Sample viewer

vx.netlux.org/Virus.DOS.Cordobes.3334

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:05:36.48464961Z	240	PC: 14ab0 \| UNKNOWN!
2018-12-17T23:05:36.48958556Z	74	PC: 12adc \| Reallocate memory
2018-12-17T23:05:36.490911304Z	42	PC: 136c2 \| Get date 0x136c2: mov ax, word ptr cs:[0x15e] 0x136c6: add ah, 4 0x136c9: cmp ah, 0xc 0x136cc: jbe 0x136d1 0x136ce: sub ah, 0xc 0x136d1: mov word ptr cs:[0x15e], dx 0x136d6: cmp dx, ax 0x136d8: jne 0x136ff 0x136da: push cs 0x136db: pop ds 0x136dc: mov dx, 0x16b 0x136df: mov ax, 0x3d92 0x136e2: int 0x21 0x136e4: jb 0x136ff 0x136e6: mov bx, ax 0x136e8: mov ax, 0x4202 0x136eb: xor dx, dx 0x136ed: xor cx, cx 0x136ef: int 0x21 0x136f1: mov ah, 0x40
2018-12-17T23:05:36.49298026Z	52	PC: 12ae3 \| Get InDOS flag pointer
2018-12-17T23:05:36.494925038Z	53	PC: 12af2 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:36.500995272Z	37	PC: 12b06 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:36.503050364Z	75	PC: 12b44 \| Execute program
2018-12-17T23:05:36.52129339Z	74	PC: 14abf \| Reallocate memory
2018-12-17T23:05:36.523457327Z	53	PC: 1497e \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:36.524565155Z	37	PC: 1499b \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:36.526185631Z	61	PC: 1504c \| Open file (Filename = '.\vbdrt10e.exe')
2018-12-17T23:05:36.533352918Z	61	PC: 1504c \| Open file (Filename = 'C:\DOS\vbdrt10e.exe')
2018-12-17T23:05:36.544217782Z	68	PC: 14cf7 \| I/O control for devices (Set for = 'C:\DOS\vbdrt10e.exe')
2018-12-17T23:05:36.545710705Z	68	PC: 14cf7 \| I/O control for devices
2018-12-17T23:05:36.548397647Z	9	PC: 14d0b \| Display string (String= 'Input path for run-time module ')
2018-12-17T23:05:36.551024898Z	9	PC: 14d10 \| Display string (String= 'vbdrt10e.exe: ')
2018-12-17T23:05:36.55356708Z	12	PC: 14d18 \| Flush input buffer and input