Sample viewer

vx.netlux.org/Virus.DOS.Sandy.1376

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:04:45.491975025Z 53 PC: 12ec7 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:04:45.495606852Z 53 PC: 12ed3 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:45.496869016Z 37 PC: 12ee2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:45.49817145Z 37 PC: 12ee9 | Set interrupt vector (Interrupt = '112' AKA 'UNKNOWN!')
2018-12-17T23:04:45.500106907Z 47 PC: 1318a | Get disk transfer address
2018-12-17T23:04:45.501207771Z 71 PC: 1319c | Get current directory
2018-12-17T23:04:45.50399213Z 26 PC: 13152 | Set disk transfer address
2018-12-17T23:04:45.505766462Z 78 PC: 1315c | Find first file
2018-12-17T23:04:45.511513773Z 67 PC: 12fa3 | Get or set file attributes
2018-12-17T23:04:45.526553933Z 61 PC: 12fa8 | Open file (Filename = 'TEST.EXE')
2018-12-17T23:04:45.542965277Z 63 PC: 12fb5 | Read file or device (Read 27 bytes on handle 5)
2018-12-17T23:04:45.554471473Z 66 PC: 13120 | Move file pointer
2018-12-17T23:04:45.555666249Z 64 PC: 1312a | Write file or device (Write 1376 bytes on handle 5)
2018-12-17T23:04:45.56378925Z 66 PC: 12fbf | Move file pointer
2018-12-17T23:04:45.565356429Z 64 PC: 12fc9 | Write file or device (Write 27 bytes on handle 5)
2018-12-17T23:04:45.569364131Z 87 PC: 12fda | Get or set file date and time
2018-12-17T23:04:45.573332173Z 62 PC: 12fdf | Close file
2018-12-17T23:04:45.581455035Z 67 PC: 12fed | Get or set file attributes
2018-12-17T23:04:45.591862503Z 79 PC: 1317c | Find next file
2018-12-17T23:04:45.594364147Z 26 PC: 131a8 | Set disk transfer address
2018-12-17T23:04:45.610613467Z 78 PC: 131b2 | Find first file
2018-12-17T23:04:45.618816447Z 67 PC: 12fa3 | Get or set file attributes
2018-12-17T23:04:45.628341658Z 61 PC: 12fa8 | Open file (Filename = '�_~�ы�G���5�!�����$�!�����%��!�p��!.��3��\,�<')
2018-12-17T23:04:45.635401546Z 87 PC: 12ff5 | Get or set file date and time
2018-12-17T23:04:45.636846439Z 67 PC: 13006 | Get or set file attributes
2018-12-17T23:04:45.642322704Z 63 PC: 12fb5 | Read file or device (Read 27 bytes on handle 5)
2018-12-17T23:04:45.645669675Z 66 PC: 131f8 | Move file pointer
2018-12-17T23:04:45.647209728Z 64 PC: 131fe | Write file or device (Write 0 bytes on handle 5)
2018-12-17T23:04:45.655126649Z 66 PC: 12fbf | Move file pointer
2018-12-17T23:04:45.657605727Z 64 PC: 12fc9 | Write file or device (Write 27 bytes on handle 5)
2018-12-17T23:04:45.660265109Z 87 PC: 12fda | Get or set file date and time
2018-12-17T23:04:45.661596851Z 62 PC: 12fdf | Close file
2018-12-17T23:04:45.669815891Z 67 PC: 12fed | Get or set file attributes
2018-12-17T23:04:45.674192162Z 59 PC: 13225 | Change current directory
2018-12-17T23:04:45.678566854Z 37 PC: 13234 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:45.680369856Z 37 PC: 13242 | Set interrupt vector (Interrupt = '112' AKA 'UNKNOWN!')
2018-12-17T23:04:45.682611742Z 26 PC: 13250 | Set disk transfer address
2018-12-17T23:04:45.684108878Z 53 PC: 132a8 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:45.686319332Z 249 PC: 9edd1 | UNKNOWN!
2018-12-17T23:04:45.688247011Z 53 PC: 9edd1 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:45.69000404Z 53 PC: 9edd1 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:04:45.691700346Z 37 PC: 9edd1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:45.69425241Z 37 PC: 9edd1 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:04:45.695534366Z 9 PC: 9edd1 | Display string (Could not find end pointer)
2018-12-17T23:04:45.699661502Z 67 PC: 9ea03 | Get or set file attributes
2018-12-17T23:04:45.709811527Z 53 PC: 9dfea | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:45.71089908Z 37 PC: 9dfea | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:45.711947755Z 61 PC: 9dfea | Open file (Filename = '$%')
2018-12-17T23:04:45.718939594Z 87 PC: 9dfea | Get or set file date and time
2018-12-17T23:04:45.720328492Z 66 PC: 9dfea | Move file pointer
2018-12-17T23:04:45.721672958Z 63 PC: 9dfea | Read file or device (Read 28 bytes on handle 5)
2018-12-17T23:04:45.72484254Z 66 PC: 9dfea | Move file pointer
2018-12-17T23:04:45.7261375Z 87 PC: 9dfea | Get or set file date and time
2018-12-17T23:04:45.727484888Z 62 PC: 9dfea | Close file
2018-12-17T23:04:45.737337917Z 37 PC: 9dfea | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:45.738404205Z 61 PC: 9ea08 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:04:45.744768517Z 66 PC: 9edac | Move file pointer
2018-12-17T23:04:45.74647807Z 66 PC: 9edbc | Move file pointer
2018-12-17T23:04:45.747801579Z 87 PC: 9ea55 | Get or set file date and time
2018-12-17T23:04:45.750179757Z 67 PC: 9ea66 | Get or set file attributes
2018-12-17T23:04:45.756452187Z 63 PC: 9ea15 | Read file or device (Read 27 bytes on handle 5)
2018-12-17T23:04:45.762694369Z 66 PC: 9eb80 | Move file pointer
2018-12-17T23:04:45.763925454Z 64 PC: 9eb8a | Write file or device (Write 1376 bytes on handle 5)
2018-12-17T23:04:45.773022111Z 66 PC: 9ea1f | Move file pointer
2018-12-17T23:04:45.774247857Z 64 PC: 9ea29 | Write file or device (Write 27 bytes on handle 5)
2018-12-17T23:04:45.776872891Z 87 PC: 9ea3a | Get or set file date and time
2018-12-17T23:04:45.778948497Z 62 PC: 9ea3f | Close file
2018-12-17T23:04:45.786585952Z 67 PC: 9ea4d | Get or set file attributes
2018-12-17T23:04:45.796102574Z 76 PC: 9edd1 | Terminate with return code (Return code = '1')