Sample viewer

vx.netlux.org/Virus.DOS.MemLapse.303

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:03:27.869628198Z 26 PC: 12a6c | Set disk transfer address
2018-12-17T23:03:27.872316322Z 78 PC: 12a75 | Find first file
2018-12-17T23:03:27.878620434Z 47 PC: 12a80 | Get disk transfer address
2018-12-17T23:03:27.880170986Z 79 PC: 12a75 | Find next file
2018-12-17T23:03:27.884097053Z 47 PC: 12a80 | Get disk transfer address
2018-12-17T23:03:27.885554089Z 67 PC: 12aa0 | Get or set file attributes
2018-12-17T23:03:27.899992535Z 61 PC: 12aa5 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:03:27.90666988Z 63 PC: 12abe | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:03:27.913413173Z 66 PC: 12ad0 | Move file pointer
2018-12-17T23:03:27.914517603Z 87 PC: 12ad5 | Get or set file date and time
2018-12-17T23:03:27.915778586Z 64 PC: 12ae8 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:03:27.919320783Z 66 PC: 12af1 | Move file pointer
2018-12-17T23:03:27.920984167Z 64 PC: 12afc | Write file or device (Write 303 bytes on handle 5)
2018-12-17T23:03:27.928409305Z 44 PC: 12b01 | Get time 0x12b01: mov cl, dl
0x12b03: mov al, cl
0x12b05: mov ax, 0x2c00
0x12b08: int 0x21
0x12b0a: mov cl, dl
0x12b0c: add cl, al
0x12b0e: ror cl, 1
0x12b10: xor ch, ch
0x12b12: xor dx, dx
0x12b14: mov ah, 0x40
0x12b16: int 0x21
0x12b18: mov cx, word ptr [0x21f]
0x12b1c: mov dx, word ptr [0x21d]
0x12b20: mov ax, 0x5701
0x12b23: int 0x21
0x12b25: mov ah, 0x3e
0x12b27: int 0x21
0x12b29: mov ah, 0x4f
0x12b2b: jmp 0x12a6f
0x12b2e: mov dx, 0x21a
2018-12-17T23:03:27.931818291Z 44 PC: 12b0a | Get time 0x12b0a: mov cl, dl
0x12b0c: add cl, al
0x12b0e: ror cl, 1
0x12b10: xor ch, ch
0x12b12: xor dx, dx
0x12b14: mov ah, 0x40
0x12b16: int 0x21
0x12b18: mov cx, word ptr [0x21f]
0x12b1c: mov dx, word ptr [0x21d]
0x12b20: mov ax, 0x5701
0x12b23: int 0x21
0x12b25: mov ah, 0x3e
0x12b27: int 0x21
0x12b29: mov ah, 0x4f
0x12b2b: jmp 0x12a6f
0x12b2e: mov dx, 0x21a
0x12b31: mov ah, 0x3b
0x12b33: int 0x21
0x12b35: jb 0x12b3a
0x12b37: jmp 0x12a6d
2018-12-17T23:03:27.93345483Z 64 PC: 12b18 | Write file or device (Write 31 bytes on handle 5)
2018-12-17T23:03:27.935375177Z 87 PC: 12b25 | Get or set file date and time
2018-12-17T23:03:27.937101231Z 62 PC: 12b29 | Close file
2018-12-17T23:03:27.948713317Z 79 PC: 12a75 | Find next file
2018-12-17T23:03:27.950563064Z 47 PC: 12a80 | Get disk transfer address
2018-12-17T23:03:27.951880364Z 79 PC: 12a75 | Find next file
2018-12-17T23:03:27.95515898Z 47 PC: 12a80 | Get disk transfer address
2018-12-17T23:03:27.956601583Z 79 PC: 12a75 | Find next file
2018-12-17T23:03:27.959084122Z 47 PC: 12a80 | Get disk transfer address
2018-12-17T23:03:27.960917341Z 67 PC: 12aa0 | Get or set file attributes
2018-12-17T23:03:27.967474387Z 61 PC: 12aa5 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:03:27.973434834Z 63 PC: 12abe | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:03:27.980770718Z 66 PC: 12ad0 | Move file pointer
2018-12-17T23:03:27.982506111Z 87 PC: 12ad5 | Get or set file date and time
2018-12-17T23:03:27.998431055Z 64 PC: 12ae8 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:03:28.007673591Z 66 PC: 12af1 | Move file pointer
2018-12-17T23:03:28.009564876Z 64 PC: 12afc | Write file or device (Write 303 bytes on handle 5)
2018-12-17T23:03:28.012646485Z 44 PC: 12b01 | Get time 0x12b01: mov cl, dl
0x12b03: mov al, cl
0x12b05: mov ax, 0x2c00
0x12b08: int 0x21
0x12b0a: mov cl, dl
0x12b0c: add cl, al
0x12b0e: ror cl, 1
0x12b10: xor ch, ch
0x12b12: xor dx, dx
0x12b14: mov ah, 0x40
0x12b16: int 0x21
0x12b18: mov cx, word ptr [0x21f]
0x12b1c: mov dx, word ptr [0x21d]
0x12b20: mov ax, 0x5701
0x12b23: int 0x21
0x12b25: mov ah, 0x3e
0x12b27: int 0x21
0x12b29: mov ah, 0x4f
0x12b2b: jmp 0x12a6f
0x12b2e: mov dx, 0x21a
2018-12-17T23:03:28.015859579Z 44 PC: 12b0a | Get time 0x12b0a: mov cl, dl
0x12b0c: add cl, al
0x12b0e: ror cl, 1
0x12b10: xor ch, ch
0x12b12: xor dx, dx
0x12b14: mov ah, 0x40
0x12b16: int 0x21
0x12b18: mov cx, word ptr [0x21f]
0x12b1c: mov dx, word ptr [0x21d]
0x12b20: mov ax, 0x5701
0x12b23: int 0x21
0x12b25: mov ah, 0x3e
0x12b27: int 0x21
0x12b29: mov ah, 0x4f
0x12b2b: jmp 0x12a6f
0x12b2e: mov dx, 0x21a
0x12b31: mov ah, 0x3b
0x12b33: int 0x21
0x12b35: jb 0x12b3a
0x12b37: jmp 0x12a6d
2018-12-17T23:03:28.017978502Z 64 PC: 12b18 | Write file or device (Write 34 bytes on handle 5)
2018-12-17T23:03:28.02067263Z 87 PC: 12b25 | Get or set file date and time
2018-12-17T23:03:28.02424161Z 62 PC: 12b29 | Close file
2018-12-17T23:03:28.045569223Z 79 PC: 12a75 | Find next file
2018-12-17T23:03:28.04922161Z 47 PC: 12a80 | Get disk transfer address
2018-12-17T23:03:28.051116673Z 79 PC: 12a75 | Find next file
2018-12-17T23:03:28.053858491Z 47 PC: 12a80 | Get disk transfer address
2018-12-17T23:03:28.055292974Z 67 PC: 12aa0 | Get or set file attributes
2018-12-17T23:03:28.065878192Z 61 PC: 12aa5 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:03:28.072705613Z 63 PC: 12abe | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:03:28.079193979Z 66 PC: 12ad0 | Move file pointer
2018-12-17T23:03:28.08178122Z 87 PC: 12ad5 | Get or set file date and time
2018-12-17T23:03:28.083447286Z 64 PC: 12ae8 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:03:28.086300321Z 66 PC: 12af1 | Move file pointer
2018-12-17T23:03:28.088869794Z 64 PC: 12afc | Write file or device (Write 303 bytes on handle 5)
2018-12-17T23:03:28.091755175Z 44 PC: 12b01 | Get time 0x12b01: mov cl, dl
0x12b03: mov al, cl
0x12b05: mov ax, 0x2c00
0x12b08: int 0x21
0x12b0a: mov cl, dl
0x12b0c: add cl, al
0x12b0e: ror cl, 1
0x12b10: xor ch, ch
0x12b12: xor dx, dx
0x12b14: mov ah, 0x40
0x12b16: int 0x21
0x12b18: mov cx, word ptr [0x21f]
0x12b1c: mov dx, word ptr [0x21d]
0x12b20: mov ax, 0x5701
0x12b23: int 0x21
0x12b25: mov ah, 0x3e
0x12b27: int 0x21
0x12b29: mov ah, 0x4f
0x12b2b: jmp 0x12a6f
0x12b2e: mov dx, 0x21a
2018-12-17T23:03:28.093937335Z 44 PC: 12b0a | Get time 0x12b0a: mov cl, dl
0x12b0c: add cl, al
0x12b0e: ror cl, 1
0x12b10: xor ch, ch
0x12b12: xor dx, dx
0x12b14: mov ah, 0x40
0x12b16: int 0x21
0x12b18: mov cx, word ptr [0x21f]
0x12b1c: mov dx, word ptr [0x21d]
0x12b20: mov ax, 0x5701
0x12b23: int 0x21
0x12b25: mov ah, 0x3e
0x12b27: int 0x21
0x12b29: mov ah, 0x4f
0x12b2b: jmp 0x12a6f
0x12b2e: mov dx, 0x21a
0x12b31: mov ah, 0x3b
0x12b33: int 0x21
0x12b35: jb 0x12b3a
0x12b37: jmp 0x12a6d
2018-12-17T23:03:28.096914635Z 64 PC: 12b18 | Write file or device (Write 164 bytes on handle 5)
2018-12-17T23:03:28.105724737Z 87 PC: 12b25 | Get or set file date and time
2018-12-17T23:03:28.10748332Z 62 PC: 12b29 | Close file
2018-12-17T23:03:28.115983165Z 79 PC: 12a75 | Find next file
2018-12-17T23:03:28.119436554Z 47 PC: 12a80 | Get disk transfer address
2018-12-17T23:03:28.120549148Z 79 PC: 12a75 | Find next file
2018-12-17T23:03:28.128312881Z 47 PC: 12a80 | Get disk transfer address
2018-12-17T23:03:28.130392907Z 67 PC: 12aa0 | Get or set file attributes
2018-12-17T23:03:28.140522409Z 61 PC: 12aa5 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:03:28.147839753Z 63 PC: 12abe | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:03:28.155761325Z 66 PC: 12ad0 | Move file pointer
2018-12-17T23:03:28.15805825Z 87 PC: 12ad5 | Get or set file date and time
2018-12-17T23:03:28.159968812Z 64 PC: 12ae8 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:03:28.163967125Z 66 PC: 12af1 | Move file pointer
2018-12-17T23:03:28.166282094Z 64 PC: 12afc | Write file or device (Write 303 bytes on handle 5)
2018-12-17T23:03:28.169473377Z 44 PC: 12b01 | Get time 0x12b01: mov cl, dl
0x12b03: mov al, cl
0x12b05: mov ax, 0x2c00
0x12b08: int 0x21
0x12b0a: mov cl, dl
0x12b0c: add cl, al
0x12b0e: ror cl, 1
0x12b10: xor ch, ch
0x12b12: xor dx, dx
0x12b14: mov ah, 0x40
0x12b16: int 0x21
0x12b18: mov cx, word ptr [0x21f]
0x12b1c: mov dx, word ptr [0x21d]
0x12b20: mov ax, 0x5701
0x12b23: int 0x21
0x12b25: mov ah, 0x3e
0x12b27: int 0x21
0x12b29: mov ah, 0x4f
0x12b2b: jmp 0x12a6f
0x12b2e: mov dx, 0x21a
2018-12-17T23:03:28.173469071Z 44 PC: 12b0a | Get time 0x12b0a: mov cl, dl
0x12b0c: add cl, al
0x12b0e: ror cl, 1
0x12b10: xor ch, ch
0x12b12: xor dx, dx
0x12b14: mov ah, 0x40
0x12b16: int 0x21
0x12b18: mov cx, word ptr [0x21f]
0x12b1c: mov dx, word ptr [0x21d]
0x12b20: mov ax, 0x5701
0x12b23: int 0x21
0x12b25: mov ah, 0x3e
0x12b27: int 0x21
0x12b29: mov ah, 0x4f
0x12b2b: jmp 0x12a6f
0x12b2e: mov dx, 0x21a
0x12b31: mov ah, 0x3b
0x12b33: int 0x21
0x12b35: jb 0x12b3a
0x12b37: jmp 0x12a6d
2018-12-17T23:03:28.176230565Z 64 PC: 12b18 | Write file or device (Write 42 bytes on handle 5)
2018-12-17T23:03:28.179362056Z 87 PC: 12b25 | Get or set file date and time
2018-12-17T23:03:28.182284637Z 62 PC: 12b29 | Close file
2018-12-17T23:03:28.189749093Z 79 PC: 12a75 | Find next file
2018-12-17T23:03:28.192340314Z 47 PC: 12a80 | Get disk transfer address
2018-12-17T23:03:28.193582991Z 79 PC: 12a75 | Find next file
2018-12-17T23:03:28.196633807Z 47 PC: 12a80 | Get disk transfer address
2018-12-17T23:03:28.197880359Z 79 PC: 12a75 | Find next file
2018-12-17T23:03:28.200658119Z 47 PC: 12a80 | Get disk transfer address
2018-12-17T23:03:28.209836363Z 67 PC: 12aa0 | Get or set file attributes
2018-12-17T23:03:28.219786129Z 61 PC: 12aa5 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:03:28.226808192Z 63 PC: 12abe | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:03:28.233930285Z 66 PC: 12ad0 | Move file pointer
2018-12-17T23:03:28.235408694Z 87 PC: 12ad5 | Get or set file date and time
2018-12-17T23:03:28.237215241Z 64 PC: 12ae8 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:03:28.24114032Z 66 PC: 12af1 | Move file pointer
2018-12-17T23:03:28.243010188Z 64 PC: 12afc | Write file or device (Write 303 bytes on handle 5)
2018-12-17T23:03:28.246179219Z 44 PC: 12b01 | Get time 0x12b01: mov cl, dl
0x12b03: mov al, cl
0x12b05: mov ax, 0x2c00
0x12b08: int 0x21
0x12b0a: mov cl, dl
0x12b0c: add cl, al
0x12b0e: ror cl, 1
0x12b10: xor ch, ch
0x12b12: xor dx, dx
0x12b14: mov ah, 0x40
0x12b16: int 0x21
0x12b18: mov cx, word ptr [0x21f]
0x12b1c: mov dx, word ptr [0x21d]
0x12b20: mov ax, 0x5701
0x12b23: int 0x21
0x12b25: mov ah, 0x3e
0x12b27: int 0x21
0x12b29: mov ah, 0x4f
0x12b2b: jmp 0x12a6f
0x12b2e: mov dx, 0x21a
2018-12-17T23:03:28.249777411Z 44 PC: 12b0a | Get time 0x12b0a: mov cl, dl
0x12b0c: add cl, al
0x12b0e: ror cl, 1
0x12b10: xor ch, ch
0x12b12: xor dx, dx
0x12b14: mov ah, 0x40
0x12b16: int 0x21
0x12b18: mov cx, word ptr [0x21f]
0x12b1c: mov dx, word ptr [0x21d]
0x12b20: mov ax, 0x5701
0x12b23: int 0x21
0x12b25: mov ah, 0x3e
0x12b27: int 0x21
0x12b29: mov ah, 0x4f
0x12b2b: jmp 0x12a6f
0x12b2e: mov dx, 0x21a
0x12b31: mov ah, 0x3b
0x12b33: int 0x21
0x12b35: jb 0x12b3a
0x12b37: jmp 0x12a6d
2018-12-17T23:03:28.252965282Z 64 PC: 12b18 | Write file or device (Write 45 bytes on handle 5)
2018-12-17T23:03:28.256036572Z 87 PC: 12b25 | Get or set file date and time
2018-12-17T23:03:28.25865314Z 62 PC: 12b29 | Close file
2018-12-17T23:03:28.266320478Z 79 PC: 12a75 | Find next file
2018-12-17T23:03:28.269218251Z 47 PC: 12a80 | Get disk transfer address
2018-12-17T23:03:28.27173221Z 67 PC: 12aa0 | Get or set file attributes
2018-12-17T23:03:28.281539655Z 61 PC: 12aa5 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:03:28.288228639Z 63 PC: 12abe | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:03:28.295683917Z 66 PC: 12ad0 | Move file pointer
2018-12-17T23:03:28.297689049Z 87 PC: 12ad5 | Get or set file date and time
2018-12-17T23:03:28.299299282Z 64 PC: 12ae8 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:03:28.302781707Z 66 PC: 12af1 | Move file pointer
2018-12-17T23:03:28.304759253Z 64 PC: 12afc | Write file or device (Write 303 bytes on handle 5)
2018-12-17T23:03:28.312713037Z 44 PC: 12b01 | Get time 0x12b01: mov cl, dl
0x12b03: mov al, cl
0x12b05: mov ax, 0x2c00
0x12b08: int 0x21
0x12b0a: mov cl, dl
0x12b0c: add cl, al
0x12b0e: ror cl, 1
0x12b10: xor ch, ch
0x12b12: xor dx, dx
0x12b14: mov ah, 0x40
0x12b16: int 0x21
0x12b18: mov cx, word ptr [0x21f]
0x12b1c: mov dx, word ptr [0x21d]
0x12b20: mov ax, 0x5701
0x12b23: int 0x21
0x12b25: mov ah, 0x3e
0x12b27: int 0x21
0x12b29: mov ah, 0x4f
0x12b2b: jmp 0x12a6f
0x12b2e: mov dx, 0x21a
2018-12-17T23:03:28.315249804Z 44 PC: 12b0a | Get time 0x12b0a: mov cl, dl
0x12b0c: add cl, al
0x12b0e: ror cl, 1
0x12b10: xor ch, ch
0x12b12: xor dx, dx
0x12b14: mov ah, 0x40
0x12b16: int 0x21
0x12b18: mov cx, word ptr [0x21f]
0x12b1c: mov dx, word ptr [0x21d]
0x12b20: mov ax, 0x5701
0x12b23: int 0x21
0x12b25: mov ah, 0x3e
0x12b27: int 0x21
0x12b29: mov ah, 0x4f
0x12b2b: jmp 0x12a6f
0x12b2e: mov dx, 0x21a
0x12b31: mov ah, 0x3b
0x12b33: int 0x21
0x12b35: jb 0x12b3a
0x12b37: jmp 0x12a6d
2018-12-17T23:03:28.318407178Z 64 PC: 12b18 | Write file or device (Write 45 bytes on handle 5)
2018-12-17T23:03:28.321934964Z 87 PC: 12b25 | Get or set file date and time
2018-12-17T23:03:28.323373574Z 62 PC: 12b29 | Close file
2018-12-17T23:03:28.33188647Z 79 PC: 12a75 | Find next file
2018-12-17T23:03:28.334685184Z 47 PC: 12a80 | Get disk transfer address
2018-12-17T23:03:28.336055251Z 67 PC: 12aa0 | Get or set file attributes
2018-12-17T23:03:28.346311343Z 61 PC: 12aa5 | Open file (Filename = 'PAH.COM')
2018-12-17T23:03:28.352884345Z 63 PC: 12abe | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:03:28.359209488Z 66 PC: 12ad0 | Move file pointer
2018-12-17T23:03:28.36173959Z 87 PC: 12ad5 | Get or set file date and time
2018-12-17T23:03:28.363384811Z 64 PC: 12ae8 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:03:28.366159045Z 66 PC: 12af1 | Move file pointer
2018-12-17T23:03:28.36850022Z 64 PC: 12afc | Write file or device (Write 303 bytes on handle 5)
2018-12-17T23:03:28.371628156Z 44 PC: 12b01 | Get time 0x12b01: mov cl, dl
0x12b03: mov al, cl
0x12b05: mov ax, 0x2c00
0x12b08: int 0x21
0x12b0a: mov cl, dl
0x12b0c: add cl, al
0x12b0e: ror cl, 1
0x12b10: xor ch, ch
0x12b12: xor dx, dx
0x12b14: mov ah, 0x40
0x12b16: int 0x21
0x12b18: mov cx, word ptr [0x21f]
0x12b1c: mov dx, word ptr [0x21d]
0x12b20: mov ax, 0x5701
0x12b23: int 0x21
0x12b25: mov ah, 0x3e
0x12b27: int 0x21
0x12b29: mov ah, 0x4f
0x12b2b: jmp 0x12a6f
0x12b2e: mov dx, 0x21a
2018-12-17T23:03:28.374293709Z 44 PC: 12b0a | Get time 0x12b0a: mov cl, dl
0x12b0c: add cl, al
0x12b0e: ror cl, 1
0x12b10: xor ch, ch
0x12b12: xor dx, dx
0x12b14: mov ah, 0x40
0x12b16: int 0x21
0x12b18: mov cx, word ptr [0x21f]
0x12b1c: mov dx, word ptr [0x21d]
0x12b20: mov ax, 0x5701
0x12b23: int 0x21
0x12b25: mov ah, 0x3e
0x12b27: int 0x21
0x12b29: mov ah, 0x4f
0x12b2b: jmp 0x12a6f
0x12b2e: mov dx, 0x21a
0x12b31: mov ah, 0x3b
0x12b33: int 0x21
0x12b35: jb 0x12b3a
0x12b37: jmp 0x12a6d
2018-12-17T23:03:28.377279521Z 64 PC: 12b18 | Write file or device (Write 175 bytes on handle 5)
2018-12-17T23:03:28.380358833Z 87 PC: 12b25 | Get or set file date and time
2018-12-17T23:03:28.38204431Z 62 PC: 12b29 | Close file
2018-12-17T23:03:28.390392585Z 79 PC: 12a75 | Find next file
2018-12-17T23:03:28.393410669Z 47 PC: 12a80 | Get disk transfer address
2018-12-17T23:03:28.394747291Z 67 PC: 12aa0 | Get or set file attributes
2018-12-17T23:03:28.40905932Z 61 PC: 12aa5 | Open file (Filename = 'TEST.COM')
2018-12-17T23:03:28.415932674Z 63 PC: 12abe | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:03:28.418632205Z 62 PC: 12b29 | Close file
2018-12-17T23:03:28.420765055Z 79 PC: 12a75 | Find next file
2018-12-17T23:03:28.424090758Z 59 PC: 12b35 | Change current directory
2018-12-17T23:03:28.428277413Z 26 PC: 12b41 | Set disk transfer address