Sample viewer

vx.netlux.org/Virus.DOS.Kusumah.3968

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:09:23.638335374Z 51 PC: 20378 | Get or set Ctrl-Break
2018-12-17T23:09:23.640396145Z 61 PC: 205cc | Open file (Filename = 'A:\TEST.COM')
2018-12-17T23:09:23.646882716Z 66 PC: 205cc | Move file pointer
2018-12-17T23:09:23.648286733Z 62 PC: 205cc | Close file
2018-12-17T23:09:23.650554349Z 48 PC: 205cc | Get DOS version
2018-12-17T23:09:23.651681455Z 98 PC: 205cc | Get current PSP
2018-12-17T23:09:23.653481148Z 44 PC: 205cc | Get time 0x205cc: ret
0x205cd: cli
0x205ce: mov word ptr cs:[0x7f0], 0x40f8
0x205d5: mov word ptr cs:[0x7f2], 0x19
0x205dc: sti
0x205dd: ret
0x205de: mov dl, byte ptr [0x10c1]
0x205e2: mov ax, 0x201
0x205e5: mov bx, 0x11c3
0x205e8: mov di, bx
0x205ea: xor dh, dh
0x205ec: mov cx, 1
0x205ef: int 0x13
0x205f1: jb 0x20626
0x205f3: add di, 0x15
0x205f6: mov ax, word ptr [di]
0x205f8: inc dh
0x205fa: cmp ax, 0x7f9
0x205fd: je 0x20610
0x205ff: inc cx
2018-12-17T23:09:23.656029495Z 42 PC: 205cc | Get date 0x205cc: ret
0x205cd: cli
0x205ce: mov word ptr cs:[0x7f0], 0x40f8
0x205d5: mov word ptr cs:[0x7f2], 0x19
0x205dc: sti
0x205dd: ret
0x205de: mov dl, byte ptr [0x10c1]
0x205e2: mov ax, 0x201
0x205e5: mov bx, 0x11c3
0x205e8: mov di, bx
0x205ea: xor dh, dh
0x205ec: mov cx, 1
0x205ef: int 0x13
0x205f1: jb 0x20626
0x205f3: add di, 0x15
0x205f6: mov ax, word ptr [di]
0x205f8: inc dh
0x205fa: cmp ax, 0x7f9
0x205fd: je 0x20610
0x205ff: inc cx
2018-12-17T23:09:23.659412274Z 53 PC: 9ef3c | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:09:23.661327753Z 53 PC: 9ef3c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:23.665469891Z 37 PC: 9ef3c | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:09:23.667269572Z 37 PC: 9ef3c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:23.669068959Z 54 PC: 9ef3c | Get free disk space
2018-12-17T23:09:23.706849085Z 67 PC: 9ef3c | Get or set file attributes
2018-12-17T23:09:23.714553553Z 67 PC: 9ef3c | Get or set file attributes
2018-12-17T23:09:24.053981783Z 61 PC: 9ef3c | Open file (Filename = '㋟ �����Zì<%u���1�� s� ')
2018-12-17T23:09:24.058836301Z 87 PC: 9ef3c | Get or set file date and time
2018-12-17T23:09:24.060209233Z 63 PC: 9ef3c | Read file or device (Read 28 bytes on handle 5)
2018-12-17T23:09:24.065727354Z 66 PC: 9ef3c | Move file pointer
2018-12-17T23:09:24.067883273Z 63 PC: 9ef3c | Read file or device (Read 119 bytes on handle 5)
2018-12-17T23:09:24.071984343Z 66 PC: 9ef3c | Move file pointer
2018-12-17T23:09:24.072949016Z 66 PC: 9ef3c | Move file pointer
2018-12-17T23:09:24.077562603Z 64 PC: 9ef3c | Write file or device (Write 3952 bytes on handle 5)
2018-12-17T23:09:24.08803053Z 64 PC: 9ef3c | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:09:24.090916108Z 66 PC: 9ef3c | Move file pointer
2018-12-17T23:09:24.09356655Z 64 PC: 9ef3c | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:09:24.096522226Z 87 PC: 9ef3c | Get or set file date and time
2018-12-17T23:09:24.098171381Z 62 PC: 9ef3c | Close file
2018-12-17T23:09:24.115149665Z 67 PC: 9ef3c | Get or set file attributes
2018-12-17T23:09:24.124332898Z 44 PC: 9ef3c | Get time 0x9ef3c: ret
0x9ef3d: cli
0x9ef3e: mov word ptr cs:[0x7f0], 0x40f8
0x9ef45: mov word ptr cs:[0x7f2], 0x19
0x9ef4c: sti
0x9ef4d: ret
0x9ef4e: mov dl, byte ptr [0x10c1]
0x9ef52: mov ax, 0x201
0x9ef55: mov bx, 0x11c3
0x9ef58: mov di, bx
0x9ef5a: xor dh, dh
0x9ef5c: mov cx, 1
0x9ef5f: int 0x13
0x9ef61: jb 0x9ef96
0x9ef63: add di, 0x15
0x9ef66: mov ax, word ptr [di]
0x9ef68: inc dh
0x9ef6a: cmp ax, 0x7f9
0x9ef6d: je 0x9ef80
0x9ef6f: inc cx
2018-12-17T23:09:24.126737522Z 37 PC: 9ef3c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:24.129241003Z 37 PC: 9ef3c | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:09:24.131376586Z 67 PC: 204c3 | Get or set file attributes
2018-12-17T23:09:24.137780962Z 80 PC: 13fb9 | Set current PSP
2018-12-17T23:09:24.140059314Z 48 PC: 13fbe | Get DOS version
2018-12-17T23:09:24.154649593Z 2 PC: 13e6c | Character output (Char = '49')
2018-12-17T23:09:24.15722999Z 2 PC: 13e6c | Character output (Char = '6e')
2018-12-17T23:09:24.160422256Z 2 PC: 13e6c | Character output (Char = '63')
2018-12-17T23:09:24.162693464Z 2 PC: 13e6c | Character output (Char = '6f')
2018-12-17T23:09:24.164904959Z 2 PC: 13e6c | Character output (Char = '72')
2018-12-17T23:09:24.167910941Z 2 PC: 13e6c | Character output (Char = '72')
2018-12-17T23:09:24.170676923Z 2 PC: 13e6c | Character output (Char = '65')
2018-12-17T23:09:24.173236142Z 2 PC: 13e6c | Character output (Char = '63')
2018-12-17T23:09:24.176418987Z 2 PC: 13e6c | Character output (Char = '74')
2018-12-17T23:09:24.179185921Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T23:09:24.181952017Z 2 PC: 13e6c | Character output (Char = '44')
2018-12-17T23:09:24.184849135Z 2 PC: 13e6c | Character output (Char = '4f')
2018-12-17T23:09:24.187565197Z 2 PC: 13e6c | Character output (Char = '53')
2018-12-17T23:09:24.190291319Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T23:09:24.19361093Z 2 PC: 13e6c | Character output (Char = '76')
2018-12-17T23:09:24.196172405Z 2 PC: 13e6c | Character output (Char = '65')
2018-12-17T23:09:24.198518866Z 2 PC: 13e6c | Character output (Char = '72')
2018-12-17T23:09:24.201951211Z 2 PC: 13e6c | Character output (Char = '73')
2018-12-17T23:09:24.204322134Z 2 PC: 13e6c | Character output (Char = '69')
2018-12-17T23:09:24.20670203Z 2 PC: 13e6c | Character output (Char = '6f')
2018-12-17T23:09:24.209315419Z 2 PC: 13e6c | Character output (Char = '6e')
2018-12-17T23:09:24.213358107Z 2 PC: 13e6c | Character output (Char = '0d')
2018-12-17T23:09:24.215601424Z 2 PC: 13e6c | Character output (Char = '0a')