Sample viewer

vx.netlux.org/Virus.DOS.Ale.1911

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:12:42.574922976Z	11	PC: 1524b \| Get input status
2018-12-17T22:12:42.583433192Z	26	PC: 15272 \| Set disk transfer address
2018-12-17T22:12:42.584984038Z	78	PC: 1527a \| Find first file
2018-12-17T22:12:42.590839667Z	61	PC: 15285 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:12:42.598752507Z	63	PC: 15291 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:12:42.604857598Z	66	PC: 152a2 \| Move file pointer
2018-12-17T22:12:42.606513068Z	64	PC: 15997 \| Write file or device (Write 1911 bytes on handle 5)
2018-12-17T22:12:42.63265644Z	66	PC: 152c4 \| Move file pointer
2018-12-17T22:12:42.634121325Z	64	PC: 152cf \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:12:42.640429823Z	62	PC: 152d3 \| Close file
2018-12-17T22:12:42.649670735Z	79	PC: 1527a \| Find next file
2018-12-17T22:12:42.65315824Z	61	PC: 15285 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:12:42.659491141Z	63	PC: 15291 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:12:42.66629184Z	66	PC: 152a2 \| Move file pointer
2018-12-17T22:12:42.668740856Z	64	PC: 15997 \| Write file or device (Write 1911 bytes on handle 5)
2018-12-17T22:12:42.677508349Z	66	PC: 152c4 \| Move file pointer
2018-12-17T22:12:42.678939124Z	64	PC: 152cf \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:12:42.68574162Z	62	PC: 152d3 \| Close file
2018-12-17T22:12:42.693817822Z	79	PC: 1527a \| Find next file
2018-12-17T22:12:42.696807412Z	61	PC: 15285 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:12:42.704619983Z	63	PC: 15291 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:12:42.720064778Z	66	PC: 152a2 \| Move file pointer
2018-12-17T22:12:42.722149102Z	64	PC: 15997 \| Write file or device (Write 1911 bytes on handle 5)
2018-12-17T22:12:42.732099762Z	66	PC: 152c4 \| Move file pointer
2018-12-17T22:12:42.733776336Z	64	PC: 152cf \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:12:42.740443966Z	62	PC: 152d3 \| Close file
2018-12-17T22:12:42.749223031Z	79	PC: 1527a \| Find next file
2018-12-17T22:12:42.753308271Z	61	PC: 15285 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:12:42.760068016Z	63	PC: 15291 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:12:42.767122156Z	66	PC: 152a2 \| Move file pointer
2018-12-17T22:12:42.769317682Z	64	PC: 15997 \| Write file or device (Write 1911 bytes on handle 5)
2018-12-17T22:12:42.776450947Z	66	PC: 152c4 \| Move file pointer
2018-12-17T22:12:42.778321501Z	64	PC: 152cf \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:12:42.783004662Z	62	PC: 152d3 \| Close file
2018-12-17T22:12:42.788424933Z	79	PC: 1527a \| Find next file
2018-12-17T22:12:42.790767409Z	61	PC: 15285 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:12:42.795107013Z	63	PC: 15291 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:12:42.799025793Z	66	PC: 152a2 \| Move file pointer
2018-12-17T22:12:42.800858701Z	64	PC: 15997 \| Write file or device (Write 1911 bytes on handle 5)
2018-12-17T22:12:42.806811274Z	66	PC: 152c4 \| Move file pointer
2018-12-17T22:12:42.80794358Z	64	PC: 152cf \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:12:42.812151805Z	62	PC: 152d3 \| Close file
2018-12-17T22:12:42.817785863Z	79	PC: 1527a \| Find next file
2018-12-17T22:12:42.81964677Z	61	PC: 15285 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:12:42.823897461Z	63	PC: 15291 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:12:42.83079698Z	66	PC: 152a2 \| Move file pointer
2018-12-17T22:12:42.832628792Z	64	PC: 15997 \| Write file or device (Write 1911 bytes on handle 5)
2018-12-17T22:12:42.840613693Z	66	PC: 152c4 \| Move file pointer
2018-12-17T22:12:42.842693608Z	64	PC: 152cf \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:12:42.849722832Z	62	PC: 152d3 \| Close file
2018-12-17T22:12:42.857102088Z	79	PC: 1527a \| Find next file
2018-12-17T22:12:42.861441629Z	61	PC: 15285 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:12:42.868138054Z	63	PC: 15291 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:12:42.874673569Z	66	PC: 152a2 \| Move file pointer
2018-12-17T22:12:42.877733727Z	64	PC: 15997 \| Write file or device (Write 1911 bytes on handle 5)
2018-12-17T22:12:42.886620563Z	66	PC: 152c4 \| Move file pointer
2018-12-17T22:12:42.888243067Z	64	PC: 152cf \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:12:42.895751738Z	62	PC: 152d3 \| Close file
2018-12-17T22:12:42.904427997Z	79	PC: 1527a \| Find next file
2018-12-17T22:12:42.907380453Z	61	PC: 15285 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:12:42.915279363Z	63	PC: 15291 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:12:42.91791423Z	62	PC: 152d3 \| Close file
2018-12-17T22:12:42.919629158Z	79	PC: 1527a \| Find next file
2018-12-17T22:12:42.922729634Z	26	PC: 152de \| Set disk transfer address
2018-12-17T22:12:42.924008688Z	42	PC: 152e2 \| Get date 0x152e2: cmp dh, byte ptr ds:[bp + 0x83d] 0x152e7: je 0x152f4 0x152e9: cmp byte ptr ds:[bp + 0x83d], 0xd 0x152ef: je 0x152f4 0x152f1: jmp 0x15959 0x152f4: cmp dl, byte ptr ds:[bp + 0x83c] 0x152f9: je 0x15306 0x152fb: cmp byte ptr ds:[bp + 0x83c], 0x20 0x15301: je 0x15306 0x15303: jmp 0x15959 0x15306: lea dx, word ptr [bp + 0x1e1] 0x1530a: mov ah, 9 0x1530c: int 0x21 0x1530e: jmp 0x15939 0x15311: and ah, bl 0x15313: fcomp st(0), st(4) 0x15315: and byte ptr [bx + si], ah 0x15317: and byte ptr [bx + si], ah 0x15319: and byte ptr [bx + si], ah 0x1531b: and byte ptr [bx + si], ah
2018-12-17T22:12:42.926486254Z	53	PC: 138b3 \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:12:42.929357558Z	53	PC: 13e04 \| Get interrupt vector (Interrupt = '64' AKA 'Write file or device')
2018-12-17T22:12:42.930731016Z	37	PC: 13e0e \| Set interrupt vector (Interrupt = '64' AKA 'Write file or device')
2018-12-17T22:12:42.933387512Z	37	PC: 13e1b \| Set interrupt vector (Interrupt = '64' AKA 'Write file or device')
2018-12-17T22:12:42.934908661Z	48	PC: 13db2 \| Get DOS version
2018-12-17T22:12:42.937242865Z	53	PC: 1396a \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:12:42.938318376Z	53	PC: 1396a \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:12:42.939937018Z	48	PC: 139b0 \| Get DOS version
2018-12-17T22:12:42.940899206Z	88	PC: 139be \| case 0xGet or set allocation strateg:
2018-12-17T22:12:42.941895698Z	88	PC: 139c6 \| case 0xGet or set allocation strateg:
2018-12-17T22:12:42.943083695Z	88	PC: 139d1 \| case 0xGet or set allocation strateg:
2018-12-17T22:12:42.944405752Z	88	PC: 139d9 \| case 0xGet or set allocation strateg:
2018-12-17T22:12:42.945420024Z	72	PC: 139de \| Allocate memory
2018-12-17T22:12:42.947365714Z	88	PC: 139e9 \| case 0xGet or set allocation strateg:
2018-12-17T22:12:42.94844062Z	88	PC: 139f4 \| case 0xGet or set allocation strateg:
2018-12-17T22:12:42.949778288Z	73	PC: 13983 \| Release memory
2018-12-17T22:12:42.951737767Z	37	PC: 13a5a \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:12:42.952711783Z	37	PC: 13a5a \| Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:12:42.953813073Z	48	PC: 13c09 \| Get DOS version
2018-12-17T22:12:42.955044082Z	56	PC: 13c20 \| Get or set country info
2018-12-17T22:12:42.956549041Z	64	PC: 13c9f \| Write file or device (Write 10 bytes on handle 1)
2018-12-17T22:12:42.960837356Z	64	PC: 13c9f \| Write file or device (Write 13 bytes on handle 1)
2018-12-17T22:12:42.965422309Z	49	PC: 13709 \| Terminate and stay resident (Return code = '0' \| Memory size = '328')