Sample viewer

vx.netlux.org/Virus.DOS.Ku.334.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:33:41.198812847Z	132	PC: 12c24 \| UNKNOWN!
2018-12-17T22:33:41.200261629Z	25	PC: 138f8 \| Get default drive
2018-12-17T22:33:41.20220829Z	73	PC: 12c72 \| Release memory
2018-12-17T22:33:41.205931365Z	72	PC: 12c7b \| Allocate memory
2018-12-17T22:33:41.208773143Z	74	PC: 12c8a \| Reallocate memory
2018-12-17T22:33:41.210694585Z	74	PC: 12c99 \| Reallocate memory
2018-12-17T22:33:41.214032904Z	53	PC: 12b94 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:33:41.217261055Z	37	PC: 12bcb \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:33:41.219358803Z	76	PC: 12a8d \| Terminate with return code (Return code = '0')
2018-12-17T22:33:41.223581444Z	77	PC: 11fe0 \| Get program return code
2018-12-17T22:33:41.225933124Z	72	PC: 12174 \| Allocate memory
2018-12-17T22:33:41.228558411Z	72	PC: 1218d \| Allocate memory
2018-12-17T22:33:41.231664507Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:33:41.234606905Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:33:41.236222822Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:33:41.237730447Z	69	PC: 9ec85 \| Duplicate handle
2018-12-17T22:33:41.241200245Z	62	PC: 122ab \| Close file
2018-12-17T22:33:41.243855266Z	62	PC: 122ab \| Close file
2018-12-17T22:33:41.24626017Z	62	PC: 122ab \| Close file
2018-12-17T22:33:41.250129459Z	62	PC: 122ab \| Close file
2018-12-17T22:33:41.252537409Z	62	PC: 122ab \| Close file
2018-12-17T22:33:41.258623264Z	62	PC: 122ab \| Close file
2018-12-17T22:33:41.260625618Z	62	PC: 122ab \| Close file
2018-12-17T22:33:41.263501101Z	62	PC: 122ab \| Close file
2018-12-17T22:33:41.265412486Z	62	PC: 122ab \| Close file
2018-12-17T22:33:41.2673642Z	62	PC: 122ab \| Close file
2018-12-17T22:33:41.270146819Z	62	PC: 122ab \| Close file
2018-12-17T22:33:41.286580487Z	62	PC: 122ab \| Close file
2018-12-17T22:33:41.289895663Z	62	PC: 122ab \| Close file
2018-12-17T22:33:41.292977592Z	62	PC: 122ab \| Close file
2018-12-17T22:33:41.295327897Z	62	PC: 122ab \| Close file
2018-12-17T22:33:41.299215594Z	61	PC: 9f3de \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:33:41.306533669Z	87	PC: 9ec85 \| Get or set file date and time
2018-12-17T22:33:41.308330116Z	66	PC: 9f408 \| Move file pointer
2018-12-17T22:33:41.310209796Z	66	PC: 12372 \| Move file pointer
2018-12-17T22:33:41.31306347Z	63	PC: 9f434 \| Read file or device (Read 44693 bytes on handle 5)
2018-12-17T22:33:41.328230497Z	62	PC: 1238a \| Close file
2018-12-17T22:33:41.332157692Z	99	PC: 99227 \| Get DBCS lead byte table pointer
2018-12-17T22:33:41.334110621Z	56	PC: 93a49 \| Get or set country info
2018-12-17T22:33:41.336890674Z	64	PC: 99498 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:33:41.343595691Z	25	PC: 93ab2 \| Get default drive
2018-12-17T22:33:41.34589939Z	71	PC: 95d2d \| Get current directory
2018-12-17T22:33:41.350740177Z	64	PC: 99498 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:33:41.356906726Z	2	PC: 95d02 \| Character output (Char = '3e')
2018-12-17T22:33:41.359641106Z	93	PC: 93b70 \| File sharing functions
2018-12-17T22:33:41.361799744Z	93	PC: 93b77 \| File sharing functions
2018-12-17T22:33:41.364902485Z	10	PC: 93b89 \| Buffered keyboard input
2018-12-17T22:33:56.16733448Z	0	PC: 0 \| Program terminate
2018-12-17T22:33:57.521541754Z	0	PC: 0 \| Program terminate
2018-12-17T22:33:57.624371135Z	64	PC: 99498 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:33:57.630793499Z	41	PC: 93bfe \| Parse filename
2018-12-17T22:33:57.633568929Z	41	PC: 93c7f \| Parse filename
2018-12-17T22:33:57.63672168Z	41	PC: 93c9c \| Parse filename
2018-12-17T22:33:57.639244151Z	26	PC: 97147 \| Set disk transfer address
2018-12-17T22:33:57.641660707Z	71	PC: 97343 \| Get current directory
2018-12-17T22:33:57.65040705Z	78	PC: 9f0f5 \| Find first file
2018-12-17T22:33:57.660430415Z	47	PC: 9ec85 \| Get disk transfer address
2018-12-17T22:33:57.663105888Z	71	PC: 971bc \| Get current directory
2018-12-17T22:33:57.666685935Z	73	PC: 96859 \| Release memory
2018-12-17T22:33:57.669343526Z	67	PC: 9ec85 \| Get or set file attributes
2018-12-17T22:33:57.676166633Z	67	PC: 9ec85 \| Get or set file attributes
2018-12-17T22:33:57.694960612Z	61	PC: 9ec85 \| Open file (Filename = '')
2018-12-17T22:33:57.702710373Z	87	PC: 9ec85 \| Get or set file date and time
2018-12-17T22:33:57.704511982Z	87	PC: 9ec85 \| Get or set file date and time
2018-12-17T22:33:57.706466366Z	87	PC: 9ec85 \| Get or set file date and time
2018-12-17T22:33:57.708423266Z	66	PC: 9ec85 \| Move file pointer
2018-12-17T22:33:57.710467056Z	63	PC: 9ec85 \| Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:33:57.718018274Z	44	PC: 9ec85 \| Get time 0x9ec85: ret 0x9ec86: popf 0x9ec87: mov bh, byte ptr cs:[0x1223] 0x9ec8c: mov dx, 0x1990 0x9ec8f: iret 0x9ec90: popf 0x9ec91: jmp 0x9ec8c 0x9ec93: pop dx 0x9ec94: pop ds 0x9ec95: jmp 0x9ebed 0x9ec98: call 0x9f63d 0x9ec9b: call 0x9eca1 0x9ec9e: jmp 0x9ebee 0x9eca1: call 0x9eca7 0x9eca4: jmp 0x9ece8 0x9eca6: nop 0x9eca7: xor ax, ax 0x9eca9: mov es, ax 0x9ecab: les ax, ptr es:[0x90] 0x9ecb0: mov word ptr cs:[0x11e1], ax
2018-12-17T22:33:57.720618914Z	66	PC: 9ec85 \| Move file pointer
2018-12-17T22:33:57.7222929Z	87	PC: 9ec85 \| Get or set file date and time
2018-12-17T22:33:57.72472742Z	62	PC: 9ec85 \| Close file
2018-12-17T22:33:57.732482877Z	67	PC: 9ec85 \| Get or set file attributes
2018-12-17T22:33:57.744276847Z	75	PC: 11821 \| Execute program
2018-12-17T22:33:57.756749507Z	9	PC: 12a47 \| Display string (String= 'Hello, World! ')
2018-12-17T22:33:57.761451166Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')