Sample viewer

vx.netlux.org/Virus.DOS.Eumel.451

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:05:22.311272464Z	53	PC: 12a7c \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:22.317936006Z	37	PC: 12a90 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:22.319591079Z	47	PC: 12a96 \| Get disk transfer address
2018-12-17T23:05:22.321189739Z	26	PC: 12aa8 \| Set disk transfer address
2018-12-17T23:05:22.323344361Z	25	PC: 12aac \| Get default drive
2018-12-17T23:05:22.324905093Z	14	PC: 12ab6 \| Set default drive (Drive = 'C')
2018-12-17T23:05:22.327465434Z	78	PC: 12ac3 \| Find first file
2018-12-17T23:05:22.333738136Z	67	PC: 12aeb \| Get or set file attributes
2018-12-17T23:05:22.339831955Z	67	PC: 12af8 \| Get or set file attributes
2018-12-17T23:05:23.359328745Z	61	PC: 12b00 \| Open file (Filename = 'COMMAND.COM')
2018-12-17T23:05:23.366237345Z	87	PC: 12b07 \| Get or set file date and time
2018-12-17T23:05:23.368739038Z	44	PC: 12b15 \| Get time 0x12b15: or dl, dl 0x12b17: je 0x12b11 0x12b19: mov byte ptr [bp + 0x1bf], dl 0x12b1d: mov ah, 0x3f 0x12b1f: lea dx, word ptr [bp + 0x18c] 0x12b23: mov cx, 3 0x12b26: int 0x21 0x12b28: xor ah, ah 0x12b2a: mov ax, 0x4202 0x12b2d: xor cx, cx 0x12b2f: xor dx, dx 0x12b31: int 0x21 0x12b33: sub ax, 3 0x12b36: mov word ptr cs:[0xfb2d], ax 0x12b3a: mov byte ptr cs:[0xfb2c], 0xe9 0x12b40: lea si, word ptr [bp - 3] 0x12b43: mov di, 0xfcbc 0x12b46: mov cx, 0x1c3 0x12b49: cld 0x12b4a: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-17T23:05:23.371831998Z	63	PC: 12b28 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:05:23.375016733Z	66	PC: 12b33 \| Move file pointer
2018-12-17T23:05:23.378358957Z	64	PC: 12b5f \| Write file or device (Write 451 bytes on handle 5)
2018-12-17T23:05:23.392321359Z	66	PC: 12b68 \| Move file pointer
2018-12-17T23:05:23.39438678Z	64	PC: 12b75 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:05:23.399001182Z	87	PC: 12b8c \| Get or set file date and time
2018-12-17T23:05:23.401435818Z	62	PC: 12b90 \| Close file
2018-12-17T23:05:23.409678779Z	67	PC: 12b9d \| Get or set file attributes
2018-12-17T23:05:23.4202495Z	62	PC: 12adf \| Close file
2018-12-17T23:05:23.422618041Z	79	PC: 12ac3 \| Find next file
2018-12-17T23:05:23.425645689Z	37	PC: 12bb0 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:23.427211188Z	26	PC: 12bc0 \| Set disk transfer address
2018-12-17T23:05:23.429833161Z	14	PC: 12bca \| Set default drive (Drive = 'A')