Sample viewer

vx.netlux.org/Virus.DOS.Dreg.1475

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:04:24.778673756Z	53	PC: 12a7a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:24.779886142Z	37	PC: 12a9c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:24.782528893Z	26	PC: 12ada \| Set disk transfer address
2018-12-17T23:04:24.784415066Z	78	PC: 12b1f \| Find first file
2018-12-17T23:04:24.79169115Z	61	PC: 12b3c \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:04:24.800531246Z	63	PC: 12b5d \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:04:24.808216351Z	62	PC: 12bbf \| Close file
2018-12-17T23:04:24.810691007Z	67	PC: 12bf5 \| Get or set file attributes
2018-12-17T23:04:24.828537572Z	61	PC: 12bff \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:04:24.836773094Z	44	PC: 12f06 \| Get time 0x12f06: pop dx 0x12f07: push dx 0x12f08: or bh, 0 0x12f0b: push dx 0x12f0c: ret 0x12f0d: lea di, word ptr [bp + 0x118] 0x12f11: mov cx, 0x23d 0x12f14: push di 0x12f15: pop si 0x12f16: lodsw ax, word ptr [si] 0x12f17: jmp 0x12f26 0x12f19: stosw word ptr es:[di], ax 0x12f1a: push dx 0x12f1b: mov dx, 0x2ae5 0x12f1e: pop dx 0x12f1f: loop 0x12f16 0x12f21: neg bx 0x12f23: neg bx 0x12f25: ret 0x12f26: not ax
2018-12-17T23:04:24.839643858Z	44	PC: 12f06 \| Get time 0x12f06: pop dx 0x12f07: push dx 0x12f08: or bh, 0 0x12f0b: push dx 0x12f0c: ret 0x12f0d: lea di, word ptr [bp + 0x118] 0x12f11: mov cx, 0x23d 0x12f14: push di 0x12f15: pop si 0x12f16: lodsw ax, word ptr [si] 0x12f17: jmp 0x12f26 0x12f19: stosw word ptr es:[di], ax 0x12f1a: push dx 0x12f1b: mov dx, 0x2ae5 0x12f1e: pop dx 0x12f1f: loop 0x12f16 0x12f21: neg bx 0x12f23: neg bx 0x12f25: ret 0x12f26: not ax
2018-12-17T23:04:24.842856178Z	44	PC: 12f06 \| Get time 0x12f06: pop dx 0x12f07: push dx 0x12f08: or bh, 0 0x12f0b: push dx 0x12f0c: ret 0x12f0d: lea di, word ptr [bp + 0x118] 0x12f11: mov cx, 0x23d 0x12f14: push di 0x12f15: pop si 0x12f16: lodsw ax, word ptr [si] 0x12f17: jmp 0x12f26 0x12f19: stosw word ptr es:[di], ax 0x12f1a: push dx 0x12f1b: mov dx, 0x2ae5 0x12f1e: pop dx 0x12f1f: loop 0x12f16 0x12f21: neg bx 0x12f23: neg bx 0x12f25: ret 0x12f26: not ax
2018-12-17T23:04:24.846798908Z	44	PC: 12f06 \| Get time 0x12f06: pop dx 0x12f07: push dx 0x12f08: or bh, 0 0x12f0b: push dx 0x12f0c: ret 0x12f0d: lea di, word ptr [bp + 0x118] 0x12f11: mov cx, 0x23d 0x12f14: push di 0x12f15: pop si 0x12f16: lodsw ax, word ptr [si] 0x12f17: jmp 0x12f26 0x12f19: stosw word ptr es:[di], ax 0x12f1a: push dx 0x12f1b: mov dx, 0x2ae5 0x12f1e: pop dx 0x12f1f: loop 0x12f16 0x12f21: neg bx 0x12f23: neg bx 0x12f25: ret 0x12f26: not ax
2018-12-17T23:04:24.849296285Z	44	PC: 12f06 \| Get time 0x12f06: pop dx 0x12f07: push dx 0x12f08: or bh, 0 0x12f0b: push dx 0x12f0c: ret 0x12f0d: lea di, word ptr [bp + 0x118] 0x12f11: mov cx, 0x23d 0x12f14: push di 0x12f15: pop si 0x12f16: lodsw ax, word ptr [si] 0x12f17: jmp 0x12f26 0x12f19: stosw word ptr es:[di], ax 0x12f1a: push dx 0x12f1b: mov dx, 0x2ae5 0x12f1e: pop dx 0x12f1f: loop 0x12f16 0x12f21: neg bx 0x12f23: neg bx 0x12f25: ret 0x12f26: not ax
2018-12-17T23:04:24.851788966Z	44	PC: 12f06 \| Get time 0x12f06: pop dx 0x12f07: push dx 0x12f08: or bh, 0 0x12f0b: push dx 0x12f0c: ret 0x12f0d: lea di, word ptr [bp + 0x118] 0x12f11: mov cx, 0x23d 0x12f14: push di 0x12f15: pop si 0x12f16: lodsw ax, word ptr [si] 0x12f17: jmp 0x12f26 0x12f19: stosw word ptr es:[di], ax 0x12f1a: push dx 0x12f1b: mov dx, 0x2ae5 0x12f1e: pop dx 0x12f1f: loop 0x12f16 0x12f21: neg bx 0x12f23: neg bx 0x12f25: ret 0x12f26: not ax
2018-12-17T23:04:24.855612881Z	44	PC: 12f06 \| Get time 0x12f06: pop dx 0x12f07: push dx 0x12f08: or bh, 0 0x12f0b: push dx 0x12f0c: ret 0x12f0d: lea di, word ptr [bp + 0x118] 0x12f11: mov cx, 0x23d 0x12f14: push di 0x12f15: pop si 0x12f16: lodsw ax, word ptr [si] 0x12f17: jmp 0x12f26 0x12f19: stosw word ptr es:[di], ax 0x12f1a: push dx 0x12f1b: mov dx, 0x2ae5 0x12f1e: pop dx 0x12f1f: loop 0x12f16 0x12f21: neg bx 0x12f23: neg bx 0x12f25: ret 0x12f26: not ax
2018-12-17T23:04:24.85994008Z	44	PC: 12f06 \| Get time 0x12f06: pop dx 0x12f07: push dx 0x12f08: or bh, 0 0x12f0b: push dx 0x12f0c: ret 0x12f0d: lea di, word ptr [bp + 0x118] 0x12f11: mov cx, 0x23d 0x12f14: push di 0x12f15: pop si 0x12f16: lodsw ax, word ptr [si] 0x12f17: jmp 0x12f26 0x12f19: stosw word ptr es:[di], ax 0x12f1a: push dx 0x12f1b: mov dx, 0x2ae5 0x12f1e: pop dx 0x12f1f: loop 0x12f16 0x12f21: neg bx 0x12f23: neg bx 0x12f25: ret 0x12f26: not ax
2018-12-17T23:04:24.863744919Z	44	PC: 12f06 \| Get time 0x12f06: pop dx 0x12f07: push dx 0x12f08: or bh, 0 0x12f0b: push dx 0x12f0c: ret 0x12f0d: lea di, word ptr [bp + 0x118] 0x12f11: mov cx, 0x23d 0x12f14: push di 0x12f15: pop si 0x12f16: lodsw ax, word ptr [si] 0x12f17: jmp 0x12f26 0x12f19: stosw word ptr es:[di], ax 0x12f1a: push dx 0x12f1b: mov dx, 0x2ae5 0x12f1e: pop dx 0x12f1f: loop 0x12f16 0x12f21: neg bx 0x12f23: neg bx 0x12f25: ret 0x12f26: not ax
2018-12-17T23:04:24.867109964Z	44	PC: 12f06 \| Get time 0x12f06: pop dx 0x12f07: push dx 0x12f08: or bh, 0 0x12f0b: push dx 0x12f0c: ret 0x12f0d: lea di, word ptr [bp + 0x118] 0x12f11: mov cx, 0x23d 0x12f14: push di 0x12f15: pop si 0x12f16: lodsw ax, word ptr [si] 0x12f17: jmp 0x12f26 0x12f19: stosw word ptr es:[di], ax 0x12f1a: push dx 0x12f1b: mov dx, 0x2ae5 0x12f1e: pop dx 0x12f1f: loop 0x12f16 0x12f21: neg bx 0x12f23: neg bx 0x12f25: ret 0x12f26: not ax
2018-12-17T23:04:24.870724574Z	44	PC: 12f06 \| Get time 0x12f06: pop dx 0x12f07: push dx 0x12f08: or bh, 0 0x12f0b: push dx 0x12f0c: ret 0x12f0d: lea di, word ptr [bp + 0x118] 0x12f11: mov cx, 0x23d 0x12f14: push di 0x12f15: pop si 0x12f16: lodsw ax, word ptr [si] 0x12f17: jmp 0x12f26 0x12f19: stosw word ptr es:[di], ax 0x12f1a: push dx 0x12f1b: mov dx, 0x2ae5 0x12f1e: pop dx 0x12f1f: loop 0x12f16 0x12f21: neg bx 0x12f23: neg bx 0x12f25: ret 0x12f26: not ax
2018-12-17T23:04:24.87417983Z	44	PC: 12f06 \| Get time 0x12f06: pop dx 0x12f07: push dx 0x12f08: or bh, 0 0x12f0b: push dx 0x12f0c: ret 0x12f0d: lea di, word ptr [bp + 0x118] 0x12f11: mov cx, 0x23d 0x12f14: push di 0x12f15: pop si 0x12f16: lodsw ax, word ptr [si] 0x12f17: jmp 0x12f26 0x12f19: stosw word ptr es:[di], ax 0x12f1a: push dx 0x12f1b: mov dx, 0x2ae5 0x12f1e: pop dx 0x12f1f: loop 0x12f16 0x12f21: neg bx 0x12f23: neg bx 0x12f25: ret 0x12f26: not ax
2018-12-17T23:04:24.877276838Z	44	PC: 12f06 \| Get time 0x12f06: pop dx 0x12f07: push dx 0x12f08: or bh, 0 0x12f0b: push dx 0x12f0c: ret 0x12f0d: lea di, word ptr [bp + 0x118] 0x12f11: mov cx, 0x23d 0x12f14: push di 0x12f15: pop si 0x12f16: lodsw ax, word ptr [si] 0x12f17: jmp 0x12f26 0x12f19: stosw word ptr es:[di], ax 0x12f1a: push dx 0x12f1b: mov dx, 0x2ae5 0x12f1e: pop dx 0x12f1f: loop 0x12f16 0x12f21: neg bx 0x12f23: neg bx 0x12f25: ret 0x12f26: not ax
2018-12-17T23:04:24.881436571Z	44	PC: 12f06 \| Get time 0x12f06: pop dx 0x12f07: push dx 0x12f08: or bh, 0 0x12f0b: push dx 0x12f0c: ret 0x12f0d: lea di, word ptr [bp + 0x118] 0x12f11: mov cx, 0x23d 0x12f14: push di 0x12f15: pop si 0x12f16: lodsw ax, word ptr [si] 0x12f17: jmp 0x12f26 0x12f19: stosw word ptr es:[di], ax 0x12f1a: push dx 0x12f1b: mov dx, 0x2ae5 0x12f1e: pop dx 0x12f1f: loop 0x12f16 0x12f21: neg bx 0x12f23: neg bx 0x12f25: ret 0x12f26: not ax
2018-12-17T23:04:24.885256884Z	66	PC: 1309c \| Move file pointer
2018-12-17T23:04:24.887690481Z	64	PC: 130b6 \| Write file or device (Write 1475 bytes on handle 5)
2018-12-17T23:04:24.899329175Z	66	PC: 130e7 \| Move file pointer
2018-12-17T23:04:24.901525328Z	64	PC: 13123 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:04:24.91158064Z	87	PC: 12d37 \| Get or set file date and time
2018-12-17T23:04:24.914703437Z	62	PC: 12d47 \| Close file
2018-12-17T23:04:24.926428288Z	67	PC: 12d69 \| Get or set file attributes
2018-12-17T23:04:24.938315699Z	26	PC: 12d89 \| Set disk transfer address
2018-12-17T23:04:24.940213849Z	37	PC: 12da2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')