Sample viewer

vx.netlux.org/Virus.DOS.CivilWar.Ratboy.289

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:26:26.474477525Z 26 PC: 18721 | Set disk transfer address
2018-12-17T22:26:26.485869548Z 78 PC: 1872c | Find first file
2018-12-17T22:26:26.492121844Z 61 PC: 18742 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:26:26.49940739Z 63 PC: 18759 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:26:26.512126263Z 67 PC: 18777 | Get or set file attributes
2018-12-17T22:26:26.535991344Z 62 PC: 18788 | Close file
2018-12-17T22:26:26.53812578Z 61 PC: 1878d | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:26:26.545935364Z 64 PC: 1879a | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:26:26.548848234Z 66 PC: 187a3 | Move file pointer
2018-12-17T22:26:26.550561182Z 44 PC: 187a7 | Get time 0x187a7: mov word ptr ds:[bp + 0x10c], dx
0x187ac: call 0x286e7
0x187af: mov ax, 0x5701
0x187b2: mov cx, word ptr ds:[bp + 0x23b]
0x187b7: mov dx, word ptr ds:[bp + 0x23d]
0x187bc: int 0x21
0x187be: mov ax, 0x4301
0x187c1: lea dx, word ptr [bp + 0x243]
0x187c5: mov cx, word ptr ds:[bp + 0x23a]
0x187ca: int 0x21
0x187cc: mov ah, 0x3e
0x187ce: int 0x21
0x187d0: jmp 0x18731
0x187d3: sub ch, byte ptr [0x6f63]
0x187d7: insw word ptr es:[di], dx
0x187d8: add byte ptr [bp - 0x18], ah
0x187db: cmp byte ptr [bx + si], al
0x187dd: jmp 0x18974
0x187e0: push sp
0x187e2: outsw dx, word ptr [si]
2018-12-17T22:26:26.553672065Z 64 PC: 186f5 | Write file or device (Write 289 bytes on handle 5)
2018-12-17T22:26:26.562053193Z 87 PC: 187be | Get or set file date and time
2018-12-17T22:26:26.563637061Z 67 PC: 187cc | Get or set file attributes
2018-12-17T22:26:26.568909901Z 62 PC: 187d0 | Close file
2018-12-17T22:26:26.581909843Z 26 PC: 18738 | Set disk transfer address
2018-12-17T22:26:26.583156588Z 48 PC: 12a63 | Get DOS version
2018-12-17T22:26:26.584838197Z 47 PC: 12a6f | Get disk transfer address
2018-12-17T22:26:26.585850651Z 26 PC: 12a7f | Set disk transfer address
2018-12-17T22:26:26.58692785Z 78 PC: 12b01 | Find first file
2018-12-17T22:26:26.602253836Z 67 PC: 12b3a | Get or set file attributes
2018-12-17T22:26:26.61312966Z 67 PC: 12b4b | Get or set file attributes
2018-12-17T22:26:26.623914401Z 61 PC: 12b56 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:26:26.628932483Z 87 PC: 12b62 | Get or set file date and time
2018-12-17T22:26:26.630277828Z 44 PC: 12b6c | Get time 0x12b6c: and dh, 7
0x12b6f: jmp 0x12b80
0x12b71: mov ah, 0x40
0x12b73: mov cx, 5
0x12b76: mov dx, si
0x12b78: add dx, 0x8a
0x12b7c: int 0x21
0x12b7e: jmp 0x12be2
0x12b80: mov ah, 0x3f
0x12b82: mov cx, 3
0x12b85: mov dx, 0xa
0x12b88: nop
0x12b89: add dx, si
0x12b8b: int 0x21
0x12b8d: jb 0x12be2
0x12b8f: cmp ax, 3
0x12b92: jne 0x12be2
0x12b94: mov ax, 0x4202
0x12b97: mov cx, 0
0x12b9a: mov dx, 0
2018-12-17T22:26:26.631938681Z 63 PC: 12b8d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:26:26.636804262Z 66 PC: 12b9f | Move file pointer
2018-12-17T22:26:26.638471231Z 64 PC: 12bc2 | Write file or device (Write 23693 bytes on handle 5)
2018-12-17T22:26:26.660218868Z 66 PC: 12bd4 | Move file pointer
2018-12-17T22:26:26.662521234Z 64 PC: 12be2 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:26:26.665520614Z 87 PC: 12bf3 | Get or set file date and time
2018-12-17T22:26:26.667170882Z 62 PC: 12bf7 | Close file
2018-12-17T22:26:26.686354333Z 67 PC: 12c05 | Get or set file attributes
2018-12-17T22:26:26.706992984Z 26 PC: 12c0f | Set disk transfer address
2018-12-17T22:26:26.714315751Z 37 PC: 12c44 | Set interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-17T22:26:26.716580472Z 74 PC: 46992 | Reallocate memory
2018-12-17T22:26:26.718365829Z 48 PC: 469ea | Get DOS version
2018-12-17T22:26:26.730461014Z 53 PC: 469f2 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:26:26.732319337Z 37 PC: 46a04 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:26:26.733726399Z 68 PC: 46a88 | I/O control for devices (Set for = '� �[�����')
2018-12-17T22:26:26.735153122Z 68 PC: 46a88 | I/O control for devices (Set for = '')
2018-12-17T22:26:26.736900087Z 68 PC: 46a88 | I/O control for devices
2018-12-17T22:26:26.738621814Z 68 PC: 46a88 | I/O control for devices
2018-12-17T22:26:26.740191591Z 68 PC: 46a88 | I/O control for devices
2018-12-17T22:26:26.746234359Z 53 PC: 4721a | Get interrupt vector (Interrupt = '31' AKA 'Get disk parameter block for default drive')
2018-12-17T22:26:28.95553899Z 37 PC: 46b1d | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')