Sample viewer

vx.netlux.org/Virus.DOS.Fbd.1000

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:07:15.882313318Z 53 PC: 143e5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:07:15.883996087Z 37 PC: 143f8 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:07:15.885069956Z 25 PC: 143fc | Get default drive
2018-12-17T22:07:15.886346942Z 71 PC: 14410 | Get current directory
2018-12-17T22:07:15.890416552Z 42 PC: 14414 | Get date 0x14414: mov word ptr [bp + 0xe], cx
0x14417: mov word ptr [bp + 0x10], dx
0x1441a: mov byte ptr [bp + 0x12], al
0x1441d: mov ah, 0x2c
0x1441f: int 0x21
0x14421: mov word ptr [bp + 0xa], cx
0x14424: mov word ptr [bp + 0xc], dx
0x14427: mov ah, 0xe
0x14429: mov dl, byte ptr [bp + 0x46]
0x1442c: int 0x21
0x1442e: mov dx, bp
0x14430: add dx, 0x42
0x14433: mov ah, 0x3b
0x14435: int 0x21
0x14437: jb 0x14454
0x14439: mov ah, 0x1a
0x1443b: mov dx, bp
0x1443d: add dx, 0x17
0x14440: int 0x21
0x14442: mov ah, 0x4e
2018-12-17T22:07:15.892489142Z 44 PC: 14421 | Get time 0x14421: mov word ptr [bp + 0xa], cx
0x14424: mov word ptr [bp + 0xc], dx
0x14427: mov ah, 0xe
0x14429: mov dl, byte ptr [bp + 0x46]
0x1442c: int 0x21
0x1442e: mov dx, bp
0x14430: add dx, 0x42
0x14433: mov ah, 0x3b
0x14435: int 0x21
0x14437: jb 0x14454
0x14439: mov ah, 0x1a
0x1443b: mov dx, bp
0x1443d: add dx, 0x17
0x14440: int 0x21
0x14442: mov ah, 0x4e
0x14444: mov cx, 7
0x14447: mov dx, bp
0x14449: int 0x21
0x1444b: mov dx, 0x80
0x1444e: mov ah, 0x1a
2018-12-17T22:07:15.894465024Z 14 PC: 1442e | Set default drive (Drive = 'D')
2018-12-17T22:07:15.896247186Z 59 PC: 14437 | Change current directory
2018-12-17T22:07:15.898093463Z 14 PC: 1442e | Set default drive (Drive = 'C')
2018-12-17T22:07:15.899305674Z 59 PC: 14437 | Change current directory
2018-12-17T22:07:15.903342877Z 26 PC: 14442 | Set disk transfer address
2018-12-17T22:07:15.904798126Z 78 PC: 1444b | Find first file
2018-12-17T22:07:15.91048203Z 26 PC: 14452 | Set disk transfer address
2018-12-17T22:07:15.912185929Z 61 PC: 14497 | Open file (Filename = 'COMMAND.COM')
2018-12-17T22:07:15.920685279Z 63 PC: 144a6 | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:07:15.934625361Z 62 PC: 144ad | Close file
2018-12-17T22:07:15.936654896Z 43 PC: 14552 | Set date
2018-12-17T22:07:15.940372926Z 45 PC: 1455c | Set time
2018-12-17T22:07:15.943340054Z 61 PC: 1457a | Open file (Filename = 'COMMAND.COM')
2018-12-17T22:07:15.951214821Z 64 PC: 1458d | Write file or device (Write 55645 bytes on handle 5)
2018-12-17T22:07:16.306957435Z 62 PC: 14591 | Close file
2018-12-17T22:07:16.314314642Z 67 PC: 145a1 | Get or set file attributes
2018-12-17T22:07:16.323068786Z 43 PC: 145ab | Set date
2018-12-17T22:07:16.326979613Z 45 PC: 145b5 | Set time
2018-12-17T22:07:16.330297023Z 14 PC: 145cc | Set default drive (Drive = 'A')
2018-12-17T22:07:16.331693082Z 59 PC: 145d9 | Change current directory
2018-12-17T22:07:16.340678151Z 37 PC: 145e7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:07:16.341797955Z 48 PC: 13e58 | Get DOS version
2018-12-17T22:07:16.342841482Z 53 PC: 13e64 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:07:16.344787675Z 37 PC: 13e77 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:07:16.346137246Z 47 PC: 13f3f | Get disk transfer address
2018-12-17T22:07:16.34714089Z 26 PC: 13f51 | Set disk transfer address
2018-12-17T22:07:16.348729082Z 78 PC: 13fab | Find first file
2018-12-17T22:07:16.35788213Z 48 PC: 13fc8 | Get DOS version
2018-12-17T22:07:16.359240689Z 61 PC: 13feb | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:07:16.367102094Z 66 PC: 14001 | Move file pointer
2018-12-17T22:07:16.368496963Z 63 PC: 1400d | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:07:16.374990956Z 62 PC: 14016 | Close file
2018-12-17T22:07:16.377426529Z 67 PC: 14038 | Get or set file attributes
2018-12-17T22:07:16.383195019Z 67 PC: 14049 | Get or set file attributes
2018-12-17T22:07:16.399348548Z 61 PC: 14059 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:07:16.40707747Z 66 PC: 1406b | Move file pointer
2018-12-17T22:07:16.408429331Z 87 PC: 14070 | Get or set file date and time
2018-12-17T22:07:16.410094066Z 63 PC: 14084 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:07:16.412867578Z 66 PC: 140b4 | Move file pointer
2018-12-17T22:07:16.414531511Z 64 PC: 140de | Write file or device (Write 1032 bytes on handle 5)
2018-12-17T22:07:16.423196276Z 66 PC: 140ee | Move file pointer
2018-12-17T22:07:16.424699896Z 64 PC: 140fb | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:07:16.43259139Z 87 PC: 14108 | Get or set file date and time
2018-12-17T22:07:16.434535834Z 67 PC: 14116 | Get or set file attributes
2018-12-17T22:07:16.445042928Z 26 PC: 14123 | Set disk transfer address
2018-12-17T22:07:16.447004372Z 62 PC: 14128 | Close file
2018-12-17T22:07:16.453935206Z 37 PC: 14136 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:07:16.455091222Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T22:07:16.460793243Z 0 PC: 12a89 | Program terminate