Sample viewer

vx.netlux.org/Virus.DOS.Oxana_II.819

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:23:13.402116791Z 66 PC: 1b65f | Move file pointer
2018-12-17T22:23:13.404411694Z 53 PC: 1b67c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:23:13.411875945Z 48 PC: 12a4c | Get DOS version
2018-12-17T22:23:13.413559005Z 53 PC: 12bc3 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:23:13.419756117Z 53 PC: 12bd0 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:23:13.42088764Z 53 PC: 12bdd | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:23:13.42184315Z 53 PC: 12bea | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:23:13.423479208Z 37 PC: 12bfe | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:23:13.424873082Z 74 PC: 12ad9 | Reallocate memory
2018-12-17T22:23:13.426886905Z 68 PC: 1380b | I/O control for devices (Set for = '')
2018-12-17T22:23:13.429573265Z 74 PC: 14706 | Reallocate memory
2018-12-17T22:23:13.434825232Z 68 PC: 1380b | I/O control for devices (Set for = 'Borland C++ - Copyright 1991 Borland Intl.')
2018-12-17T22:23:13.436761662Z 53 PC: 12d68 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:23:13.443185078Z 53 PC: 12d68 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:23:13.444418293Z 53 PC: 12d68 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:23:13.446000276Z 53 PC: 12d68 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:23:13.447647102Z 53 PC: 12d68 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:23:13.449134264Z 53 PC: 12d68 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:23:13.450600749Z 53 PC: 12d68 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:23:13.452668486Z 53 PC: 12d68 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:23:13.454119216Z 53 PC: 12d68 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:23:13.455572393Z 53 PC: 12d68 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:23:13.457259019Z 53 PC: 12d68 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:23:13.459735566Z 53 PC: 12d78 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:23:13.461081243Z 53 PC: 12d85 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:23:13.463631496Z 37 PC: 12e88 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:23:13.464804347Z 37 PC: 12e88 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:23:13.466079267Z 37 PC: 12e88 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:23:13.467387352Z 37 PC: 12e88 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:23:13.46937802Z 37 PC: 12e88 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:23:13.470531276Z 37 PC: 12e88 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:23:13.471667282Z 37 PC: 12e88 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:23:13.473469049Z 37 PC: 12e88 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:23:13.474952733Z 37 PC: 12e88 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:23:13.476439027Z 37 PC: 12e88 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:23:13.477874555Z 37 PC: 12e93 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:23:13.478924534Z 37 PC: 12e9d | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:23:13.481678687Z 74 PC: 14706 | Reallocate memory
2018-12-17T22:23:13.485483871Z 74 PC: 14706 | Reallocate memory
2018-12-17T22:23:13.489869526Z 68 PC: 1380b | I/O control for devices (Set for = '')
2018-12-17T22:23:13.493197936Z 74 PC: 14706 | Reallocate memory
2018-12-17T22:23:13.496835682Z 74 PC: 14706 | Reallocate memory
2018-12-17T22:23:13.501498262Z 74 PC: 14706 | Reallocate memory
2018-12-17T22:23:13.503930941Z 67 PC: 14837 | Get or set file attributes
2018-12-17T22:23:13.510526105Z 61 PC: 14e33 | Open file (Filename = '�Ӏ�')
2018-12-17T22:23:13.518127818Z 74 PC: 14706 | Reallocate memory
2018-12-17T22:23:13.520790014Z 51 PC: 13619 | Get or set Ctrl-Break
2018-12-17T22:23:13.522331455Z 37 PC: 13662 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:23:13.524490183Z 42 PC: 13626 | Get date 0x13626: les bx, ptr [bp + 6]
0x13629: mov word ptr es:[bx], cx
0x1362c: mov word ptr es:[bx + 2], dx
0x13630: pop bp
0x13631: retf
0x13632: push bp
0x13633: mov bp, sp
0x13635: mov ah, 0x2c
0x13637: int 0x21
0x13639: les bx, ptr [bp + 6]
0x1363c: mov word ptr es:[bx], cx
0x1363f: mov word ptr es:[bx + 2], dx
0x13643: pop bp
0x13644: retf
0x13645: push bp
0x13646: mov bp, sp
0x13648: mov ah, 0x35
0x1364a: mov al, byte ptr [bp + 6]
0x1364d: int 0x21
0x1364f: xchg ax, bx
2018-12-17T22:23:13.527021947Z 44 PC: 13639 | Get time 0x13639: les bx, ptr [bp + 6]
0x1363c: mov word ptr es:[bx], cx
0x1363f: mov word ptr es:[bx + 2], dx
0x13643: pop bp
0x13644: retf
0x13645: push bp
0x13646: mov bp, sp
0x13648: mov ah, 0x35
0x1364a: mov al, byte ptr [bp + 6]
0x1364d: int 0x21
0x1364f: xchg ax, bx
0x13650: mov dx, es
0x13652: pop bp
0x13653: retf
0x13654: push bp
0x13655: mov bp, sp
0x13657: mov ah, 0x25
0x13659: mov al, byte ptr [bp + 6]
0x1365c: push ds
0x1365d: lds dx, ptr [bp + 8]
2018-12-17T22:23:13.538720586Z 74 PC: 14706 | Reallocate memory
2018-12-17T22:23:13.542449655Z 67 PC: 14837 | Get or set file attributes
2018-12-17T22:23:13.548513193Z 61 PC: 14e33 | Open file (Filename = 'ntlm')
2018-12-17T22:23:13.572381531Z 37 PC: 12c0a | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:23:13.574429465Z 37 PC: 12c15 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:23:13.576584573Z 37 PC: 12c20 | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:23:13.578999795Z 37 PC: 12c2b | Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:23:13.580986421Z 76 PC: 12bb4 | Terminate with return code (Return code = '2')