Sample viewer

vx.netlux.org/Virus.DOS.Manuel.based

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:34:42.847801391Z	82	PC: 12e51 \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:34:42.849987494Z	74	PC: 12ea3 \| Reallocate memory
2018-12-17T22:34:42.851675755Z	72	PC: 12eac \| Allocate memory
2018-12-17T22:34:42.853563805Z	42	PC: 9f8f4 \| Get date 0x9f8f4: mov al, dh 0x9f8f6: sub cx, 0x76c 0x9f8fa: mov ah, cl 0x9f8fc: ret 0x9f8fd: push ax 0x9f8fe: mov ah, 0x35 0x9f900: int 0x21 0x9f902: mov ax, es 0x9f904: mov word ptr [si + 2], ax 0x9f907: mov word ptr [si], bx 0x9f909: pop ax 0x9f90a: mov ah, 0x25 0x9f90c: int 0x21 0x9f90e: ret 0x9f90f: mov ax, 0xffff 0x9f912: mov ds, ax 0x9f914: cmp byte ptr [0xe], 0xfc 0x9f919: push cs 0x9f91a: pop ds 0x9f91b: mov byte ptr [0x19], 0
2018-12-17T22:34:42.856348673Z	53	PC: 9f902 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:34:42.861930805Z	37	PC: 9f90e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:34:42.863251668Z	67	PC: 9fa11 \| Get or set file attributes
2018-12-17T22:34:42.872936405Z	61	PC: 9fa2f \| Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-17T22:34:42.879801686Z	87	PC: 9fa3d \| Get or set file date and time
2018-12-17T22:34:42.881362767Z	63	PC: 9fa51 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:42.886781399Z	66	PC: 9fa5c \| Move file pointer
2018-12-17T22:34:42.888976279Z	66	PC: 9fa7d \| Move file pointer
2018-12-17T22:34:42.890585061Z	63	PC: 9fa87 \| Read file or device (Read 25 bytes on handle 5)
2018-12-17T22:34:42.896568817Z	42	PC: 9f8f4 \| Get date 0x9f8f4: mov al, dh 0x9f8f6: sub cx, 0x76c 0x9f8fa: mov ah, cl 0x9f8fc: ret 0x9f8fd: push ax 0x9f8fe: mov ah, 0x35 0x9f900: int 0x21 0x9f902: mov ax, es 0x9f904: mov word ptr [si + 2], ax 0x9f907: mov word ptr [si], bx 0x9f909: pop ax 0x9f90a: mov ah, 0x25 0x9f90c: int 0x21 0x9f90e: ret 0x9f90f: mov ax, 0xffff 0x9f912: mov ds, ax 0x9f914: cmp byte ptr [0xe], 0xfc 0x9f919: push cs 0x9f91a: pop ds 0x9f91b: mov byte ptr [0x19], 0
2018-12-17T22:34:42.899271065Z	64	PC: 9fab6 \| Write file or device (Write 937 bytes on handle 5)
2018-12-17T22:34:43.244364348Z	66	PC: 9fac1 \| Move file pointer
2018-12-17T22:34:43.246039548Z	64	PC: 9fad3 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:43.24998404Z	87	PC: 9fae0 \| Get or set file date and time
2018-12-17T22:34:43.252137358Z	62	PC: 9fae4 \| Close file
2018-12-17T22:34:43.25854807Z	37	PC: 9fb07 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:34:43.260574631Z	53	PC: 9f902 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:34:43.262322637Z	37	PC: 9f90e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:34:43.26403223Z	67	PC: 9fa11 \| Get or set file attributes
2018-12-17T22:34:43.271748404Z	37	PC: 9fb07 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:34:43.272784442Z	53	PC: 9f902 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:34:43.274172004Z	37	PC: 9f90e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:34:43.276524821Z	67	PC: 9fa11 \| Get or set file attributes
2018-12-17T22:34:43.280970002Z	61	PC: 9fa2f \| Open file (Filename = 'C:\DOS\KEYB.COM')
2018-12-17T22:34:43.28644006Z	87	PC: 9fa3d \| Get or set file date and time
2018-12-17T22:34:43.288306843Z	63	PC: 9fa51 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:43.292354804Z	66	PC: 9fa5c \| Move file pointer
2018-12-17T22:34:43.293810807Z	66	PC: 9fa7d \| Move file pointer
2018-12-17T22:34:43.29524144Z	63	PC: 9fa87 \| Read file or device (Read 25 bytes on handle 5)
2018-12-17T22:34:43.300154795Z	42	PC: 9f8f4 \| Get date 0x9f8f4: mov al, dh 0x9f8f6: sub cx, 0x76c 0x9f8fa: mov ah, cl 0x9f8fc: ret 0x9f8fd: push ax 0x9f8fe: mov ah, 0x35 0x9f900: int 0x21 0x9f902: mov ax, es 0x9f904: mov word ptr [si + 2], ax 0x9f907: mov word ptr [si], bx 0x9f909: pop ax 0x9f90a: mov ah, 0x25 0x9f90c: int 0x21 0x9f90e: ret 0x9f90f: mov ax, 0xffff 0x9f912: mov ds, ax 0x9f914: cmp byte ptr [0xe], 0xfc 0x9f919: push cs 0x9f91a: pop ds 0x9f91b: mov byte ptr [0x19], 0
2018-12-17T22:34:43.302613397Z	64	PC: 9fab6 \| Write file or device (Write 937 bytes on handle 5)
2018-12-17T22:34:43.312397222Z	66	PC: 9fac1 \| Move file pointer
2018-12-17T22:34:43.314190449Z	64	PC: 9fad3 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:43.316806182Z	87	PC: 9fae0 \| Get or set file date and time
2018-12-17T22:34:43.31863771Z	62	PC: 9fae4 \| Close file
2018-12-17T22:34:43.32703787Z	37	PC: 9fb07 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:34:43.328391962Z	53	PC: 9f902 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:34:43.329792142Z	37	PC: 9f90e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:34:43.338325203Z	67	PC: 9fa11 \| Get or set file attributes
2018-12-17T22:34:43.344132768Z	37	PC: 9fb07 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:34:43.345305976Z	53	PC: 9f902 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:34:43.347254247Z	37	PC: 9f90e \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:34:43.348686672Z	76	PC: 12a48 \| Terminate with return code (Return code = '76')