Sample viewer

vx.netlux.org/Virus.DOS.VCL.GunRail.328

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:22:05.297599066Z	26	PC: 12b5d \| Set disk transfer address
2018-12-17T22:22:05.298978066Z	53	PC: 12b63 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:22:05.300506422Z	53	PC: 12b70 \| Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:22:05.301539066Z	44	PC: 12b7b \| Get time 0x12b7b: cmp dl, 0xd 0x12b7e: jg 0x12b84 0x12b80: mov al, 0x82 0x12b82: out 0x21, al 0x12b84: mov ah, 0x2c 0x12b86: int 0x21 0x12b88: cmp dl, 0x32 0x12b8b: jl 0x12bba 0x12b8d: mov ah, 9 0x12b8f: lea dx, word ptr [bp + 0x15c] 0x12b93: int 0x21 0x12b95: mov ah, 0 0x12b97: int 0x16 0x12b99: jmp 0x12bba 0x12b9b: nop 0x12b9c: inc di 0x12b9d: jne 0x12c0d 0x12b9f: push dx 0x12ba0: popaw 0x12ba1: imul bp, word ptr [si + 0x20], 0x2041
2018-12-17T22:22:05.303505794Z	44	PC: 12b88 \| Get time 0x12b88: cmp dl, 0x32 0x12b8b: jl 0x12bba 0x12b8d: mov ah, 9 0x12b8f: lea dx, word ptr [bp + 0x15c] 0x12b93: int 0x21 0x12b95: mov ah, 0 0x12b97: int 0x16 0x12b99: jmp 0x12bba 0x12b9b: nop 0x12b9c: inc di 0x12b9d: jne 0x12c0d 0x12b9f: push dx 0x12ba0: popaw 0x12ba1: imul bp, word ptr [si + 0x20], 0x2041 0x12ba6: push si 0x12ba7: imul si, word ptr [bp + si + 0x75], 0x2073 0x12bac: dec cx 0x12bad: outsb dx, byte ptr [si] 0x12bae: arpl word ptr gs:[si + 0x65], si 0x12bb3: and word ptr fs:[bx + di], sp
2018-12-17T22:22:05.30531646Z	78	PC: 12bd8 \| Find first file
2018-12-17T22:22:05.310619924Z	61	PC: 12be8 \| Open file (Filename = '')
2018-12-17T22:22:05.315565844Z	63	PC: 12bf6 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:22:05.321959238Z	66	PC: 12c05 \| Move file pointer
2018-12-17T22:22:05.323311802Z	64	PC: 12c17 \| Write file or device (Write 328 bytes on handle 5)
2018-12-17T22:22:05.336858803Z	66	PC: 12c1f \| Move file pointer
2018-12-17T22:22:05.339223134Z	64	PC: 12c2a \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:22:05.343361792Z	62	PC: 12c2e \| Close file
2018-12-17T22:22:05.348551128Z	79	PC: 12bd8 \| Find next file
2018-12-17T22:22:05.350917583Z	61	PC: 12be8 \| Open file (Filename = '')
2018-12-17T22:22:05.355214284Z	63	PC: 12bf6 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:22:05.359667044Z	66	PC: 12c05 \| Move file pointer
2018-12-17T22:22:05.361319008Z	64	PC: 12c17 \| Write file or device (Write 328 bytes on handle 5)
2018-12-17T22:22:05.363157713Z	66	PC: 12c1f \| Move file pointer
2018-12-17T22:22:05.364206014Z	64	PC: 12c2a \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:22:05.366825755Z	62	PC: 12c2e \| Close file
2018-12-17T22:22:05.371983257Z	79	PC: 12bd8 \| Find next file
2018-12-17T22:22:05.374732122Z	61	PC: 12be8 \| Open file (Filename = '')
2018-12-17T22:22:05.382049562Z	63	PC: 12bf6 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:22:05.388339548Z	66	PC: 12c05 \| Move file pointer
2018-12-17T22:22:05.389601654Z	64	PC: 12c17 \| Write file or device (Write 328 bytes on handle 5)
2018-12-17T22:22:05.393002203Z	66	PC: 12c1f \| Move file pointer
2018-12-17T22:22:05.394632184Z	64	PC: 12c2a \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:22:05.397397754Z	62	PC: 12c2e \| Close file
2018-12-17T22:22:05.405065625Z	79	PC: 12bd8 \| Find next file
2018-12-17T22:22:05.407857161Z	61	PC: 12be8 \| Open file (Filename = '')
2018-12-17T22:22:05.414095455Z	63	PC: 12bf6 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:22:05.420273732Z	66	PC: 12c05 \| Move file pointer
2018-12-17T22:22:05.432346559Z	64	PC: 12c17 \| Write file or device (Write 328 bytes on handle 5)
2018-12-17T22:22:05.43481892Z	66	PC: 12c1f \| Move file pointer
2018-12-17T22:22:05.435990762Z	64	PC: 12c2a \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:22:05.438895205Z	62	PC: 12c2e \| Close file
2018-12-17T22:22:05.446497389Z	79	PC: 12bd8 \| Find next file
2018-12-17T22:22:05.448867803Z	61	PC: 12be8 \| Open file (Filename = '')
2018-12-17T22:22:05.455666761Z	63	PC: 12bf6 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:22:05.459755555Z	66	PC: 12c05 \| Move file pointer
2018-12-17T22:22:05.460653935Z	64	PC: 12c17 \| Write file or device (Write 328 bytes on handle 5)
2018-12-17T22:22:05.463524889Z	66	PC: 12c1f \| Move file pointer
2018-12-17T22:22:05.464458377Z	64	PC: 12c2a \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:22:05.466075721Z	62	PC: 12c2e \| Close file
2018-12-17T22:22:05.472051075Z	26	PC: 12c39 \| Set disk transfer address
2018-12-17T22:22:05.539161521Z	26	PC: 12b5d \| Set disk transfer address
2018-12-17T22:22:05.540287637Z	53	PC: 12b63 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:22:05.542225064Z	53	PC: 12b70 \| Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:22:05.543449615Z	44	PC: 12b7b \| Get time 0x12b7b: cmp dl, 0xd 0x12b7e: jg 0x12b84 0x12b80: mov al, 0x82 0x12b82: out 0x21, al 0x12b84: mov ah, 0x2c 0x12b86: int 0x21 0x12b88: cmp dl, 0x32 0x12b8b: jl 0x12bba 0x12b8d: mov ah, 9 0x12b8f: lea dx, word ptr [bp + 0x15c] 0x12b93: int 0x21 0x12b95: mov ah, 0 0x12b97: int 0x16 0x12b99: jmp 0x12bba 0x12b9b: nop 0x12b9c: inc di 0x12b9d: jne 0x12c0d 0x12b9f: push dx 0x12ba0: popaw 0x12ba1: imul bp, word ptr [si + 0x20], 0x2041
2018-12-17T22:22:05.545577146Z	44	PC: 12b88 \| Get time 0x12b88: cmp dl, 0x32 0x12b8b: jl 0x12bba 0x12b8d: mov ah, 9 0x12b8f: lea dx, word ptr [bp + 0x15c] 0x12b93: int 0x21 0x12b95: mov ah, 0 0x12b97: int 0x16 0x12b99: jmp 0x12bba 0x12b9b: nop 0x12b9c: inc di 0x12b9d: jne 0x12c0d 0x12b9f: push dx 0x12ba0: popaw 0x12ba1: imul bp, word ptr [si + 0x20], 0x2041 0x12ba6: push si 0x12ba7: imul si, word ptr [bp + si + 0x75], 0x2073 0x12bac: dec cx 0x12bad: outsb dx, byte ptr [si] 0x12bae: arpl word ptr gs:[si + 0x65], si 0x12bb3: and word ptr fs:[bx + di], sp
2018-12-17T22:22:05.548631694Z	9	PC: 12b95 \| Display string (Could not find end pointer)