Sample viewer

vx.netlux.org/Virus.DOS.Ksenia.4482

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:19:28.431955459Z	24	PC: 12b82 \| Reserved
2018-12-17T22:19:28.434764081Z	53	PC: 1320f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:19:28.436248551Z	37	PC: 13222 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:19:28.437880834Z	53	PC: 13227 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:19:28.440370277Z	37	PC: 13237 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:19:28.442441868Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:28.444098814Z	74	PC: 12c14 \| Reallocate memory
2018-12-17T22:19:28.445940816Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:28.448846835Z	113	PC: 13636 \| UNKNOWN!
2018-12-17T22:19:28.449960481Z	67	PC: 13636 \| Get or set file attributes
2018-12-17T22:19:28.456036276Z	113	PC: 13636 \| UNKNOWN!
2018-12-17T22:19:28.458556984Z	108	PC: 13636 \| Extended open/create file
2018-12-17T22:19:28.465431112Z	68	PC: 13636 \| I/O control for devices (Set for = '')
2018-12-17T22:19:28.467203735Z	66	PC: 13636 \| Move file pointer
2018-12-17T22:19:28.469761062Z	66	PC: 13636 \| Move file pointer
2018-12-17T22:19:28.471413368Z	63	PC: 13636 \| Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:19:28.474269788Z	66	PC: 13636 \| Move file pointer
2018-12-17T22:19:28.478446268Z	63	PC: 13636 \| Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:19:28.481643508Z	66	PC: 13636 \| Move file pointer
2018-12-17T22:19:28.483116433Z	87	PC: 13636 \| Get or set file date and time
2018-12-17T22:19:28.484803028Z	44	PC: 13636 \| Get time 0x13636: ret 0x13637: push ax 0x13638: push dx 0x13639: mov ax, 0x4400 0x1363c: call 0x23631 0x1363f: jb 0x13645 0x13641: sub dl, 0x80 0x13644: cmc 0x13645: pop dx 0x13646: pop ax 0x13647: ret 0x13648: xchg ah, al 0x1364a: call 0x13653 0x1364d: xchg ah, al 0x1364f: call 0x13653 0x13652: ret 0x13653: cmp al, 0x61 0x13655: jb 0x1365d 0x13657: cmp al, 0x7a 0x13659: ja 0x1365d
2018-12-17T22:19:28.487745111Z	66	PC: 13636 \| Move file pointer
2018-12-17T22:19:28.491928768Z	64	PC: 13636 \| Write file or device (Write 4482 bytes on handle 5)
2018-12-17T22:19:28.496310027Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:28.511487414Z	66	PC: 13636 \| Move file pointer
2018-12-17T22:19:28.513139782Z	64	PC: 13636 \| Write file or device (Write 32 bytes on handle 5)
2018-12-17T22:19:28.516111395Z	87	PC: 13636 \| Get or set file date and time
2018-12-17T22:19:28.51977327Z	87	PC: 13636 \| Get or set file date and time
2018-12-17T22:19:28.521590853Z	66	PC: 13636 \| Move file pointer
2018-12-17T22:19:28.523341938Z	66	PC: 13636 \| Move file pointer
2018-12-17T22:19:28.525570714Z	63	PC: 13636 \| Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:19:28.528098107Z	66	PC: 13636 \| Move file pointer
2018-12-17T22:19:28.534591065Z	87	PC: 13636 \| Get or set file date and time
2018-12-17T22:19:28.54145955Z	62	PC: 13636 \| Close file
2018-12-17T22:19:28.548883626Z	113	PC: 13636 \| UNKNOWN!
2018-12-17T22:19:28.549780231Z	75	PC: 12c35 \| Execute program
2018-12-17T22:19:28.560006921Z	48	PC: 162ad \| Get DOS version
2018-12-17T22:19:28.561974415Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:28.563934722Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:28.566376215Z	73	PC: 12c3f \| Release memory
2018-12-17T22:19:28.56784964Z	77	PC: 12c63 \| Get program return code
2018-12-17T22:19:28.568934081Z	76	PC: 12c67 \| Terminate with return code (Return code = '0')
2018-12-17T22:19:28.571283849Z	77	PC: 11fe0 \| Get program return code
2018-12-17T22:19:28.572758115Z	72	PC: 12174 \| Allocate memory
2018-12-17T22:19:28.574181808Z	72	PC: 1218d \| Allocate memory
2018-12-17T22:19:28.575518105Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:19:28.576990522Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:19:28.57837046Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:28.579502856Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:28.580890322Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.581992672Z	62	PC: 13636 \| Close file
2018-12-17T22:19:28.583025096Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.584765824Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:28.58573604Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.587010306Z	62	PC: 13636 \| Close file
2018-12-17T22:19:28.588657093Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.590297013Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:28.594065669Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.595820439Z	62	PC: 13636 \| Close file
2018-12-17T22:19:28.596973271Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.598254741Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:28.599759705Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.600907844Z	62	PC: 13636 \| Close file
2018-12-17T22:19:28.602042664Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.603935046Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:28.604920307Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.606179728Z	62	PC: 13636 \| Close file
2018-12-17T22:19:28.607905246Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.609259554Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:28.610148092Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.611927562Z	62	PC: 13636 \| Close file
2018-12-17T22:19:28.61316821Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.614427983Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:28.616088815Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.617330719Z	62	PC: 13636 \| Close file
2018-12-17T22:19:28.618442127Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.620338358Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:28.621313168Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.622501806Z	62	PC: 13636 \| Close file
2018-12-17T22:19:28.624216994Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.625555692Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:28.626671532Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.628418836Z	62	PC: 13636 \| Close file
2018-12-17T22:19:28.629797855Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.631247739Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:28.632858724Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.634100896Z	62	PC: 13636 \| Close file
2018-12-17T22:19:28.635375694Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.637315004Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:28.638359209Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.639696059Z	62	PC: 13636 \| Close file
2018-12-17T22:19:28.641503937Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.642825193Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:28.643985829Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.645830113Z	62	PC: 13636 \| Close file
2018-12-17T22:19:28.647021843Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.648485881Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:28.650035106Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.651391878Z	62	PC: 13636 \| Close file
2018-12-17T22:19:28.652805079Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.654706552Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:28.655752558Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.656918277Z	62	PC: 13636 \| Close file
2018-12-17T22:19:28.6586941Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.659990075Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:28.660891883Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.663006674Z	62	PC: 13636 \| Close file
2018-12-17T22:19:28.664274712Z	68	PC: 13636 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:19:28.666257147Z	99	PC: 9a5d7 \| Get DBCS lead byte table pointer
2018-12-17T22:19:28.667964982Z	56	PC: 94df9 \| Get or set country info
2018-12-17T22:19:28.669456226Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:28.670379753Z	68	PC: 13636 \| I/O control for devices (Set for = ' %1 mm-dd-yy')
2018-12-17T22:19:28.672545828Z	68	PC: 13636 \| I/O control for devices (Set for = ' %1 mm-dd-yy')
2018-12-17T22:19:28.673803645Z	64	PC: 13636 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:19:28.676362206Z	68	PC: 13636 \| I/O control for devices (Set for = ' %1 mm-dd-yy')
2018-12-17T22:19:28.678280411Z	25	PC: 94e62 \| Get default drive
2018-12-17T22:19:28.679742498Z	71	PC: 970dd \| Get current directory
2018-12-17T22:19:28.682518251Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:28.684179116Z	68	PC: 13636 \| I/O control for devices (Set for = 'A:\ win TEMP=C:\WINDOWS\TEMP$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$MS DOS Version 6 (C)Copyright 1981-1994 Microsoft Corp Licensed Material - Property of Microsoft All rights reserved ')
2018-12-17T22:19:28.685388084Z	68	PC: 13636 \| I/O control for devices (Set for = 'A:\ win TEMP=C:\WINDOWS\TEMP$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$MS DOS Version 6 (C)Copyright 1981-1994 Microsoft Corp Licensed Material - Property of Microsoft All rights reserved ')
2018-12-17T22:19:28.686705555Z	64	PC: 13636 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:19:28.689180425Z	68	PC: 13636 \| I/O control for devices (Set for = 'A:\ win TEMP=C:\WINDOWS\TEMP$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$MS DOS Version 6 (C)Copyright 1981-1994 Microsoft Corp Licensed Material - Property of Microsoft All rights reserved ')
2018-12-17T22:19:28.69074254Z	2	PC: 970b2 \| Character output (Char = '3e')
2018-12-17T22:19:28.692418184Z	93	PC: 94f20 \| File sharing functions
2018-12-17T22:19:28.694334132Z	93	PC: 94f27 \| File sharing functions
2018-12-17T22:19:28.69569877Z	10	PC: 94f39 \| Buffered keyboard input
2018-12-17T22:19:29.560428069Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:30.55092808Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:31.540513895Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:32.529781748Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:33.520011416Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:34.50926354Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:35.498720174Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:36.488845766Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:37.478124748Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:38.467554554Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:39.45784547Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:40.447178382Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:41.436249793Z	98	PC: 13636 \| Get current PSP
2018-12-17T22:19:42.426327247Z	98	PC: 13636 \| Get current PSP