Sample viewer

vx.netlux.org/Virus.DOS.Bebe.1004

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:15:23.972870759Z	47	PC: 138c1 \| Get disk transfer address
2018-12-17T22:15:23.974423777Z	26	PC: 138d5 \| Set disk transfer address
2018-12-17T22:15:23.976110661Z	78	PC: 138e0 \| Find first file
2018-12-17T22:15:23.981933406Z	61	PC: 138f1 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:15:23.988372315Z	63	PC: 13908 \| Read file or device (Read 14 bytes on handle 5)
2018-12-17T22:15:23.997357335Z	66	PC: 1394f \| Move file pointer
2018-12-17T22:15:23.998785568Z	64	PC: 1395e \| Write file or device (Write 14 bytes on handle 5)
2018-12-17T22:15:24.000924984Z	66	PC: 13970 \| Move file pointer
2018-12-17T22:15:24.005540002Z	64	PC: 13991 \| Write file or device (Write 9 bytes on handle 5)
2018-12-17T22:15:24.008201258Z	64	PC: 139a0 \| Write file or device (Write 1004 bytes on handle 5)
2018-12-17T22:15:24.023267197Z	62	PC: 139a8 \| Close file
2018-12-17T22:15:24.032967066Z	79	PC: 139b0 \| Find next file
2018-12-17T22:15:24.035740443Z	61	PC: 138f1 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:15:24.042120133Z	63	PC: 13908 \| Read file or device (Read 14 bytes on handle 5)
2018-12-17T22:15:24.048983467Z	66	PC: 1394f \| Move file pointer
2018-12-17T22:15:24.050454515Z	64	PC: 1395e \| Write file or device (Write 14 bytes on handle 5)
2018-12-17T22:15:24.053364235Z	66	PC: 13970 \| Move file pointer
2018-12-17T22:15:24.055686081Z	64	PC: 13991 \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:15:24.058221915Z	64	PC: 139a0 \| Write file or device (Write 1004 bytes on handle 5)
2018-12-17T22:15:24.066646126Z	62	PC: 139a8 \| Close file
2018-12-17T22:15:24.075147149Z	79	PC: 139b0 \| Find next file
2018-12-17T22:15:24.078605616Z	61	PC: 138f1 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:15:24.085027962Z	63	PC: 13908 \| Read file or device (Read 14 bytes on handle 5)
2018-12-17T22:15:24.091367251Z	66	PC: 1394f \| Move file pointer
2018-12-17T22:15:24.09349225Z	64	PC: 1395e \| Write file or device (Write 14 bytes on handle 5)
2018-12-17T22:15:24.096766573Z	66	PC: 13970 \| Move file pointer
2018-12-17T22:15:24.098113626Z	64	PC: 13991 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:15:24.10152348Z	64	PC: 139a0 \| Write file or device (Write 1004 bytes on handle 5)
2018-12-17T22:15:24.294506012Z	62	PC: 139a8 \| Close file
2018-12-17T22:15:24.415205608Z	79	PC: 139b0 \| Find next file
2018-12-17T22:15:24.419706914Z	61	PC: 138f1 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:15:24.426523024Z	63	PC: 13908 \| Read file or device (Read 14 bytes on handle 5)
2018-12-17T22:15:24.433182508Z	66	PC: 1394f \| Move file pointer
2018-12-17T22:15:24.436145109Z	64	PC: 1395e \| Write file or device (Write 14 bytes on handle 5)
2018-12-17T22:15:24.439103587Z	66	PC: 13970 \| Move file pointer
2018-12-17T22:15:24.44077897Z	64	PC: 13991 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:15:24.444741927Z	64	PC: 139a0 \| Write file or device (Write 1004 bytes on handle 5)
2018-12-17T22:15:24.453358715Z	62	PC: 139a8 \| Close file
2018-12-17T22:15:24.461911831Z	79	PC: 139b0 \| Find next file
2018-12-17T22:15:24.465513907Z	61	PC: 138f1 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:15:24.472580203Z	63	PC: 13908 \| Read file or device (Read 14 bytes on handle 5)
2018-12-17T22:15:24.479153148Z	66	PC: 1394f \| Move file pointer
2018-12-17T22:15:24.480791228Z	64	PC: 1395e \| Write file or device (Write 14 bytes on handle 5)
2018-12-17T22:15:24.484141981Z	66	PC: 13970 \| Move file pointer
2018-12-17T22:15:24.485875865Z	64	PC: 13991 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:15:24.488778424Z	64	PC: 139a0 \| Write file or device (Write 1004 bytes on handle 5)
2018-12-17T22:15:24.49801794Z	62	PC: 139a8 \| Close file
2018-12-17T22:15:24.506415852Z	79	PC: 139b0 \| Find next file
2018-12-17T22:15:24.509274949Z	61	PC: 138f1 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:15:24.517073906Z	63	PC: 13908 \| Read file or device (Read 14 bytes on handle 5)
2018-12-17T22:15:24.525521186Z	66	PC: 1394f \| Move file pointer
2018-12-17T22:15:24.527188657Z	64	PC: 1395e \| Write file or device (Write 14 bytes on handle 5)
2018-12-17T22:15:24.53176017Z	66	PC: 13970 \| Move file pointer
2018-12-17T22:15:24.533751159Z	64	PC: 13991 \| Write file or device (Write 11 bytes on handle 5)
2018-12-17T22:15:24.536420745Z	64	PC: 139a0 \| Write file or device (Write 1004 bytes on handle 5)
2018-12-17T22:15:24.561178046Z	62	PC: 139a8 \| Close file
2018-12-17T22:15:24.569322014Z	79	PC: 139b0 \| Find next file
2018-12-17T22:15:24.581786932Z	61	PC: 138f1 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:15:24.589111084Z	63	PC: 13908 \| Read file or device (Read 14 bytes on handle 5)
2018-12-17T22:15:24.595567407Z	66	PC: 1394f \| Move file pointer
2018-12-17T22:15:24.609796583Z	64	PC: 1395e \| Write file or device (Write 14 bytes on handle 5)
2018-12-17T22:15:24.613649283Z	66	PC: 13970 \| Move file pointer
2018-12-17T22:15:24.615528812Z	64	PC: 13991 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:15:24.618295502Z	64	PC: 139a0 \| Write file or device (Write 1004 bytes on handle 5)
2018-12-17T22:15:24.627245073Z	62	PC: 139a8 \| Close file
2018-12-17T22:15:24.636325025Z	79	PC: 139b0 \| Find next file
2018-12-17T22:15:24.639590216Z	61	PC: 138f1 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:15:24.646294034Z	63	PC: 13908 \| Read file or device (Read 14 bytes on handle 5)
2018-12-17T22:15:24.650020563Z	62	PC: 139a8 \| Close file
2018-12-17T22:15:24.652035946Z	79	PC: 139b0 \| Find next file
2018-12-17T22:15:24.654748467Z	47	PC: 139be \| Get disk transfer address
2018-12-17T22:15:24.657430318Z	53	PC: 139c4 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:15:24.659079542Z	48	PC: 1369b \| Get DOS version
2018-12-17T22:15:24.660540335Z	9	PC: 136a7 \| Display string (Could not find end pointer)