Sample viewer

vx.netlux.org/Virus.DOS.Criminal.2615

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:10:51.799693461Z 53 PC: 194d2 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:10:51.802252937Z 37 PC: 194ec | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:10:51.803614846Z 14 PC: 191f8 | Set default drive (Drive = '?')
2018-12-17T22:10:51.804735637Z 26 PC: 192d5 | Set disk transfer address
2018-12-17T22:10:51.806269409Z 59 PC: 192de | Change current directory
2018-12-17T22:10:51.810067174Z 78 PC: 19310 | Find first file
2018-12-17T22:10:51.81597873Z 79 PC: 1932b | Find next file
2018-12-17T22:10:51.818649214Z 79 PC: 1932b | Find next file
2018-12-17T22:10:51.821864825Z 79 PC: 1932b | Find next file
2018-12-17T22:10:51.824371422Z 79 PC: 1932b | Find next file
2018-12-17T22:10:51.826846404Z 79 PC: 1932b | Find next file
2018-12-17T22:10:51.829834865Z 79 PC: 1932b | Find next file
2018-12-17T22:10:51.832308335Z 79 PC: 1932b | Find next file
2018-12-17T22:10:51.834610002Z 79 PC: 1932b | Find next file
2018-12-17T22:10:51.8375357Z 79 PC: 1932b | Find next file
2018-12-17T22:10:51.839707525Z 78 PC: 193dc | Find first file
2018-12-17T22:10:51.845365806Z 67 PC: 19521 | Get or set file attributes
2018-12-17T22:10:51.851595119Z 67 PC: 1953b | Get or set file attributes
2018-12-17T22:10:51.871127697Z 61 PC: 19588 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:10:51.877568536Z 87 PC: 1959d | Get or set file date and time
2018-12-17T22:10:51.881401638Z 63 PC: 195b1 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:10:51.888581893Z 66 PC: 195e6 | Move file pointer
2018-12-17T22:10:51.889944628Z 54 PC: 19620 | Get free disk space
2018-12-17T22:10:51.898891167Z 66 PC: 19660 | Move file pointer
2018-12-17T22:10:51.900143697Z 62 PC: 1966d | Close file
2018-12-17T22:10:51.901752156Z 61 PC: 19678 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:10:51.908769983Z 64 PC: 19693 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:10:51.911782017Z 66 PC: 196b3 | Move file pointer
2018-12-17T22:10:51.91305744Z 64 PC: 196cf | Write file or device (Write 2615 bytes on handle 5)
2018-12-17T22:10:51.922185586Z 87 PC: 19726 | Get or set file date and time
2018-12-17T22:10:51.923924501Z 62 PC: 1972e | Close file
2018-12-17T22:10:51.931280939Z 67 PC: 1973d | Get or set file attributes
2018-12-17T22:10:51.941336166Z 79 PC: 193e8 | Find next file
2018-12-17T22:10:51.94376821Z 67 PC: 19521 | Get or set file attributes
2018-12-17T22:10:51.949801824Z 67 PC: 1953b | Get or set file attributes
2018-12-17T22:10:51.959684588Z 61 PC: 19588 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:10:51.966106543Z 87 PC: 1959d | Get or set file date and time
2018-12-17T22:10:51.967288504Z 63 PC: 195b1 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:10:51.97423882Z 66 PC: 195e6 | Move file pointer
2018-12-17T22:10:51.975551762Z 54 PC: 19620 | Get free disk space
2018-12-17T22:10:51.978480102Z 66 PC: 19660 | Move file pointer
2018-12-17T22:10:51.980049273Z 62 PC: 1966d | Close file
2018-12-17T22:10:51.982666399Z 61 PC: 19678 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:10:51.994006477Z 64 PC: 19693 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:10:52.001121138Z 66 PC: 196b3 | Move file pointer
2018-12-17T22:10:52.002141338Z 64 PC: 196cf | Write file or device (Write 2615 bytes on handle 5)
2018-12-17T22:10:52.008441348Z 87 PC: 19726 | Get or set file date and time
2018-12-17T22:10:52.010005776Z 62 PC: 1972e | Close file
2018-12-17T22:10:52.014851481Z 67 PC: 1973d | Get or set file attributes
2018-12-17T22:10:52.020855493Z 79 PC: 193e8 | Find next file
2018-12-17T22:10:52.023672023Z 67 PC: 19521 | Get or set file attributes
2018-12-17T22:10:52.027688112Z 67 PC: 1953b | Get or set file attributes
2018-12-17T22:10:52.033709451Z 61 PC: 19588 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:10:52.045339693Z 87 PC: 1959d | Get or set file date and time
2018-12-17T22:10:52.046611489Z 63 PC: 195b1 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:10:52.052966854Z 66 PC: 195e6 | Move file pointer
2018-12-17T22:10:52.055059377Z 54 PC: 19620 | Get free disk space
2018-12-17T22:10:52.065601505Z 66 PC: 19660 | Move file pointer
2018-12-17T22:10:52.067096684Z 62 PC: 1966d | Close file
2018-12-17T22:10:52.070149682Z 61 PC: 19678 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:10:52.079421772Z 64 PC: 19693 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:10:52.085800708Z 66 PC: 196b3 | Move file pointer
2018-12-17T22:10:52.087581952Z 64 PC: 196cf | Write file or device (Write 2615 bytes on handle 5)
2018-12-17T22:10:52.096438468Z 87 PC: 19726 | Get or set file date and time
2018-12-17T22:10:52.097910243Z 62 PC: 1972e | Close file
2018-12-17T22:10:52.106569617Z 67 PC: 1973d | Get or set file attributes
2018-12-17T22:10:52.116162742Z 59 PC: 19402 | Change current directory
2018-12-17T22:10:52.120973796Z 26 PC: 19409 | Set disk transfer address
2018-12-17T22:10:52.123518977Z 59 PC: 1934d | Change current directory
2018-12-17T22:10:52.128492825Z 67 PC: 1941d | Get or set file attributes
2018-12-17T22:10:52.134752856Z 26 PC: 19357 | Set disk transfer address
2018-12-17T22:10:52.136375249Z 37 PC: 1950a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:10:52.137518844Z 74 PC: 1926b | Reallocate memory
2018-12-17T22:10:52.138713299Z 53 PC: 19272 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:10:52.140365178Z 37 PC: 19287 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:10:52.141511195Z 75 PC: 192b0 | Execute program
2018-12-17T22:10:54.221648824Z 72 PC: 8f1b9 | Allocate memory
2018-12-17T22:10:54.225078707Z 72 PC: 8f1bd | Allocate memory
2018-12-17T22:10:54.227789048Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-17T22:10:54.231160472Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-17T22:10:54.241996468Z 66 PC: 91f95 | Move file pointer
2018-12-17T22:10:54.2441911Z 62 PC: 91fc1 | Close file
2018-12-17T22:10:54.246377469Z 75 PC: 91fe0 | Execute program
2018-12-17T22:10:54.26227785Z 98 PC: 916f1 | Get current PSP
2018-12-17T22:10:54.263955265Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-17T22:10:54.273468611Z 48 PC: c609 | Get DOS version
2018-12-17T22:10:54.276976504Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-17T22:10:54.28216112Z 2 PC: c38c | Character output (Char = '32')
2018-12-17T22:10:54.284666312Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-17T22:10:54.288992696Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-17T22:10:54.295181056Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-17T22:10:54.303792882Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\SMARTDRV.EXE')
2018-12-17T22:10:54.313778962Z 66 PC: 91f95 | Move file pointer
2018-12-17T22:10:54.316393353Z 62 PC: 91fc1 | Close file
2018-12-17T22:10:54.318419389Z 75 PC: 91fe0 | Execute program
2018-12-17T22:10:54.337910789Z 98 PC: 916f1 | Get current PSP
2018-12-17T22:10:54.34699057Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:10:54.348529036Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:10:54.349779169Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:10:54.351569584Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:10:54.356568221Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:10:54.358546823Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-17T22:10:54.369704683Z 62 PC: 8f8eb | Close file
2018-12-17T22:10:54.371845394Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.373886349Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.376639048Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.378386548Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.379740492Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.382036336Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.383454122Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.384807064Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.386757219Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.388297522Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.390531286Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.392457728Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.394133388Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.395801748Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.398257568Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.400228633Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.401900278Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.404355487Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.406051005Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.407720143Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.409595478Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.412029898Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.413699197Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.415365228Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.417964263Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.419624814Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.421289933Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.423905875Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.425581443Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.427233648Z 62 PC: 8f8f2 | Close file
2018-12-17T22:10:54.429372238Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-17T22:10:54.434054152Z 62 PC: 8f90e | Close file
2018-12-17T22:10:54.436191771Z 69 PC: 8f915 | Duplicate handle
2018-12-17T22:10:54.439569006Z 69 PC: 8f919 | Duplicate handle
2018-12-17T22:10:54.44108112Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T22:10:54.448032378Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T22:10:54.456349285Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T22:10:54.459746142Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T22:10:54.461920765Z 74 PC: 8f9c4 | Reallocate memory
2018-12-17T22:10:54.464942793Z 72 PC: 8f9e0 | Allocate memory
2018-12-17T22:10:54.466284505Z 72 PC: 8f9e4 | Allocate memory
2018-12-17T22:10:54.467418093Z 74 PC: 8f9fb | Reallocate memory
2018-12-17T22:10:54.468956205Z 72 PC: 8fa02 | Allocate memory
2018-12-17T22:10:54.470172956Z 72 PC: 8fa06 | Allocate memory
2018-12-17T22:10:54.471403032Z 73 PC: 8fa11 | Release memory
2018-12-17T22:10:54.472857778Z 73 PC: 8efea | Release memory
2018-12-17T22:10:54.473879363Z 74 PC: 8f003 | Reallocate memory
2018-12-17T22:10:54.475478602Z 72 PC: 8f054 | Allocate memory
2018-12-17T22:10:54.476679802Z 72 PC: 8f058 | Allocate memory
2018-12-17T22:10:54.47778513Z 73 PC: 8f060 | Release memory
2018-12-17T22:10:54.47925497Z 61 PC: 8f080 | Open file (Filename = ' ')
2018-12-17T22:10:54.484595592Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:10:54.489720095Z 66 PC: 8f0ad | Move file pointer
2018-12-17T22:10:54.491431292Z 62 PC: 8f0d1 | Close file
2018-12-17T22:10:54.493001851Z 75 PC: 8f0f2 | Execute program
2018-12-17T22:10:54.514217505Z 80 PC: 12be9 | Set current PSP
2018-12-17T22:10:54.515309291Z 48 PC: 12bee | Get DOS version
2018-12-17T22:10:54.516647064Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-17T22:10:54.518784836Z 101 PC: 12c74 | Get extended country info
2018-12-17T22:10:54.520428122Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-17T22:10:54.521526688Z 74 PC: 12cdc | Reallocate memory
2018-12-17T22:10:54.522802675Z 72 PC: 1355d | Allocate memory
2018-12-17T22:10:54.525814457Z 25 PC: 13596 | Get default drive
2018-12-17T22:10:54.52687725Z 71 PC: 135ad | Get current directory
2018-12-17T22:10:54.533609064Z 59 PC: 135ba | Change current directory
2018-12-17T22:10:54.537521514Z 59 PC: 135c8 | Change current directory
2018-12-17T22:10:54.540888587Z 59 PC: 135d3 | Change current directory
2018-12-17T22:10:54.543308629Z 25 PC: 12d13 | Get default drive
2018-12-17T22:10:54.544806488Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:10:54.54564756Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:10:54.546366101Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:10:54.547917341Z 80 PC: 1301d | Set current PSP
2018-12-17T22:10:54.54875802Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T22:10:54.54982375Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:10:54.55076971Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:10:54.551552266Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-17T22:10:54.55314658Z 72 PC: 130ec | Allocate memory
2018-12-17T22:10:54.555615154Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-17T22:10:54.561371516Z 62 PC: 131ba | Close file
2018-12-17T22:10:54.563620147Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-17T22:10:54.564546801Z 74 PC: 1197c | Reallocate memory
2018-12-17T22:10:54.565735623Z 72 PC: 11991 | Allocate memory
2018-12-17T22:10:54.56760987Z 73 PC: 119b2 | Release memory
2018-12-17T22:10:54.568677387Z 72 PC: 119bd | Allocate memory
2018-12-17T22:10:54.570163757Z 73 PC: 119df | Release memory
2018-12-17T22:10:54.571941006Z 72 PC: 119f5 | Allocate memory
2018-12-17T22:10:54.573468389Z 72 PC: 119fd | Allocate memory