Sample viewer

vx.netlux.org/Virus.DOS.GreenMonster.711

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:05:52.626405491Z	53	PC: 12a5e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:05:52.628764336Z	53	PC: 12a82 \| Get interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T22:05:52.629877368Z	74	PC: 12aa5 \| Reallocate memory
2018-12-17T22:05:52.638433319Z	72	PC: 12aac \| Allocate memory
2018-12-17T22:05:52.643042042Z	53	PC: 12ad6 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:05:52.644888323Z	37	PC: 12ae1 \| Set interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T22:05:52.646068034Z	37	PC: 12ae9 \| Set interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T22:05:52.647209986Z	37	PC: 12af6 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:05:54.700357454Z	72	PC: 8e9b9 \| Allocate memory
2018-12-17T22:05:54.70235748Z	72	PC: 8e9bd \| Allocate memory
2018-12-17T22:05:54.704953805Z	99	PC: 90058 \| Get DBCS lead byte table pointer
2018-12-17T22:05:54.708846096Z	61	PC: 91788 \| Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-17T22:05:54.719417121Z	66	PC: 91795 \| Move file pointer
2018-12-17T22:05:54.72091808Z	62	PC: 917c1 \| Close file
2018-12-17T22:05:54.723593568Z	75	PC: 917e0 \| Execute program
2018-12-17T22:05:54.739227216Z	98	PC: 90ef1 \| Get current PSP
2018-12-17T22:05:54.740623683Z	9	PC: c605 \| Display string (String= '6ï¿½ï¿½rï¿½&;]u')
2018-12-17T22:05:54.750719272Z	48	PC: c609 \| Get DOS version
2018-12-17T22:05:54.754223369Z	9	PC: c382 \| Display string (String= ' Installed A20 handler number ')
2018-12-17T22:05:54.75830898Z	2	PC: c38c \| Character output (Char = '32')
2018-12-17T22:05:54.769547628Z	2	PC: c3a7 \| Character output (Char = '2e')
2018-12-17T22:05:54.773743692Z	9	PC: c6d9 \| Display string (String= 'ï¿½ï¿½ï¿½ï¿½ï¿½VHï¿½VDï¿½ï¿½ï¿½V@ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½î°ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½_ï¿½ï¿½ï¿½Kuï¿½ï¿½t1ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½Dï¿½ï¿½ï¿½ï¿½ï¿½t ï¿½ï¿½ ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½a1ï¿½ï¿½Zï¿½ï¿½ï¿½ï¿½ï¿½Wï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½5ï¿½ï¿½ï¿½\|ï¿½ï¿½ï¿½ï¿½ï¿½(ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½Ç‹ï¿½(ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½pï¿½^')
2018-12-17T22:05:54.780924268Z	9	PC: c6e0 \| Display string (String= 'ï¿½5ï¿½ï¿½ï¿½\|ï¿½ï¿½ï¿½ï¿½ï¿½(ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½Ç‹ï¿½(ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½pï¿½^')
2018-12-17T22:05:54.789656788Z	61	PC: 91788 \| Open file (Filename = 'C:\WINDOWS\SMARTDRV.EXE')
2018-12-17T22:05:54.800843986Z	66	PC: 91795 \| Move file pointer
2018-12-17T22:05:54.80231494Z	62	PC: 917c1 \| Close file
2018-12-17T22:05:54.804289481Z	75	PC: 917e0 \| Execute program
2018-12-17T22:05:54.825052333Z	98	PC: 90ef1 \| Get current PSP
2018-12-17T22:05:54.829250641Z	82	PC: 13d46 \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:05:54.831067686Z	53	PC: 13ac3 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:05:54.83369342Z	37	PC: 13ad6 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:05:54.835267535Z	53	PC: 13ae0 \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:05:54.836886477Z	37	PC: 13af3 \| Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:05:54.839574213Z	9	PC: 13a0d \| Display string (Could not find end pointer)
2018-12-17T22:05:54.850797582Z	62	PC: 8f0eb \| Close file
2018-12-17T22:05:54.85293299Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.855771059Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.858029311Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.860300289Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.862478888Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.863950357Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.865323092Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.866947022Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.868962266Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.87057943Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.872806216Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.875106697Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.876985897Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.878980997Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.886397709Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.888209057Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.889812923Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.891708199Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.893432322Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.895107489Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.902847101Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.904278183Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.905731065Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.907463899Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.90876694Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.910141694Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.911926346Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.913175176Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.914463712Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.916084082Z	62	PC: 8f0f2 \| Close file
2018-12-17T22:05:54.917306492Z	61	PC: 8f0ff \| Open file (Filename = '')
2018-12-17T22:05:54.921779131Z	62	PC: 8f10e \| Close file
2018-12-17T22:05:54.923592762Z	69	PC: 8f115 \| Duplicate handle
2018-12-17T22:05:54.924984954Z	69	PC: 8f119 \| Duplicate handle
2018-12-17T22:05:54.927212976Z	61	PC: 9307b \| Open file (Filename = '')
2018-12-17T22:05:54.932356368Z	68	PC: 9306b \| I/O control for devices (Set for = '')
2018-12-17T22:05:54.93354383Z	61	PC: 9307b \| Open file (Filename = '')
2018-12-17T22:05:54.937905952Z	68	PC: 9306b \| I/O control for devices (Set for = '')
2018-12-17T22:05:54.939972272Z	74	PC: 8f1c4 \| Reallocate memory
2018-12-17T22:05:54.94111486Z	72	PC: 8f1e0 \| Allocate memory
2018-12-17T22:05:54.942658559Z	72	PC: 8f1e4 \| Allocate memory
2018-12-17T22:05:54.944147367Z	74	PC: 8f1fb \| Reallocate memory
2018-12-17T22:05:54.945295134Z	72	PC: 8f202 \| Allocate memory
2018-12-17T22:05:54.961657583Z	72	PC: 8f206 \| Allocate memory
2018-12-17T22:05:54.963719789Z	73	PC: 8f211 \| Release memory
2018-12-17T22:05:54.965127261Z	73	PC: 8e7ea \| Release memory
2018-12-17T22:05:54.966264297Z	74	PC: 8e803 \| Reallocate memory
2018-12-17T22:05:54.968467799Z	72	PC: 8e854 \| Allocate memory
2018-12-17T22:05:54.970509668Z	72	PC: 8e858 \| Allocate memory
2018-12-17T22:05:54.972713122Z	73	PC: 8e860 \| Release memory
2018-12-17T22:05:54.974861727Z	61	PC: 8e880 \| Open file (Filename = 'r,ï¿½Sï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½[ï¿½
2018-12-17T22:05:54.983878975Z	63	PC: 8e895 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:05:54.989716108Z	66	PC: 8e8ad \| Move file pointer
2018-12-17T22:05:54.992384442Z	62	PC: 8e8d1 \| Close file
2018-12-17T22:05:54.994416735Z	75	PC: 8e8f2 \| Execute program
2018-12-17T22:05:55.018040208Z	80	PC: 12be9 \| Set current PSP
2018-12-17T22:05:55.020290186Z	48	PC: 12bee \| Get DOS version
2018-12-17T22:05:55.02214519Z	99	PC: 193d0 \| Get DBCS lead byte table pointer
2018-12-17T22:05:55.024694251Z	101	PC: 12c74 \| Get extended country info
2018-12-17T22:05:55.027302706Z	99	PC: 12c7a \| Get DBCS lead byte table pointer
2018-12-17T22:05:55.028897261Z	74	PC: 12cdc \| Reallocate memory
2018-12-17T22:05:55.03116745Z	72	PC: 1355d \| Allocate memory
2018-12-17T22:05:55.034014392Z	25	PC: 13596 \| Get default drive
2018-12-17T22:05:55.035852661Z	71	PC: 135ad \| Get current directory
2018-12-17T22:05:55.03851862Z	59	PC: 135ba \| Change current directory
2018-12-17T22:05:55.044567816Z	59	PC: 135c8 \| Change current directory
2018-12-17T22:05:55.051139929Z	59	PC: 135d3 \| Change current directory
2018-12-17T22:05:55.05491631Z	25	PC: 12d13 \| Get default drive
2018-12-17T22:05:55.057089045Z	37	PC: 127d3 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:05:55.058137764Z	37	PC: 127da \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:05:55.058952206Z	37	PC: 127e1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:05:55.060781754Z	80	PC: 1301d \| Set current PSP
2018-12-17T22:05:55.061461919Z	37	PC: 13041 \| Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T22:05:55.062276418Z	53	PC: 13362 \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:05:55.063970217Z	37	PC: 13383 \| Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:05:55.064884635Z	51	PC: 13417 \| Get or set Ctrl-Break
2018-12-17T22:05:55.066149637Z	72	PC: 130ec \| Allocate memory
2018-12-17T22:05:55.067702198Z	61	PC: 131b2 \| Open file (Filename = '')
2018-12-17T22:05:55.074075443Z	62	PC: 131ba \| Close file
2018-12-17T22:05:55.075817678Z	51	PC: 1344c \| Get or set Ctrl-Break
2018-12-17T22:05:55.076608175Z	74	PC: 1197c \| Reallocate memory
2018-12-17T22:05:55.078580016Z	72	PC: 11991 \| Allocate memory
2018-12-17T22:05:55.07971417Z	73	PC: 119b2 \| Release memory
2018-12-17T22:05:55.080901132Z	72	PC: 119bd \| Allocate memory
2018-12-17T22:05:55.082738142Z	73	PC: 119df \| Release memory
2018-12-17T22:05:55.08356748Z	72	PC: 119f5 \| Allocate memory
2018-12-17T22:05:55.084709337Z	72	PC: 119fd \| Allocate memory