Sample viewer

vx.netlux.org/Virus.DOS.Gkchp.800

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:22:32.767497531Z	236	PC: 13c14 \| UNKNOWN!
2018-12-17T22:22:32.769704646Z	74	PC: 12add \| Reallocate memory
2018-12-17T22:22:32.77183518Z	53	PC: 12ae2 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:22:32.773549936Z	37	PC: 12af2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:22:32.77568643Z	53	PC: 12b6d \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:22:32.778129074Z	37	PC: 12b77 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:22:32.779782157Z	67	PC: 12b7f \| Get or set file attributes
2018-12-17T22:22:32.786725849Z	67	PC: 12b94 \| Get or set file attributes
2018-12-17T22:22:32.80471312Z	42	PC: 12b99 \| Get date 0x12b99: cmp dx, 0x813 0x12b9d: pop dx 0x12b9e: jne 0x12ba9 0x12ba0: mov ah, 0x41 0x12ba2: int 0x21 0x12ba4: pop cx 0x12ba5: pop dx 0x12ba6: jmp 0x12d1a 0x12ba9: mov ax, 0x3d02 0x12bac: int 0x21 0x12bae: mov bx, ax 0x12bb0: mov ax, 0x5700 0x12bb3: int 0x21 0x12bb5: mov al, cl 0x12bb7: or cl, 0x1f 0x12bba: and cl, 0xfd 0x12bbd: push cx 0x12bbe: push dx 0x12bbf: and al, 0x1f 0x12bc1: cmp al, 0x1d
2018-12-17T22:22:32.807009337Z	61	PC: 12bae \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:22:32.814812352Z	87	PC: 12bb5 \| Get or set file date and time
2018-12-17T22:22:32.818318999Z	63	PC: 12bd2 \| Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:22:32.821097524Z	66	PC: 12bdb \| Move file pointer
2018-12-17T22:22:32.822946371Z	66	PC: 12be0 \| Move file pointer
2018-12-17T22:22:32.825399743Z	66	PC: 12c0d \| Move file pointer
2018-12-17T22:22:32.827586023Z	64	PC: 12ce3 \| Write file or device (Write 24 bytes on handle 5)
2018-12-17T22:22:32.830832222Z	66	PC: 12cea \| Move file pointer
2018-12-17T22:22:32.832752134Z	64	PC: 12d08 \| Write file or device (Write 800 bytes on handle 335)
2018-12-17T22:22:32.834442531Z	87	PC: 12d0f \| Get or set file date and time
2018-12-17T22:22:32.836251482Z	62	PC: 12d13 \| Close file
2018-12-17T22:22:32.838441831Z	67	PC: 12d1a \| Get or set file attributes
2018-12-17T22:22:32.843785931Z	37	PC: 12d21 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:22:32.844964683Z	75	PC: 12b1f \| Execute program
2018-12-17T22:22:32.860323416Z	73	PC: 12b28 \| Release memory
2018-12-17T22:22:32.862298106Z	49	PC: 12b30 \| Terminate and stay resident (Return code = '0' \| Memory size = '128')