Sample viewer

vx.netlux.org/Virus.DOS.Jeff.812

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:03:53.322216977Z 25 PC: 12bea | Get default drive
2018-12-17T22:03:53.324077398Z 14 PC: 12bf5 | Set default drive (Drive = 'C')
2018-12-17T22:03:53.325673223Z 71 PC: 12c00 | Get current directory
2018-12-17T22:03:53.328344691Z 26 PC: 12c0d | Set disk transfer address
2018-12-17T22:03:53.330948534Z 78 PC: 12c5d | Find first file
2018-12-17T22:03:53.337801696Z 61 PC: 12c71 | Open file (Filename = '�����')
2018-12-17T22:03:53.345348856Z 63 PC: 12c7d | Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:03:53.348894189Z 62 PC: 12c81 | Close file
2018-12-17T22:03:53.350867093Z 67 PC: 12c96 | Get or set file attributes
2018-12-17T22:03:53.35617591Z 67 PC: 12ca0 | Get or set file attributes
2018-12-17T22:03:54.004200303Z 61 PC: 12ca8 | Open file (Filename = '�����')
2018-12-17T22:03:54.009419076Z 87 PC: 12cb4 | Get or set file date and time
2018-12-17T22:03:54.010629286Z 63 PC: 12cc4 | Read file or device (Read 12 bytes on handle 5)
2018-12-17T22:03:54.013343316Z 66 PC: 12cd1 | Move file pointer
2018-12-17T22:03:54.016660964Z 66 PC: 12cf4 | Move file pointer
2018-12-17T22:03:54.01840252Z 64 PC: 12cfe | Write file or device (Write 12 bytes on handle 5)
2018-12-17T22:03:54.021466113Z 66 PC: 12d0b | Move file pointer
2018-12-17T22:03:54.024319892Z 64 PC: 12d1d | Write file or device (Write 823 bytes on handle 5)
2018-12-17T22:03:54.034441446Z 87 PC: 12d24 | Get or set file date and time
2018-12-17T22:03:54.036194854Z 67 PC: 12d2d | Get or set file attributes
2018-12-17T22:03:54.047001691Z 62 PC: 12d31 | Close file
2018-12-17T22:03:54.053021103Z 59 PC: 12d38 | Change current directory
2018-12-17T22:03:54.056486181Z 14 PC: 12d40 | Set default drive (Drive = 'A')
2018-12-17T22:03:54.058511967Z 42 PC: 12d44 | Get date 0x12d44: cmp cx, word ptr [0x3f9]
0x12d48: jb 0x12d7a
0x12d4a: cmp dh, byte ptr [0x3fb]
0x12d4e: jb 0x12d7a
0x12d50: cmp dl, byte ptr [0x3fc]
0x12d54: jne 0x12d7a
0x12d56: mov bx, 0x3fd
0x12d59: mov ah, 2
0x12d5b: mov dl, byte ptr [bx]
0x12d5d: cmp dl, 0
0x12d60: je 0x12d6a
0x12d62: inc bx
0x12d63: xor dl, 0xff
0x12d66: int 0x21
0x12d68: jmp 0x12d59
0x12d6a: mov al, byte ptr [0x30b]
0x12d6d: xor ah, ah
0x12d6f: mov cx, 0x7e
0x12d72: mov dx, 1
0x12d75: int 0x26
2018-12-17T22:03:54.060876991Z 48 PC: 12a44 | Get DOS version
2018-12-17T22:03:54.062193001Z 9 PC: 12a50 | Display string (String= 'MORE: Incorrect DOS version ')