Sample viewer

vx.netlux.org/Virus.DOS.Birgit.303

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:03:58.6911486Z	71	PC: 12aa3 \| Get current directory
2018-12-17T23:03:58.694996363Z	53	PC: 12aaa \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:58.696159616Z	37	PC: 12ab3 \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:03:58.697933175Z	78	PC: 12ad8 \| Find first file
2018-12-17T23:03:58.705078319Z	67	PC: 12af4 \| Get or set file attributes
2018-12-17T23:03:58.718540416Z	67	PC: 12afe \| Get or set file attributes
2018-12-17T23:03:58.738943257Z	61	PC: 12b02 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:03:58.747094682Z	87	PC: 12b07 \| Get or set file date and time
2018-12-17T23:03:58.750340291Z	63	PC: 12b12 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:03:58.757881942Z	66	PC: 12b21 \| Move file pointer
2018-12-17T23:03:58.75994349Z	44	PC: 12a4e \| Get time 0x12a4e: mov byte ptr [0x108], dl 0x12a52: call 0x12a67 0x12a55: pop bx 0x12a56: mov cx, 0x12f 0x12a59: mov dx, 0x100 0x12a5c: mov ah, 0x40 0x12a5e: int3 0x12a5f: inc byte ptr [0x22f] 0x12a63: call 0x12a67 0x12a66: ret 0x12a67: mov bx, 0x13f 0x12a6a: mov al, byte ptr [0x108] 0x12a6e: cmp al, 0 0x12a70: je 0x12a7e 0x12a72: xor byte ptr [bx], al 0x12a75: inc bx 0x12a76: add al, bh 0x12a78: cmp bx, 0x20f 0x12a7c: jle 0x12a72 0x12a7e: ret
2018-12-17T23:03:58.7639892Z	64	PC: 12a5f \| Write file or device (Write 303 bytes on handle 5)
2018-12-17T23:03:58.767922097Z	87	PC: 12b2c \| Get or set file date and time
2018-12-17T23:03:58.770132334Z	62	PC: 12b2f \| Close file
2018-12-17T23:03:58.78940117Z	67	PC: 12b3a \| Get or set file attributes
2018-12-17T23:03:58.80407145Z	79	PC: 12ad8 \| Find next file
2018-12-17T23:03:58.808031205Z	67	PC: 12af4 \| Get or set file attributes
2018-12-17T23:03:58.814495052Z	67	PC: 12afe \| Get or set file attributes
2018-12-17T23:03:58.826198381Z	61	PC: 12b02 \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:03:58.833599973Z	87	PC: 12b07 \| Get or set file date and time
2018-12-17T23:03:58.83541726Z	63	PC: 12b12 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:03:58.84397623Z	66	PC: 12b21 \| Move file pointer
2018-12-17T23:03:58.846434606Z	44	PC: 12a4e \| Get time 0x12a4e: mov byte ptr [0x108], dl 0x12a52: call 0x12a67 0x12a55: pop bx 0x12a56: mov cx, 0x12f 0x12a59: mov dx, 0x100 0x12a5c: mov ah, 0x40 0x12a5e: int3 0x12a5f: inc byte ptr [0x22f] 0x12a63: call 0x12a67 0x12a66: ret 0x12a67: mov bx, 0x13f 0x12a6a: mov al, byte ptr [0x108] 0x12a6e: cmp al, 0 0x12a70: je 0x12a7e 0x12a72: xor byte ptr [bx], al 0x12a75: inc bx 0x12a76: add al, bh 0x12a78: cmp bx, 0x20f 0x12a7c: jle 0x12a72 0x12a7e: ret
2018-12-17T23:03:58.850140904Z	64	PC: 12a5f \| Write file or device (Write 303 bytes on handle 5)
2018-12-17T23:03:58.856672846Z	87	PC: 12b2c \| Get or set file date and time
2018-12-17T23:03:58.858916015Z	62	PC: 12b2f \| Close file
2018-12-17T23:03:58.867425247Z	67	PC: 12b3a \| Get or set file attributes
2018-12-17T23:03:58.879825978Z	79	PC: 12ad8 \| Find next file
2018-12-17T23:03:58.88332216Z	67	PC: 12af4 \| Get or set file attributes
2018-12-17T23:03:58.890657598Z	67	PC: 12afe \| Get or set file attributes
2018-12-17T23:03:58.902071939Z	61	PC: 12b02 \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:03:58.909699463Z	87	PC: 12b07 \| Get or set file date and time
2018-12-17T23:03:58.911261695Z	63	PC: 12b12 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:03:58.918532178Z	66	PC: 12b21 \| Move file pointer
2018-12-17T23:03:58.920415456Z	44	PC: 12a4e \| Get time 0x12a4e: mov byte ptr [0x108], dl 0x12a52: call 0x12a67 0x12a55: pop bx 0x12a56: mov cx, 0x12f 0x12a59: mov dx, 0x100 0x12a5c: mov ah, 0x40 0x12a5e: int3 0x12a5f: inc byte ptr [0x22f] 0x12a63: call 0x12a67 0x12a66: ret 0x12a67: mov bx, 0x13f 0x12a6a: mov al, byte ptr [0x108] 0x12a6e: cmp al, 0 0x12a70: je 0x12a7e 0x12a72: xor byte ptr [bx], al 0x12a75: inc bx 0x12a76: add al, bh 0x12a78: cmp bx, 0x20f 0x12a7c: jle 0x12a72 0x12a7e: ret
2018-12-17T23:03:58.922858466Z	64	PC: 12a5f \| Write file or device (Write 303 bytes on handle 5)
2018-12-17T23:03:58.926060764Z	87	PC: 12b2c \| Get or set file date and time
2018-12-17T23:03:58.928596731Z	62	PC: 12b2f \| Close file
2018-12-17T23:03:58.937527521Z	67	PC: 12b3a \| Get or set file attributes
2018-12-17T23:03:58.948857105Z	79	PC: 12ad8 \| Find next file
2018-12-17T23:03:58.952836299Z	67	PC: 12af4 \| Get or set file attributes
2018-12-17T23:03:58.959532641Z	67	PC: 12afe \| Get or set file attributes
2018-12-17T23:03:58.970743407Z	61	PC: 12b02 \| Open file (Filename = 'PHANG.COM')
2018-12-17T23:03:58.97948019Z	87	PC: 12b07 \| Get or set file date and time
2018-12-17T23:03:58.981745407Z	63	PC: 12b12 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:03:58.989105072Z	66	PC: 12b21 \| Move file pointer
2018-12-17T23:03:58.991068734Z	44	PC: 12a4e \| Get time 0x12a4e: mov byte ptr [0x108], dl 0x12a52: call 0x12a67 0x12a55: pop bx 0x12a56: mov cx, 0x12f 0x12a59: mov dx, 0x100 0x12a5c: mov ah, 0x40 0x12a5e: int3 0x12a5f: inc byte ptr [0x22f] 0x12a63: call 0x12a67 0x12a66: ret 0x12a67: mov bx, 0x13f 0x12a6a: mov al, byte ptr [0x108] 0x12a6e: cmp al, 0 0x12a70: je 0x12a7e 0x12a72: xor byte ptr [bx], al 0x12a75: inc bx 0x12a76: add al, bh 0x12a78: cmp bx, 0x20f 0x12a7c: jle 0x12a72 0x12a7e: ret
2018-12-17T23:03:58.993721298Z	64	PC: 12a5f \| Write file or device (Write 303 bytes on handle 5)
2018-12-17T23:03:58.997215267Z	87	PC: 12b2c \| Get or set file date and time
2018-12-17T23:03:58.999736639Z	62	PC: 12b2f \| Close file
2018-12-17T23:03:59.008574993Z	67	PC: 12b3a \| Get or set file attributes
2018-12-17T23:03:59.017429991Z	79	PC: 12ad8 \| Find next file
2018-12-17T23:03:59.019679605Z	67	PC: 12af4 \| Get or set file attributes
2018-12-17T23:03:59.024022301Z	67	PC: 12afe \| Get or set file attributes
2018-12-17T23:03:59.034710197Z	61	PC: 12b02 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:03:59.041880957Z	87	PC: 12b07 \| Get or set file date and time
2018-12-17T23:03:59.043580933Z	63	PC: 12b12 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:03:59.050613764Z	66	PC: 12b21 \| Move file pointer
2018-12-17T23:03:59.052279935Z	44	PC: 12a4e \| Get time 0x12a4e: mov byte ptr [0x108], dl 0x12a52: call 0x12a67 0x12a55: pop bx 0x12a56: mov cx, 0x12f 0x12a59: mov dx, 0x100 0x12a5c: mov ah, 0x40 0x12a5e: int3 0x12a5f: inc byte ptr [0x22f] 0x12a63: call 0x12a67 0x12a66: ret 0x12a67: mov bx, 0x13f 0x12a6a: mov al, byte ptr [0x108] 0x12a6e: cmp al, 0 0x12a70: je 0x12a7e 0x12a72: xor byte ptr [bx], al 0x12a75: inc bx 0x12a76: add al, bh 0x12a78: cmp bx, 0x20f 0x12a7c: jle 0x12a72 0x12a7e: ret
2018-12-17T23:03:59.056005239Z	64	PC: 12a5f \| Write file or device (Write 303 bytes on handle 5)
2018-12-17T23:03:59.059265797Z	87	PC: 12b2c \| Get or set file date and time
2018-12-17T23:03:59.060872542Z	62	PC: 12b2f \| Close file
2018-12-17T23:03:59.071037402Z	67	PC: 12b3a \| Get or set file attributes
2018-12-17T23:03:59.082569069Z	79	PC: 12ad8 \| Find next file
2018-12-17T23:03:59.086039676Z	67	PC: 12af4 \| Get or set file attributes
2018-12-17T23:03:59.093909025Z	67	PC: 12afe \| Get or set file attributes
2018-12-17T23:03:59.105712571Z	61	PC: 12b02 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T23:03:59.113345592Z	87	PC: 12b07 \| Get or set file date and time
2018-12-17T23:03:59.116198764Z	63	PC: 12b12 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:03:59.123583807Z	66	PC: 12b21 \| Move file pointer
2018-12-17T23:03:59.125404415Z	44	PC: 12a4e \| Get time 0x12a4e: mov byte ptr [0x108], dl 0x12a52: call 0x12a67 0x12a55: pop bx 0x12a56: mov cx, 0x12f 0x12a59: mov dx, 0x100 0x12a5c: mov ah, 0x40 0x12a5e: int3 0x12a5f: inc byte ptr [0x22f] 0x12a63: call 0x12a67 0x12a66: ret 0x12a67: mov bx, 0x13f 0x12a6a: mov al, byte ptr [0x108] 0x12a6e: cmp al, 0 0x12a70: je 0x12a7e 0x12a72: xor byte ptr [bx], al 0x12a75: inc bx 0x12a76: add al, bh 0x12a78: cmp bx, 0x20f 0x12a7c: jle 0x12a72 0x12a7e: ret
2018-12-17T23:03:59.129334778Z	64	PC: 12a5f \| Write file or device (Write 303 bytes on handle 5)
2018-12-17T23:03:59.13280737Z	87	PC: 12b2c \| Get or set file date and time
2018-12-17T23:03:59.134820682Z	62	PC: 12b2f \| Close file
2018-12-17T23:03:59.143917813Z	67	PC: 12b3a \| Get or set file attributes
2018-12-17T23:03:59.156446051Z	79	PC: 12ad8 \| Find next file
2018-12-17T23:03:59.159626946Z	67	PC: 12af4 \| Get or set file attributes
2018-12-17T23:03:59.166548895Z	67	PC: 12afe \| Get or set file attributes
2018-12-17T23:03:59.178650713Z	61	PC: 12b02 \| Open file (Filename = 'PAH.COM')
2018-12-17T23:03:59.185950936Z	87	PC: 12b07 \| Get or set file date and time
2018-12-17T23:03:59.18754187Z	63	PC: 12b12 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:03:59.195717938Z	66	PC: 12b21 \| Move file pointer
2018-12-17T23:03:59.198016302Z	44	PC: 12a4e \| Get time 0x12a4e: mov byte ptr [0x108], dl 0x12a52: call 0x12a67 0x12a55: pop bx 0x12a56: mov cx, 0x12f 0x12a59: mov dx, 0x100 0x12a5c: mov ah, 0x40 0x12a5e: int3 0x12a5f: inc byte ptr [0x22f] 0x12a63: call 0x12a67 0x12a66: ret 0x12a67: mov bx, 0x13f 0x12a6a: mov al, byte ptr [0x108] 0x12a6e: cmp al, 0 0x12a70: je 0x12a7e 0x12a72: xor byte ptr [bx], al 0x12a75: inc bx 0x12a76: add al, bh 0x12a78: cmp bx, 0x20f 0x12a7c: jle 0x12a72 0x12a7e: ret
2018-12-17T23:03:59.200762922Z	64	PC: 12a5f \| Write file or device (Write 303 bytes on handle 5)
2018-12-17T23:03:59.205462049Z	87	PC: 12b2c \| Get or set file date and time
2018-12-17T23:03:59.2085566Z	62	PC: 12b2f \| Close file
2018-12-17T23:03:59.216783385Z	67	PC: 12b3a \| Get or set file attributes
2018-12-17T23:03:59.245490825Z	79	PC: 12ad8 \| Find next file
2018-12-17T23:03:59.249606476Z	59	PC: 12ac8 \| Change current directory
2018-12-17T23:03:59.254428114Z	59	PC: 12ad0 \| Change current directory