Sample viewer

vx.netlux.org/Virus.DOS.VCL.CountDown.1300

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:07:43.436451027Z	47	PC: 14bc7 \| Get disk transfer address
2018-12-17T23:07:43.438591205Z	26	PC: 14bd0 \| Set disk transfer address
2018-12-17T23:07:43.445268727Z	71	PC: 15064 \| Get current directory
2018-12-17T23:07:43.448335558Z	59	PC: 1506d \| Change current directory
2018-12-17T23:07:43.453126828Z	47	PC: 14c7f \| Get disk transfer address
2018-12-17T23:07:43.454392526Z	26	PC: 14ca3 \| Set disk transfer address
2018-12-17T23:07:43.455624793Z	78	PC: 15047 \| Find first file
2018-12-17T23:07:43.46206714Z	79	PC: 14cdd \| Find next file
2018-12-17T23:07:43.466591415Z	79	PC: 14cdd \| Find next file
2018-12-17T23:07:43.469761291Z	79	PC: 14cdd \| Find next file
2018-12-17T23:07:43.472916318Z	79	PC: 14cdd \| Find next file
2018-12-17T23:07:43.477427092Z	79	PC: 14cdd \| Find next file
2018-12-17T23:07:43.480468636Z	79	PC: 14cdd \| Find next file
2018-12-17T23:07:43.4834689Z	79	PC: 14cdd \| Find next file
2018-12-17T23:07:43.487008696Z	79	PC: 14cdd \| Find next file
2018-12-17T23:07:43.490000783Z	79	PC: 14cdd \| Find next file
2018-12-17T23:07:43.492769814Z	47	PC: 15035 \| Get disk transfer address
2018-12-17T23:07:43.49714923Z	26	PC: 14d0e \| Set disk transfer address
2018-12-17T23:07:43.503588945Z	78	PC: 14d17 \| Find first file
2018-12-17T23:07:43.510723309Z	47	PC: 14e29 \| Get disk transfer address
2018-12-17T23:07:43.512550318Z	61	PC: 14e7b \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:07:43.519499354Z	63	PC: 14e80 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:43.526224137Z	66	PC: 14ea8 \| Move file pointer
2018-12-17T23:07:43.527946878Z	62	PC: 14ece \| Close file
2018-12-17T23:07:43.530388474Z	67	PC: 14ee7 \| Get or set file attributes
2018-12-17T23:07:43.54819653Z	61	PC: 14ef1 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:07:43.555710324Z	64	PC: 14f02 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:43.558854395Z	66	PC: 14f65 \| Move file pointer
2018-12-17T23:07:43.560367397Z	64	PC: 14f2b \| Write file or device (Write 1300 bytes on handle 5)
2018-12-17T23:07:43.569968319Z	87	PC: 14f7e \| Get or set file date and time
2018-12-17T23:07:43.572768959Z	62	PC: 14f34 \| Close file
2018-12-17T23:07:43.581223737Z	67	PC: 14f3a \| Get or set file attributes
2018-12-17T23:07:43.59280538Z	26	PC: 14d35 \| Set disk transfer address
2018-12-17T23:07:43.595169936Z	26	PC: 1504f \| Set disk transfer address
2018-12-17T23:07:43.596895627Z	59	PC: 15079 \| Change current directory
2018-12-17T23:07:43.599398967Z	71	PC: 15064 \| Get current directory
2018-12-17T23:07:43.60298866Z	59	PC: 1506d \| Change current directory
2018-12-17T23:07:43.609013158Z	47	PC: 14c7f \| Get disk transfer address
2018-12-17T23:07:43.61080837Z	26	PC: 14ca3 \| Set disk transfer address
2018-12-17T23:07:43.612817681Z	78	PC: 15047 \| Find first file
2018-12-17T23:07:43.61941933Z	79	PC: 14cdd \| Find next file
2018-12-17T23:07:43.62226386Z	79	PC: 14cdd \| Find next file
2018-12-17T23:07:43.642003718Z	79	PC: 14cdd \| Find next file
2018-12-17T23:07:43.64524701Z	79	PC: 14cdd \| Find next file
2018-12-17T23:07:43.648368463Z	79	PC: 14cdd \| Find next file
2018-12-17T23:07:43.651757542Z	79	PC: 14cdd \| Find next file
2018-12-17T23:07:43.655233676Z	79	PC: 14cdd \| Find next file
2018-12-17T23:07:43.657894134Z	79	PC: 14cdd \| Find next file
2018-12-17T23:07:43.66054181Z	79	PC: 14cdd \| Find next file
2018-12-17T23:07:43.663759972Z	47	PC: 15035 \| Get disk transfer address
2018-12-17T23:07:43.665408189Z	26	PC: 14d0e \| Set disk transfer address
2018-12-17T23:07:43.667190269Z	78	PC: 14d17 \| Find first file
2018-12-17T23:07:43.674600852Z	47	PC: 14e29 \| Get disk transfer address
2018-12-17T23:07:43.677241919Z	61	PC: 14e7b \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:07:43.684766279Z	63	PC: 14e80 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:43.693100321Z	66	PC: 14ea8 \| Move file pointer
2018-12-17T23:07:43.694951429Z	62	PC: 14ece \| Close file
2018-12-17T23:07:43.697195126Z	79	PC: 14d17 \| Find next file
2018-12-17T23:07:43.70134361Z	47	PC: 14e29 \| Get disk transfer address
2018-12-17T23:07:43.702860515Z	61	PC: 14e7b \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:07:43.710767945Z	63	PC: 14e80 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:43.71912986Z	66	PC: 14ea8 \| Move file pointer
2018-12-17T23:07:43.721498525Z	62	PC: 14ece \| Close file
2018-12-17T23:07:43.723762816Z	67	PC: 14ee7 \| Get or set file attributes
2018-12-17T23:07:43.735183331Z	61	PC: 14ef1 \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:07:43.742627921Z	64	PC: 14f02 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:43.744712848Z	66	PC: 14f65 \| Move file pointer
2018-12-17T23:07:43.746447242Z	64	PC: 14f2b \| Write file or device (Write 1300 bytes on handle 5)
2018-12-17T23:07:43.752475181Z	87	PC: 14f7e \| Get or set file date and time
2018-12-17T23:07:43.753781654Z	62	PC: 14f34 \| Close file
2018-12-17T23:07:43.759022261Z	67	PC: 14f3a \| Get or set file attributes
2018-12-17T23:07:43.765738687Z	26	PC: 14d35 \| Set disk transfer address
2018-12-17T23:07:43.766745717Z	26	PC: 1504f \| Set disk transfer address
2018-12-17T23:07:43.76770593Z	59	PC: 15079 \| Change current directory
2018-12-17T23:07:43.769996219Z	71	PC: 15064 \| Get current directory
2018-12-17T23:07:43.772901545Z	59	PC: 1506d \| Change current directory
2018-12-17T23:07:43.777239041Z	47	PC: 14c7f \| Get disk transfer address
2018-12-17T23:07:43.77875616Z	26	PC: 14ca3 \| Set disk transfer address
2018-12-17T23:07:43.779809881Z	78	PC: 15047 \| Find first file
2018-12-17T23:07:43.786937567Z	79	PC: 14cdd \| Find next file
2018-12-17T23:07:43.790337133Z	79	PC: 14cdd \| Find next file
2018-12-17T23:07:43.792944396Z	79	PC: 14cdd \| Find next file
2018-12-17T23:07:43.7955364Z	79	PC: 14cdd \| Find next file
2018-12-17T23:07:43.798857811Z	79	PC: 14cdd \| Find next file
2018-12-17T23:07:43.801157186Z	79	PC: 14cdd \| Find next file
2018-12-17T23:07:43.803061272Z	79	PC: 14cdd \| Find next file
2018-12-17T23:07:43.804939731Z	79	PC: 14cdd \| Find next file
2018-12-17T23:07:43.807329927Z	79	PC: 14cdd \| Find next file
2018-12-17T23:07:43.809073839Z	47	PC: 15035 \| Get disk transfer address
2018-12-17T23:07:43.810190042Z	26	PC: 14d0e \| Set disk transfer address
2018-12-17T23:07:43.811843464Z	78	PC: 14d17 \| Find first file
2018-12-17T23:07:43.819122171Z	47	PC: 14e29 \| Get disk transfer address
2018-12-17T23:07:43.820090683Z	61	PC: 14e7b \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:07:43.825071842Z	63	PC: 14e80 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:43.82951589Z	66	PC: 14ea8 \| Move file pointer
2018-12-17T23:07:43.830741763Z	62	PC: 14ece \| Close file
2018-12-17T23:07:43.832894032Z	79	PC: 14d17 \| Find next file
2018-12-17T23:07:43.835878889Z	47	PC: 14e29 \| Get disk transfer address
2018-12-17T23:07:43.836934517Z	61	PC: 14e7b \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:07:43.844437729Z	63	PC: 14e80 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:43.851593396Z	66	PC: 14ea8 \| Move file pointer
2018-12-17T23:07:43.853057266Z	62	PC: 14ece \| Close file
2018-12-17T23:07:43.855149058Z	79	PC: 14d17 \| Find next file
2018-12-17T23:07:43.857326176Z	47	PC: 14e29 \| Get disk transfer address
2018-12-17T23:07:43.858440373Z	61	PC: 14e7b \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:07:43.863241009Z	63	PC: 14e80 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:43.870259773Z	66	PC: 14ea8 \| Move file pointer
2018-12-17T23:07:43.871784636Z	62	PC: 14ece \| Close file
2018-12-17T23:07:43.873709195Z	67	PC: 14ee7 \| Get or set file attributes
2018-12-17T23:07:43.885143306Z	61	PC: 14ef1 \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:07:43.890326507Z	64	PC: 14f02 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:43.893628998Z	66	PC: 14f65 \| Move file pointer
2018-12-17T23:07:43.895873147Z	64	PC: 14f2b \| Write file or device (Write 1300 bytes on handle 5)
2018-12-17T23:07:43.903830219Z	87	PC: 14f7e \| Get or set file date and time
2018-12-17T23:07:43.905363871Z	62	PC: 14f34 \| Close file
2018-12-17T23:07:43.91351513Z	67	PC: 14f3a \| Get or set file attributes
2018-12-17T23:07:43.924432326Z	26	PC: 14d35 \| Set disk transfer address
2018-12-17T23:07:43.925645874Z	26	PC: 1504f \| Set disk transfer address
2018-12-17T23:07:43.927638409Z	59	PC: 15079 \| Change current directory
2018-12-17T23:07:43.929756166Z	42	PC: 14bfe \| Get date 0x14bfe: mov al, dl 0x14c00: cwde 0x14c01: cmp ax, 0x12 0x14c04: jne 0x14c10 0x14c06: call 0x14f59 0x14c09: cmp ax, 1 0x14c0c: jne 0x14c10 0x14c0e: jmp 0x14c26 0x14c10: call 0x14f59 0x14c13: cmp ax, 0xc 0x14c16: jne 0x14c61 0x14c18: mov ah, 0x2a 0x14c1a: int 0x21 0x14c1c: mov al, dl 0x14c1e: cwde 0x14c1f: cmp ax, 0x14 0x14c22: jl 0x14c61 0x14c24: jmp 0x14c26 0x14c26: lea si, word ptr [di + 0x2cd] 0x14c2a: mov ah, 0xe
2018-12-17T23:07:43.932382121Z	42	PC: 14f5e \| Get date 0x14f5e: mov al, dh 0x14f60: nop 0x14f61: cwde 0x14f62: ret 0x14f63: int 0x21 0x14f65: ret 0x14f66: lea dx, word ptr [bp - 0x80] 0x14f69: jmp 0x14bce 0x14f6c: sub sp, 0x80 0x14f70: jmp 0x14bc3 0x14f73: mov ax, 0x5701 0x14f76: mov cx, word ptr [si + 0x16] 0x14f79: mov dx, word ptr [si + 0x18] 0x14f7c: int 0x21 0x14f7e: jmp 0x14f2f 0x14f80: movsw word ptr es:[di], word ptr [si] 0x14f81: jmp 0x14b9e 0x14f84: pop cx 0x14f85: jmp 0x14bf7 0x14f88: mov bp, sp
2018-12-17T23:07:43.935500735Z	42	PC: 14c1c \| Get date 0x14c1c: mov al, dl 0x14c1e: cwde 0x14c1f: cmp ax, 0x14 0x14c22: jl 0x14c61 0x14c24: jmp 0x14c26 0x14c26: lea si, word ptr [di + 0x2cd] 0x14c2a: mov ah, 0xe 0x14c2c: lodsb al, byte ptr [si] 0x14c2d: or al, al 0x14c2f: je 0x14c35 0x14c31: int 0x10 0x14c33: jmp 0x14c2c 0x14c35: mov cx, 0x3e8 0x14c38: jcxz 0x14c41 0x14c3a: mov ax, 0xe07 0x14c3d: int 0x10 0x14c3f: loop 0x14c3d 0x14c41: mov ax, 2 0x14c44: mov cx, 0x1770 0x14c47: call 0x14e1c
2018-12-17T23:07:43.937743762Z	26	PC: 14c66 \| Set disk transfer address
2018-12-17T23:07:43.939168109Z	51	PC: 130c8 \| Get or set Ctrl-Break
2018-12-17T23:07:43.94047851Z	84	PC: 130cc \| Get verify flag
2018-12-17T23:07:43.942046931Z	46	PC: 14172 \| Set verify flag
2018-12-17T23:07:43.943436737Z	37	PC: 130dd \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:07:43.945053302Z	25	PC: 14172 \| Get default drive
2018-12-17T23:07:43.946678256Z	71	PC: 14172 \| Get current directory
2018-12-17T23:07:43.950689895Z	73	PC: 13168 \| Release memory
2018-12-17T23:07:43.95249787Z	74	PC: 1316f \| Reallocate memory
2018-12-17T23:07:43.954514978Z	71	PC: 14172 \| Get current directory
2018-12-17T23:07:43.961361033Z	78	PC: 14172 \| Find first file
2018-12-17T23:07:43.968761179Z	79	PC: 14457 \| Find next file
2018-12-17T23:07:43.972477651Z	79	PC: 14457 \| Find next file
2018-12-17T23:07:43.975923336Z	79	PC: 14457 \| Find next file
2018-12-17T23:07:43.979550389Z	79	PC: 14457 \| Find next file
2018-12-17T23:07:43.983299109Z	79	PC: 14457 \| Find next file
2018-12-17T23:07:43.986963337Z	79	PC: 14457 \| Find next file
2018-12-17T23:07:43.99058137Z	79	PC: 14457 \| Find next file
2018-12-17T23:07:43.994188563Z	79	PC: 14457 \| Find next file
2018-12-17T23:07:43.997597761Z	79	PC: 14457 \| Find next file
2018-12-17T23:07:44.001820428Z	25	PC: 14172 \| Get default drive
2018-12-17T23:07:44.003484684Z	71	PC: 14172 \| Get current directory
2018-12-17T23:07:44.007048676Z	54	PC: 141a7 \| Get free disk space
2018-12-17T23:07:44.017318362Z	59	PC: 14172 \| Change current directory
2018-12-17T23:07:44.022109812Z	14	PC: 14172 \| Set default drive (Drive = 'A')
2018-12-17T23:07:44.023893201Z	59	PC: 14172 \| Change current directory