Sample viewer

vx.netlux.org/Virus.DOS.Slovakia.1698

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:29:24.907283006Z	44	PC: 1359a \| Get time 0x1359a: ret 0x1359b: mov di, 0xbe85 0x1359e: test word ptr [bp + si - 0x75], bp 0x135a1: imul word ptr [si - 0x3bce] 0x135a5: add ah, 0x11 0x135a8: stosb byte ptr es:[di], al 0x135a9: loop 0x135a2 0x135ab: ret 0x135ac: and bh, byte ptr [bx + si - 0x75] 0x135af: cli 0x135b0: mov ah, byte ptr [di - 0x346] 0x135b4: add di, 0xfa11 0x135b8: mov cx, 0xf2a7 0x135bb: mov cx, 0x25d 0x135be: call 0x2359d 0x135c1: mov cx, 0x5ce8 0x135c4: mov di, dx 0x135c6: mov ah, byte ptr [di - 0x346] 0x135ca: add di, 0xfd1c 0x135ce: mov cx, 0x44
2018-12-17T22:29:24.909851707Z	44	PC: 1359a \| Get time 0x1359a: ret 0x1359b: mov di, 0xbe85 0x1359e: test word ptr [bp + si - 0x75], bp 0x135a1: imul word ptr [si - 0x3bce] 0x135a5: add ah, 0x11 0x135a8: stosb byte ptr es:[di], al 0x135a9: loop 0x135a2 0x135ab: ret 0x135ac: and bh, byte ptr [bx + si - 0x75] 0x135af: cli 0x135b0: mov ah, byte ptr [di - 0x346] 0x135b4: add di, 0xfa11 0x135b8: mov cx, 0xf2a7 0x135bb: mov cx, 0x25d 0x135be: call 0x2359d 0x135c1: mov cx, 0x5ce8 0x135c4: mov di, dx 0x135c6: mov ah, byte ptr [di - 0x346] 0x135ca: add di, 0xfd1c 0x135ce: mov cx, 0x44
2018-12-17T22:29:24.913643635Z	67	PC: 1359a \| Get or set file attributes
2018-12-17T22:29:24.9206333Z	42	PC: 1359a \| Get date 0x1359a: ret 0x1359b: fisttp qword ptr [bp + si - 0x5c42] 0x1359f: outsw dx, word ptr [si] 0x135a0: mov si, di 0x135a2: lodsb al, byte ptr [si] 0x135a3: xor al, ah 0x135a5: add ah, 0x11 0x135a8: stosb byte ptr es:[di], al 0x135a9: loop 0x135a2 0x135ab: ret 0x135ac: inc ax 0x135ad: jge 0x1353a 0x135af: cli 0x135b0: mov ah, byte ptr [di - 0x346] 0x135b4: add di, 0xfa11 0x135b8: mov cx, 0xf7c5 0x135bb: mov cx, 0x25d 0x135be: call 0x2359d 0x135c1: mov cx, 0x6206 0x135c4: mov di, dx
2018-12-17T22:29:24.923662474Z	48	PC: 1359a \| Get DOS version
2018-12-17T22:29:24.925162873Z	37	PC: 1359a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:29:24.926407746Z	47	PC: 1359a \| Get disk transfer address
2018-12-17T22:29:24.928287829Z	26	PC: 1359a \| Set disk transfer address
2018-12-17T22:29:24.930089376Z	71	PC: 1359a \| Get current directory
2018-12-17T22:29:24.93383949Z	78	PC: 1359a \| Find first file
2018-12-17T22:29:24.944163713Z	67	PC: 1359a \| Get or set file attributes
2018-12-17T22:29:24.962414002Z	67	PC: 1359a \| Get or set file attributes
2018-12-17T22:29:25.635215747Z	61	PC: 1359a \| Open file (Filename = 'C:\DOS\EDIT.COM')
2018-12-17T22:29:25.644380966Z	87	PC: 1359a \| Get or set file date and time
2018-12-17T22:29:25.64725581Z	63	PC: 1359a \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:29:25.653458975Z	66	PC: 1359a \| Move file pointer
2018-12-17T22:29:25.655161508Z	44	PC: 1359a \| Get time 0x1359a: ret 0x1359b: fisttp qword ptr [bp + si - 0x5c42] 0x1359f: outsw dx, word ptr [si] 0x135a0: mov si, di 0x135a2: lodsb al, byte ptr [si] 0x135a3: xor al, ah 0x135a5: add ah, 0x11 0x135a8: stosb byte ptr es:[di], al 0x135a9: loop 0x135a2 0x135ab: ret 0x135ac: inc ax 0x135ad: jge 0x1353a 0x135af: cli 0x135b0: mov ah, byte ptr [di - 0x346] 0x135b4: add di, 0xfa11 0x135b8: mov cx, 0xf7c5 0x135bb: mov cx, 0x25d 0x135be: call 0x2359d 0x135c1: mov cx, 0x6206 0x135c4: mov di, dx
2018-12-17T22:29:25.658144108Z	64	PC: 1359a \| Write file or device (Write 134 bytes on handle 5)
2018-12-17T22:29:25.669791562Z	44	PC: 1359a \| Get time 0x1359a: ret 0x1359b: fisttp qword ptr [bp + si - 0x5c42] 0x1359f: outsw dx, word ptr [si] 0x135a0: mov si, di 0x135a2: lodsb al, byte ptr [si] 0x135a3: xor al, ah 0x135a5: add ah, 0x11 0x135a8: stosb byte ptr es:[di], al 0x135a9: loop 0x135a2 0x135ab: ret 0x135ac: inc ax 0x135ad: jge 0x1353a 0x135af: cli 0x135b0: mov ah, byte ptr [di - 0x346] 0x135b4: add di, 0xfa11 0x135b8: mov cx, 0xf7c5 0x135bb: mov cx, 0x25d 0x135be: call 0x2359d 0x135c1: mov cx, 0x6206 0x135c4: mov di, dx
2018-12-17T22:29:25.673134307Z	64	PC: 1359a \| Write file or device (Write 1738 bytes on handle 5)
2018-12-17T22:29:25.686439707Z	66	PC: 1359a \| Move file pointer
2018-12-17T22:29:25.688962952Z	64	PC: 1359a \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:29:25.695616397Z	87	PC: 1359a \| Get or set file date and time
2018-12-17T22:29:25.697375238Z	62	PC: 1359a \| Close file
2018-12-17T22:29:25.707257252Z	67	PC: 1359a \| Get or set file attributes
2018-12-17T22:29:25.721391033Z	26	PC: 1359a \| Set disk transfer address
2018-12-17T22:29:25.723094693Z	37	PC: 1359a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:29:25.725948506Z	42	PC: 1359a \| Get date 0x1359a: ret 0x1359b: fisttp qword ptr [bp + si - 0x5c42] 0x1359f: outsw dx, word ptr [si] 0x135a0: mov si, di 0x135a2: lodsb al, byte ptr [si] 0x135a3: xor al, ah 0x135a5: add ah, 0x11 0x135a8: stosb byte ptr es:[di], al 0x135a9: loop 0x135a2 0x135ab: ret 0x135ac: inc ax 0x135ad: jge 0x1353a 0x135af: cli 0x135b0: mov ah, byte ptr [di - 0x346] 0x135b4: add di, 0xfa11 0x135b8: mov cx, 0xf7c5 0x135bb: mov cx, 0x25d 0x135be: call 0x2359d 0x135c1: mov cx, 0x6206 0x135c4: mov di, dx
2018-12-17T22:29:25.728621041Z	44	PC: 1359a \| Get time 0x1359a: ret 0x1359b: fisttp qword ptr [bp + si - 0x5c42] 0x1359f: outsw dx, word ptr [si] 0x135a0: mov si, di 0x135a2: lodsb al, byte ptr [si] 0x135a3: xor al, ah 0x135a5: add ah, 0x11 0x135a8: stosb byte ptr es:[di], al 0x135a9: loop 0x135a2 0x135ab: ret 0x135ac: inc ax 0x135ad: jge 0x1353a 0x135af: cli 0x135b0: mov ah, byte ptr [di - 0x346] 0x135b4: add di, 0xfa11 0x135b8: mov cx, 0xf7c5 0x135bb: mov cx, 0x25d 0x135be: call 0x2359d 0x135c1: mov cx, 0x6206 0x135c4: mov di, dx
2018-12-17T22:29:25.731979218Z	9	PC: 12a4c \| Display string (String= '(C) 1993 American Eagle Publications Inc., All Rights Reserved. Unauthorized use will be prosecuted under applicable copyright and software piracy laws. HOST #5 - You have just released a virus!')
2018-12-17T22:29:25.741670994Z	76	PC: 12a51 \| Terminate with return code (Return code = '0')