Sample viewer

vx.netlux.org/Virus.DOS.Champaigne.527

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:19:46.680383247Z	42	PC: 12a57 \| Get date 0x12a57: mov byte ptr ds:[bp + 0x2c9], dl 0x12a5c: mov byte ptr ds:[bp + 0x2c8], dh 0x12a61: mov byte ptr ds:[bp + 0x2c7], al 0x12a66: cmp al, 0 0x12a68: je 0x12a74 0x12a6a: mov di, 0x100 0x12a6d: lea si, word ptr [bp + 0x28b] 0x12a71: push di 0x12a72: movsw word ptr es:[di], word ptr [si] 0x12a73: movsw word ptr es:[di], word ptr [si] 0x12a74: lea dx, word ptr [bp + 0x2e9] 0x12a78: call 0x12b7b 0x12a7b: jmp 0x12b66 0x12a7e: cmp byte ptr ds:[bp + 0x2c9], 0x19 0x12a84: jne 0x12a91 0x12a86: call 0x12ab8 0x12a89: cmp byte ptr ds:[bp + 0x2c8], 6 0x12a8f: je 0x12aaf 0x12a91: mov dx, 0x80 0x12a94: call 0x12b7b
2018-12-17T22:19:46.683125291Z	26	PC: 12b7f \| Set disk transfer address
2018-12-17T22:19:46.684464804Z	78	PC: 12b71 \| Find first file
2018-12-17T22:19:46.691195615Z	61	PC: 12ad6 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:19:46.699771464Z	87	PC: 12adc \| Get or set file date and time
2018-12-17T22:19:46.701534693Z	63	PC: 12ae9 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:19:46.709233195Z	66	PC: 12b85 \| Move file pointer
2018-12-17T22:19:46.710677883Z	66	PC: 12b85 \| Move file pointer
2018-12-17T22:19:46.71237941Z	64	PC: 12bc0 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:19:46.715300207Z	66	PC: 12b85 \| Move file pointer
2018-12-17T22:19:46.716864955Z	44	PC: 12b1c \| Get time 0x12b1c: mov word ptr ds:[bp + 0x2d4], dx 0x12b21: mov cx, 0x12 0x12b24: lea di, word ptr [bp + 0x314] 0x12b28: lea si, word ptr [bp + 0x2d6] 0x12b2c: push cx 0x12b2d: push si 0x12b2e: rep movsb byte ptr es:[di], byte ptr [si] 0x12b30: cmp byte ptr ds:[bp + 0x2c7], 0 0x12b36: jne 0x12b44 0x12b38: mov cx, 0xd 0x12b3b: lea si, word ptr [bp + 0x250] 0x12b3f: rep movsb byte ptr es:[di], byte ptr [si] 0x12b41: jmp 0x12b4d 0x12b43: nop 0x12b44: mov cx, 0xb 0x12b47: lea si, word ptr [bp + 0x164] 0x12b4b: rep movsb byte ptr es:[di], byte ptr [si] 0x12b4d: pop si 0x12b4e: pop cx 0x12b4f: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-17T22:19:46.719899211Z	64	PC: 12c71 \| Write file or device (Write 527 bytes on handle 5)
2018-12-17T22:19:46.735456543Z	87	PC: 12b5e \| Get or set file date and time
2018-12-17T22:19:46.736992074Z	62	PC: 12b62 \| Close file
2018-12-17T22:19:46.745814603Z	79	PC: 12b71 \| Find next file
2018-12-17T22:19:46.748616365Z	61	PC: 12ad6 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:19:46.755812167Z	87	PC: 12adc \| Get or set file date and time
2018-12-17T22:19:46.757758843Z	63	PC: 12ae9 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:19:46.764770758Z	87	PC: 12b5e \| Get or set file date and time
2018-12-17T22:19:46.766190529Z	62	PC: 12b62 \| Close file
2018-12-17T22:19:46.774945287Z	79	PC: 12b71 \| Find next file
2018-12-17T22:19:46.777978972Z	61	PC: 12ad6 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:19:46.785122908Z	87	PC: 12adc \| Get or set file date and time
2018-12-17T22:19:46.787058258Z	63	PC: 12ae9 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:19:46.794332922Z	66	PC: 12b85 \| Move file pointer
2018-12-17T22:19:46.795835077Z	66	PC: 12b85 \| Move file pointer
2018-12-17T22:19:46.797556021Z	64	PC: 12bc0 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:19:46.800682659Z	66	PC: 12b85 \| Move file pointer
2018-12-17T22:19:46.80217946Z	44	PC: 12b1c \| Get time 0x12b1c: mov word ptr ds:[bp + 0x2d4], dx 0x12b21: mov cx, 0x12 0x12b24: lea di, word ptr [bp + 0x314] 0x12b28: lea si, word ptr [bp + 0x2d6] 0x12b2c: push cx 0x12b2d: push si 0x12b2e: rep movsb byte ptr es:[di], byte ptr [si] 0x12b30: cmp byte ptr ds:[bp + 0x2c7], 0 0x12b36: jne 0x12b44 0x12b38: mov cx, 0xd 0x12b3b: lea si, word ptr [bp + 0x250] 0x12b3f: rep movsb byte ptr es:[di], byte ptr [si] 0x12b41: jmp 0x12b4d 0x12b43: nop 0x12b44: mov cx, 0xb 0x12b47: lea si, word ptr [bp + 0x164] 0x12b4b: rep movsb byte ptr es:[di], byte ptr [si] 0x12b4d: pop si 0x12b4e: pop cx 0x12b4f: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-17T22:19:46.804831562Z	64	PC: 12c71 \| Write file or device (Write 527 bytes on handle 5)
2018-12-17T22:19:46.814082972Z	87	PC: 12b5e \| Get or set file date and time
2018-12-17T22:19:46.815700748Z	62	PC: 12b62 \| Close file
2018-12-17T22:19:46.824441554Z	79	PC: 12b71 \| Find next file
2018-12-17T22:19:46.828340406Z	61	PC: 12ad6 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:19:46.835804102Z	87	PC: 12adc \| Get or set file date and time
2018-12-17T22:19:46.838207173Z	63	PC: 12ae9 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:19:46.845722282Z	87	PC: 12b5e \| Get or set file date and time
2018-12-17T22:19:46.847305992Z	62	PC: 12b62 \| Close file
2018-12-17T22:19:46.855039424Z	79	PC: 12b71 \| Find next file
2018-12-17T22:19:46.858394881Z	61	PC: 12ad6 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:19:46.865551659Z	87	PC: 12adc \| Get or set file date and time
2018-12-17T22:19:46.867000419Z	63	PC: 12ae9 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:19:46.874347215Z	87	PC: 12b5e \| Get or set file date and time
2018-12-17T22:19:46.875906124Z	62	PC: 12b62 \| Close file
2018-12-17T22:19:46.883573546Z	79	PC: 12b71 \| Find next file
2018-12-17T22:19:46.886911921Z	61	PC: 12ad6 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:19:46.894236714Z	87	PC: 12adc \| Get or set file date and time
2018-12-17T22:19:46.895729412Z	63	PC: 12ae9 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:19:46.903435328Z	66	PC: 12b85 \| Move file pointer
2018-12-17T22:19:46.905306941Z	66	PC: 12b85 \| Move file pointer
2018-12-17T22:19:46.906811936Z	64	PC: 12bc0 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:19:46.909652948Z	66	PC: 12b85 \| Move file pointer
2018-12-17T22:19:46.911366057Z	44	PC: 12b1c \| Get time 0x12b1c: mov word ptr ds:[bp + 0x2d4], dx 0x12b21: mov cx, 0x12 0x12b24: lea di, word ptr [bp + 0x314] 0x12b28: lea si, word ptr [bp + 0x2d6] 0x12b2c: push cx 0x12b2d: push si 0x12b2e: rep movsb byte ptr es:[di], byte ptr [si] 0x12b30: cmp byte ptr ds:[bp + 0x2c7], 0 0x12b36: jne 0x12b44 0x12b38: mov cx, 0xd 0x12b3b: lea si, word ptr [bp + 0x250] 0x12b3f: rep movsb byte ptr es:[di], byte ptr [si] 0x12b41: jmp 0x12b4d 0x12b43: nop 0x12b44: mov cx, 0xb 0x12b47: lea si, word ptr [bp + 0x164] 0x12b4b: rep movsb byte ptr es:[di], byte ptr [si] 0x12b4d: pop si 0x12b4e: pop cx 0x12b4f: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-17T22:19:46.913983465Z	64	PC: 12c71 \| Write file or device (Write 527 bytes on handle 5)
2018-12-17T22:19:46.923729675Z	87	PC: 12b5e \| Get or set file date and time
2018-12-17T22:19:46.92641529Z	62	PC: 12b62 \| Close file
2018-12-17T22:19:46.935023995Z	79	PC: 12b71 \| Find next file
2018-12-17T22:19:46.937823172Z	61	PC: 12ad6 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:19:46.945510554Z	87	PC: 12adc \| Get or set file date and time
2018-12-17T22:19:46.94694785Z	63	PC: 12ae9 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:19:46.95407156Z	87	PC: 12b5e \| Get or set file date and time
2018-12-17T22:19:46.956169656Z	62	PC: 12b62 \| Close file
2018-12-17T22:19:46.963952906Z	79	PC: 12b71 \| Find next file
2018-12-17T22:19:46.966317675Z	61	PC: 12ad6 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:19:46.971180892Z	87	PC: 12adc \| Get or set file date and time
2018-12-17T22:19:46.972316522Z	63	PC: 12ae9 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:19:46.97411139Z	87	PC: 12b5e \| Get or set file date and time
2018-12-17T22:19:46.976049246Z	62	PC: 12b62 \| Close file
2018-12-17T22:19:46.980790576Z	79	PC: 12b71 \| Find next file
2018-12-17T22:19:46.982467217Z	26	PC: 12b7f \| Set disk transfer address