Sample viewer

vx.netlux.org/Virus.DOS.Istanbul.1312

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:07:06.084626254Z 67 PC: 1de9d | Get or set file attributes
2018-12-17T23:07:06.097852057Z 67 PC: 1dea7 | Get or set file attributes
2018-12-17T23:07:06.116028547Z 61 PC: 1deae | Open file (Filename = '')
2018-12-17T23:07:06.125888733Z 66 PC: 1deb9 | Move file pointer
2018-12-17T23:07:06.127893482Z 42 PC: 1e20f | Get date 0x1e20f: call 0x1e214
0x1e212: pop bx
0x1e213: ret
0x1e214: cmp cx, 0x7d0
0x1e218: jne 0x1e222
0x1e21a: cmp dh, 0xc
0x1e21d: jne 0x1e222
0x1e21f: cmp dl, 0x15
0x1e222: ret
0x1e223: mov al, 3
0x1e225: iret
0x1e226: push bp
0x1e227: add word ptr [bp + di + 0x3d08], bx
0x1e22b: and al, 0x46
0x1e22d: jne 0x1e233
0x1e22f: mov ax, 0x3434
0x1e232: iret
0x1e233: cmp ax, 0x4b00
0x1e236: je 0x1e23a
0x1e238: jmp 0x1e2a8
2018-12-17T23:07:06.130641017Z 62 PC: 1ded6 | Close file
2018-12-17T23:07:06.134583969Z 67 PC: 1dede | Get or set file attributes
2018-12-17T23:07:06.145775488Z 70 PC: 1dee8 | Redirect handle
2018-12-17T23:07:06.147807979Z 42 PC: 1e20f | Get date 0x1e20f: call 0x1e214
0x1e212: pop bx
0x1e213: ret
0x1e214: cmp cx, 0x7d0
0x1e218: jne 0x1e222
0x1e21a: cmp dh, 0xc
0x1e21d: jne 0x1e222
0x1e21f: cmp dl, 0x15
0x1e222: ret
0x1e223: mov al, 3
0x1e225: iret
0x1e226: push bp
0x1e227: add word ptr [bp + di + 0x3d08], bx
0x1e22b: and al, 0x46
0x1e22d: jne 0x1e233
0x1e22f: mov ax, 0x3434
0x1e232: iret
0x1e233: cmp ax, 0x4b00
0x1e236: je 0x1e23a
0x1e238: jmp 0x1e2a8
2018-12-17T23:07:06.15222915Z 74 PC: 12a76 | Reallocate memory
2018-12-17T23:07:06.15436227Z 53 PC: 18d06 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:07:06.156183464Z 53 PC: 18d06 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:07:06.160411592Z 53 PC: 18d06 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:07:06.162207498Z 37 PC: 18d2d | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:07:06.163665559Z 37 PC: 18d2d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:07:06.165416651Z 37 PC: 18d2d | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:07:06.170601297Z 51 PC: 18ce7 | Get or set Ctrl-Break
2018-12-17T23:07:06.172600876Z 51 PC: 18cf9 | Get or set Ctrl-Break
2018-12-17T23:07:06.174590988Z 74 PC: 1b2dc | Reallocate memory
2018-12-17T23:07:06.17823082Z 74 PC: 1b2e0 | Reallocate memory
2018-12-17T23:07:06.180654556Z 72 PC: 17a1e | Allocate memory
2018-12-17T23:07:06.182816911Z 72 PC: 17a31 | Allocate memory
2018-12-17T23:07:06.18676829Z 43 PC: 191eb | Set date
2018-12-17T23:07:06.190714979Z 42 PC: 1889b | Get date 0x1889b: mov word ptr [bp - 6], cx
0x1889e: mov byte ptr [bp - 7], dh
0x188a1: mov byte ptr [bp - 8], dl
0x188a4: mov byte ptr [bp - 2], al
0x188a7: mov ah, 0x2c
0x188a9: int 0x21
0x188ab: mov byte ptr [bp - 0xc], ch
0x188ae: mov byte ptr [bp - 0xb], cl
0x188b1: mov byte ptr [bp - 0xa], dh
0x188b4: mov byte ptr [bp - 9], dl
0x188b7: push ss
0x188b8: lea ax, word ptr [bp - 0xc]
0x188bb: push ax
0x188bc: push ds
0x188bd: push word ptr [bp + 4]
0x188c0: mov ax, 0xb
0x188c3: push ax
0x188c4: call 0x1b234
0x188c7: mov sp, bp
0x188c9: pop bp
2018-12-17T23:07:06.193723785Z 44 PC: 188ab | Get time 0x188ab: mov byte ptr [bp - 0xc], ch
0x188ae: mov byte ptr [bp - 0xb], cl
0x188b1: mov byte ptr [bp - 0xa], dh
0x188b4: mov byte ptr [bp - 9], dl
0x188b7: push ss
0x188b8: lea ax, word ptr [bp - 0xc]
0x188bb: push ax
0x188bc: push ds
0x188bd: push word ptr [bp + 4]
0x188c0: mov ax, 0xb
0x188c3: push ax
0x188c4: call 0x1b234
0x188c7: mov sp, bp
0x188c9: pop bp
0x188ca: ret 2
0x188cd: push bp
0x188ce: mov bp, sp
0x188d0: mov dx, word ptr [bp + 6]
0x188d3: mov ax, 0x4300
0x188d6: call 0x287eb
2018-12-17T23:07:06.198142221Z 25 PC: 187f4 | Get default drive
2018-12-17T23:07:06.202725778Z 71 PC: 187f4 | Get current directory