Sample viewer

vx.netlux.org/Virus.DOS.Corea.376

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:17:11.461840093Z	78	PC: 12b3a \| Find first file
2018-12-17T22:17:11.469001849Z	67	PC: 12b3a \| Get or set file attributes
2018-12-17T22:17:11.489393841Z	61	PC: 12b3a \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:17:11.493525349Z	77	PC: 12a87 \| Get program return code
2018-12-17T22:17:11.494812466Z	66	PC: 12b3a \| Move file pointer
2018-12-17T22:17:11.496037163Z	64	PC: 12b3a \| Write file or device (Write 376 bytes on handle 5)
2018-12-17T22:17:11.500193358Z	62	PC: 12b3a \| Close file
2018-12-17T22:17:11.505273689Z	79	PC: 12b3a \| Find next file
2018-12-17T22:17:11.507602592Z	67	PC: 12b3a \| Get or set file attributes
2018-12-17T22:17:11.515337525Z	61	PC: 12b3a \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:17:11.522528248Z	77	PC: 12a87 \| Get program return code
2018-12-17T22:17:11.524081835Z	66	PC: 12b3a \| Move file pointer
2018-12-17T22:17:11.525181342Z	64	PC: 12b3a \| Write file or device (Write 376 bytes on handle 5)
2018-12-17T22:17:11.531250969Z	62	PC: 12b3a \| Close file
2018-12-17T22:17:11.541279344Z	79	PC: 12b3a \| Find next file
2018-12-17T22:17:11.543960598Z	67	PC: 12b3a \| Get or set file attributes
2018-12-17T22:17:11.559395335Z	61	PC: 12b3a \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:17:11.567044612Z	77	PC: 12a87 \| Get program return code
2018-12-17T22:17:11.568344101Z	66	PC: 12b3a \| Move file pointer
2018-12-17T22:17:11.5698687Z	64	PC: 12b3a \| Write file or device (Write 376 bytes on handle 5)
2018-12-17T22:17:11.577557688Z	62	PC: 12b3a \| Close file
2018-12-17T22:17:11.585218624Z	79	PC: 12b3a \| Find next file
2018-12-17T22:17:11.587837002Z	67	PC: 12b3a \| Get or set file attributes
2018-12-17T22:17:11.598291455Z	61	PC: 12b3a \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:17:11.605030079Z	77	PC: 12a87 \| Get program return code
2018-12-17T22:17:11.606512727Z	66	PC: 12b3a \| Move file pointer
2018-12-17T22:17:11.608492206Z	64	PC: 12b3a \| Write file or device (Write 376 bytes on handle 5)
2018-12-17T22:17:11.615668149Z	62	PC: 12b3a \| Close file
2018-12-17T22:17:11.62377848Z	79	PC: 12b3a \| Find next file
2018-12-17T22:17:11.632427703Z	67	PC: 12b3a \| Get or set file attributes
2018-12-17T22:17:11.642145579Z	61	PC: 12b3a \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:17:11.649872256Z	77	PC: 12a87 \| Get program return code
2018-12-17T22:17:11.651147346Z	66	PC: 12b3a \| Move file pointer
2018-12-17T22:17:11.653563897Z	64	PC: 12b3a \| Write file or device (Write 376 bytes on handle 5)
2018-12-17T22:17:11.66049819Z	62	PC: 12b3a \| Close file
2018-12-17T22:17:11.66794855Z	79	PC: 12b3a \| Find next file
2018-12-17T22:17:11.671294037Z	67	PC: 12b3a \| Get or set file attributes
2018-12-17T22:17:11.680866453Z	61	PC: 12b3a \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:17:11.687804938Z	77	PC: 12a87 \| Get program return code
2018-12-17T22:17:11.689846084Z	66	PC: 12b3a \| Move file pointer
2018-12-17T22:17:11.691359701Z	64	PC: 12b3a \| Write file or device (Write 376 bytes on handle 5)
2018-12-17T22:17:11.698139514Z	62	PC: 12b3a \| Close file
2018-12-17T22:17:11.706377207Z	79	PC: 12b3a \| Find next file
2018-12-17T22:17:11.709530213Z	67	PC: 12b3a \| Get or set file attributes
2018-12-17T22:17:11.721934691Z	61	PC: 12b3a \| Open file (Filename = 'PAH.COM')
2018-12-17T22:17:11.730570273Z	77	PC: 12a87 \| Get program return code
2018-12-17T22:17:11.732051035Z	66	PC: 12b3a \| Move file pointer
2018-12-17T22:17:11.733690577Z	64	PC: 12b3a \| Write file or device (Write 376 bytes on handle 5)
2018-12-17T22:17:11.74095344Z	62	PC: 12b3a \| Close file
2018-12-17T22:17:11.748559834Z	79	PC: 12b3a \| Find next file
2018-12-17T22:17:11.751038476Z	67	PC: 12b3a \| Get or set file attributes
2018-12-17T22:17:11.760925819Z	61	PC: 12b3a \| Open file (Filename = 'TEST.COM')
2018-12-17T22:17:11.767334717Z	77	PC: 12a87 \| Get program return code
2018-12-17T22:17:11.768344447Z	66	PC: 12b3a \| Move file pointer
2018-12-17T22:17:11.770003256Z	64	PC: 12b3a \| Write file or device (Write 376 bytes on handle 5)
2018-12-17T22:17:11.776412953Z	62	PC: 12b3a \| Close file
2018-12-17T22:17:11.78395982Z	79	PC: 12b3a \| Find next file
2018-12-17T22:17:11.787314822Z	53	PC: 12b3a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:17:11.788406442Z	37	PC: 12b3a \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:17:11.789422627Z	9	PC: 12b3a \| Display string (String= '�S��S��S��S��S��S��S��S��S��S��S��S��S��S��S��S��S��S��S��S��S��S��S��S��S��S��S��x��'B66a:' �test.4c.om2 �')
2018-12-17T22:17:11.793715873Z	49	PC: 12b3a \| Terminate and stay resident (Return code = '36' \| Memory size = '40')