Sample viewer

vx.netlux.org/Virus.DOS.Corea.376

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:17:11.461840093Z 78 PC: 12b3a | Find first file
2018-12-17T22:17:11.469001849Z 67 PC: 12b3a | Get or set file attributes
2018-12-17T22:17:11.489393841Z 61 PC: 12b3a | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:17:11.493525349Z 77 PC: 12a87 | Get program return code
2018-12-17T22:17:11.494812466Z 66 PC: 12b3a | Move file pointer
2018-12-17T22:17:11.496037163Z 64 PC: 12b3a | Write file or device (Write 376 bytes on handle 5)
2018-12-17T22:17:11.500193358Z 62 PC: 12b3a | Close file
2018-12-17T22:17:11.505273689Z 79 PC: 12b3a | Find next file
2018-12-17T22:17:11.507602592Z 67 PC: 12b3a | Get or set file attributes
2018-12-17T22:17:11.515337525Z 61 PC: 12b3a | Open file (Filename = 'PRINT.COM')
2018-12-17T22:17:11.522528248Z 77 PC: 12a87 | Get program return code
2018-12-17T22:17:11.524081835Z 66 PC: 12b3a | Move file pointer
2018-12-17T22:17:11.525181342Z 64 PC: 12b3a | Write file or device (Write 376 bytes on handle 5)
2018-12-17T22:17:11.531250969Z 62 PC: 12b3a | Close file
2018-12-17T22:17:11.541279344Z 79 PC: 12b3a | Find next file
2018-12-17T22:17:11.543960598Z 67 PC: 12b3a | Get or set file attributes
2018-12-17T22:17:11.559395335Z 61 PC: 12b3a | Open file (Filename = 'HELLO.COM')
2018-12-17T22:17:11.567044612Z 77 PC: 12a87 | Get program return code
2018-12-17T22:17:11.568344101Z 66 PC: 12b3a | Move file pointer
2018-12-17T22:17:11.5698687Z 64 PC: 12b3a | Write file or device (Write 376 bytes on handle 5)
2018-12-17T22:17:11.577557688Z 62 PC: 12b3a | Close file
2018-12-17T22:17:11.585218624Z 79 PC: 12b3a | Find next file
2018-12-17T22:17:11.587837002Z 67 PC: 12b3a | Get or set file attributes
2018-12-17T22:17:11.598291455Z 61 PC: 12b3a | Open file (Filename = 'PHANG.COM')
2018-12-17T22:17:11.605030079Z 77 PC: 12a87 | Get program return code
2018-12-17T22:17:11.606512727Z 66 PC: 12b3a | Move file pointer
2018-12-17T22:17:11.608492206Z 64 PC: 12b3a | Write file or device (Write 376 bytes on handle 5)
2018-12-17T22:17:11.615668149Z 62 PC: 12b3a | Close file
2018-12-17T22:17:11.62377848Z 79 PC: 12b3a | Find next file
2018-12-17T22:17:11.632427703Z 67 PC: 12b3a | Get or set file attributes
2018-12-17T22:17:11.642145579Z 61 PC: 12b3a | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:17:11.649872256Z 77 PC: 12a87 | Get program return code
2018-12-17T22:17:11.651147346Z 66 PC: 12b3a | Move file pointer
2018-12-17T22:17:11.653563897Z 64 PC: 12b3a | Write file or device (Write 376 bytes on handle 5)
2018-12-17T22:17:11.66049819Z 62 PC: 12b3a | Close file
2018-12-17T22:17:11.66794855Z 79 PC: 12b3a | Find next file
2018-12-17T22:17:11.671294037Z 67 PC: 12b3a | Get or set file attributes
2018-12-17T22:17:11.680866453Z 61 PC: 12b3a | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:17:11.687804938Z 77 PC: 12a87 | Get program return code
2018-12-17T22:17:11.689846084Z 66 PC: 12b3a | Move file pointer
2018-12-17T22:17:11.691359701Z 64 PC: 12b3a | Write file or device (Write 376 bytes on handle 5)
2018-12-17T22:17:11.698139514Z 62 PC: 12b3a | Close file
2018-12-17T22:17:11.706377207Z 79 PC: 12b3a | Find next file
2018-12-17T22:17:11.709530213Z 67 PC: 12b3a | Get or set file attributes
2018-12-17T22:17:11.721934691Z 61 PC: 12b3a | Open file (Filename = 'PAH.COM')
2018-12-17T22:17:11.730570273Z 77 PC: 12a87 | Get program return code
2018-12-17T22:17:11.732051035Z 66 PC: 12b3a | Move file pointer
2018-12-17T22:17:11.733690577Z 64 PC: 12b3a | Write file or device (Write 376 bytes on handle 5)
2018-12-17T22:17:11.74095344Z 62 PC: 12b3a | Close file
2018-12-17T22:17:11.748559834Z 79 PC: 12b3a | Find next file
2018-12-17T22:17:11.751038476Z 67 PC: 12b3a | Get or set file attributes
2018-12-17T22:17:11.760925819Z 61 PC: 12b3a | Open file (Filename = 'TEST.COM')
2018-12-17T22:17:11.767334717Z 77 PC: 12a87 | Get program return code
2018-12-17T22:17:11.768344447Z 66 PC: 12b3a | Move file pointer
2018-12-17T22:17:11.770003256Z 64 PC: 12b3a | Write file or device (Write 376 bytes on handle 5)
2018-12-17T22:17:11.776412953Z 62 PC: 12b3a | Close file
2018-12-17T22:17:11.78395982Z 79 PC: 12b3a | Find next file
2018-12-17T22:17:11.787314822Z 53 PC: 12b3a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:17:11.788406442Z 37 PC: 12b3a | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:17:11.789422627Z 9 PC: 12b3a | Display string (String= '�S��S��S��S��S��S��S��S��S��S��S��S��S��S��S��S��S��S��S��S��S��S��S��S��S��S��S���x��'B66a:' �test.4c.om2 �')
2018-12-17T22:17:11.793715873Z 49 PC: 12b3a | Terminate and stay resident (Return code = '36' | Memory size = '40')