Sample viewer

vx.netlux.org/Virus.DOS.Rip.3214

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:17:12.887638479Z	44	PC: 130f7 \| Get time 0x130f7: mov di, 0x1de 0x130fa: add di, word ptr cs:[0x103] 0x130ff: mov byte ptr cs:[di], ch 0x13102: mov di, 0x1e1 0x13105: add di, word ptr cs:[0x103] 0x1310a: mov byte ptr cs:[di], 0 0x1310e: ret 0x1310f: mov di, 0x150 0x13112: add di, word ptr cs:[0x103] 0x13117: mov cx, 0x7f 0x1311a: mov al, 0 0x1311c: stosb byte ptr es:[di], al 0x1311d: loop 0x1311c 0x1311f: mov ax, cs 0x13121: mov es, ax 0x13123: mov ds, ax 0x13125: mov di, 0x150 0x13128: add di, word ptr cs:[0x103] 0x1312d: mov cx, 0x7f 0x13130: mov si, 0x80
2018-12-17T22:17:12.890422046Z	53	PC: 13161 \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:17:12.892004678Z	53	PC: 13176 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:17:12.89329871Z	53	PC: 1318b \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:17:12.894471653Z	53	PC: 131a0 \| Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-17T22:17:12.896308588Z	53	PC: 131b5 \| Get interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-17T22:17:12.897824489Z	74	PC: 131d5 \| Reallocate memory
2018-12-17T22:17:12.899504024Z	72	PC: 131e4 \| Allocate memory
2018-12-17T22:17:12.906840733Z	37	PC: 1320c \| Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:17:12.908552512Z	37	PC: 13218 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:17:12.910157971Z	37	PC: 13224 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:17:12.912317542Z	37	PC: 13230 \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-17T22:17:12.913725006Z	37	PC: 1323c \| Set interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-17T22:17:12.915106953Z	78	PC: 132c2 \| Find first file
2018-12-17T22:17:12.920266436Z	67	PC: 1333d \| Get or set file attributes
2018-12-17T22:17:12.924181616Z	53	PC: 13260 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:17:12.925689354Z	37	PC: 1327e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:17:12.928204453Z	67	PC: 13288 \| Get or set file attributes
2018-12-17T22:17:12.940439355Z	37	PC: 132a9 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:17:12.941834316Z	61	PC: 1338a \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:17:12.946905031Z	63	PC: 133c8 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:17:12.952044056Z	66	PC: 133e0 \| Move file pointer
2018-12-17T22:17:12.953322001Z	66	PC: 13410 \| Move file pointer
2018-12-17T22:17:12.955529281Z	64	PC: 1342a \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:17:12.957912356Z	66	PC: 13440 \| Move file pointer
2018-12-17T22:17:12.959076243Z	64	PC: 1345a \| Write file or device (Write 3214 bytes on handle 5)
2018-12-17T22:17:12.964965157Z	87	PC: 134db \| Get or set file date and time
2018-12-17T22:17:12.9667212Z	62	PC: 1346a \| Close file
2018-12-17T22:17:12.973290739Z	73	PC: 134a0 \| Release memory
2018-12-17T22:17:12.97435377Z	72	PC: 134a7 \| Allocate memory
2018-12-17T22:17:12.976119833Z	74	PC: 134b3 \| Reallocate memory
2018-12-17T22:17:12.977313897Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')
2018-12-17T22:17:12.981896423Z	37	PC: 22d8e \| Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:17:12.98389745Z	37	PC: 22d9e \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:17:12.985310421Z	37	PC: 22dae \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:17:12.987614207Z	37	PC: 22dbe \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-17T22:17:12.989732417Z	37	PC: 22dce \| Set interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-17T22:17:12.990886738Z	73	PC: 22dda \| Release memory
2018-12-17T22:17:12.992157431Z	49	PC: 22c6e \| Terminate and stay resident (Return code = '36' \| Memory size = '217')