Sample viewer

vx.netlux.org/Virus.DOS.Goma.4301

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:12:09.680593782Z 74 PC: 12b00 | Reallocate memory
2018-12-17T23:12:09.685458873Z 26 PC: 12b24 | Set disk transfer address
2018-12-17T23:12:09.687162231Z 78 PC: 12b84 | Find first file
2018-12-17T23:12:09.692266055Z 78 PC: 12b84 | Find first file
2018-12-17T23:12:09.700306923Z 26 PC: 12b24 | Set disk transfer address
2018-12-17T23:12:09.701657945Z 79 PC: 12b84 | Find next file
2018-12-17T23:12:09.705330945Z 26 PC: 12b24 | Set disk transfer address
2018-12-17T23:12:09.707212207Z 79 PC: 12b84 | Find next file
2018-12-17T23:12:09.711074672Z 26 PC: 12b24 | Set disk transfer address
2018-12-17T23:12:09.712345482Z 79 PC: 12b84 | Find next file
2018-12-17T23:12:09.716286668Z 26 PC: 12b24 | Set disk transfer address
2018-12-17T23:12:09.718025729Z 79 PC: 12b84 | Find next file
2018-12-17T23:12:09.721412652Z 26 PC: 12b24 | Set disk transfer address
2018-12-17T23:12:09.722292931Z 79 PC: 12b84 | Find next file
2018-12-17T23:12:09.726637525Z 26 PC: 12b24 | Set disk transfer address
2018-12-17T23:12:09.72773722Z 79 PC: 12b84 | Find next file
2018-12-17T23:12:09.731191437Z 26 PC: 12b24 | Set disk transfer address
2018-12-17T23:12:09.733880864Z 79 PC: 12b84 | Find next file
2018-12-17T23:12:09.737488676Z 26 PC: 12b24 | Set disk transfer address
2018-12-17T23:12:09.738748576Z 79 PC: 12b84 | Find next file
2018-12-17T23:12:09.742187012Z 78 PC: 12b84 | Find first file
2018-12-17T23:12:09.763724485Z 61 PC: 13000 | Open file (Filename = 'TEST.COM')
2018-12-17T23:12:09.782009339Z 69 PC: 1300c | Duplicate handle
2018-12-17T23:12:09.784834468Z 70 PC: 13016 | Redirect handle
2018-12-17T23:12:09.786840528Z 60 PC: 1302e | Create or truncate file
2018-12-17T23:12:09.791708736Z 69 PC: 1304c | Duplicate handle
2018-12-17T23:12:09.793771355Z 70 PC: 13057 | Redirect handle
2018-12-17T23:12:09.796307868Z 71 PC: 130d0 | Get current directory
2018-12-17T23:12:09.799709313Z 26 PC: 132e8 | Set disk transfer address
2018-12-17T23:12:09.801530861Z 78 PC: 132f1 | Find first file
2018-12-17T23:12:09.807939111Z 26 PC: 132e8 | Set disk transfer address
2018-12-17T23:12:09.809069841Z 78 PC: 132f1 | Find first file
2018-12-17T23:12:09.81537618Z 26 PC: 132e8 | Set disk transfer address
2018-12-17T23:12:09.817955125Z 78 PC: 132f1 | Find first file
2018-12-17T23:12:09.824328392Z 26 PC: 132e8 | Set disk transfer address
2018-12-17T23:12:09.825735822Z 78 PC: 132f1 | Find first file
2018-12-17T23:12:09.836047832Z 26 PC: 132e8 | Set disk transfer address
2018-12-17T23:12:09.837030717Z 78 PC: 132f1 | Find first file
2018-12-17T23:12:09.84350859Z 26 PC: 132e8 | Set disk transfer address
2018-12-17T23:12:09.845630293Z 78 PC: 132f1 | Find first file
2018-12-17T23:12:09.851975461Z 2 PC: 12ff1 | Character output (Char = '4e')
2018-12-17T23:12:09.853683076Z 2 PC: 12ff1 | Character output (Char = '65')
2018-12-17T23:12:09.856234059Z 2 PC: 12ff1 | Character output (Char = '6d')
2018-12-17T23:12:09.857851671Z 2 PC: 12ff1 | Character output (Char = '20')
2018-12-17T23:12:09.859443101Z 2 PC: 12ff1 | Character output (Char = '72')
2018-12-17T23:12:09.87091714Z 2 PC: 12ff1 | Character output (Char = '6f')
2018-12-17T23:12:09.872545584Z 2 PC: 12ff1 | Character output (Char = '6c')
2018-12-17T23:12:09.874284001Z 2 PC: 12ff1 | Character output (Char = '6f')
2018-12-17T23:12:09.876638917Z 2 PC: 12ff1 | Character output (Char = '75')
2018-12-17T23:12:09.878365204Z 2 PC: 12ff1 | Character output (Char = '20')
2018-12-17T23:12:09.880103319Z 2 PC: 12ff1 | Character output (Char = '6f')
2018-12-17T23:12:09.88291845Z 2 PC: 12ff1 | Character output (Char = '68')
2018-12-17T23:12:09.885355879Z 2 PC: 12ff1 | Character output (Char = '2c')
2018-12-17T23:12:09.887283169Z 2 PC: 12ff1 | Character output (Char = '20')
2018-12-17T23:12:09.889887135Z 2 PC: 12ff1 | Character output (Char = '64')
2018-12-17T23:12:09.89156818Z 2 PC: 12ff1 | Character output (Char = '65')
2018-12-17T23:12:09.893415481Z 2 PC: 12ff1 | Character output (Char = '75')
2018-12-17T23:12:09.895568462Z 2 PC: 12ff1 | Character output (Char = '20')
2018-12-17T23:12:09.897388932Z 2 PC: 12ff1 | Character output (Char = '65')
2018-12-17T23:12:09.899056241Z 2 PC: 12ff1 | Character output (Char = '72')
2018-12-17T23:12:09.901513512Z 2 PC: 12ff1 | Character output (Char = '72')
2018-12-17T23:12:09.903191788Z 2 PC: 12ff1 | Character output (Char = '6f')
2018-12-17T23:12:09.904888207Z 2 PC: 12ff1 | Character output (Char = '20')
2018-12-17T23:12:09.92148352Z 2 PC: 12ff1 | Character output (Char = '21')
2018-12-17T23:12:09.924083577Z 2 PC: 12ff1 | Character output (Char = '0d')
2018-12-17T23:12:09.926103352Z 2 PC: 12ff1 | Character output (Char = '0a')
2018-12-17T23:12:09.928652619Z 70 PC: 13308 | Redirect handle
2018-12-17T23:12:09.930804209Z 62 PC: 1330f | Close file
2018-12-17T23:12:09.93282392Z 70 PC: 1331f | Redirect handle
2018-12-17T23:12:09.935187241Z 62 PC: 13326 | Close file
2018-12-17T23:12:12.054008414Z 72 PC: 8f1b9 | Allocate memory
2018-12-17T23:12:12.055822346Z 72 PC: 8f1bd | Allocate memory
2018-12-17T23:12:12.059033683Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-17T23:12:12.062214557Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-17T23:12:12.072747091Z 66 PC: 91f95 | Move file pointer
2018-12-17T23:12:12.074614369Z 62 PC: 91fc1 | Close file
2018-12-17T23:12:12.07688308Z 75 PC: 91fe0 | Execute program
2018-12-17T23:12:12.092330172Z 98 PC: 916f1 | Get current PSP
2018-12-17T23:12:12.094346709Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-17T23:12:12.098426543Z 48 PC: c609 | Get DOS version
2018-12-17T23:12:12.101382605Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-17T23:12:12.104513039Z 2 PC: c38c | Character output (Char = '32')
2018-12-17T23:12:12.106511729Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-17T23:12:12.10974706Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-17T23:12:12.114217689Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-17T23:12:12.120513571Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\SMARTDRV.EXE')
2018-12-17T23:12:12.13690394Z 66 PC: 91f95 | Move file pointer
2018-12-17T23:12:12.140102646Z 62 PC: 91fc1 | Close file
2018-12-17T23:12:12.142159187Z 75 PC: 91fe0 | Execute program
2018-12-17T23:12:12.161922051Z 98 PC: 916f1 | Get current PSP
2018-12-17T23:12:12.167077534Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-17T23:12:12.168499809Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:12:12.169744377Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:12:12.171814643Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:12:12.173261236Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:12:12.174685027Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-17T23:12:12.182956972Z 62 PC: 8f8eb | Close file
2018-12-17T23:12:12.18484711Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.186818409Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.189723372Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.191470953Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.193178557Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.195217272Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.197090121Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.198974209Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.2029468Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.206414735Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.208085127Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.210296257Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.212035662Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.213717921Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.216256817Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.218075811Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.21981153Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.221858335Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.223861089Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.225549704Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.22835802Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.229983924Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.231715177Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.233913225Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.235736531Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.237194726Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.239310451Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.241417776Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.243642302Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.245709447Z 62 PC: 8f8f2 | Close file
2018-12-17T23:12:12.2474528Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-17T23:12:12.251980299Z 62 PC: 8f90e | Close file
2018-12-17T23:12:12.254021265Z 69 PC: 8f915 | Duplicate handle
2018-12-17T23:12:12.255813149Z 69 PC: 8f919 | Duplicate handle
2018-12-17T23:12:12.25730447Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T23:12:12.262066378Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T23:12:12.2633594Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T23:12:12.267938363Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T23:12:12.270507853Z 74 PC: 8f9c4 | Reallocate memory
2018-12-17T23:12:12.272405987Z 72 PC: 8f9e0 | Allocate memory
2018-12-17T23:12:12.273950231Z 72 PC: 8f9e4 | Allocate memory
2018-12-17T23:12:12.275524828Z 74 PC: 8f9fb | Reallocate memory
2018-12-17T23:12:12.277386237Z 72 PC: 8fa02 | Allocate memory
2018-12-17T23:12:12.279692262Z 72 PC: 8fa06 | Allocate memory
2018-12-17T23:12:12.281614563Z 73 PC: 8fa11 | Release memory
2018-12-17T23:12:12.283741451Z 73 PC: 8efea | Release memory
2018-12-17T23:12:12.285305827Z 74 PC: 8f003 | Reallocate memory
2018-12-17T23:12:12.287849352Z 72 PC: 8f054 | Allocate memory
2018-12-17T23:12:12.290150951Z 72 PC: 8f058 | Allocate memory
2018-12-17T23:12:12.291880619Z 73 PC: 8f060 | Release memory
2018-12-17T23:12:12.294339155Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-17T23:12:12.302854626Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:12:12.308076923Z 66 PC: 8f0ad | Move file pointer
2018-12-17T23:12:12.310244153Z 62 PC: 8f0d1 | Close file
2018-12-17T23:12:12.312209499Z 75 PC: 8f0f2 | Execute program
2018-12-17T23:12:12.332597738Z 80 PC: 12be9 | Set current PSP
2018-12-17T23:12:12.33460808Z 48 PC: 12bee | Get DOS version
2018-12-17T23:12:12.33686102Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-17T23:12:12.339511653Z 101 PC: 12c74 | Get extended country info
2018-12-17T23:12:12.341888662Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-17T23:12:12.343887923Z 74 PC: 12cdc | Reallocate memory
2018-12-17T23:12:12.345672188Z 72 PC: 1355d | Allocate memory
2018-12-17T23:12:12.347766198Z 25 PC: 13596 | Get default drive
2018-12-17T23:12:12.350084864Z 71 PC: 135ad | Get current directory
2018-12-17T23:12:12.3533133Z 59 PC: 135ba | Change current directory
2018-12-17T23:12:12.358948917Z 59 PC: 135c8 | Change current directory
2018-12-17T23:12:12.368283056Z 59 PC: 135d3 | Change current directory
2018-12-17T23:12:12.372789341Z 25 PC: 12d13 | Get default drive
2018-12-17T23:12:12.374070696Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:12:12.376636731Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:12:12.377905853Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:12.380787092Z 80 PC: 1301d | Set current PSP
2018-12-17T23:12:12.382465258Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T23:12:12.383910541Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:12:12.385177862Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:12:12.387472497Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-17T23:12:12.389477671Z 72 PC: 130ec | Allocate memory
2018-12-17T23:12:12.391460862Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-17T23:12:12.398564311Z 62 PC: 131ba | Close file
2018-12-17T23:12:12.400678892Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-17T23:12:12.401660558Z 74 PC: 1197c | Reallocate memory
2018-12-17T23:12:12.40398297Z 72 PC: 11991 | Allocate memory
2018-12-17T23:12:12.405660025Z 73 PC: 119b2 | Release memory
2018-12-17T23:12:12.406943685Z 72 PC: 119bd | Allocate memory
2018-12-17T23:12:12.409528541Z 73 PC: 119df | Release memory
2018-12-17T23:12:12.410476225Z 72 PC: 119f5 | Allocate memory
2018-12-17T23:12:12.412198257Z 72 PC: 119fd | Allocate memory