Sample viewer

vx.netlux.org/Virus.DOS.Armf.7067

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:30:17.630056805Z	98	PC: 18d3e \| Get current PSP
2018-12-17T22:30:17.631710049Z	146	PC: 18d4b \| UNKNOWN!
2018-12-17T22:30:17.63324848Z	53	PC: 9e254 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:30:17.634371379Z	53	PC: 9e263 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:30:17.637088055Z	53	PC: 9e272 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:30:17.638812164Z	37	PC: 9e2a6 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:30:17.640285913Z	24	PC: 9e2b6 \| Reserved
2018-12-17T22:30:17.646196323Z	37	PC: 9e2cd \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:30:17.647479897Z	37	PC: 9e2f1 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:30:17.649369718Z	37	PC: 9e317 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:30:17.653746035Z	65	PC: 9e957 \| Delete file (Filename = 'CHKLIST.CPS')
2018-12-17T22:30:17.659349043Z	65	PC: 9e957 \| Delete file (Filename = 'CHKLIST.MS')
2018-12-17T22:30:17.665156936Z	37	PC: 9e957 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:30:17.666859426Z	42	PC: 9e957 \| Get date 0x9e957: ret 0x9e958: push ax 0x9e959: push bx 0x9e95a: push cx 0x9e95b: push dx 0x9e95c: push si 0x9e95d: push di 0x9e95e: push es 0x9e95f: push ds 0x9e960: mov word ptr cs:[0xc33], dx 0x9e965: mov ax, ds 0x9e967: mov word ptr cs:[0xc35], ax 0x9e96b: call 0x9eba1 0x9e96e: call 0xae8da 0x9e971: jae 0x9e977 0x9e973: jmp 0x9eb5a 0x9e976: lcall 0x6ce8:0xc933 0x9e97b: push word ptr [bp + di + 4] 0x9e97e: jmp 0x9eb42 0x9e981: ljmp 0x73ff:0x48e8
2018-12-17T22:30:17.681811763Z	48	PC: 13777 \| Get DOS version
2018-12-17T22:30:17.6839119Z	9	PC: 13783 \| Display string (String= 'Incorrect DOS version ')
2018-12-17T22:30:17.690715697Z	77	PC: 11fe0 \| Get program return code
2018-12-17T22:30:17.691961944Z	72	PC: 12174 \| Allocate memory
2018-12-17T22:30:17.693727768Z	72	PC: 1218d \| Allocate memory
2018-12-17T22:30:17.696365009Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:30:17.69774577Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:30:17.699058291Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:17.702675802Z	62	PC: 9e957 \| Close file
2018-12-17T22:30:17.704382758Z	53	PC: 9e957 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:17.705737564Z	37	PC: 9e957 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:17.7075623Z	67	PC: 9e957 \| Get or set file attributes
2018-12-17T22:30:17.70933587Z	62	PC: 122ab \| Close file
2018-12-17T22:30:17.710587579Z	62	PC: 122ab \| Close file
2018-12-17T22:30:17.712682639Z	62	PC: 122ab \| Close file
2018-12-17T22:30:17.714325055Z	62	PC: 122ab \| Close file
2018-12-17T22:30:17.71566213Z	62	PC: 122ab \| Close file
2018-12-17T22:30:17.71749375Z	62	PC: 122ab \| Close file
2018-12-17T22:30:17.719836106Z	62	PC: 122ab \| Close file
2018-12-17T22:30:17.721347842Z	62	PC: 122ab \| Close file
2018-12-17T22:30:17.723258163Z	62	PC: 122ab \| Close file
2018-12-17T22:30:17.724919555Z	62	PC: 122ab \| Close file
2018-12-17T22:30:17.726302208Z	62	PC: 122ab \| Close file
2018-12-17T22:30:17.728211807Z	62	PC: 122ab \| Close file
2018-12-17T22:30:17.736623441Z	62	PC: 122ab \| Close file
2018-12-17T22:30:17.737989652Z	62	PC: 122ab \| Close file
2018-12-17T22:30:17.749235698Z	61	PC: 9e957 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:30:17.755253198Z	66	PC: 12372 \| Move file pointer
2018-12-17T22:30:17.756483485Z	63	PC: 12383 \| Read file or device (Read 44693 bytes on handle 5)
2018-12-17T22:30:17.777645768Z	62	PC: 9e957 \| Close file
2018-12-17T22:30:17.77947295Z	53	PC: 9e957 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:17.780526044Z	37	PC: 9e957 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:17.781814168Z	67	PC: 9e957 \| Get or set file attributes
2018-12-17T22:30:17.787199712Z	67	PC: 9e957 \| Get or set file attributes
2018-12-17T22:30:18.127029479Z	61	PC: 9e957 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:30:18.13350045Z	87	PC: 9e957 \| Get or set file date and time
2018-12-17T22:30:18.135325541Z	66	PC: 9e957 \| Move file pointer
2018-12-17T22:30:18.136791717Z	63	PC: 9e957 \| Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:30:18.140285071Z	66	PC: 9e957 \| Move file pointer
2018-12-17T22:30:18.14180153Z	66	PC: 9e957 \| Move file pointer
2018-12-17T22:30:18.143342589Z	64	PC: 9e957 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:30:18.146540332Z	66	PC: 9e957 \| Move file pointer
2018-12-17T22:30:18.147835666Z	64	PC: 9e957 \| Write file or device (Write 7067 bytes on handle 5)
2018-12-17T22:30:18.158552393Z	87	PC: 9e957 \| Get or set file date and time
2018-12-17T22:30:18.161028867Z	62	PC: 9e957 \| Close file
2018-12-17T22:30:18.168623996Z	67	PC: 9e957 \| Get or set file attributes
2018-12-17T22:30:18.177824399Z	37	PC: 9e957 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:18.181813593Z	99	PC: 98a07 \| Get DBCS lead byte table pointer
2018-12-17T22:30:18.183409819Z	56	PC: 93229 \| Get or set country info
2018-12-17T22:30:18.185283241Z	64	PC: 98c78 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:30:18.189632981Z	25	PC: 93292 \| Get default drive
2018-12-17T22:30:18.191505697Z	71	PC: 9550d \| Get current directory
2018-12-17T22:30:18.195266704Z	64	PC: 98c78 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:30:18.198370336Z	2	PC: 954e2 \| Character output (Char = '3e')
2018-12-17T22:30:18.2006426Z	93	PC: 93350 \| File sharing functions
2018-12-17T22:30:18.202746217Z	93	PC: 93357 \| File sharing functions
2018-12-17T22:30:18.2045635Z	10	PC: 93369 \| Buffered keyboard input
2018-12-17T22:30:32.615676316Z	0	PC: 0 \| Program terminate
2018-12-17T22:30:33.970034385Z	0	PC: 0 \| Program terminate
2018-12-17T22:30:34.072454347Z	64	PC: 98c78 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:30:34.078351283Z	41	PC: 933de \| Parse filename
2018-12-17T22:30:34.080461428Z	41	PC: 9345f \| Parse filename
2018-12-17T22:30:34.083457954Z	41	PC: 9347c \| Parse filename
2018-12-17T22:30:34.087005243Z	26	PC: 96927 \| Set disk transfer address
2018-12-17T22:30:34.088942523Z	71	PC: 96b23 \| Get current directory
2018-12-17T22:30:34.098684572Z	78	PC: 96b2e \| Find first file
2018-12-17T22:30:34.113004327Z	71	PC: 9699c \| Get current directory
2018-12-17T22:30:34.116783577Z	73	PC: 96039 \| Release memory
2018-12-17T22:30:34.119153557Z	53	PC: 9e957 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:34.120744314Z	37	PC: 9e957 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:34.122227911Z	67	PC: 9e957 \| Get or set file attributes
2018-12-17T22:30:34.129100703Z	67	PC: 9e957 \| Get or set file attributes
2018-12-17T22:30:34.144955784Z	61	PC: 9e957 \| Open file (Filename = 'A:\PRINT.COM')
2018-12-17T22:30:34.151848103Z	87	PC: 9e957 \| Get or set file date and time
2018-12-17T22:30:34.154073964Z	66	PC: 9e957 \| Move file pointer
2018-12-17T22:30:34.155439934Z	63	PC: 9e957 \| Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:30:34.161788175Z	87	PC: 9e957 \| Get or set file date and time
2018-12-17T22:30:34.165216955Z	62	PC: 9e957 \| Close file
2018-12-17T22:30:34.174670382Z	67	PC: 9e957 \| Get or set file attributes
2018-12-17T22:30:34.187450413Z	37	PC: 9e957 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:34.195063333Z	75	PC: 11821 \| Execute program
2018-12-17T22:30:34.214463727Z	9	PC: 12a47 \| Display string (String= 'Hello, World! ')
2018-12-17T22:30:34.219444103Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')
2018-12-17T22:30:34.224227478Z	77	PC: 11fe0 \| Get program return code
2018-12-17T22:30:34.226614349Z	72	PC: 12174 \| Allocate memory
2018-12-17T22:30:34.22891136Z	72	PC: 1218d \| Allocate memory
2018-12-17T22:30:34.232987646Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:30:34.234859192Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:30:34.236682583Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:34.239232527Z	62	PC: 9e957 \| Close file
2018-12-17T22:30:34.241666404Z	53	PC: 9e957 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:34.243367557Z	37	PC: 9e957 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:34.24653511Z	67	PC: 9e957 \| Get or set file attributes
2018-12-17T22:30:34.252296953Z	67	PC: 9e957 \| Get or set file attributes
2018-12-17T22:30:34.262157154Z	61	PC: 9e957 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:30:34.269653238Z	87	PC: 9e957 \| Get or set file date and time
2018-12-17T22:30:34.271436231Z	87	PC: 9e957 \| Get or set file date and time
2018-12-17T22:30:34.273101342Z	62	PC: 9e957 \| Close file
2018-12-17T22:30:34.279555771Z	67	PC: 9e957 \| Get or set file attributes
2018-12-17T22:30:34.290238519Z	37	PC: 9e957 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:34.29210299Z	62	PC: 122ab \| Close file
2018-12-17T22:30:34.294148508Z	62	PC: 122ab \| Close file
2018-12-17T22:30:34.297233989Z	62	PC: 122ab \| Close file
2018-12-17T22:30:34.299316945Z	62	PC: 122ab \| Close file
2018-12-17T22:30:34.30135034Z	62	PC: 122ab \| Close file
2018-12-17T22:30:34.304377616Z	62	PC: 122ab \| Close file
2018-12-17T22:30:34.306435261Z	62	PC: 122ab \| Close file
2018-12-17T22:30:34.308447364Z	62	PC: 122ab \| Close file
2018-12-17T22:30:34.311300817Z	62	PC: 122ab \| Close file
2018-12-17T22:30:34.313682363Z	62	PC: 122ab \| Close file
2018-12-17T22:30:34.315668582Z	62	PC: 122ab \| Close file
2018-12-17T22:30:34.318498827Z	62	PC: 122ab \| Close file
2018-12-17T22:30:34.320780628Z	62	PC: 122ab \| Close file
2018-12-17T22:30:34.322768443Z	62	PC: 122ab \| Close file
2018-12-17T22:30:34.326865999Z	99	PC: 98a07 \| Get DBCS lead byte table pointer
2018-12-17T22:30:34.329446063Z	56	PC: 93229 \| Get or set country info
2018-12-17T22:30:34.331820063Z	64	PC: 98c78 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:30:34.339508568Z	25	PC: 93292 \| Get default drive
2018-12-17T22:30:34.342416863Z	71	PC: 9550d \| Get current directory
2018-12-17T22:30:34.351314427Z	64	PC: 98c78 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:30:34.356076191Z	2	PC: 954e2 \| Character output (Char = '3e')
2018-12-17T22:30:34.358885047Z	93	PC: 93350 \| File sharing functions
2018-12-17T22:30:34.361116478Z	93	PC: 93357 \| File sharing functions
2018-12-17T22:30:34.364352843Z	10	PC: 93369 \| Buffered keyboard input