Sample viewer

vx.netlux.org/Virus.DOS.Manuel.972

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:19:47.91403846Z	82	PC: 15670 \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:19:47.91590359Z	74	PC: 156c0 \| Reallocate memory
2018-12-17T22:19:47.917316302Z	72	PC: 156c9 \| Allocate memory
2018-12-17T22:19:47.918945084Z	42	PC: 9f8d2 \| Get date 0x9f8d2: mov al, dh 0x9f8d4: sub cx, 0x76c 0x9f8d8: mov ah, cl 0x9f8da: ret 0x9f8db: push ax 0x9f8dc: mov ah, 0x35 0x9f8de: int 0x21 0x9f8e0: mov ax, es 0x9f8e2: mov word ptr [si + 2], ax 0x9f8e5: mov word ptr [si], bx 0x9f8e7: pop ax 0x9f8e8: mov ah, 0x25 0x9f8ea: int 0x21 0x9f8ec: ret 0x9f8ed: push cs 0x9f8ee: pop ds 0x9f8ef: mov byte ptr [0x19], 0 0x9f8f4: mov byte ptr [0x1a], 0 0x9f8f9: call 0xaf8ce 0x9f8fc: cmp ax, word ptr [0x17]
2018-12-17T22:19:47.92203606Z	53	PC: 9f8e0 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:47.923428328Z	37	PC: 9f8ec \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:47.924982902Z	67	PC: 9f9e5 \| Get or set file attributes
2018-12-17T22:19:47.934994697Z	61	PC: 9f9ff \| Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-17T22:19:47.941752879Z	87	PC: 9fa0d \| Get or set file date and time
2018-12-17T22:19:47.943156597Z	63	PC: 9fa19 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:19:47.949445382Z	66	PC: 9fa24 \| Move file pointer
2018-12-17T22:19:47.950907031Z	66	PC: 9fa45 \| Move file pointer
2018-12-17T22:19:47.952203173Z	63	PC: 9fa4f \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:19:47.958322969Z	42	PC: 9f8d2 \| Get date 0x9f8d2: mov al, dh 0x9f8d4: sub cx, 0x76c 0x9f8d8: mov ah, cl 0x9f8da: ret 0x9f8db: push ax 0x9f8dc: mov ah, 0x35 0x9f8de: int 0x21 0x9f8e0: mov ax, es 0x9f8e2: mov word ptr [si + 2], ax 0x9f8e5: mov word ptr [si], bx 0x9f8e7: pop ax 0x9f8e8: mov ah, 0x25 0x9f8ea: int 0x21 0x9f8ec: ret 0x9f8ed: push cs 0x9f8ee: pop ds 0x9f8ef: mov byte ptr [0x19], 0 0x9f8f4: mov byte ptr [0x1a], 0 0x9f8f9: call 0xaf8ce 0x9f8fc: cmp ax, word ptr [0x17]
2018-12-17T22:19:47.961209861Z	64	PC: 9fa7e \| Write file or device (Write 972 bytes on handle 5)
2018-12-17T22:19:48.305121778Z	66	PC: 9fa89 \| Move file pointer
2018-12-17T22:19:48.307328012Z	64	PC: 9fa9b \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:19:48.310868285Z	87	PC: 9faa2 \| Get or set file date and time
2018-12-17T22:19:48.312976728Z	62	PC: 9faa6 \| Close file
2018-12-17T22:19:48.320469239Z	37	PC: 9fac5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:48.323379692Z	53	PC: 9f8e0 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:48.325644439Z	37	PC: 9f8ec \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:48.327472188Z	67	PC: 9f9e5 \| Get or set file attributes
2018-12-17T22:19:48.336046477Z	37	PC: 9fac5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:48.337476306Z	30	PC: 9f923 \| Reserved
2018-12-17T22:19:48.338744994Z	53	PC: 9f8e0 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:48.340173569Z	37	PC: 9f8ec \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:48.34180013Z	67	PC: 9f9e5 \| Get or set file attributes
2018-12-17T22:19:48.349280348Z	61	PC: 9f9ff \| Open file (Filename = 'C:\DOS\KEYB.COM')
2018-12-17T22:19:48.356707821Z	87	PC: 9fa0d \| Get or set file date and time
2018-12-17T22:19:48.358288526Z	63	PC: 9fa19 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:19:48.363681201Z	66	PC: 9fa24 \| Move file pointer
2018-12-17T22:19:48.365590031Z	66	PC: 9fa45 \| Move file pointer
2018-12-17T22:19:48.367411307Z	63	PC: 9fa4f \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:19:48.373224334Z	42	PC: 9f8d2 \| Get date 0x9f8d2: mov al, dh 0x9f8d4: sub cx, 0x76c 0x9f8d8: mov ah, cl 0x9f8da: ret 0x9f8db: push ax 0x9f8dc: mov ah, 0x35 0x9f8de: int 0x21 0x9f8e0: mov ax, es 0x9f8e2: mov word ptr [si + 2], ax 0x9f8e5: mov word ptr [si], bx 0x9f8e7: pop ax 0x9f8e8: mov ah, 0x25 0x9f8ea: int 0x21 0x9f8ec: ret 0x9f8ed: push cs 0x9f8ee: pop ds 0x9f8ef: mov byte ptr [0x19], 0 0x9f8f4: mov byte ptr [0x1a], 0 0x9f8f9: call 0xaf8ce 0x9f8fc: cmp ax, word ptr [0x17]
2018-12-17T22:19:48.375511416Z	64	PC: 9fa7e \| Write file or device (Write 972 bytes on handle 5)
2018-12-17T22:19:48.3852383Z	66	PC: 9fa89 \| Move file pointer
2018-12-17T22:19:48.387258321Z	64	PC: 9fa9b \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:19:48.39702989Z	87	PC: 9faa2 \| Get or set file date and time
2018-12-17T22:19:48.398788546Z	62	PC: 9faa6 \| Close file
2018-12-17T22:19:48.406814575Z	37	PC: 9fac5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:48.40846347Z	53	PC: 9f8e0 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:48.409918103Z	37	PC: 9f8ec \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:48.412087459Z	67	PC: 9f9e5 \| Get or set file attributes
2018-12-17T22:19:48.418635831Z	37	PC: 9fac5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:48.420629509Z	53	PC: 9f8e0 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:19:48.421755418Z	37	PC: 9f8ec \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:19:48.423095453Z	9	PC: 12a51 \| Display string (String= 'This is a sample!')
2018-12-17T22:19:48.426415923Z	76	PC: 12a56 \| Terminate with return code (Return code = '0')