Sample viewer

vx.netlux.org/Virus.DOS.Yosha.761

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:02:56.513818774Z 68 PC: 12a58 | I/O control for devices (Set for = 'is started by using +the SHELL command in the CONFIG.SYS file. F####,$z$$%U%%%,&y&')
2018-12-17T23:02:58.705708316Z 72 PC: 8f1b9 | Allocate memory
2018-12-17T23:02:58.707474238Z 72 PC: 8f1bd | Allocate memory
2018-12-17T23:02:58.710024211Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-17T23:02:58.713644565Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-17T23:02:58.72417712Z 66 PC: 91f95 | Move file pointer
2018-12-17T23:02:58.725632156Z 62 PC: 91fc1 | Close file
2018-12-17T23:02:58.727853048Z 75 PC: 91fe0 | Execute program
2018-12-17T23:02:58.743361644Z 98 PC: 916f1 | Get current PSP
2018-12-17T23:02:58.744432804Z 9 PC: c605 | Display string (String= '6r&;] u')
2018-12-17T23:02:58.748597855Z 48 PC: c609 | Get DOS version
2018-12-17T23:02:58.752189036Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-17T23:02:58.754444655Z 2 PC: c38c | Character output (Char = '32')
2018-12-17T23:02:58.75643769Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-17T23:02:58.7606143Z 9 PC: c6d9 | Display string (String= 'VHVDV@_Kut1Dt a1ZW 5|(Nj(p^')
2018-12-17T23:02:58.765498859Z 9 PC: c6e0 | Display string (String= '5|(Nj(p^')
2018-12-17T23:02:58.771135702Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\SMARTDRV.EXE')
2018-12-17T23:02:58.782883767Z 66 PC: 91f95 | Move file pointer
2018-12-17T23:02:58.785696191Z 62 PC: 91fc1 | Close file
2018-12-17T23:02:58.7880369Z 75 PC: 91fe0 | Execute program
2018-12-17T23:02:58.810935373Z 98 PC: 916f1 | Get current PSP
2018-12-17T23:02:58.814700982Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-17T23:02:58.815997924Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:02:58.817802716Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:02:58.819180296Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:02:58.820429078Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:02:58.821826078Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-17T23:02:58.829830774Z 62 PC: 8f8eb | Close file
2018-12-17T23:02:58.831855709Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.833895121Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.836629947Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.838771883Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.84014715Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.842430079Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.844087919Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.845750036Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.847832028Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.849294229Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.850665173Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.852936776Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.85438736Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.855751772Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.857804863Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.85962109Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.861326864Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.863868161Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.865920841Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.867589391Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.869932753Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.871566505Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.872921419Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.874293928Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.876258549Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.877598117Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.878921024Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.881160305Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.882562667Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.884014865Z 62 PC: 8f8f2 | Close file
2018-12-17T23:02:58.886104714Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-17T23:02:58.89080563Z 62 PC: 8f90e | Close file
2018-12-17T23:02:58.892541788Z 69 PC: 8f915 | Duplicate handle
2018-12-17T23:02:58.894786395Z 69 PC: 8f919 | Duplicate handle
2018-12-17T23:02:58.896408019Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T23:02:58.900996254Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T23:02:58.903093129Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T23:02:58.907903948Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T23:02:58.909979911Z 74 PC: 8f9c4 | Reallocate memory
2018-12-17T23:02:58.912346379Z 72 PC: 8f9e0 | Allocate memory
2018-12-17T23:02:58.913992935Z 72 PC: 8f9e4 | Allocate memory
2018-12-17T23:02:58.91549338Z 74 PC: 8f9fb | Reallocate memory
2018-12-17T23:02:58.917771072Z 72 PC: 8fa02 | Allocate memory
2018-12-17T23:02:58.919717152Z 72 PC: 8fa06 | Allocate memory
2018-12-17T23:02:58.92143016Z 73 PC: 8fa11 | Release memory
2018-12-17T23:02:58.923876021Z 73 PC: 8efea | Release memory
2018-12-17T23:02:58.926164888Z 74 PC: 8f003 | Reallocate memory
2018-12-17T23:02:58.927917323Z 72 PC: 8f054 | Allocate memory
2018-12-17T23:02:58.936592Z 72 PC: 8f058 | Allocate memory
2018-12-17T23:02:58.938714484Z 73 PC: 8f060 | Release memory
2018-12-17T23:02:58.940578709Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-17T23:02:58.950736973Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:02:58.95737404Z 66 PC: 8f0ad | Move file pointer
2018-12-17T23:02:58.95931419Z 62 PC: 8f0d1 | Close file
2018-12-17T23:02:58.962798382Z 75 PC: 8f0f2 | Execute program
2018-12-17T23:02:58.989937048Z 80 PC: 12be9 | Set current PSP
2018-12-17T23:02:58.991142701Z 48 PC: 12bee | Get DOS version
2018-12-17T23:02:58.994065908Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-17T23:02:58.996494303Z 101 PC: 12c74 | Get extended country info
2018-12-17T23:02:58.99785658Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-17T23:02:59.000153588Z 74 PC: 12cdc | Reallocate memory
2018-12-17T23:02:59.002421673Z 72 PC: 1355d | Allocate memory
2018-12-17T23:02:59.004320804Z 25 PC: 13596 | Get default drive
2018-12-17T23:02:59.006636093Z 71 PC: 135ad | Get current directory
2018-12-17T23:02:59.009784276Z 59 PC: 135ba | Change current directory
2018-12-17T23:02:59.015078686Z 59 PC: 135c8 | Change current directory
2018-12-17T23:02:59.020961798Z 59 PC: 135d3 | Change current directory
2018-12-17T23:02:59.024828986Z 25 PC: 12d13 | Get default drive
2018-12-17T23:02:59.026166734Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:02:59.027975959Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:02:59.029430401Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:59.031784788Z 80 PC: 1301d | Set current PSP
2018-12-17T23:02:59.033029757Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T23:02:59.034689689Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:02:59.0360022Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:02:59.037502093Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-17T23:02:59.039811253Z 72 PC: 130ec | Allocate memory
2018-12-17T23:02:59.042303504Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-17T23:02:59.048258809Z 62 PC: 131ba | Close file
2018-12-17T23:02:59.050789823Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-17T23:02:59.052168276Z 74 PC: 1197c | Reallocate memory
2018-12-17T23:02:59.053876363Z 72 PC: 11991 | Allocate memory
2018-12-17T23:02:59.055975054Z 73 PC: 119b2 | Release memory
2018-12-17T23:02:59.057299905Z 72 PC: 119bd | Allocate memory
2018-12-17T23:02:59.058986209Z 73 PC: 119df | Release memory
2018-12-17T23:02:59.061256618Z 72 PC: 119f5 | Allocate memory
2018-12-17T23:02:59.063352865Z 72 PC: 119fd | Allocate memory