Sample viewer

vx.netlux.org/Virus.DOS.Horror.1173

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:05:34.016882753Z 75 PC: 12b9f | Execute program
2018-12-17T23:05:34.019485269Z 53 PC: 12bac | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:05:34.021257603Z 53 PC: 12bba | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:34.023161925Z 53 PC: 12bc8 | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-17T23:05:34.025023886Z 82 PC: 12bd6 | Get DOS internal pointers (SYSVARS)
2018-12-17T23:05:34.027641742Z 42 PC: 12d0b | Get date 0x12d0b: mov ch, byte ptr cs:[si + 0x466]
0x12d10: and cx, 0x707
0x12d14: dec cl
0x12d16: cmp ch, cl
0x12d18: je 0x12d22
0x12d1a: dec cl
0x12d1c: cmp ch, cl
0x12d1e: je 0x12d29
0x12d20: clc
0x12d21: ret
0x12d22: cmp dx, word ptr cs:[si + 0x464]
0x12d27: cmc
0x12d28: ret
0x12d29: cmp dx, word ptr cs:[si + 0x464]
0x12d2e: ret
0x12d2f: push sp
0x12d30: push 0x7369
0x12d33: and byte ptr [bx + di + 0x73], ch
0x12d36: and byte ptr [bx + si + 0x4f], cl
0x12d39: push dx
2018-12-17T23:05:34.030494949Z 37 PC: 12c29 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:34.032964658Z 61 PC: 9fa2c | Open file (Filename = '<')
2018-12-17T23:05:34.041440575Z 66 PC: 9fa3b | Move file pointer
2018-12-17T23:05:34.043564659Z 63 PC: 9fa49 | Read file or device (Read 10 bytes on handle 5)
2018-12-17T23:05:34.050407128Z 62 PC: 9fa4f | Close file
2018-12-17T23:05:34.053424035Z 42 PC: 9fa60 | Get date 0x9fa60: mov word ptr cs:[0x464], dx
0x9fa65: mov byte ptr cs:[0x466], cl
0x9fa6a: pop ds
0x9fa6b: pop dx
0x9fa6c: mov ax, 0x3513
0x9fa6f: int 0x21
0x9fa71: push es
0x9fa72: push bx
0x9fa73: mov al, 0x24
0x9fa75: int 0x21
0x9fa77: push es
0x9fa78: push bx
0x9fa79: mov al, 0x26
0x9fa7b: int 0x21
0x9fa7d: push es
0x9fa7e: push bx
0x9fa7f: push dx
0x9fa80: push ds
0x9fa81: push cs
0x9fa82: pop ds
2018-12-17T23:05:34.055714773Z 53 PC: 9fa71 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:05:34.057038875Z 53 PC: 9fa77 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:34.058666858Z 53 PC: 9fa7d | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-17T23:05:34.062500137Z 37 PC: 9fa8b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:34.063729628Z 37 PC: 9f9c0 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:05:34.064962282Z 37 PC: 9f9c9 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-17T23:05:34.083044973Z 67 PC: 9fa95 | Get or set file attributes
2018-12-17T23:05:34.089118513Z 67 PC: 9fa9f | Get or set file attributes
2018-12-17T23:05:34.437954179Z 61 PC: 9faab | Open file (Filename = 'S�')
2018-12-17T23:05:34.446780247Z 63 PC: 9fabb | Read file or device (Read 24 bytes on handle 5)
2018-12-17T23:05:34.450504757Z 66 PC: 9faca | Move file pointer
2018-12-17T23:05:34.452599474Z 87 PC: 9fb06 | Get or set file date and time
2018-12-17T23:05:34.455307953Z 64 PC: 9fb13 | Write file or device (Write 1173 bytes on handle 5)
2018-12-17T23:05:34.466530047Z 66 PC: 9fb22 | Move file pointer
2018-12-17T23:05:34.46856461Z 64 PC: 9fb2e | Write file or device (Write 24 bytes on handle 5)
2018-12-17T23:05:34.473370512Z 87 PC: 9fae1 | Get or set file date and time
2018-12-17T23:05:34.475427108Z 62 PC: 9fae5 | Close file
2018-12-17T23:05:34.498362683Z 67 PC: 9faed | Get or set file attributes
2018-12-17T23:05:34.509768633Z 37 PC: 9faf4 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-17T23:05:34.522651624Z 37 PC: 9fafa | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:34.524419745Z 37 PC: 9fb00 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:05:34.526694447Z 42 PC: 12d0b | Get date 0x12d0b: mov ch, byte ptr cs:[si + 0x466]
0x12d10: and cx, 0x707
0x12d14: dec cl
0x12d16: cmp ch, cl
0x12d18: je 0x12d22
0x12d1a: dec cl
0x12d1c: cmp ch, cl
0x12d1e: je 0x12d29
0x12d20: clc
0x12d21: ret
0x12d22: cmp dx, word ptr cs:[si + 0x464]
0x12d27: cmc
0x12d28: ret
0x12d29: cmp dx, word ptr cs:[si + 0x464]
0x12d2e: ret
0x12d2f: push sp
0x12d30: push 0x7369
0x12d33: and byte ptr [bx + di + 0x73], ch
0x12d36: and byte ptr [bx + si + 0x4f], cl
0x12d39: push dx
2018-12-17T23:05:34.530480693Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T23:05:34.535525815Z 76 PC: 12a86 | Terminate with return code (Return code = '36')