Sample viewer

vx.netlux.org/Virus.DOS.Hate.971

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:51:39.309849747Z 72 PC: 8f1b9 | Allocate memory
2018-12-17T21:51:39.312658177Z 72 PC: 8f1bd | Allocate memory
2018-12-17T21:51:39.315343389Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-17T21:51:39.318617681Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-17T21:51:39.329649444Z 66 PC: 91f95 | Move file pointer
2018-12-17T21:51:39.331720145Z 62 PC: 91fc1 | Close file
2018-12-17T21:51:39.333974022Z 75 PC: 91fe0 | Execute program
2018-12-17T21:51:39.34969346Z 98 PC: 916f1 | Get current PSP
2018-12-17T21:51:39.351905657Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-17T21:51:39.356196819Z 48 PC: c609 | Get DOS version
2018-12-17T21:51:39.360145134Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-17T21:51:39.36376513Z 2 PC: c38c | Character output (Char = '32')
2018-12-17T21:51:39.366103938Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-17T21:51:39.370213622Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-17T21:51:39.37501027Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-17T21:51:39.38046646Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\SMARTDRV.EXE')
2018-12-17T21:51:39.390694934Z 66 PC: 91f95 | Move file pointer
2018-12-17T21:51:39.392792428Z 62 PC: 91fc1 | Close file
2018-12-17T21:51:39.39554133Z 75 PC: 91fe0 | Execute program
2018-12-17T21:51:39.415536698Z 98 PC: 916f1 | Get current PSP
2018-12-17T21:51:39.420153155Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-17T21:51:39.421501072Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:51:39.422681876Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:51:39.425355673Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T21:51:39.426576973Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T21:51:39.427672312Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-17T21:51:39.436015712Z 62 PC: 8f8eb | Close file
2018-12-17T21:51:39.439051699Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.441074978Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.443598865Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.446163747Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.447930336Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.449921555Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.452005805Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.453726091Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.455624316Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.458073974Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.460554247Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.463030253Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.465495116Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.467941623Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.47008355Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.472202327Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.47395102Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.475359828Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.477885155Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.479313639Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.480679606Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.482857681Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.485919053Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.487663641Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.494083002Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.496622444Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.498051407Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.500282212Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.501972396Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.503657414Z 62 PC: 8f8f2 | Close file
2018-12-17T21:51:39.505682471Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-17T21:51:39.5105734Z 62 PC: 8f90e | Close file
2018-12-17T21:51:39.512573193Z 69 PC: 8f915 | Duplicate handle
2018-12-17T21:51:39.514673295Z 69 PC: 8f919 | Duplicate handle
2018-12-17T21:51:39.516200659Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T21:51:39.520511565Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T21:51:39.522218397Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T21:51:39.526741313Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T21:51:39.528254665Z 74 PC: 8f9c4 | Reallocate memory
2018-12-17T21:51:39.530021912Z 72 PC: 8f9e0 | Allocate memory
2018-12-17T21:51:39.532144848Z 72 PC: 8f9e4 | Allocate memory
2018-12-17T21:51:39.534352125Z 74 PC: 8f9fb | Reallocate memory
2018-12-17T21:51:39.536167226Z 72 PC: 8fa02 | Allocate memory
2018-12-17T21:51:39.538080346Z 72 PC: 8fa06 | Allocate memory
2018-12-17T21:51:39.539803144Z 73 PC: 8fa11 | Release memory
2018-12-17T21:51:39.542371567Z 73 PC: 8efea | Release memory
2018-12-17T21:51:39.543937633Z 74 PC: 8f003 | Reallocate memory
2018-12-17T21:51:39.545698184Z 72 PC: 8f054 | Allocate memory
2018-12-17T21:51:39.547927315Z 72 PC: 8f058 | Allocate memory
2018-12-17T21:51:39.549496499Z 73 PC: 8f060 | Release memory
2018-12-17T21:51:39.550831326Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-17T21:51:39.560219615Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T21:51:39.565787277Z 66 PC: 8f0ad | Move file pointer
2018-12-17T21:51:39.567095022Z 62 PC: 8f0d1 | Close file
2018-12-17T21:51:39.56914735Z 75 PC: 8f0f2 | Execute program
2018-12-17T21:51:39.589096166Z 80 PC: 12be9 | Set current PSP
2018-12-17T21:51:39.589922544Z 48 PC: 12bee | Get DOS version
2018-12-17T21:51:39.591930801Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-17T21:51:39.594136018Z 101 PC: 12c74 | Get extended country info
2018-12-17T21:51:39.595225334Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-17T21:51:39.596939576Z 74 PC: 12cdc | Reallocate memory
2018-12-17T21:51:39.598258411Z 72 PC: 1355d | Allocate memory
2018-12-17T21:51:39.59970883Z 25 PC: 13596 | Get default drive
2018-12-17T21:51:39.601497766Z 71 PC: 135ad | Get current directory
2018-12-17T21:51:39.603639019Z 59 PC: 135ba | Change current directory
2018-12-17T21:51:39.609313434Z 59 PC: 135c8 | Change current directory
2018-12-17T21:51:39.615308541Z 59 PC: 135d3 | Change current directory
2018-12-17T21:51:39.618634228Z 25 PC: 12d13 | Get default drive
2018-12-17T21:51:39.619683939Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T21:51:39.621101179Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:51:39.622190987Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:51:39.62428231Z 80 PC: 1301d | Set current PSP
2018-12-17T21:51:39.625696963Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T21:51:39.626894278Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T21:51:39.628012578Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T21:51:39.631775122Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-17T21:51:39.633852883Z 72 PC: 130ec | Allocate memory
2018-12-17T21:51:39.635692375Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-17T21:51:39.642962955Z 62 PC: 131ba | Close file
2018-12-17T21:51:39.64558821Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-17T21:51:39.647161621Z 74 PC: 1197c | Reallocate memory
2018-12-17T21:51:39.649666711Z 72 PC: 11991 | Allocate memory
2018-12-17T21:51:39.651599761Z 73 PC: 119b2 | Release memory
2018-12-17T21:51:39.653138035Z 72 PC: 119bd | Allocate memory
2018-12-17T21:51:39.654820852Z 73 PC: 119df | Release memory
2018-12-17T21:51:39.656178905Z 72 PC: 119f5 | Allocate memory
2018-12-17T21:51:39.657746357Z 72 PC: 119fd | Allocate memory