Sample viewer

vx.netlux.org/Virus.DOS.VCL.541

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:25:32.975988451Z 71 PC: 12af0 | Get current directory
2018-12-17T22:25:32.980557233Z 59 PC: 12af7 | Change current directory
2018-12-17T22:25:32.985400659Z 47 PC: 12b0c | Get disk transfer address
2018-12-17T22:25:32.986774772Z 26 PC: 12b1a | Set disk transfer address
2018-12-17T22:25:32.988053904Z 78 PC: 12b24 | Find first file
2018-12-17T22:25:32.9955853Z 79 PC: 12b4b | Find next file
2018-12-17T22:25:32.998435682Z 79 PC: 12b4b | Find next file
2018-12-17T22:25:33.001248122Z 79 PC: 12b4b | Find next file
2018-12-17T22:25:33.005254695Z 79 PC: 12b4b | Find next file
2018-12-17T22:25:33.008430173Z 79 PC: 12b4b | Find next file
2018-12-17T22:25:33.011677225Z 79 PC: 12b4b | Find next file
2018-12-17T22:25:33.015586016Z 79 PC: 12b4b | Find next file
2018-12-17T22:25:33.019950615Z 79 PC: 12b4b | Find next file
2018-12-17T22:25:33.023173965Z 79 PC: 12b4b | Find next file
2018-12-17T22:25:33.026999519Z 47 PC: 12b6e | Get disk transfer address
2018-12-17T22:25:33.028872571Z 26 PC: 12b7d | Set disk transfer address
2018-12-17T22:25:33.030067795Z 78 PC: 12b85 | Find first file
2018-12-17T22:25:33.036749991Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:25:33.03809185Z 79 PC: 12b85 | Find next file
2018-12-17T22:25:33.0399801Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:25:33.040994045Z 79 PC: 12b85 | Find next file
2018-12-17T22:25:33.043196409Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:25:33.044206521Z 79 PC: 12b85 | Find next file
2018-12-17T22:25:33.046036704Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:25:33.047878882Z 79 PC: 12b85 | Find next file
2018-12-17T22:25:33.050038786Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:25:33.051166739Z 79 PC: 12b85 | Find next file
2018-12-17T22:25:33.054155782Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:25:33.055222799Z 79 PC: 12b85 | Find next file
2018-12-17T22:25:33.057595533Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:25:33.059872784Z 79 PC: 12b85 | Find next file
2018-12-17T22:25:33.064233396Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:25:33.067638898Z 61 PC: 12bc0 | Open file (Filename = 'TEST.COM')
2018-12-17T22:25:33.077023431Z 63 PC: 12bcb | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:25:33.080457553Z 62 PC: 12bcf | Close file
2018-12-17T22:25:33.083224179Z 79 PC: 12b85 | Find next file
2018-12-17T22:25:33.088408602Z 26 PC: 12b97 | Set disk transfer address
2018-12-17T22:25:33.089802261Z 26 PC: 12b5a | Set disk transfer address
2018-12-17T22:25:33.091106737Z 59 PC: 12b01 | Change current directory
2018-12-17T22:25:33.093351675Z 44 PC: 12c28 | Get time 0x12c28: mov al, ch
0x12c2a: cwde
0x12c2b: ret
0x12c2c: mov ah, 0x2c
0x12c2e: int 0x21
0x12c30: mov al, cl
0x12c32: cwde
0x12c33: ret
0x12c34: mov ah, 0x2c
0x12c36: int 0x21
0x12c38: mov al, dh
0x12c3a: cwde
0x12c3b: ret
0x12c3c: mov ah, 0x2a
0x12c3e: int 0x21
0x12c40: cwde
0x12c41: ret
0x12c42: inc dx
0x12c43: popaw
0x12c44: and byte ptr fs:[bp + di + 0x6f], ah
2018-12-17T22:25:33.102827698Z 71 PC: 12af0 | Get current directory
2018-12-17T22:25:33.106438813Z 59 PC: 12af7 | Change current directory
2018-12-17T22:25:33.111866369Z 47 PC: 12b0c | Get disk transfer address
2018-12-17T22:25:33.120932657Z 26 PC: 12b1a | Set disk transfer address
2018-12-17T22:25:33.122208392Z 78 PC: 12b24 | Find first file
2018-12-17T22:25:33.12932282Z 79 PC: 12b4b | Find next file
2018-12-17T22:25:33.132978663Z 79 PC: 12b4b | Find next file
2018-12-17T22:25:33.135727269Z 79 PC: 12b4b | Find next file
2018-12-17T22:25:33.138476606Z 79 PC: 12b4b | Find next file
2018-12-17T22:25:33.14184281Z 79 PC: 12b4b | Find next file
2018-12-17T22:25:33.144779114Z 79 PC: 12b4b | Find next file
2018-12-17T22:25:33.147498892Z 79 PC: 12b4b | Find next file
2018-12-17T22:25:33.150754535Z 79 PC: 12b4b | Find next file
2018-12-17T22:25:33.154837632Z 79 PC: 12b4b | Find next file
2018-12-17T22:25:33.157214016Z 47 PC: 12b6e | Get disk transfer address
2018-12-17T22:25:33.158869505Z 26 PC: 12b7d | Set disk transfer address
2018-12-17T22:25:33.160628795Z 78 PC: 12b85 | Find first file
2018-12-17T22:25:33.167617257Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:25:33.169847155Z 79 PC: 12b85 | Find next file
2018-12-17T22:25:33.172696544Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:25:33.1739222Z 79 PC: 12b85 | Find next file
2018-12-17T22:25:33.177429868Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:25:33.178713016Z 79 PC: 12b85 | Find next file
2018-12-17T22:25:33.181472844Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:25:33.182941697Z 79 PC: 12b85 | Find next file
2018-12-17T22:25:33.185870631Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:25:33.187094478Z 79 PC: 12b85 | Find next file
2018-12-17T22:25:33.189795368Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:25:33.191353878Z 79 PC: 12b85 | Find next file
2018-12-17T22:25:33.194889488Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:25:33.196238384Z 79 PC: 12b85 | Find next file
2018-12-17T22:25:33.199821749Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:25:33.20157043Z 61 PC: 12bc0 | Open file (Filename = 'TEST.COM')
2018-12-17T22:25:33.209332265Z 63 PC: 12bcb | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:25:33.212766463Z 62 PC: 12bcf | Close file
2018-12-17T22:25:33.215139265Z 79 PC: 12b85 | Find next file
2018-12-17T22:25:33.218184959Z 26 PC: 12b97 | Set disk transfer address
2018-12-17T22:25:33.220395665Z 26 PC: 12b5a | Set disk transfer address
2018-12-17T22:25:33.221686657Z 59 PC: 12b01 | Change current directory
2018-12-17T22:25:33.223859851Z 71 PC: 12af0 | Get current directory
2018-12-17T22:25:33.228498637Z 59 PC: 12af7 | Change current directory
2018-12-17T22:25:33.232987327Z 47 PC: 12b0c | Get disk transfer address
2018-12-17T22:25:33.234504568Z 26 PC: 12b1a | Set disk transfer address
2018-12-17T22:25:33.236350694Z 78 PC: 12b24 | Find first file
2018-12-17T22:25:33.242892834Z 79 PC: 12b4b | Find next file
2018-12-17T22:25:33.245680199Z 79 PC: 12b4b | Find next file
2018-12-17T22:25:33.249210497Z 79 PC: 12b4b | Find next file
2018-12-17T22:25:33.251994321Z 79 PC: 12b4b | Find next file
2018-12-17T22:25:33.254859922Z 79 PC: 12b4b | Find next file
2018-12-17T22:25:33.25783198Z 79 PC: 12b4b | Find next file
2018-12-17T22:25:33.260788628Z 79 PC: 12b4b | Find next file
2018-12-17T22:25:33.263694585Z 79 PC: 12b4b | Find next file
2018-12-17T22:25:33.266957152Z 79 PC: 12b4b | Find next file
2018-12-17T22:25:33.269621263Z 47 PC: 12b6e | Get disk transfer address
2018-12-17T22:25:33.270799303Z 26 PC: 12b7d | Set disk transfer address
2018-12-17T22:25:33.272471434Z 78 PC: 12b85 | Find first file
2018-12-17T22:25:33.279329691Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:25:33.280612485Z 79 PC: 12b85 | Find next file
2018-12-17T22:25:33.283467775Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:25:33.285270144Z 79 PC: 12b85 | Find next file
2018-12-17T22:25:33.28832608Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:25:33.289530401Z 79 PC: 12b85 | Find next file
2018-12-17T22:25:33.293238048Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:25:33.294425989Z 79 PC: 12b85 | Find next file
2018-12-17T22:25:33.297094653Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:25:33.29882485Z 79 PC: 12b85 | Find next file
2018-12-17T22:25:33.301455408Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:25:33.302654131Z 79 PC: 12b85 | Find next file
2018-12-17T22:25:33.306556855Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:25:33.307737754Z 79 PC: 12b85 | Find next file
2018-12-17T22:25:33.31046698Z 47 PC: 12b9d | Get disk transfer address
2018-12-17T22:25:33.312676381Z 61 PC: 12bc0 | Open file (Filename = 'TEST.COM')
2018-12-17T22:25:33.320110978Z 63 PC: 12bcb | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:25:33.323143174Z 62 PC: 12bcf | Close file
2018-12-17T22:25:33.325671257Z 79 PC: 12b85 | Find next file
2018-12-17T22:25:33.32845317Z 26 PC: 12b97 | Set disk transfer address
2018-12-17T22:25:33.329779959Z 26 PC: 12b5a | Set disk transfer address
2018-12-17T22:25:33.331815508Z 59 PC: 12b01 | Change current directory
2018-12-17T22:25:33.334347463Z 44 PC: 12c28 | Get time 0x12c28: mov al, ch
0x12c2a: cwde
0x12c2b: ret
0x12c2c: mov ah, 0x2c
0x12c2e: int 0x21
0x12c30: mov al, cl
0x12c32: cwde
0x12c33: ret
0x12c34: mov ah, 0x2c
0x12c36: int 0x21
0x12c38: mov al, dh
0x12c3a: cwde
0x12c3b: ret
0x12c3c: mov ah, 0x2a
0x12c3e: int 0x21
0x12c40: cwde
0x12c41: ret
0x12c42: inc dx
0x12c43: popaw
0x12c44: and byte ptr fs:[bp + di + 0x6f], ah
2018-12-17T22:25:33.336846305Z 42 PC: 12c40 | Get date 0x12c40: cwde
0x12c41: ret
0x12c42: inc dx
0x12c43: popaw
0x12c44: and byte ptr fs:[bp + di + 0x6f], ah
0x12c48: insw word ptr es:[di], dx
0x12c49: insw word ptr es:[di], dx
0x12c4a: popaw
0x12c4b: outsb dx, byte ptr [si]
0x12c4c: and byte ptr fs:[bx + 0x72], ch
0x12c50: and byte ptr [bp + 0x69], ah
0x12c53: insb byte ptr es:[di], dx
0x12c54: and byte ptr gs:[bp + 0x61], ch
0x12c58: insw word ptr es:[di], dx
0x12c59: or ax, 0xa
2018-12-17T22:25:35.485015583Z 72 PC: 8f1b9 | Allocate memory
2018-12-17T22:25:35.486927788Z 72 PC: 8f1bd | Allocate memory
2018-12-17T22:25:35.489313034Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-17T22:25:35.493043098Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-17T22:25:35.505690315Z 66 PC: 91f95 | Move file pointer
2018-12-17T22:25:35.507918297Z 62 PC: 91fc1 | Close file
2018-12-17T22:25:35.511600252Z 75 PC: 91fe0 | Execute program
2018-12-17T22:25:35.530443125Z 98 PC: 916f1 | Get current PSP
2018-12-17T22:25:35.532532435Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-17T22:25:35.537927208Z 48 PC: c609 | Get DOS version
2018-12-17T22:25:35.542386172Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-17T22:25:35.545597055Z 2 PC: c38c | Character output (Char = '32')
2018-12-17T22:25:35.548995997Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-17T22:25:35.552909944Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-17T22:25:35.557243086Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-17T22:25:35.562481694Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\SMARTDRV.EXE')
2018-12-17T22:25:35.577437378Z 66 PC: 91f95 | Move file pointer
2018-12-17T22:25:35.579416712Z 62 PC: 91fc1 | Close file
2018-12-17T22:25:35.582106016Z 75 PC: 91fe0 | Execute program
2018-12-17T22:25:35.606026048Z 98 PC: 916f1 | Get current PSP
2018-12-17T22:25:35.610509014Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:25:35.614758171Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:25:35.61700783Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:25:35.618346564Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:25:35.619692536Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:25:35.62204707Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-17T22:25:35.630579388Z 62 PC: 8f8eb | Close file
2018-12-17T22:25:35.632622118Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.635475184Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.637575309Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.639501328Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.64240015Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.644402725Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.646369149Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.649450707Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.652468531Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.6543614Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.656966618Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.658688907Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.660419274Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.664103582Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.666294818Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.668227688Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.671056115Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.673017204Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.67500065Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.678346212Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.680459522Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.682565009Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.68582621Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.688127434Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.690212857Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.692989493Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.694911618Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.697002288Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.70035291Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.70253355Z 62 PC: 8f8f2 | Close file
2018-12-17T22:25:35.704685599Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-17T22:25:35.71183576Z 62 PC: 8f90e | Close file
2018-12-17T22:25:35.714338311Z 69 PC: 8f915 | Duplicate handle
2018-12-17T22:25:35.71665481Z 69 PC: 8f919 | Duplicate handle
2018-12-17T22:25:35.719987735Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T22:25:35.725615576Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T22:25:35.727528706Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T22:25:35.733887118Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T22:25:35.736304091Z 74 PC: 8f9c4 | Reallocate memory
2018-12-17T22:25:35.738294328Z 72 PC: 8f9e0 | Allocate memory
2018-12-17T22:25:35.741820513Z 72 PC: 8f9e4 | Allocate memory
2018-12-17T22:25:35.744032788Z 74 PC: 8f9fb | Reallocate memory
2018-12-17T22:25:35.746119011Z 72 PC: 8fa02 | Allocate memory
2018-12-17T22:25:35.74878518Z 72 PC: 8fa06 | Allocate memory
2018-12-17T22:25:35.752067503Z 73 PC: 8fa11 | Release memory
2018-12-17T22:25:35.754176685Z 73 PC: 8efea | Release memory
2018-12-17T22:25:35.75603054Z 74 PC: 8f003 | Reallocate memory
2018-12-17T22:25:35.764118652Z 72 PC: 8f054 | Allocate memory
2018-12-17T22:25:35.76693337Z 72 PC: 8f058 | Allocate memory
2018-12-17T22:25:35.768940266Z 73 PC: 8f060 | Release memory
2018-12-17T22:25:35.771717967Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-17T22:25:35.782231388Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:25:35.78894377Z 66 PC: 8f0ad | Move file pointer
2018-12-17T22:25:35.791014863Z 62 PC: 8f0d1 | Close file
2018-12-17T22:25:35.793664261Z 75 PC: 8f0f2 | Execute program
2018-12-17T22:25:35.817388013Z 80 PC: 12be9 | Set current PSP
2018-12-17T22:25:35.819651151Z 48 PC: 12bee | Get DOS version
2018-12-17T22:25:35.821807711Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-17T22:25:35.825497609Z 101 PC: 12c74 | Get extended country info
2018-12-17T22:25:35.828253129Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-17T22:25:35.829993667Z 74 PC: 12cdc | Reallocate memory
2018-12-17T22:25:35.8319524Z 72 PC: 1355d | Allocate memory
2018-12-17T22:25:35.835163824Z 25 PC: 13596 | Get default drive
2018-12-17T22:25:35.836719769Z 71 PC: 135ad | Get current directory
2018-12-17T22:25:35.839646202Z 59 PC: 135ba | Change current directory
2018-12-17T22:25:35.846661786Z 59 PC: 135c8 | Change current directory
2018-12-17T22:25:35.853072346Z 59 PC: 135d3 | Change current directory
2018-12-17T22:25:35.85724735Z 25 PC: 12d13 | Get default drive
2018-12-17T22:25:35.859959527Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:25:35.861668665Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:25:35.863196721Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:35.868381845Z 80 PC: 1301d | Set current PSP
2018-12-17T22:25:35.869452815Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T22:25:35.870998127Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:25:35.873433736Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:25:35.874886613Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-17T22:25:35.87721459Z 72 PC: 130ec | Allocate memory
2018-12-17T22:25:35.880837122Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-17T22:25:35.888861354Z 62 PC: 131ba | Close file
2018-12-17T22:25:35.891827697Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-17T22:25:35.89466953Z 74 PC: 1197c | Reallocate memory
2018-12-17T22:25:35.896891437Z 72 PC: 11991 | Allocate memory
2018-12-17T22:25:35.898949687Z 73 PC: 119b2 | Release memory
2018-12-17T22:25:35.900590152Z 72 PC: 119bd | Allocate memory
2018-12-17T22:25:35.903459944Z 73 PC: 119df | Release memory
2018-12-17T22:25:35.905179856Z 72 PC: 119f5 | Allocate memory
2018-12-17T22:25:35.90730058Z 72 PC: 119fd | Allocate memory