Sample viewer

vx.netlux.org/Virus.DOS.Tuun.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:30:59.186622857Z 53 PC: 14b9a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:30:59.188259476Z 53 PC: 14b9a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:30:59.190663696Z 53 PC: 14b9a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:30:59.192059503Z 53 PC: 14b9a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:30:59.193268569Z 53 PC: 14b9a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:30:59.195006811Z 53 PC: 14b9a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:59.196604239Z 53 PC: 14b9a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:30:59.197711106Z 53 PC: 14b9a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:30:59.199924428Z 53 PC: 14b9a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:30:59.201271453Z 53 PC: 14b9a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:30:59.202578132Z 53 PC: 14b9a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:30:59.204261234Z 53 PC: 14b9a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:30:59.206049701Z 53 PC: 14b9a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:30:59.207929514Z 53 PC: 14b9a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:30:59.210561134Z 53 PC: 14b9a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:30:59.218207179Z 53 PC: 14b9a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:30:59.220260479Z 53 PC: 14b9a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:30:59.229437124Z 53 PC: 14b9a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:30:59.231383455Z 53 PC: 14b9a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:30:59.242052758Z 37 PC: 14baf | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:30:59.243335584Z 37 PC: 14bb7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:30:59.245041576Z 37 PC: 14bbf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:59.246269038Z 37 PC: 14bc7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:30:59.248846934Z 68 PC: 1578c | I/O control for devices (Set for = '')
2018-12-17T22:30:59.275245492Z 37 PC: 14251 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:30:59.2772809Z 48 PC: 154b2 | Get DOS version
2018-12-17T22:30:59.27996628Z 53 PC: 14971 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:30:59.281711016Z 37 PC: 1498d | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:30:59.283282337Z 53 PC: 14971 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:30:59.285399234Z 37 PC: 1498d | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:30:59.28661686Z 53 PC: 14971 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:30:59.287988123Z 37 PC: 1498d | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:30:59.289705075Z 51 PC: 1485f | Get or set Ctrl-Break
2018-12-17T22:30:59.290954134Z 60 PC: 152f0 | Create or truncate file
2018-12-17T22:30:59.308002448Z 65 PC: 15439 | Delete file (Filename = '\�')
2018-12-17T22:30:59.318588559Z 48 PC: 154b2 | Get DOS version
2018-12-17T22:30:59.319977097Z 61 PC: 152f0 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:30:59.3274419Z 66 PC: 15422 | Move file pointer
2018-12-17T22:30:59.328845857Z 63 PC: 153c3 | Read file or device (Read 4 bytes on handle 6)
2018-12-17T22:30:59.331419399Z 62 PC: 15340 | Close file
2018-12-17T22:30:59.335107287Z 48 PC: 154b2 | Get DOS version
2018-12-17T22:30:59.336664039Z 61 PC: 152f0 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:30:59.344077072Z 63 PC: 153c3 | Read file or device (Read 8218 bytes on handle 6)
2018-12-17T22:30:59.353027904Z 62 PC: 15340 | Close file
2018-12-17T22:30:59.355266983Z 26 PC: 14910 | Set disk transfer address
2018-12-17T22:30:59.356163896Z 78 PC: 1491c | Find first file
2018-12-17T22:30:59.362908445Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.364502542Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.36788233Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.369667514Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.372790363Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.373859931Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.377455664Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.378704696Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.382432442Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.383864901Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.386955041Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.38798588Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.392163901Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.393183989Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.39690284Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.39820981Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.401774891Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.403190694Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.406368461Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.407359456Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.410643016Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.412939032Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.416340724Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.41792004Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.421593106Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.422828147Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.426855604Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.427934773Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.431668033Z 61 PC: 152f0 | Open file (Filename = '\TEST.EXE')
2018-12-17T22:30:59.43814504Z 66 PC: 15422 | Move file pointer
2018-12-17T22:30:59.439537858Z 63 PC: 153c3 | Read file or device (Read 4 bytes on handle 6)
2018-12-17T22:30:59.442756202Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.444017904Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.446632525Z 26 PC: 14910 | Set disk transfer address
2018-12-17T22:30:59.448151044Z 78 PC: 1491c | Find first file
2018-12-17T22:30:59.454619415Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.455633411Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.458811306Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.459785099Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.462738616Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.464199709Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.466719231Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.467836054Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.470786829Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.471770533Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.474816241Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.475807471Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.478249868Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.480138137Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.483054636Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.483948511Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.487504256Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.488715567Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.491218828Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.492476931Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.49495538Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.496538561Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.499137192Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.500164762Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.503168584Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.504139402Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.506587819Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.508368771Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.511068595Z 26 PC: 14934 | Set disk transfer address
2018-12-17T22:30:59.512096676Z 79 PC: 14939 | Find next file
2018-12-17T22:30:59.515499437Z 44 PC: 1480d | Get time 0x1480d: xor ah, ah
0x1480f: mov al, dl
0x14811: les di, ptr [bp + 6]
0x14814: stosw word ptr es:[di], ax
0x14815: mov al, dh
0x14817: les di, ptr [bp + 0xa]
0x1481a: stosw word ptr es:[di], ax
0x1481b: mov al, cl
0x1481d: les di, ptr [bp + 0xe]
0x14820: stosw word ptr es:[di], ax
0x14821: mov al, ch
0x14823: les di, ptr [bp + 0x12]
0x14826: stosw word ptr es:[di], ax
0x14827: pop bp
0x14828: retf 0x10
0x1482b: push bp
0x1482c: mov bp, sp
0x1482e: mov ch, byte ptr [bp + 0xc]
0x14831: mov cl, byte ptr [bp + 0xa]
0x14834: mov dh, byte ptr [bp + 8]
2018-12-17T22:30:59.518049704Z 42 PC: 147d7 | Get date 0x147d7: xor ah, ah
0x147d9: les di, ptr [bp + 6]
0x147dc: stosw word ptr es:[di], ax
0x147dd: mov al, dl
0x147df: les di, ptr [bp + 0xa]
0x147e2: stosw word ptr es:[di], ax
0x147e3: mov al, dh
0x147e5: les di, ptr [bp + 0xe]
0x147e8: stosw word ptr es:[di], ax
0x147e9: xchg ax, cx
0x147ea: les di, ptr [bp + 0x12]
0x147ed: stosw word ptr es:[di], ax
0x147ee: pop bp
0x147ef: retf 0x10
0x147f2: push bp
0x147f3: mov bp, sp
0x147f5: mov cx, word ptr [bp + 0xa]
0x147f8: mov dh, byte ptr [bp + 8]
0x147fb: mov dl, byte ptr [bp + 6]
0x147fe: mov ah, 0x2b
2018-12-17T22:30:59.520254164Z 48 PC: 154b2 | Get DOS version
2018-12-17T22:30:59.521856221Z 26 PC: 14910 | Set disk transfer address
2018-12-17T22:30:59.522777305Z 78 PC: 1491c | Find first file
2018-12-17T22:30:59.530005818Z 48 PC: 154b2 | Get DOS version
2018-12-17T22:30:59.531318091Z 67 PC: 14899 | Get or set file attributes
2018-12-17T22:30:59.541333998Z 61 PC: 152f0 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:30:59.550951116Z 66 PC: 15422 | Move file pointer
2018-12-17T22:30:59.552914374Z 63 PC: 153c3 | Read file or device (Read 8218 bytes on handle 7)
2018-12-17T22:30:59.560985355Z 66 PC: 15422 | Move file pointer
2018-12-17T22:30:59.56274316Z 64 PC: 15321 | Write file or device (Write 0 bytes on handle 7)
2018-12-17T22:30:59.571294722Z 66 PC: 15422 | Move file pointer
2018-12-17T22:30:59.572778795Z 64 PC: 153c3 | Write file or device (Write 8218 bytes on handle 7)
2018-12-17T22:30:59.581576052Z 87 PC: 148e0 | Get or set file date and time
2018-12-17T22:30:59.583150381Z 67 PC: 14899 | Get or set file attributes
2018-12-17T22:30:59.590529942Z 62 PC: 15340 | Close file
2018-12-17T22:30:59.59732783Z 37 PC: 1498d | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:30:59.598352128Z 37 PC: 1498d | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:30:59.599948633Z 37 PC: 1498d | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:30:59.600982578Z 53 PC: 14b12 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:30:59.602019601Z 37 PC: 14b1b | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:30:59.603692364Z 53 PC: 14b12 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:30:59.604794118Z 37 PC: 14b1b | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:30:59.606019752Z 53 PC: 14b12 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:30:59.607412968Z 37 PC: 14b1b | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:30:59.608541022Z 53 PC: 14b12 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:30:59.610427361Z 37 PC: 14b1b | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:30:59.611412605Z 53 PC: 14b12 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:30:59.612409001Z 37 PC: 14b1b | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:30:59.613759976Z 53 PC: 14b12 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:59.615100439Z 37 PC: 14b1b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:59.616094991Z 53 PC: 14b12 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:30:59.619081119Z 37 PC: 14b1b | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:30:59.620277812Z 53 PC: 14b12 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:30:59.621414311Z 37 PC: 14b1b | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:30:59.623025529Z 53 PC: 14b12 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:30:59.624102449Z 37 PC: 14b1b | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:30:59.625343101Z 53 PC: 14b12 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:30:59.639180135Z 37 PC: 14b1b | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:30:59.640270074Z 53 PC: 14b12 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:30:59.641961886Z 37 PC: 14b1b | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:30:59.64305323Z 53 PC: 14b12 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:30:59.644127768Z 37 PC: 14b1b | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:30:59.646213926Z 53 PC: 14b12 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:30:59.647366313Z 37 PC: 14b1b | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:30:59.64846592Z 53 PC: 14b12 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:30:59.650922329Z 37 PC: 14b1b | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:30:59.651989515Z 53 PC: 14b12 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:30:59.653071615Z 37 PC: 14b1b | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:30:59.65485785Z 53 PC: 14b12 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:30:59.655997278Z 37 PC: 14b1b | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:30:59.657556433Z 53 PC: 14b12 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:30:59.658585842Z 37 PC: 14b1b | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:30:59.659578918Z 53 PC: 14b12 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:30:59.661377634Z 37 PC: 14b1b | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:30:59.662433138Z 53 PC: 14b12 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:30:59.663485828Z 37 PC: 14b1b | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:30:59.665708687Z 41 PC: 14a61 | Parse filename
2018-12-17T22:30:59.667215835Z 41 PC: 14a6f | Parse filename
2018-12-17T22:30:59.668567824Z 75 PC: 14a7a | Execute program
2018-12-17T22:30:59.689233806Z 80 PC: 1bfb9 | Set current PSP
2018-12-17T22:30:59.689908015Z 48 PC: 1bfbe | Get DOS version
2018-12-17T22:30:59.699881241Z 99 PC: 227a0 | Get DBCS lead byte table pointer
2018-12-17T22:30:59.702370143Z 101 PC: 1c044 | Get extended country info
2018-12-17T22:30:59.703533908Z 99 PC: 1c04a | Get DBCS lead byte table pointer
2018-12-17T22:30:59.705130631Z 74 PC: 1c0ac | Reallocate memory
2018-12-17T22:30:59.706508444Z 25 PC: 1c0e3 | Get default drive
2018-12-17T22:30:59.708121863Z 37 PC: 1bba3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:30:59.709416086Z 37 PC: 1bbaa | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:30:59.710525663Z 37 PC: 1bbb1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:59.715583528Z 74 PC: 1ad4c | Reallocate memory
2018-12-17T22:30:59.717765365Z 72 PC: 1ad8d | Allocate memory
2018-12-17T22:30:59.728903788Z 72 PC: 1adc5 | Allocate memory
2018-12-17T22:30:59.732690102Z 72 PC: 1adcd | Allocate memory