Sample viewer

vx.netlux.org/Virus.DOS.Trivial.43.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:09:46.025997742Z	78	PC: 12a47 \| Find first file
2018-12-17T23:09:46.033001029Z	61	PC: 12a4f \| Open file (Filename = 'As')
2018-12-17T23:09:46.040659607Z	64	PC: 12a5b \| Write file or device (Write 43 bytes on handle 2)
2018-12-17T23:09:46.044309381Z	62	PC: 12a5f \| Close file
2018-12-17T23:09:46.046696902Z	79	PC: 12a63 \| Find next file
2018-12-17T23:09:46.050883032Z	61	PC: 12a4f \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:09:46.05910215Z	64	PC: 12a5b \| Write file or device (Write 43 bytes on handle 2)
2018-12-17T23:09:46.066836916Z	62	PC: 12a5f \| Close file
2018-12-17T23:09:46.084318048Z	79	PC: 12a63 \| Find next file
2018-12-17T23:09:46.088259316Z	61	PC: 12a4f \| Open file (Filename = 'PRINT.S')
2018-12-17T23:09:46.097043211Z	64	PC: 12a5b \| Write file or device (Write 43 bytes on handle 2)
2018-12-17T23:09:46.107818541Z	62	PC: 12a5f \| Close file
2018-12-17T23:09:46.116600354Z	79	PC: 12a63 \| Find next file
2018-12-17T23:09:46.119618589Z	61	PC: 12a4f \| Open file (Filename = 'Ap')
2018-12-17T23:09:46.137461373Z	64	PC: 12a5b \| Write file or device (Write 43 bytes on handle 2)
2018-12-17T23:09:46.144653625Z	62	PC: 12a5f \| Close file
2018-12-17T23:09:46.150808586Z	79	PC: 12a63 \| Find next file
2018-12-17T23:09:46.154025505Z	61	PC: 12a4f \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:09:46.164662667Z	64	PC: 12a5b \| Write file or device (Write 43 bytes on handle 2)
2018-12-17T23:09:46.194393338Z	62	PC: 12a5f \| Close file
2018-12-17T23:09:46.219838236Z	79	PC: 12a63 \| Find next file
2018-12-17T23:09:46.2241427Z	61	PC: 12a4f \| Open file (Filename = 'Ah')
2018-12-17T23:09:46.246362572Z	64	PC: 12a5b \| Write file or device (Write 43 bytes on handle 2)
2018-12-17T23:09:46.248563344Z	62	PC: 12a5f \| Close file
2018-12-17T23:09:46.251890707Z	79	PC: 12a63 \| Find next file
2018-12-17T23:09:46.254812557Z	61	PC: 12a4f \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:09:46.262253773Z	64	PC: 12a5b \| Write file or device (Write 43 bytes on handle 2)
2018-12-17T23:09:46.282676534Z	62	PC: 12a5f \| Close file
2018-12-17T23:09:46.291738658Z	79	PC: 12a63 \| Find next file
2018-12-17T23:09:46.298066524Z	61	PC: 12a4f \| Open file (Filename = 'Ap')
2018-12-17T23:09:46.312277309Z	64	PC: 12a5b \| Write file or device (Write 43 bytes on handle 2)
2018-12-17T23:09:46.314925847Z	62	PC: 12a5f \| Close file
2018-12-17T23:09:46.32665949Z	79	PC: 12a63 \| Find next file
2018-12-17T23:09:46.33052204Z	61	PC: 12a4f \| Open file (Filename = 'PHANG.COM')
2018-12-17T23:09:46.338781146Z	64	PC: 12a5b \| Write file or device (Write 43 bytes on handle 2)
2018-12-17T23:09:46.347011912Z	62	PC: 12a5f \| Close file
2018-12-17T23:09:46.356312427Z	79	PC: 12a63 \| Find next file
2018-12-17T23:09:46.360604394Z	61	PC: 12a4f \| Open file (Filename = 'Bc')
2018-12-17T23:09:46.367607608Z	64	PC: 12a5b \| Write file or device (Write 43 bytes on handle 2)
2018-12-17T23:09:46.370599206Z	62	PC: 12a5f \| Close file
2018-12-17T23:09:46.373382028Z	79	PC: 12a63 \| Find next file
2018-12-17T23:09:46.37676575Z	61	PC: 12a4f \| Open file (Filename = 'p')
2018-12-17T23:09:46.382071522Z	64	PC: 12a5b \| Write file or device (Write 43 bytes on handle 2)
2018-12-17T23:09:46.385322212Z	62	PC: 12a5f \| Close file
2018-12-17T23:09:46.387948986Z	79	PC: 12a63 \| Find next file
2018-12-17T23:09:46.391283668Z	61	PC: 12a4f \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:09:46.40095465Z	64	PC: 12a5b \| Write file or device (Write 43 bytes on handle 2)
2018-12-17T23:09:46.408659026Z	62	PC: 12a5f \| Close file
2018-12-17T23:09:46.426542341Z	79	PC: 12a63 \| Find next file
2018-12-17T23:09:46.430473825Z	61	PC: 12a4f \| Open file (Filename = 'MANDEL.COM')
2018-12-17T23:09:46.439507266Z	64	PC: 12a5b \| Write file or device (Write 43 bytes on handle 2)
2018-12-17T23:09:46.447439543Z	62	PC: 12a5f \| Close file
2018-12-17T23:09:46.456412086Z	79	PC: 12a63 \| Find next file
2018-12-17T23:09:46.460808979Z	61	PC: 12a4f \| Open file (Filename = 'PAH.COM')
2018-12-17T23:09:46.469466062Z	64	PC: 12a5b \| Write file or device (Write 43 bytes on handle 2)
2018-12-17T23:09:46.477445491Z	62	PC: 12a5f \| Close file
2018-12-17T23:09:46.487650885Z	79	PC: 12a63 \| Find next file
2018-12-17T23:09:46.491622692Z	61	PC: 12a4f \| Open file (Filename = 'TEST.COM')
2018-12-17T23:09:46.499588941Z	64	PC: 12a5b \| Write file or device (Write 43 bytes on handle 2)
2018-12-17T23:09:46.50521239Z	62	PC: 12a5f \| Close file
2018-12-17T23:09:46.514685225Z	79	PC: 12a63 \| Find next file
2018-12-17T23:09:48.563937034Z	72	PC: 8f1b9 \| Allocate memory
2018-12-17T23:09:48.566332035Z	72	PC: 8f1bd \| Allocate memory
2018-12-17T23:09:48.570536172Z	99	PC: 90858 \| Get DBCS lead byte table pointer
2018-12-17T23:09:48.574209307Z	61	PC: 91f88 \| Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-17T23:09:48.587329807Z	66	PC: 91f95 \| Move file pointer
2018-12-17T23:09:48.590323149Z	62	PC: 91fc1 \| Close file
2018-12-17T23:09:48.593082478Z	75	PC: 91fe0 \| Execute program
2018-12-17T23:09:48.611495167Z	98	PC: 916f1 \| Get current PSP
2018-12-17T23:09:48.61406093Z	9	PC: c605 \| Display string (String= '6ï¿½ï¿½rï¿½&;]u')
2018-12-17T23:09:48.626114796Z	48	PC: c609 \| Get DOS version
2018-12-17T23:09:48.630087295Z	9	PC: c382 \| Display string (String= ' Installed A20 handler number ')
2018-12-17T23:09:48.635752042Z	2	PC: c38c \| Character output (Char = '32')
2018-12-17T23:09:48.638421212Z	2	PC: c3a7 \| Character output (Char = '2e')
2018-12-17T23:09:48.642614995Z	9	PC: c6d9 \| Display string (String= 'ï¿½ï¿½ï¿½ï¿½ï¿½VHï¿½VDï¿½ï¿½ï¿½V@ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½î°ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½_ï¿½ï¿½ï¿½Kuï¿½ï¿½t1ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½Dï¿½ï¿½ï¿½ï¿½ï¿½t ï¿½ï¿½ ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½a1ï¿½ï¿½Zï¿½ï¿½ï¿½ï¿½ï¿½Wï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½5ï¿½ï¿½ï¿½\|ï¿½ï¿½ï¿½ï¿½ï¿½(ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½Ç‹ï¿½(ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½pï¿½^')
2018-12-17T23:09:48.649412148Z	9	PC: c6e0 \| Display string (String= 'ï¿½5ï¿½ï¿½ï¿½\|ï¿½ï¿½ï¿½ï¿½ï¿½(ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½Ç‹ï¿½(ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½pï¿½^')
2018-12-17T23:09:48.659445548Z	61	PC: 91f88 \| Open file (Filename = 'C:\WINDOWS\SMARTDRV.EXE')
2018-12-17T23:09:48.671094349Z	66	PC: 91f95 \| Move file pointer
2018-12-17T23:09:48.677464707Z	62	PC: 91fc1 \| Close file
2018-12-17T23:09:48.679797307Z	75	PC: 91fe0 \| Execute program
2018-12-17T23:09:48.69726496Z	98	PC: 916f1 \| Get current PSP
2018-12-17T23:09:48.700017684Z	82	PC: 13d46 \| Get DOS internal pointers (SYSVARS)
2018-12-17T23:09:48.702128469Z	53	PC: 13ac3 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:09:48.703175643Z	37	PC: 13ad6 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:09:48.704173505Z	53	PC: 13ae0 \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:09:48.705940002Z	37	PC: 13af3 \| Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:09:48.707053383Z	9	PC: 13a0d \| Display string (Could not find end pointer)
2018-12-17T23:09:48.715696792Z	62	PC: 8f8eb \| Close file
2018-12-17T23:09:48.718833035Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.720362624Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.721701178Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.723699419Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.725104783Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.72645497Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.727738262Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.72946377Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.730784114Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.73210741Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.734030722Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.735360546Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.73667458Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.73870173Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.740008616Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.741503201Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.747726454Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.749194675Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.750987724Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.754269822Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.756408546Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.758566963Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.760950661Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.764013378Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.766155799Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.76827261Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.771980278Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.774102805Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.77613397Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.779719032Z	62	PC: 8f8f2 \| Close file
2018-12-17T23:09:48.781569446Z	61	PC: 8f8ff \| Open file (Filename = '')
2018-12-17T23:09:48.796747746Z	62	PC: 8f90e \| Close file
2018-12-17T23:09:48.799347559Z	69	PC: 8f915 \| Duplicate handle
2018-12-17T23:09:48.802032293Z	69	PC: 8f919 \| Duplicate handle
2018-12-17T23:09:48.804238182Z	61	PC: 9387b \| Open file (Filename = '')
2018-12-17T23:09:48.810669993Z	68	PC: 9386b \| I/O control for devices (Set for = '')
2018-12-17T23:09:48.813101638Z	61	PC: 9387b \| Open file (Filename = '')
2018-12-17T23:09:48.818787333Z	68	PC: 9386b \| I/O control for devices (Set for = '')
2018-12-17T23:09:48.821053208Z	74	PC: 8f9c4 \| Reallocate memory
2018-12-17T23:09:48.824212291Z	72	PC: 8f9e0 \| Allocate memory
2018-12-17T23:09:48.826515764Z	72	PC: 8f9e4 \| Allocate memory
2018-12-17T23:09:48.828604515Z	74	PC: 8f9fb \| Reallocate memory
2018-12-17T23:09:48.831720477Z	72	PC: 8fa02 \| Allocate memory
2018-12-17T23:09:48.834052223Z	72	PC: 8fa06 \| Allocate memory
2018-12-17T23:09:48.836150231Z	73	PC: 8fa11 \| Release memory
2018-12-17T23:09:48.84242059Z	73	PC: 8efea \| Release memory
2018-12-17T23:09:48.844057044Z	74	PC: 8f003 \| Reallocate memory
2018-12-17T23:09:48.845860992Z	72	PC: 8f054 \| Allocate memory
2018-12-17T23:09:48.848822075Z	72	PC: 8f058 \| Allocate memory
2018-12-17T23:09:48.850894459Z	73	PC: 8f060 \| Release memory
2018-12-17T23:09:48.852768096Z	61	PC: 8f080 \| Open file (Filename = 'r,ï¿½Sï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½[ï¿½
2018-12-17T23:09:48.864089536Z	63	PC: 8f095 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:09:48.871194383Z	66	PC: 8f0ad \| Move file pointer
2018-12-17T23:09:48.873209286Z	62	PC: 8f0d1 \| Close file
2018-12-17T23:09:48.876550665Z	75	PC: 8f0f2 \| Execute program
2018-12-17T23:09:48.900392686Z	80	PC: 12be9 \| Set current PSP
2018-12-17T23:09:48.901453666Z	48	PC: 12bee \| Get DOS version
2018-12-17T23:09:48.903917654Z	99	PC: 193d0 \| Get DBCS lead byte table pointer
2018-12-17T23:09:48.905768696Z	101	PC: 12c74 \| Get extended country info
2018-12-17T23:09:48.906933767Z	99	PC: 12c7a \| Get DBCS lead byte table pointer
2018-12-17T23:09:48.908676055Z	74	PC: 12cdc \| Reallocate memory
2018-12-17T23:09:48.909960752Z	72	PC: 1355d \| Allocate memory
2018-12-17T23:09:48.911309318Z	25	PC: 13596 \| Get default drive
2018-12-17T23:09:48.912895817Z	71	PC: 135ad \| Get current directory
2018-12-17T23:09:48.914790635Z	59	PC: 135ba \| Change current directory
2018-12-17T23:09:48.918374869Z	59	PC: 135c8 \| Change current directory
2018-12-17T23:09:48.923946189Z	59	PC: 135d3 \| Change current directory
2018-12-17T23:09:48.927740084Z	25	PC: 12d13 \| Get default drive
2018-12-17T23:09:48.92926854Z	37	PC: 127d3 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:09:48.930983469Z	37	PC: 127da \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:09:48.93237005Z	37	PC: 127e1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:48.934562806Z	80	PC: 1301d \| Set current PSP
2018-12-17T23:09:48.935532557Z	37	PC: 13041 \| Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T23:09:48.936897506Z	53	PC: 13362 \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:09:48.937880394Z	37	PC: 13383 \| Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:09:48.939514944Z	51	PC: 13417 \| Get or set Ctrl-Break
2018-12-17T23:09:48.942571641Z	72	PC: 130ec \| Allocate memory
2018-12-17T23:09:48.943897818Z	61	PC: 131b2 \| Open file (Filename = '')
2018-12-17T23:09:48.948747908Z	62	PC: 131ba \| Close file
2018-12-17T23:09:48.950517875Z	51	PC: 1344c \| Get or set Ctrl-Break
2018-12-17T23:09:48.951681523Z	74	PC: 1197c \| Reallocate memory
2018-12-17T23:09:48.953029187Z	72	PC: 11991 \| Allocate memory
2018-12-17T23:09:48.954931231Z	73	PC: 119b2 \| Release memory
2018-12-17T23:09:48.956043327Z	72	PC: 119bd \| Allocate memory
2018-12-17T23:09:48.957673803Z	73	PC: 119df \| Release memory
2018-12-17T23:09:48.959227694Z	72	PC: 119f5 \| Allocate memory
2018-12-17T23:09:48.960856442Z	72	PC: 119fd \| Allocate memory