Sample viewer

vx.netlux.org/Virus.DOS.JDC.7616

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:10:01.040718607Z 37 PC: 14716 | Set interrupt vector (Interrupt = '219' AKA 'UNKNOWN!')
2018-12-17T22:10:01.043173861Z 37 PC: 14731 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:10:01.060796337Z 44 PC: 12db9 | Get time 0x12db9: mov word ptr cs:[bp + 0x144], cx
0x12dbe: mov word ptr cs:[bp + 0x146], dx
0x12dc3: ret
0x12dc4: mov ax, word ptr cs:[bp + 0x144]
0x12dc9: mov bx, word ptr cs:[bp + 0x146]
0x12dce: mov cx, ax
0x12dd0: mul word ptr cs:[bp + 0x148]
0x12dd5: shl cx, 1
0x12dd7: shl cx, 1
0x12dd9: shl cx, 1
0x12ddb: add ch, cl
0x12ddd: add dx, cx
0x12ddf: add dx, bx
0x12de1: shl bx, 1
0x12de3: shl bx, 1
0x12de5: add dx, bx
0x12de7: add dh, bl
0x12de9: mov cl, 5
0x12deb: shl bx, cl
0x12ded: add dh, bl
2018-12-17T22:10:01.063106428Z 26 PC: 13acf | Set disk transfer address
2018-12-17T22:10:01.06473218Z 53 PC: 12e82 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:10:01.066146611Z 37 PC: 12e94 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:10:01.067342287Z 71 PC: 13045 | Get current directory
2018-12-17T22:10:01.070628896Z 60 PC: 12f1c | Create or truncate file
2018-12-17T22:10:01.090403753Z 62 PC: 12f23 | Close file
2018-12-17T22:10:01.091908435Z 65 PC: 12f2b | Delete file (Filename = '~~TEMP~~.TMP')
2018-12-17T22:10:01.100857922Z 78 PC: 1306b | Find first file
2018-12-17T22:10:01.106614352Z 78 PC: 1306b | Find first file
2018-12-17T22:10:01.110952783Z 61 PC: 13ae6 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:10:01.116283565Z 63 PC: 130ad | Read file or device (Read 4278190135 bytes on handle 5)
2018-12-17T22:10:01.122013913Z 62 PC: 130b3 | Close file
2018-12-17T22:10:01.123659035Z 67 PC: 13aff | Get or set file attributes
2018-12-17T22:10:01.13395135Z 61 PC: 13ae6 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:10:01.14175484Z 64 PC: 13a9b | Write file or device (Write 4278190083 bytes on handle 5)
2018-12-17T22:10:01.146306482Z 66 PC: 13aca | Move file pointer
2018-12-17T22:10:01.149854975Z 37 PC: 14716 | Set interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T22:10:01.151658864Z 37 PC: 14731 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:10:01.159461325Z 64 PC: 148e8 | Write file or device (Write 4278190848 bytes on handle 5)
2018-12-17T22:10:01.165226675Z 64 PC: 1490f | Write file or device (Write 4278196928 bytes on handle 5)
2018-12-17T22:10:01.172547352Z 37 PC: 14716 | Set interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T22:10:01.173764703Z 37 PC: 14731 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:10:01.181082618Z 87 PC: 13864 | Get or set file date and time
2018-12-17T22:10:01.183130467Z 62 PC: 13868 | Close file
2018-12-17T22:10:01.191166159Z 67 PC: 13aff | Get or set file attributes
2018-12-17T22:10:01.200889603Z 79 PC: 1306b | Find next file
2018-12-17T22:10:01.204973483Z 61 PC: 13ae6 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:10:01.211429589Z 63 PC: 130ad | Read file or device (Read 4278190135 bytes on handle 5)
2018-12-17T22:10:01.217659393Z 62 PC: 130b3 | Close file
2018-12-17T22:10:01.220541987Z 67 PC: 13aff | Get or set file attributes
2018-12-17T22:10:01.230741073Z 61 PC: 13ae6 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:10:01.237309843Z 64 PC: 13a9b | Write file or device (Write 4278190083 bytes on handle 5)
2018-12-17T22:10:01.241651043Z 66 PC: 13aca | Move file pointer
2018-12-17T22:10:01.246278681Z 37 PC: 14716 | Set interrupt vector (Interrupt = '149' AKA 'UNKNOWN!')
2018-12-17T22:10:01.247727496Z 37 PC: 14731 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:10:01.261869951Z 64 PC: 148e8 | Write file or device (Write 4278190848 bytes on handle 5)
2018-12-17T22:10:01.27061856Z 64 PC: 1490f | Write file or device (Write 4278196928 bytes on handle 5)
2018-12-17T22:10:01.280104068Z 37 PC: 14716 | Set interrupt vector (Interrupt = '149' AKA 'UNKNOWN!')
2018-12-17T22:10:01.281350857Z 37 PC: 14731 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:10:01.295887398Z 87 PC: 13864 | Get or set file date and time
2018-12-17T22:10:01.297545349Z 62 PC: 13868 | Close file
2018-12-17T22:10:01.305401877Z 67 PC: 13aff | Get or set file attributes
2018-12-17T22:10:01.315270866Z 79 PC: 1306b | Find next file
2018-12-17T22:10:01.318162897Z 61 PC: 13ae6 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:10:01.324797188Z 63 PC: 130ad | Read file or device (Read 4278190135 bytes on handle 5)
2018-12-17T22:10:01.331202535Z 62 PC: 130b3 | Close file
2018-12-17T22:10:01.33257219Z 67 PC: 13aff | Get or set file attributes
2018-12-17T22:10:01.338940181Z 61 PC: 13ae6 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:10:01.34377152Z 64 PC: 13a9b | Write file or device (Write 4278190083 bytes on handle 5)
2018-12-17T22:10:01.345765094Z 66 PC: 13aca | Move file pointer
2018-12-17T22:10:01.348862592Z 37 PC: 14716 | Set interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T22:10:01.35036226Z 37 PC: 14731 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:10:01.356805023Z 64 PC: 148e8 | Write file or device (Write 503841536 bytes on handle 5)
2018-12-17T22:10:01.363797683Z 64 PC: 1490f | Write file or device (Write 503847616 bytes on handle 5)
2018-12-17T22:10:01.373764506Z 37 PC: 14716 | Set interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T22:10:01.374951214Z 37 PC: 14731 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:10:01.385544995Z 87 PC: 13864 | Get or set file date and time
2018-12-17T22:10:01.387844598Z 62 PC: 13868 | Close file
2018-12-17T22:10:01.39651991Z 67 PC: 13aff | Get or set file attributes
2018-12-17T22:10:01.406713706Z 79 PC: 1306b | Find next file
2018-12-17T22:10:01.410554819Z 61 PC: 13ae6 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:10:01.41820839Z 63 PC: 130ad | Read file or device (Read 503840823 bytes on handle 5)
2018-12-17T22:10:01.425022346Z 62 PC: 130b3 | Close file
2018-12-17T22:10:01.428560615Z 67 PC: 13aff | Get or set file attributes
2018-12-17T22:10:01.438765127Z 61 PC: 13ae6 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:10:01.445273329Z 64 PC: 13a9b | Write file or device (Write 503840771 bytes on handle 5)
2018-12-17T22:10:01.448948727Z 66 PC: 13aca | Move file pointer
2018-12-17T22:10:01.453626333Z 37 PC: 14716 | Set interrupt vector (Interrupt = '193' AKA 'UNKNOWN!')
2018-12-17T22:10:01.454750261Z 37 PC: 14731 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:10:01.46888628Z 64 PC: 148e8 | Write file or device (Write 4278190848 bytes on handle 5)
2018-12-17T22:10:01.477603477Z 64 PC: 1490f | Write file or device (Write 4278196928 bytes on handle 5)
2018-12-17T22:10:01.48847202Z 37 PC: 14716 | Set interrupt vector (Interrupt = '193' AKA 'UNKNOWN!')
2018-12-17T22:10:01.490580509Z 37 PC: 14731 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:10:01.503493323Z 87 PC: 13864 | Get or set file date and time
2018-12-17T22:10:01.505096959Z 62 PC: 13868 | Close file
2018-12-17T22:10:01.513481081Z 67 PC: 13aff | Get or set file attributes
2018-12-17T22:10:01.524519414Z 79 PC: 1306b | Find next file
2018-12-17T22:10:01.527592187Z 61 PC: 13ae6 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:10:01.535331375Z 63 PC: 130ad | Read file or device (Read 4278190135 bytes on handle 5)
2018-12-17T22:10:01.541693844Z 62 PC: 130b3 | Close file
2018-12-17T22:10:01.543597201Z 67 PC: 13aff | Get or set file attributes
2018-12-17T22:10:01.554188849Z 61 PC: 13ae6 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:10:01.560954486Z 64 PC: 13a9b | Write file or device (Write 4278190083 bytes on handle 5)
2018-12-17T22:10:01.564004347Z 66 PC: 13aca | Move file pointer
2018-12-17T22:10:01.570275233Z 37 PC: 14716 | Set interrupt vector (Interrupt = '215' AKA 'UNKNOWN!')
2018-12-17T22:10:01.572154899Z 37 PC: 14731 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:10:01.583393059Z 64 PC: 148e8 | Write file or device (Write 4278190848 bytes on handle 5)
2018-12-17T22:10:01.592747184Z 64 PC: 1490f | Write file or device (Write 4278196928 bytes on handle 5)
2018-12-17T22:10:01.602393506Z 37 PC: 14716 | Set interrupt vector (Interrupt = '215' AKA 'UNKNOWN!')
2018-12-17T22:10:01.603458687Z 37 PC: 14731 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:10:01.616536418Z 87 PC: 13864 | Get or set file date and time
2018-12-17T22:10:01.618285902Z 62 PC: 13868 | Close file
2018-12-17T22:10:01.626023857Z 67 PC: 13aff | Get or set file attributes
2018-12-17T22:10:01.636508295Z 79 PC: 1306b | Find next file
2018-12-17T22:10:01.639144592Z 61 PC: 13ae6 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:10:01.645716543Z 63 PC: 130ad | Read file or device (Read 4278190135 bytes on handle 5)
2018-12-17T22:10:01.652684436Z 62 PC: 130b3 | Close file
2018-12-17T22:10:01.654898431Z 67 PC: 13aff | Get or set file attributes
2018-12-17T22:10:01.664874205Z 61 PC: 13ae6 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:10:01.672366324Z 64 PC: 13a9b | Write file or device (Write 4278190083 bytes on handle 5)
2018-12-17T22:10:01.676182326Z 66 PC: 13aca | Move file pointer
2018-12-17T22:10:01.681300213Z 37 PC: 14716 | Set interrupt vector (Interrupt = '213' AKA 'UNKNOWN!')
2018-12-17T22:10:01.683039586Z 37 PC: 14731 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:10:01.693955801Z 64 PC: 148e8 | Write file or device (Write 4278190848 bytes on handle 5)
2018-12-17T22:10:01.703266459Z 64 PC: 1490f | Write file or device (Write 4278196928 bytes on handle 5)
2018-12-17T22:10:01.713581452Z 37 PC: 14716 | Set interrupt vector (Interrupt = '213' AKA 'UNKNOWN!')
2018-12-17T22:10:01.715026419Z 37 PC: 14731 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:10:01.726132552Z 87 PC: 13864 | Get or set file date and time
2018-12-17T22:10:01.72864297Z 62 PC: 13868 | Close file
2018-12-17T22:10:01.736423804Z 67 PC: 13aff | Get or set file attributes
2018-12-17T22:10:01.74746376Z 79 PC: 1306b | Find next file
2018-12-17T22:10:01.751567214Z 61 PC: 13ae6 | Open file (Filename = 'PAH.COM')
2018-12-17T22:10:01.757985531Z 63 PC: 130ad | Read file or device (Read 4278190135 bytes on handle 5)
2018-12-17T22:10:01.765641442Z 62 PC: 130b3 | Close file
2018-12-17T22:10:01.76763483Z 67 PC: 13aff | Get or set file attributes
2018-12-17T22:10:01.777860677Z 61 PC: 13ae6 | Open file (Filename = 'PAH.COM')
2018-12-17T22:10:01.784443087Z 64 PC: 13a9b | Write file or device (Write 4278190083 bytes on handle 5)
2018-12-17T22:10:01.788581435Z 66 PC: 13aca | Move file pointer
2018-12-17T22:10:01.793485793Z 37 PC: 14716 | Set interrupt vector (Interrupt = '147' AKA 'UNKNOWN!')
2018-12-17T22:10:01.794939553Z 37 PC: 14731 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:10:01.808947397Z 64 PC: 148e8 | Write file or device (Write 4278190848 bytes on handle 5)
2018-12-17T22:10:01.818033268Z 64 PC: 1490f | Write file or device (Write 4278196928 bytes on handle 5)
2018-12-17T22:10:01.828340089Z 37 PC: 14716 | Set interrupt vector (Interrupt = '147' AKA 'UNKNOWN!')
2018-12-17T22:10:01.830159391Z 37 PC: 14731 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:10:01.842074164Z 87 PC: 13864 | Get or set file date and time
2018-12-17T22:10:01.843925501Z 62 PC: 13868 | Close file
2018-12-17T22:10:01.851739803Z 67 PC: 13aff | Get or set file attributes
2018-12-17T22:10:01.862328288Z 79 PC: 1306b | Find next file
2018-12-17T22:10:01.865117661Z 61 PC: 13ae6 | Open file (Filename = 'TEST.COM')
2018-12-17T22:10:01.873041624Z 63 PC: 130ad | Read file or device (Read 4278190135 bytes on handle 5)
2018-12-17T22:10:01.88027426Z 62 PC: 130b3 | Close file
2018-12-17T22:10:01.882062937Z 79 PC: 1306b | Find next file
2018-12-17T22:10:01.888340099Z 59 PC: 12f68 | Change current directory
2018-12-17T22:10:01.893114851Z 81 PC: 14017 | Get current PSP
2018-12-17T22:10:01.894330391Z 78 PC: 12f7f | Find first file
2018-12-17T22:10:01.899778492Z 61 PC: 13ae6 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:10:01.907451416Z 63 PC: 130ad | Read file or device (Read 4278190135 bytes on handle 5)
2018-12-17T22:10:01.910048233Z 62 PC: 130b3 | Close file
2018-12-17T22:10:01.912159505Z 67 PC: 13aff | Get or set file attributes
2018-12-17T22:10:02.257161634Z 61 PC: 13ae6 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:10:02.26476443Z 64 PC: 13a9b | Write file or device (Write 4278190083 bytes on handle 5)
2018-12-17T22:10:02.267928658Z 66 PC: 13aca | Move file pointer
2018-12-17T22:10:02.274288787Z 37 PC: 14716 | Set interrupt vector (Interrupt = '157' AKA 'UNKNOWN!')
2018-12-17T22:10:02.275712134Z 37 PC: 14731 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:10:02.287634499Z 64 PC: 148e8 | Write file or device (Write 1087505152 bytes on handle 5)
2018-12-17T22:10:02.298051141Z 64 PC: 1490f | Write file or device (Write 1087511232 bytes on handle 5)
2018-12-17T22:10:02.319473796Z 37 PC: 14716 | Set interrupt vector (Interrupt = '157' AKA 'UNKNOWN!')
2018-12-17T22:10:02.320874914Z 37 PC: 14731 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:10:02.338715028Z 87 PC: 13864 | Get or set file date and time
2018-12-17T22:10:02.340429277Z 62 PC: 13868 | Close file
2018-12-17T22:10:02.347453785Z 67 PC: 13aff | Get or set file attributes
2018-12-17T22:10:02.356343013Z 42 PC: 12f9b | Get date 0x12f9b: cmp cx, word ptr cs:[bp + 0x1bc0]
0x12fa0: ja 0x12fb4
0x12fa2: jl 0x12fe8
0x12fa4: cmp dh, byte ptr cs:[bp + 0x1bbf]
0x12fa9: ja 0x12fb4
0x12fab: jl 0x12fe8
0x12fad: cmp dl, byte ptr cs:[bp + 0x1bbe]
0x12fb2: jl 0x12fe8
0x12fb4: push ax
0x12fb5: push bx
0x12fb6: push cx
0x12fb7: push dx
0x12fb8: push ds
0x12fb9: push es
0x12fba: push si
0x12fbb: push di
0x12fbc: pushf
0x12fbd: call 0x22e2c
0x12fc0: cmp ax, 0x32
0x12fc3: jl 0x12fdf
2018-12-17T22:10:02.358562168Z 44 PC: 12e30 | Get time 0x12e30: mov al, cl
0x12e32: cwde
0x12e33: ret
0x12e34: add word ptr [di], dx
0x12e36: add dl, byte ptr ss:[bx + si - 0x1770]
0x12e3b: js 0x12e3c
0x12e3d: cmp sp, 0x4a56
0x12e41: jne 0x12e4a
0x12e43: jmp 0x13054
0x12e46: movsb byte ptr es:[di], byte ptr [si]
0x12e47: movsw word ptr es:[di], word ptr [si]
0x12e48: jmp 0x12e62
0x12e4a: lea si, word ptr [bp + 0x140c]
0x12e4e: mov di, 0x100
0x12e51: push di
0x12e52: jmp 0x12e46
0x12e54: sub ax, 0x5b2d
0x12e57: and byte ptr [bp + si + 0x44], cl
0x12e5a: inc bx
0x12e5b: and byte ptr [di + 0x2d], bl
2018-12-17T22:10:02.360813032Z 37 PC: 12ff2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:10:02.36253274Z 59 PC: 12ffc | Change current directory
2018-12-17T22:10:02.364583805Z 26 PC: 13acf | Set disk transfer address