointer
2018-12-17T23:02:32.984056808Z	62	PC: 1314d \| Close file
2018-12-17T23:02:32.986786427Z	79	PC: 13170 \| Find next file
2018-12-17T23:02:32.99113097Z	61	PC: 13095 \| Open file (Filename = 'PAH.COM')
2018-12-17T23:02:32.993198625Z	53	PC: 9f006 \| Get interrupt vector (Interrupt = '42' AKA 'Get date')
2018-12-17T23:02:33.011590251Z	66	PC: 130ad \| Move file pointer
2018-12-17T23:02:33.014744468Z	62	PC: 1314d \| Close file
2018-12-17T23:02:33.017244445Z	79	PC: 13170 \| Find next file
2018-12-17T23:02:33.020485594Z	61	PC: 13095 \| Open file (Filename = 'TEST.COM')
2018-12-17T23:02:33.023745069Z	53	PC: 9f006 \| Get interrupt vector (Interrupt = '42' AKA 'Get date')
2018-12-17T23:02:33.048729372Z	66	PC: 130ad \| Move file pointer
2018-12-17T23:02:33.050454343Z	66	PC: 130d0 \| Move file pointer
2018-12-17T23:02:33.052872797Z	63	PC: 130e0 \| Read file or device (Read 32 bytes on handle 5)
2018-12-17T23:02:33.060710844Z	62	PC: 1314d \| Close file
2018-12-17T23:02:33.062811831Z	79	PC: 13170 \| Find next file
2018-12-17T23:02:33.065522034Z	26	PC: 13188 \| Set disk transfer address
2018-12-17T23:02:33.06777653Z	76	PC: 12a5b \| Terminate with return code (Return code = '1')