Sample viewer

vx.netlux.org/Virus.DOS.Davis

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:30:40.409614319Z 171 PC: 2310d | UNKNOWN!
2018-12-17T22:30:40.410195625Z 42 PC: 2311c | Get date 0x2311c: push dx
0x2311d: mov ax, 0xc
0x23120: mul cx
0x23122: pop dx
0x23123: shr dx, 8
0x23126: add ax, dx
0x23128: cmp ax, 0x5d5c
0x2312b: jb 0x23132
0x2312d: not byte ptr cs:[0x2a0]
0x23132: call 0x330b0
0x23135: pop es
0x23136: pop ds
0x23137: cmp byte ptr cs:[0x6a7], 0
0x2313d: je 0x23142
0x2313f: jmp 0x22d45
0x23142: mov ax, 0x4c00
0x23145: int 0x21
0x23147: popaw
2018-12-17T22:30:40.411652235Z 44 PC: 230b4 | Get time 0x230b4: mov al, 0x3c
0x230b6: mul cl
0x230b8: add al, dh
0x230ba: adc ah, 0
0x230bd: mov bx, 0x1234
0x230c0: mul bx
0x230c2: shr ax, 8
0x230c5: mov ah, dl
0x230c7: mov word ptr cs:[0x2a1], ax
0x230cb: mov ax, 0x5200
0x230ce: int 0x21
0x230d0: mov dx, word ptr es:[bx - 2]
0x230d4: mov ds, dx
0x230d6: cmp byte ptr [0], 0x5a
0x230db: je 0x230e4
0x230dd: add dx, word ptr [3]
0x230e1: inc dx
0x230e2: jmp 0x230d4
0x230e4: mov bx, 0x6d3
0x230e7: shr bx, 4
2018-12-17T22:30:40.413719899Z 82 PC: 230d0 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:30:40.414683258Z 53 PC: 2308a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:30:40.415514686Z 37 PC: 2309a | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:30:40.416726816Z 53 PC: 2309f | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:30:40.418052005Z 37 PC: 230af | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:30:40.419031772Z 74 PC: 12add | Reallocate memory
2018-12-17T22:30:40.430214031Z 48 PC: 12af7 | Get DOS version
2018-12-17T22:30:40.431482384Z 55 PC: 12b06 | Get or set switch character
2018-12-17T22:30:40.433077954Z 56 PC: 1f347 | Get or set country info
2018-12-17T22:30:40.435716651Z 2 PC: 1e985 | Character output (Char = '53')
2018-12-17T22:30:40.437789796Z 2 PC: 1e985 | Character output (Char = '44')
2018-12-17T22:30:40.439753086Z 2 PC: 1e985 | Character output (Char = '2d')
2018-12-17T22:30:40.442276465Z 2 PC: 1e985 | Character output (Char = '53')
2018-12-17T22:30:40.444289497Z 2 PC: 1e985 | Character output (Char = '70')
2018-12-17T22:30:40.446674686Z 2 PC: 1e985 | Character output (Char = '65')
2018-12-17T22:30:40.449344555Z 2 PC: 1e985 | Character output (Char = '65')
2018-12-17T22:30:40.450969026Z 2 PC: 1e985 | Character output (Char = '64')
2018-12-17T22:30:40.452464992Z 2 PC: 1e985 | Character output (Char = '20')
2018-12-17T22:30:40.454665276Z 2 PC: 1e985 | Character output (Char = '44')
2018-12-17T22:30:40.456410228Z 2 PC: 1e985 | Character output (Char = '69')
2018-12-17T22:30:40.457766325Z 2 PC: 1e985 | Character output (Char = '73')
2018-12-17T22:30:40.468191825Z 2 PC: 1e985 | Character output (Char = '6b')
2018-12-17T22:30:40.470272998Z 2 PC: 1e985 | Character output (Char = '2c')
2018-12-17T22:30:40.472224234Z 2 PC: 1e985 | Character output (Char = '20')
2018-12-17T22:30:40.485186312Z 2 PC: 1e985 | Character output (Char = '41')
2018-12-17T22:30:40.487415719Z 2 PC: 1e985 | Character output (Char = '64')
2018-12-17T22:30:40.48967373Z 2 PC: 1e985 | Character output (Char = '76')
2018-12-17T22:30:40.493193579Z 2 PC: 1e985 | Character output (Char = '61')
2018-12-17T22:30:40.495296257Z 2 PC: 1e985 | Character output (Char = '6e')
2018-12-17T22:30:40.497325402Z 2 PC: 1e985 | Character output (Char = '63')
2018-12-17T22:30:40.517267813Z 2 PC: 1e985 | Character output (Char = '65')
2018-12-17T22:30:40.519287564Z 2 PC: 1e985 | Character output (Char = '64')
2018-12-17T22:30:40.521443874Z 2 PC: 1e985 | Character output (Char = '20')
2018-12-17T22:30:40.524137732Z 2 PC: 1e985 | Character output (Char = '45')
2018-12-17T22:30:40.526212429Z 2 PC: 1e985 | Character output (Char = '64')
2018-12-17T22:30:40.528260971Z 2 PC: 1e985 | Character output (Char = '69')
2018-12-17T22:30:40.530750872Z 2 PC: 1e985 | Character output (Char = '74')
2018-12-17T22:30:40.533139057Z 2 PC: 1e985 | Character output (Char = '69')
2018-12-17T22:30:40.535035164Z 2 PC: 1e985 | Character output (Char = '6f')
2018-12-17T22:30:40.537904665Z 2 PC: 1e985 | Character output (Char = '6e')
2018-12-17T22:30:40.540239777Z 2 PC: 1e985 | Character output (Char = '20')
2018-12-17T22:30:40.542933167Z 2 PC: 1e985 | Character output (Char = '34')
2018-12-17T22:30:40.546772388Z 2 PC: 1e985 | Character output (Char = '2e')
2018-12-17T22:30:40.548991949Z 2 PC: 1e985 | Character output (Char = '35')
2018-12-17T22:30:40.553589103Z 2 PC: 1e985 | Character output (Char = '30')
2018-12-17T22:30:40.556163907Z 2 PC: 1e985 | Character output (Char = '2c')
2018-12-17T22:30:40.558362434Z 2 PC: 1e985 | Character output (Char = '20')
2018-12-17T22:30:40.560388418Z 2 PC: 1e985 | Character output (Char = '28')
2018-12-17T22:30:40.56298323Z 2 PC: 1e985 | Character output (Char = '43')
2018-12-17T22:30:40.565239913Z 2 PC: 1e985 | Character output (Char = '29')
2018-12-17T22:30:40.567519487Z 2 PC: 1e985 | Character output (Char = '20')
2018-12-17T22:30:40.570715811Z 2 PC: 1e985 | Character output (Char = '43')
2018-12-17T22:30:40.572823749Z 2 PC: 1e985 | Character output (Char = '6f')
2018-12-17T22:30:40.574869937Z 2 PC: 1e985 | Character output (Char = '70')
2018-12-17T22:30:40.57749425Z 2 PC: 1e985 | Character output (Char = '72')
2018-12-17T22:30:40.579673128Z 2 PC: 1e985 | Character output (Char = '20')
2018-12-17T22:30:40.581904102Z 2 PC: 1e985 | Character output (Char = '31')
2018-12-17T22:30:40.584577346Z 2 PC: 1e985 | Character output (Char = '39')
2018-12-17T22:30:40.586802695Z 2 PC: 1e985 | Character output (Char = '38')
2018-12-17T22:30:40.588934276Z 2 PC: 1e985 | Character output (Char = '37')
2018-12-17T22:30:40.591767194Z 2 PC: 1e985 | Character output (Char = '2d')
2018-12-17T22:30:40.593770213Z 2 PC: 1e985 | Character output (Char = '38')
2018-12-17T22:30:40.59573273Z 2 PC: 1e985 | Character output (Char = '38')
2018-12-17T22:30:40.598725657Z 2 PC: 1e985 | Character output (Char = '2c')
2018-12-17T22:30:40.601199689Z 2 PC: 1e985 | Character output (Char = '20')
2018-12-17T22:30:40.603314075Z 2 PC: 1e985 | Character output (Char = '50')
2018-12-17T22:30:40.606868031Z 2 PC: 1e985 | Character output (Char = '65')
2018-12-17T22:30:40.608761375Z 2 PC: 1e985 | Character output (Char = '74')
2018-12-17T22:30:40.610699994Z 2 PC: 1e985 | Character output (Char = '65')
2018-12-17T22:30:40.61295796Z 2 PC: 1e985 | Character output (Char = '72')
2018-12-17T22:30:40.614874646Z 2 PC: 1e985 | Character output (Char = '20')
2018-12-17T22:30:40.617162577Z 2 PC: 1e985 | Character output (Char = '4e')
2018-12-17T22:30:40.63195083Z 2 PC: 1e985 | Character output (Char = '6f')
2018-12-17T22:30:40.634075732Z 2 PC: 1e985 | Character output (Char = '72')
2018-12-17T22:30:40.636464745Z 2 PC: 1e985 | Character output (Char = '74')
2018-12-17T22:30:40.63956959Z 2 PC: 1e985 | Character output (Char = '6f')
2018-12-17T22:30:40.641839311Z 2 PC: 1e985 | Character output (Char = '6e')
2018-12-17T22:30:40.644188587Z 2 PC: 1e97e | Character output (Char = '0d')
2018-12-17T22:30:40.646237867Z 2 PC: 1e985 | Character output (Char = '0a')
2018-12-17T22:30:40.649880909Z 2 PC: 1e97e | Character output (Char = '0d')
2018-12-17T22:30:40.652029989Z 2 PC: 1e985 | Character output (Char = '0a')
2018-12-17T22:30:40.655606486Z 13 PC: 1b87e | Disk reset
2018-12-17T22:30:40.656954834Z 25 PC: 1b84f | Get default drive
2018-12-17T22:30:40.658563132Z 37 PC: 1b234 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:40.659742622Z 53 PC: 1d425 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:30:40.660723224Z 53 PC: 1d432 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:30:40.662386211Z 37 PC: 1d444 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:30:40.663177856Z 37 PC: 1d44e | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:30:40.668565031Z 25 PC: 1b84f | Get default drive
2018-12-17T22:30:40.676243889Z 14 PC: 1b88c | Set default drive (Drive = 'A')
2018-12-17T22:30:40.678254547Z 14 PC: 1b88c | Set default drive (Drive = 'A')
2018-12-17T22:30:40.679851348Z 25 PC: 1b84f | Get default drive
2018-12-17T22:30:40.681391777Z 41 PC: 1b873 | Parse filename
2018-12-17T22:30:40.682901729Z 96 PC: 1b836 | Qualify filename
2018-12-17T22:30:40.685090229Z 68 PC: 1b8db | I/O control for devices (Set for = 'W�')
2018-12-17T22:30:40.687077644Z 14 PC: 1b88c | Set default drive (Drive = 'C')
2018-12-17T22:30:40.688098272Z 25 PC: 1b84f | Get default drive
2018-12-17T22:30:40.68906363Z 41 PC: 1b873 | Parse filename
2018-12-17T22:30:40.690753667Z 96 PC: 1b836 | Qualify filename
2018-12-17T22:30:40.693024687Z 68 PC: 1b8db | I/O control for devices (Set for = 'W�')
2018-12-17T22:30:40.694807271Z 14 PC: 1b88c | Set default drive (Drive = 'D')
2018-12-17T22:30:40.696158636Z 25 PC: 1b84f | Get default drive
2018-12-17T22:30:40.697136169Z 41 PC: 1b873 | Parse filename
2018-12-17T22:30:40.699538126Z 14 PC: 1b88c | Set default drive (Drive = 'E')
2018-12-17T22:30:40.700720205Z 25 PC: 1b84f | Get default drive
2018-12-17T22:30:40.701709907Z 41 PC: 1b873 | Parse filename
2018-12-17T22:30:40.703656219Z 14 PC: 1b88c | Set default drive (Drive = 'A')
2018-12-17T22:30:40.958189276Z 12 PC: 1e725 | Flush input buffer and input
2018-12-17T22:30:40.961705241Z 7 PC: 1e706 | Direct console input without echo