Sample viewer

vx.netlux.org/Virus.DOS.V.743

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:35:40.208532893Z	47	PC: 12c52 \| Get disk transfer address
2018-12-17T22:35:40.226093357Z	26	PC: 12c61 \| Set disk transfer address
2018-12-17T22:35:40.227728894Z	53	PC: 12c66 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:40.229271958Z	37	PC: 12c78 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:40.231266459Z	98	PC: 12c7e \| Get current PSP
2018-12-17T22:35:40.233411772Z	96	PC: 12cdf \| Qualify filename
2018-12-17T22:35:40.23849174Z	78	PC: 12ce9 \| Find first file
2018-12-17T22:35:40.245229476Z	44	PC: 12d54 \| Get time 0x12d54: mov word ptr [0x3fb], cx 0x12d58: add word ptr [0x3fb], dx 0x12d5c: mov ah, 0x2a 0x12d5e: int 0x21 0x12d60: add word ptr [0x3fb], cx 0x12d64: add word ptr [0x3fb], dx 0x12d68: mov dl, 0 0x12d6a: cmp byte ptr [0x3fe], 0x3a 0x12d6f: jne 0x12d78 0x12d71: mov dl, byte ptr [0x3fd] 0x12d75: sub dl, 0x40 0x12d78: mov ah, 0x36 0x12d7a: int 0x21 0x12d7c: mul bx 0x12d7e: mul cx 0x12d80: or dx, dx 0x12d82: jne 0x12d8d 0x12d84: cmp ax, word ptr [0x3fb] 0x12d88: ja 0x12d8d 0x12d8a: jmp 0x12ee0
2018-12-17T22:35:40.248160924Z	42	PC: 12d60 \| Get date 0x12d60: add word ptr [0x3fb], cx 0x12d64: add word ptr [0x3fb], dx 0x12d68: mov dl, 0 0x12d6a: cmp byte ptr [0x3fe], 0x3a 0x12d6f: jne 0x12d78 0x12d71: mov dl, byte ptr [0x3fd] 0x12d75: sub dl, 0x40 0x12d78: mov ah, 0x36 0x12d7a: int 0x21 0x12d7c: mul bx 0x12d7e: mul cx 0x12d80: or dx, dx 0x12d82: jne 0x12d8d 0x12d84: cmp ax, word ptr [0x3fb] 0x12d88: ja 0x12d8d 0x12d8a: jmp 0x12ee0 0x12d8d: cld 0x12d8e: mov cx, 0xd 0x12d91: mov si, 0x475 0x12d94: mov ah, al
2018-12-17T22:35:40.250817546Z	54	PC: 12d7c \| Get free disk space
2018-12-17T22:35:40.267887129Z	67	PC: 12dd0 \| Get or set file attributes
2018-12-17T22:35:40.287455238Z	61	PC: 12ddd \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:35:40.2952036Z	63	PC: 12df3 \| Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:35:40.301334678Z	42	PC: 12e13 \| Get date 0x12e13: cmp dl, byte ptr [0x452] 0x12e17: jne 0x12e65 0x12e19: jmp 0x12ee0 0x12e1c: mov ax, word ptr [0x455] 0x12e1f: mov word ptr [0x3db], ax 0x12e22: mov ax, word ptr [0x453] 0x12e25: mov word ptr [0x3d9], ax 0x12e28: mov ax, word ptr [0x44d] 0x12e2b: mov word ptr [0x3dd], ax 0x12e2e: mov ax, word ptr [0x44f] 0x12e31: mov word ptr [0x3df], ax 0x12e34: mov ax, word ptr [0x471] 0x12e37: mov dx, word ptr [0x473] 0x12e3b: mov cx, 0x10 0x12e3e: div cx 0x12e40: sub ax, word ptr [0x447] 0x12e44: sub ax, 0x10 0x12e47: inc ax 0x12e48: mov word ptr [0x455], ax 0x12e4b: mov word ptr [0x44d], ax
2018-12-17T22:35:40.307738959Z	42	PC: 12e9a \| Get date 0x12e9a: mov byte ptr [0x452], dl 0x12e9e: xor dx, dx 0x12ea0: xor cx, cx 0x12ea2: mov bx, word ptr [0x43d] 0x12ea6: mov ax, 0x4200 0x12ea9: int 0x21 0x12eab: mov dx, 0x43f 0x12eae: mov cl, 0x18 0x12eb0: mov ah, 0x40 0x12eb2: int 0x21 0x12eb4: jb 0x12ee0 0x12eb6: xor dx, dx 0x12eb8: xor cx, cx 0x12eba: mov ax, 0x4202 0x12ebd: int 0x21 0x12ebf: mov dx, 0x100 0x12ec2: sub dx, word ptr [0x3f9] 0x12ec6: mov cx, 0x2e7 0x12ec9: add cx, word ptr [0x3f9] 0x12ecd: mov ah, 0x40
2018-12-17T22:35:40.313790719Z	66	PC: 12eab \| Move file pointer
2018-12-17T22:35:40.316126059Z	64	PC: 12eb4 \| Write file or device (Write 24 bytes on handle 5)
2018-12-17T22:35:40.320865658Z	66	PC: 12ebf \| Move file pointer
2018-12-17T22:35:40.322590673Z	64	PC: 12ed1 \| Write file or device (Write 743 bytes on handle 5)
2018-12-17T22:35:40.349982816Z	64	PC: 12edd \| Write file or device (Write 6240 bytes on handle 5)
2018-12-17T22:35:40.360726295Z	87	PC: 12ef1 \| Get or set file date and time
2018-12-17T22:35:40.362815924Z	62	PC: 12ef5 \| Close file
2018-12-17T22:35:40.371468682Z	67	PC: 12f03 \| Get or set file attributes
2018-12-17T22:35:40.386327619Z	37	PC: 12d1b \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:40.388238242Z	26	PC: 12d25 \| Set disk transfer address
2018-12-17T22:35:40.390755884Z	47	PC: 12c52 \| Get disk transfer address
2018-12-17T22:35:40.392853768Z	26	PC: 12c61 \| Set disk transfer address
2018-12-17T22:35:40.394505306Z	53	PC: 12c66 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:40.397233021Z	37	PC: 12c78 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:40.399532875Z	98	PC: 12c7e \| Get current PSP
2018-12-17T22:35:40.407824856Z	96	PC: 12cdf \| Qualify filename
2018-12-17T22:35:40.414161991Z	78	PC: 12ce9 \| Find first file
2018-12-17T22:35:40.432239043Z	44	PC: 12d54 \| Get time 0x12d54: mov word ptr [0x3fb], cx 0x12d58: add word ptr [0x3fb], dx 0x12d5c: mov ah, 0x2a 0x12d5e: int 0x21 0x12d60: add word ptr [0x3fb], cx 0x12d64: add word ptr [0x3fb], dx 0x12d68: mov dl, 0 0x12d6a: cmp byte ptr [0x3fe], 0x3a 0x12d6f: jne 0x12d78 0x12d71: mov dl, byte ptr [0x3fd] 0x12d75: sub dl, 0x40 0x12d78: mov ah, 0x36 0x12d7a: int 0x21 0x12d7c: mul bx 0x12d7e: mul cx 0x12d80: or dx, dx 0x12d82: jne 0x12d8d 0x12d84: cmp ax, word ptr [0x3fb] 0x12d88: ja 0x12d8d 0x12d8a: jmp 0x12ee0
2018-12-17T22:35:40.435579278Z	42	PC: 12d60 \| Get date 0x12d60: add word ptr [0x3fb], cx 0x12d64: add word ptr [0x3fb], dx 0x12d68: mov dl, 0 0x12d6a: cmp byte ptr [0x3fe], 0x3a 0x12d6f: jne 0x12d78 0x12d71: mov dl, byte ptr [0x3fd] 0x12d75: sub dl, 0x40 0x12d78: mov ah, 0x36 0x12d7a: int 0x21 0x12d7c: mul bx 0x12d7e: mul cx 0x12d80: or dx, dx 0x12d82: jne 0x12d8d 0x12d84: cmp ax, word ptr [0x3fb] 0x12d88: ja 0x12d8d 0x12d8a: jmp 0x12ee0 0x12d8d: cld 0x12d8e: mov cx, 0xd 0x12d91: mov si, 0x475 0x12d94: mov ah, al
2018-12-17T22:35:40.437999357Z	54	PC: 12d7c \| Get free disk space
2018-12-17T22:35:40.441593167Z	67	PC: 12dd0 \| Get or set file attributes
2018-12-17T22:35:40.477761439Z	61	PC: 12ddd \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:35:40.484976871Z	63	PC: 12df3 \| Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:35:40.487955056Z	42	PC: 12e13 \| Get date 0x12e13: cmp dl, byte ptr [0x452] 0x12e17: jne 0x12e65 0x12e19: jmp 0x12ee0 0x12e1c: mov ax, word ptr [0x455] 0x12e1f: mov word ptr [0x3db], ax 0x12e22: mov ax, word ptr [0x453] 0x12e25: mov word ptr [0x3d9], ax 0x12e28: mov ax, word ptr [0x44d] 0x12e2b: mov word ptr [0x3dd], ax 0x12e2e: mov ax, word ptr [0x44f] 0x12e31: mov word ptr [0x3df], ax 0x12e34: mov ax, word ptr [0x471] 0x12e37: mov dx, word ptr [0x473] 0x12e3b: mov cx, 0x10 0x12e3e: div cx 0x12e40: sub ax, word ptr [0x447] 0x12e44: sub ax, 0x10 0x12e47: inc ax 0x12e48: mov word ptr [0x455], ax 0x12e4b: mov word ptr [0x44d], ax
2018-12-17T22:35:40.491755474Z	87	PC: 12ef1 \| Get or set file date and time
2018-12-17T22:35:40.493959457Z	62	PC: 12ef5 \| Close file
2018-12-17T22:35:40.515532857Z	67	PC: 12f03 \| Get or set file attributes
2018-12-17T22:35:40.541702717Z	37	PC: 12d1b \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:40.543910308Z	26	PC: 12d25 \| Set disk transfer address
2018-12-17T22:35:40.548680624Z	64	PC: 14f45 \| Write file or device (Write 114 bytes on handle 8302)
2018-12-17T22:35:40.551761562Z	89	PC: 14e93 \| Get extended error info