Sample viewer

vx.netlux.org/Virus.DOS.SillyC.295

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:18:49.772822616Z 72 PC: 8f1b9 | Allocate memory
2018-12-17T22:18:49.775331108Z 72 PC: 8f1bd | Allocate memory
2018-12-17T22:18:49.777773498Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-17T22:18:49.780772371Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-17T22:18:49.791933893Z 66 PC: 91f95 | Move file pointer
2018-12-17T22:18:49.805727001Z 62 PC: 91fc1 | Close file
2018-12-17T22:18:49.814399883Z 75 PC: 91fe0 | Execute program
2018-12-17T22:18:49.830757216Z 98 PC: 916f1 | Get current PSP
2018-12-17T22:18:49.832184847Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-17T22:18:49.836360673Z 48 PC: c609 | Get DOS version
2018-12-17T22:18:49.839982412Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-17T22:18:49.842855367Z 2 PC: c38c | Character output (Char = '32')
2018-12-17T22:18:49.844884581Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-17T22:18:49.848320488Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-17T22:18:49.853260141Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-17T22:18:49.857852922Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\SMARTDRV.EXE')
2018-12-17T22:18:49.867611651Z 66 PC: 91f95 | Move file pointer
2018-12-17T22:18:49.869639001Z 62 PC: 91fc1 | Close file
2018-12-17T22:18:49.871810788Z 75 PC: 91fe0 | Execute program
2018-12-17T22:18:49.892529531Z 98 PC: 916f1 | Get current PSP
2018-12-17T22:18:49.897262977Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:18:49.898503578Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:18:49.899566342Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:18:49.901684288Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:18:49.902854737Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:18:49.90391584Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-17T22:18:49.913363401Z 62 PC: 8f8eb | Close file
2018-12-17T22:18:49.915870145Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.91791486Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.929830618Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.931981863Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.934166638Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.936987508Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.939217008Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.941444054Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.943846459Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.950044747Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.951659021Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.953294015Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.954983661Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.956524331Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.958347739Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.963840487Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.965503214Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.966883439Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.969370333Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.970681875Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.971959478Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.975208579Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.976888654Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.978370248Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.980868398Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.982830965Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.984215731Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.986091989Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.988621167Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.990625133Z 62 PC: 8f8f2 | Close file
2018-12-17T22:18:49.993337995Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-17T22:18:49.998580436Z 62 PC: 8f90e | Close file
2018-12-17T22:18:50.000773712Z 69 PC: 8f915 | Duplicate handle
2018-12-17T22:18:50.004240752Z 69 PC: 8f919 | Duplicate handle
2018-12-17T22:18:50.006117203Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T22:18:50.011073851Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T22:18:50.013411817Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T22:18:50.019101933Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T22:18:50.020963672Z 74 PC: 8f9c4 | Reallocate memory
2018-12-17T22:18:50.023341732Z 72 PC: 8f9e0 | Allocate memory
2018-12-17T22:18:50.025453414Z 72 PC: 8f9e4 | Allocate memory
2018-12-17T22:18:50.026864465Z 74 PC: 8f9fb | Reallocate memory
2018-12-17T22:18:50.028793417Z 72 PC: 8fa02 | Allocate memory
2018-12-17T22:18:50.031838676Z 72 PC: 8fa06 | Allocate memory
2018-12-17T22:18:50.033229896Z 73 PC: 8fa11 | Release memory
2018-12-17T22:18:50.035013302Z 73 PC: 8efea | Release memory
2018-12-17T22:18:50.037189915Z 74 PC: 8f003 | Reallocate memory
2018-12-17T22:18:50.038621716Z 72 PC: 8f054 | Allocate memory
2018-12-17T22:18:50.040189714Z 72 PC: 8f058 | Allocate memory
2018-12-17T22:18:50.042846427Z 73 PC: 8f060 | Release memory
2018-12-17T22:18:50.044066028Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-17T22:18:50.052921107Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:18:50.059170737Z 66 PC: 8f0ad | Move file pointer
2018-12-17T22:18:50.060763993Z 62 PC: 8f0d1 | Close file
2018-12-17T22:18:50.062699857Z 75 PC: 8f0f2 | Execute program
2018-12-17T22:18:50.082687344Z 80 PC: 12be9 | Set current PSP
2018-12-17T22:18:50.083706792Z 48 PC: 12bee | Get DOS version
2018-12-17T22:18:50.085191949Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-17T22:18:50.088168211Z 101 PC: 12c74 | Get extended country info
2018-12-17T22:18:50.09011145Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-17T22:18:50.091263562Z 74 PC: 12cdc | Reallocate memory
2018-12-17T22:18:50.092909583Z 72 PC: 1355d | Allocate memory
2018-12-17T22:18:50.09439545Z 25 PC: 13596 | Get default drive
2018-12-17T22:18:50.095430158Z 71 PC: 135ad | Get current directory
2018-12-17T22:18:50.098325271Z 59 PC: 135ba | Change current directory
2018-12-17T22:18:50.103425101Z 59 PC: 135c8 | Change current directory
2018-12-17T22:18:50.108839723Z 59 PC: 135d3 | Change current directory
2018-12-17T22:18:50.113577502Z 25 PC: 12d13 | Get default drive
2018-12-17T22:18:50.116250206Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:18:50.117818093Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:18:50.119648327Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:18:50.121999247Z 80 PC: 1301d | Set current PSP
2018-12-17T22:18:50.123035787Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T22:18:50.125236687Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:18:50.126747843Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:18:50.128110271Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-17T22:18:50.130760693Z 72 PC: 130ec | Allocate memory
2018-12-17T22:18:50.132687486Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-17T22:18:50.138510881Z 62 PC: 131ba | Close file
2018-12-17T22:18:50.141247735Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-17T22:18:50.142447451Z 74 PC: 1197c | Reallocate memory
2018-12-17T22:18:50.144367944Z 72 PC: 11991 | Allocate memory
2018-12-17T22:18:50.147184013Z 73 PC: 119b2 | Release memory
2018-12-17T22:18:50.149287548Z 72 PC: 119bd | Allocate memory
2018-12-17T22:18:50.151364948Z 73 PC: 119df | Release memory
2018-12-17T22:18:50.154135884Z 72 PC: 119f5 | Allocate memory
2018-12-17T22:18:50.156338763Z 72 PC: 119fd | Allocate memory