Sample viewer

vx.netlux.org/Virus.DOS.VCC.Idier.383

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:11:56.428002521Z 26 PC: 12a6f | Set disk transfer address
2018-12-17T23:11:56.429619842Z 37 PC: 12a7d | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:11:56.431800222Z 37 PC: 12a81 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:11:56.433603915Z 78 PC: 12acc | Find first file
2018-12-17T23:11:56.440706211Z 61 PC: 12b70 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:11:56.449255398Z 63 PC: 12b7f | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:11:56.456378073Z 66 PC: 12b8e | Move file pointer
2018-12-17T23:11:56.458541692Z 66 PC: 12b9d | Move file pointer
2018-12-17T23:11:56.46089615Z 64 PC: 12ba9 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:11:56.464271787Z 66 PC: 12bb5 | Move file pointer
2018-12-17T23:11:56.46596954Z 64 PC: 12bc0 | Write file or device (Write 383 bytes on handle 5)
2018-12-17T23:11:56.481632605Z 62 PC: 12bc4 | Close file
2018-12-17T23:11:56.491622572Z 79 PC: 12acc | Find next file
2018-12-17T23:11:56.495053154Z 61 PC: 12b70 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:11:56.503289894Z 63 PC: 12b7f | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:11:56.511838891Z 66 PC: 12b8e | Move file pointer
2018-12-17T23:11:56.514008872Z 66 PC: 12b9d | Move file pointer
2018-12-17T23:11:56.516185825Z 64 PC: 12ba9 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:11:56.521364254Z 66 PC: 12bb5 | Move file pointer
2018-12-17T23:11:56.523549934Z 64 PC: 12bc0 | Write file or device (Write 383 bytes on handle 5)
2018-12-17T23:11:56.528172417Z 62 PC: 12bc4 | Close file
2018-12-17T23:11:56.54002665Z 79 PC: 12acc | Find next file
2018-12-17T23:11:56.557073648Z 61 PC: 12b70 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:11:56.564549266Z 63 PC: 12b7f | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:11:56.572369713Z 66 PC: 12b8e | Move file pointer
2018-12-17T23:11:56.574025086Z 66 PC: 12b9d | Move file pointer
2018-12-17T23:11:56.575529846Z 64 PC: 12ba9 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:11:56.580382843Z 66 PC: 12bb5 | Move file pointer
2018-12-17T23:11:56.582223123Z 64 PC: 12bc0 | Write file or device (Write 383 bytes on handle 5)
2018-12-17T23:11:56.58533216Z 62 PC: 12bc4 | Close file
2018-12-17T23:11:56.595125848Z 79 PC: 12acc | Find next file
2018-12-17T23:11:56.604864722Z 61 PC: 12b70 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:11:56.611957471Z 63 PC: 12b7f | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:11:56.619074405Z 66 PC: 12b8e | Move file pointer
2018-12-17T23:11:56.621136062Z 66 PC: 12b9d | Move file pointer
2018-12-17T23:11:56.622673524Z 64 PC: 12ba9 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:11:56.625522972Z 66 PC: 12bb5 | Move file pointer
2018-12-17T23:11:56.628179408Z 64 PC: 12bc0 | Write file or device (Write 383 bytes on handle 5)
2018-12-17T23:11:56.6313817Z 62 PC: 12bc4 | Close file
2018-12-17T23:11:56.640303107Z 79 PC: 12acc | Find next file
2018-12-17T23:11:56.644546036Z 61 PC: 12b70 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:11:56.653376763Z 63 PC: 12b7f | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:11:56.660749528Z 66 PC: 12b8e | Move file pointer
2018-12-17T23:11:56.663548011Z 66 PC: 12b9d | Move file pointer
2018-12-17T23:11:56.674288699Z 64 PC: 12ba9 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:11:56.677411642Z 66 PC: 12bb5 | Move file pointer
2018-12-17T23:11:56.679906594Z 64 PC: 12bc0 | Write file or device (Write 383 bytes on handle 5)
2018-12-17T23:11:56.683597184Z 62 PC: 12bc4 | Close file
2018-12-17T23:11:56.692490369Z 79 PC: 12acc | Find next file
2018-12-17T23:11:56.695884692Z 61 PC: 12b70 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:11:56.704332388Z 63 PC: 12b7f | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:11:56.711585549Z 66 PC: 12b8e | Move file pointer
2018-12-17T23:11:56.71322394Z 66 PC: 12b9d | Move file pointer
2018-12-17T23:11:56.717065344Z 64 PC: 12ba9 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:11:56.721217101Z 66 PC: 12bb5 | Move file pointer
2018-12-17T23:11:56.722841787Z 64 PC: 12bc0 | Write file or device (Write 383 bytes on handle 5)
2018-12-17T23:11:56.732363303Z 62 PC: 12bc4 | Close file
2018-12-17T23:11:56.741187447Z 79 PC: 12acc | Find next file
2018-12-17T23:11:56.744147073Z 61 PC: 12b70 | Open file (Filename = 'PAH.COM')
2018-12-17T23:11:56.75238753Z 63 PC: 12b7f | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:11:56.759649156Z 66 PC: 12b8e | Move file pointer
2018-12-17T23:11:56.761217094Z 66 PC: 12b9d | Move file pointer
2018-12-17T23:11:56.76277287Z 64 PC: 12ba9 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:11:56.76637299Z 66 PC: 12bb5 | Move file pointer
2018-12-17T23:11:56.767913868Z 64 PC: 12bc0 | Write file or device (Write 383 bytes on handle 5)
2018-12-17T23:11:56.77079685Z 62 PC: 12bc4 | Close file
2018-12-17T23:11:56.780094805Z 79 PC: 12acc | Find next file
2018-12-17T23:11:56.783496742Z 61 PC: 12b70 | Open file (Filename = 'TEST.COM')
2018-12-17T23:11:56.792049888Z 63 PC: 12b7f | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:11:56.796452297Z 62 PC: 12bc4 | Close file
2018-12-17T23:11:56.798608682Z 79 PC: 12acc | Find next file
2018-12-17T23:11:56.801317907Z 26 PC: 12adc | Set disk transfer address
2018-12-17T23:11:58.999223546Z 72 PC: 8f1b9 | Allocate memory
2018-12-17T23:11:59.001738014Z 72 PC: 8f1bd | Allocate memory
2018-12-17T23:11:59.004720754Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-17T23:11:59.009108335Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-17T23:11:59.021745791Z 66 PC: 91f95 | Move file pointer
2018-12-17T23:11:59.023426371Z 62 PC: 91fc1 | Close file
2018-12-17T23:11:59.026143941Z 75 PC: 91fe0 | Execute program
2018-12-17T23:11:59.045714564Z 98 PC: 916f1 | Get current PSP
2018-12-17T23:11:59.047618255Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-17T23:11:59.052661208Z 48 PC: c609 | Get DOS version
2018-12-17T23:11:59.057084557Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-17T23:11:59.06015467Z 2 PC: c38c | Character output (Char = '32')
2018-12-17T23:11:59.063636288Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-17T23:11:59.068980748Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-17T23:11:59.07358675Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-17T23:11:59.079070523Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\SMARTDRV.EXE')
2018-12-17T23:11:59.091653766Z 66 PC: 91f95 | Move file pointer
2018-12-17T23:11:59.094206837Z 62 PC: 91fc1 | Close file
2018-12-17T23:11:59.096944555Z 75 PC: 91fe0 | Execute program
2018-12-17T23:11:59.12152522Z 98 PC: 916f1 | Get current PSP
2018-12-17T23:11:59.126578644Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-17T23:11:59.129127156Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:11:59.132015659Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:11:59.13397861Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:11:59.135856051Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:11:59.137668819Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-17T23:11:59.147362559Z 62 PC: 8f8eb | Close file
2018-12-17T23:11:59.149686941Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.151959524Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.154755001Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.157132212Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.15916231Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.161965942Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.164341459Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.166355997Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.168557557Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.171487237Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.173479864Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.175491948Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.178612066Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.180640019Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.182601828Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.185406142Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.187798591Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.189823008Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.192628835Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.195016144Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.196977883Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.199150469Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.201986362Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.203933043Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.205892117Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.208960337Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.210979565Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.212956692Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.215809037Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.219030224Z 62 PC: 8f8f2 | Close file
2018-12-17T23:11:59.220999567Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-17T23:11:59.227488641Z 62 PC: 8f90e | Close file
2018-12-17T23:11:59.230201462Z 69 PC: 8f915 | Duplicate handle
2018-12-17T23:11:59.2323331Z 69 PC: 8f919 | Duplicate handle
2018-12-17T23:11:59.234674193Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T23:11:59.242082014Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T23:11:59.243674118Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T23:11:59.248740435Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T23:11:59.251824886Z 74 PC: 8f9c4 | Reallocate memory
2018-12-17T23:11:59.253409486Z 72 PC: 8f9e0 | Allocate memory
2018-12-17T23:11:59.255323596Z 72 PC: 8f9e4 | Allocate memory
2018-12-17T23:11:59.257808999Z 74 PC: 8f9fb | Reallocate memory
2018-12-17T23:11:59.259670681Z 72 PC: 8fa02 | Allocate memory
2018-12-17T23:11:59.261914731Z 72 PC: 8fa06 | Allocate memory
2018-12-17T23:11:59.26463682Z 73 PC: 8fa11 | Release memory
2018-12-17T23:11:59.266467352Z 73 PC: 8efea | Release memory
2018-12-17T23:11:59.268096175Z 74 PC: 8f003 | Reallocate memory
2018-12-17T23:11:59.27122026Z 72 PC: 8f054 | Allocate memory
2018-12-17T23:11:59.278383491Z 72 PC: 8f058 | Allocate memory
2018-12-17T23:11:59.280314052Z 73 PC: 8f060 | Release memory
2018-12-17T23:11:59.288162802Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-17T23:11:59.30748101Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:11:59.32248692Z 66 PC: 8f0ad | Move file pointer
2018-12-17T23:11:59.342705662Z 62 PC: 8f0d1 | Close file
2018-12-17T23:11:59.346589947Z 75 PC: 8f0f2 | Execute program
2018-12-17T23:11:59.37786434Z 80 PC: 12be9 | Set current PSP
2018-12-17T23:11:59.379989987Z 48 PC: 12bee | Get DOS version
2018-12-17T23:11:59.382418294Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-17T23:11:59.385331422Z 101 PC: 12c74 | Get extended country info
2018-12-17T23:11:59.387832075Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-17T23:11:59.389845401Z 74 PC: 12cdc | Reallocate memory
2018-12-17T23:11:59.391726118Z 72 PC: 1355d | Allocate memory
2018-12-17T23:11:59.39447135Z 25 PC: 13596 | Get default drive
2018-12-17T23:11:59.396301682Z 71 PC: 135ad | Get current directory
2018-12-17T23:11:59.399119692Z 59 PC: 135ba | Change current directory
2018-12-17T23:11:59.405220244Z 59 PC: 135c8 | Change current directory
2018-12-17T23:11:59.412298966Z 59 PC: 135d3 | Change current directory
2018-12-17T23:11:59.416799329Z 25 PC: 12d13 | Get default drive
2018-12-17T23:11:59.418755127Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:11:59.421793812Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:11:59.423649662Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:59.426848878Z 80 PC: 1301d | Set current PSP
2018-12-17T23:11:59.428846956Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T23:11:59.430936345Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:11:59.432966563Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:11:59.4354592Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-17T23:11:59.438163135Z 72 PC: 130ec | Allocate memory
2018-12-17T23:11:59.440848465Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-17T23:11:59.448887403Z 62 PC: 131ba | Close file
2018-12-17T23:11:59.451548286Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-17T23:11:59.45266724Z 74 PC: 1197c | Reallocate memory
2018-12-17T23:11:59.45458681Z 72 PC: 11991 | Allocate memory
2018-12-17T23:11:59.456262682Z 73 PC: 119b2 | Release memory
2018-12-17T23:11:59.457552768Z 72 PC: 119bd | Allocate memory
2018-12-17T23:11:59.45969686Z 73 PC: 119df | Release memory
2018-12-17T23:11:59.461007455Z 72 PC: 119f5 | Allocate memory
2018-12-17T23:11:59.462644333Z 72 PC: 119fd | Allocate memory