Sample viewer

vx.netlux.org/Virus.DOS.GreenMonster.711

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:05:52.626405491Z 53 PC: 12a5e | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:05:52.628764336Z 53 PC: 12a82 | Get interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T22:05:52.629877368Z 74 PC: 12aa5 | Reallocate memory
2018-12-17T22:05:52.638433319Z 72 PC: 12aac | Allocate memory
2018-12-17T22:05:52.643042042Z 53 PC: 12ad6 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:05:52.644888323Z 37 PC: 12ae1 | Set interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T22:05:52.646068034Z 37 PC: 12ae9 | Set interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T22:05:52.647209986Z 37 PC: 12af6 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:05:54.700357454Z 72 PC: 8e9b9 | Allocate memory
2018-12-17T22:05:54.70235748Z 72 PC: 8e9bd | Allocate memory
2018-12-17T22:05:54.704953805Z 99 PC: 90058 | Get DBCS lead byte table pointer
2018-12-17T22:05:54.708846096Z 61 PC: 91788 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-17T22:05:54.719417121Z 66 PC: 91795 | Move file pointer
2018-12-17T22:05:54.72091808Z 62 PC: 917c1 | Close file
2018-12-17T22:05:54.723593568Z 75 PC: 917e0 | Execute program
2018-12-17T22:05:54.739227216Z 98 PC: 90ef1 | Get current PSP
2018-12-17T22:05:54.740623683Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-17T22:05:54.750719272Z 48 PC: c609 | Get DOS version
2018-12-17T22:05:54.754223369Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-17T22:05:54.75830898Z 2 PC: c38c | Character output (Char = '32')
2018-12-17T22:05:54.769547628Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-17T22:05:54.773743692Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-17T22:05:54.780924268Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-17T22:05:54.789656788Z 61 PC: 91788 | Open file (Filename = 'C:\WINDOWS\SMARTDRV.EXE')
2018-12-17T22:05:54.800843986Z 66 PC: 91795 | Move file pointer
2018-12-17T22:05:54.80231494Z 62 PC: 917c1 | Close file
2018-12-17T22:05:54.804289481Z 75 PC: 917e0 | Execute program
2018-12-17T22:05:54.825052333Z 98 PC: 90ef1 | Get current PSP
2018-12-17T22:05:54.829250641Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:05:54.831067686Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:05:54.83369342Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:05:54.835267535Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:05:54.836886477Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:05:54.839574213Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-17T22:05:54.850797582Z 62 PC: 8f0eb | Close file
2018-12-17T22:05:54.85293299Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.855771059Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.858029311Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.860300289Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.862478888Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.863950357Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.865323092Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.866947022Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.868962266Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.87057943Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.872806216Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.875106697Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.876985897Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.878980997Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.886397709Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.888209057Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.889812923Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.891708199Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.893432322Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.895107489Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.902847101Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.904278183Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.905731065Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.907463899Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.90876694Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.910141694Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.911926346Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.913175176Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.914463712Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.916084082Z 62 PC: 8f0f2 | Close file
2018-12-17T22:05:54.917306492Z 61 PC: 8f0ff | Open file (Filename = '')
2018-12-17T22:05:54.921779131Z 62 PC: 8f10e | Close file
2018-12-17T22:05:54.923592762Z 69 PC: 8f115 | Duplicate handle
2018-12-17T22:05:54.924984954Z 69 PC: 8f119 | Duplicate handle
2018-12-17T22:05:54.927212976Z 61 PC: 9307b | Open file (Filename = '')
2018-12-17T22:05:54.932356368Z 68 PC: 9306b | I/O control for devices (Set for = '')
2018-12-17T22:05:54.93354383Z 61 PC: 9307b | Open file (Filename = '')
2018-12-17T22:05:54.937905952Z 68 PC: 9306b | I/O control for devices (Set for = '')
2018-12-17T22:05:54.939972272Z 74 PC: 8f1c4 | Reallocate memory
2018-12-17T22:05:54.94111486Z 72 PC: 8f1e0 | Allocate memory
2018-12-17T22:05:54.942658559Z 72 PC: 8f1e4 | Allocate memory
2018-12-17T22:05:54.944147367Z 74 PC: 8f1fb | Reallocate memory
2018-12-17T22:05:54.945295134Z 72 PC: 8f202 | Allocate memory
2018-12-17T22:05:54.961657583Z 72 PC: 8f206 | Allocate memory
2018-12-17T22:05:54.963719789Z 73 PC: 8f211 | Release memory
2018-12-17T22:05:54.965127261Z 73 PC: 8e7ea | Release memory
2018-12-17T22:05:54.966264297Z 74 PC: 8e803 | Reallocate memory
2018-12-17T22:05:54.968467799Z 72 PC: 8e854 | Allocate memory
2018-12-17T22:05:54.970509668Z 72 PC: 8e858 | Allocate memory
2018-12-17T22:05:54.972713122Z 73 PC: 8e860 | Release memory
2018-12-17T22:05:54.974861727Z 61 PC: 8e880 | Open file (Filename = 'r,�S�������[�
2018-12-17T22:05:54.983878975Z 63 PC: 8e895 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:05:54.989716108Z 66 PC: 8e8ad | Move file pointer
2018-12-17T22:05:54.992384442Z 62 PC: 8e8d1 | Close file
2018-12-17T22:05:54.994416735Z 75 PC: 8e8f2 | Execute program
2018-12-17T22:05:55.018040208Z 80 PC: 12be9 | Set current PSP
2018-12-17T22:05:55.020290186Z 48 PC: 12bee | Get DOS version
2018-12-17T22:05:55.02214519Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-17T22:05:55.024694251Z 101 PC: 12c74 | Get extended country info
2018-12-17T22:05:55.027302706Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-17T22:05:55.028897261Z 74 PC: 12cdc | Reallocate memory
2018-12-17T22:05:55.03116745Z 72 PC: 1355d | Allocate memory
2018-12-17T22:05:55.034014392Z 25 PC: 13596 | Get default drive
2018-12-17T22:05:55.035852661Z 71 PC: 135ad | Get current directory
2018-12-17T22:05:55.03851862Z 59 PC: 135ba | Change current directory
2018-12-17T22:05:55.044567816Z 59 PC: 135c8 | Change current directory
2018-12-17T22:05:55.051139929Z 59 PC: 135d3 | Change current directory
2018-12-17T22:05:55.05491631Z 25 PC: 12d13 | Get default drive
2018-12-17T22:05:55.057089045Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:05:55.058137764Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:05:55.058952206Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:05:55.060781754Z 80 PC: 1301d | Set current PSP
2018-12-17T22:05:55.061461919Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T22:05:55.062276418Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:05:55.063970217Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:05:55.064884635Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-17T22:05:55.066149637Z 72 PC: 130ec | Allocate memory
2018-12-17T22:05:55.067702198Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-17T22:05:55.074075443Z 62 PC: 131ba | Close file
2018-12-17T22:05:55.075817678Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-17T22:05:55.076608175Z 74 PC: 1197c | Reallocate memory
2018-12-17T22:05:55.078580016Z 72 PC: 11991 | Allocate memory
2018-12-17T22:05:55.07971417Z 73 PC: 119b2 | Release memory
2018-12-17T22:05:55.080901132Z 72 PC: 119bd | Allocate memory
2018-12-17T22:05:55.082738142Z 73 PC: 119df | Release memory
2018-12-17T22:05:55.08356748Z 72 PC: 119f5 | Allocate memory
2018-12-17T22:05:55.084709337Z 72 PC: 119fd | Allocate memory