Sample viewer

vx.netlux.org/Virus.DOS.Flue.1171

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:40:25.377812377Z	71	PC: 134a1 \| Get current directory
2018-12-17T22:40:25.380413972Z	47	PC: 134a5 \| Get disk transfer address
2018-12-17T22:40:25.38135522Z	53	PC: 134ac \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:40:25.382722131Z	37	PC: 134c1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:40:25.38408936Z	26	PC: 134d5 \| Set disk transfer address
2018-12-17T22:40:25.385456682Z	44	PC: 13788 \| Get time 0x13788: xchg dl, ch 0x1378a: nop 0x1378b: mov ah, 0x2c 0x1378d: int 0x21 0x1378f: xchg dl, cl 0x13791: in al, 0x40 0x13793: xchg al, ah 0x13795: in al, 0x40 0x13797: xor ax, cx 0x13799: ret 0x1379a: mov cx, 9 0x1379d: pop ax 0x1379e: loop 0x1379d 0x137a0: pop bp 0x137a1: pop ds 0x137a2: pop es 0x137a3: pop dx 0x137a4: pop ds 0x137a5: popf 0x137a6: jmp 0x1370b
2018-12-17T22:40:25.387256276Z	44	PC: 1378f \| Get time 0x1378f: xchg dl, cl 0x13791: in al, 0x40 0x13793: xchg al, ah 0x13795: in al, 0x40 0x13797: xor ax, cx 0x13799: ret 0x1379a: mov cx, 9 0x1379d: pop ax 0x1379e: loop 0x1379d 0x137a0: pop bp 0x137a1: pop ds 0x137a2: pop es 0x137a3: pop dx 0x137a4: pop ds 0x137a5: popf 0x137a6: jmp 0x1370b 0x137a9: add ax, 0x600 0x137ac: mov ax, 0 0x137af: jmp 0x141e4 0x137b2: sub ch, byte ptr [0x4f43]
2018-12-17T22:40:25.389122918Z	78	PC: 13520 \| Find first file
2018-12-17T22:40:25.394570318Z	67	PC: 1353f \| Get or set file attributes
2018-12-17T22:40:26.406428087Z	61	PC: 13544 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:40:26.41477315Z	63	PC: 13562 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:40:26.424514901Z	66	PC: 1376a \| Move file pointer
2018-12-17T22:40:26.426714493Z	87	PC: 134fa \| Get or set file date and time
2018-12-17T22:40:26.428783918Z	62	PC: 134fe \| Close file
2018-12-17T22:40:26.437739152Z	67	PC: 1350e \| Get or set file attributes
2018-12-17T22:40:26.449658621Z	79	PC: 13520 \| Find next file
2018-12-17T22:40:26.461206163Z	67	PC: 1353f \| Get or set file attributes
2018-12-17T22:40:26.468501314Z	61	PC: 13544 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:40:26.476149565Z	63	PC: 13562 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:40:26.483528172Z	66	PC: 1376a \| Move file pointer
2018-12-17T22:40:26.485897083Z	87	PC: 134fa \| Get or set file date and time
2018-12-17T22:40:26.488252714Z	62	PC: 134fe \| Close file
2018-12-17T22:40:26.496399084Z	67	PC: 1350e \| Get or set file attributes
2018-12-17T22:40:26.518763849Z	79	PC: 13520 \| Find next file
2018-12-17T22:40:26.528635214Z	67	PC: 1353f \| Get or set file attributes
2018-12-17T22:40:26.540833207Z	61	PC: 13544 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:40:26.549276843Z	63	PC: 13562 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:40:26.568945107Z	66	PC: 1376a \| Move file pointer
2018-12-17T22:40:26.570721169Z	87	PC: 134fa \| Get or set file date and time
2018-12-17T22:40:26.573146023Z	62	PC: 134fe \| Close file
2018-12-17T22:40:26.589608508Z	67	PC: 1350e \| Get or set file attributes
2018-12-17T22:40:26.602184094Z	79	PC: 13520 \| Find next file
2018-12-17T22:40:26.605640955Z	67	PC: 1353f \| Get or set file attributes
2018-12-17T22:40:26.621988525Z	61	PC: 13544 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:40:26.630984411Z	63	PC: 13562 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:40:26.638351795Z	66	PC: 1376a \| Move file pointer
2018-12-17T22:40:26.64115597Z	87	PC: 134fa \| Get or set file date and time
2018-12-17T22:40:26.643388285Z	62	PC: 134fe \| Close file
2018-12-17T22:40:26.651632558Z	67	PC: 1350e \| Get or set file attributes
2018-12-17T22:40:26.66335818Z	79	PC: 13520 \| Find next file
2018-12-17T22:40:26.666629291Z	67	PC: 1353f \| Get or set file attributes
2018-12-17T22:40:26.678115385Z	61	PC: 13544 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:40:26.686064259Z	63	PC: 13562 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:40:26.693661607Z	66	PC: 1376a \| Move file pointer
2018-12-17T22:40:26.695616182Z	87	PC: 134fa \| Get or set file date and time
2018-12-17T22:40:26.697845815Z	62	PC: 134fe \| Close file
2018-12-17T22:40:26.706358356Z	67	PC: 1350e \| Get or set file attributes
2018-12-17T22:40:26.717589528Z	79	PC: 13520 \| Find next file
2018-12-17T22:40:26.720628982Z	67	PC: 1353f \| Get or set file attributes
2018-12-17T22:40:26.731663948Z	61	PC: 13544 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:40:26.749039268Z	63	PC: 13562 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:40:26.75677501Z	66	PC: 1376a \| Move file pointer
2018-12-17T22:40:26.759336089Z	44	PC: 13788 \| Get time 0x13788: xchg dl, ch 0x1378a: nop 0x1378b: mov ah, 0x2c 0x1378d: int 0x21 0x1378f: xchg dl, cl 0x13791: in al, 0x40 0x13793: xchg al, ah 0x13795: in al, 0x40 0x13797: xor ax, cx 0x13799: ret 0x1379a: mov cx, 9 0x1379d: pop ax 0x1379e: loop 0x1379d 0x137a0: pop bp 0x137a1: pop ds 0x137a2: pop es 0x137a3: pop dx 0x137a4: pop ds 0x137a5: popf 0x137a6: jmp 0x1370b
2018-12-17T22:40:26.761784042Z	44	PC: 1378f \| Get time 0x1378f: xchg dl, cl 0x13791: in al, 0x40 0x13793: xchg al, ah 0x13795: in al, 0x40 0x13797: xor ax, cx 0x13799: ret 0x1379a: mov cx, 9 0x1379d: pop ax 0x1379e: loop 0x1379d 0x137a0: pop bp 0x137a1: pop ds 0x137a2: pop es 0x137a3: pop dx 0x137a4: pop ds 0x137a5: popf 0x137a6: jmp 0x1370b 0x137a9: add ax, 0x200 0x137ac: fninit 0x137ae: mov ah, 0xe9 0x137b0: add dword ptr [bp + si], bp
2018-12-17T22:40:26.765311857Z	44	PC: 13788 \| Get time 0x13788: xchg dl, ch 0x1378a: nop 0x1378b: mov ah, 0x2c 0x1378d: int 0x21 0x1378f: xchg dl, cl 0x13791: in al, 0x40 0x13793: xchg al, ah 0x13795: in al, 0x40 0x13797: xor ax, cx 0x13799: ret 0x1379a: mov cx, 9 0x1379d: pop ax 0x1379e: loop 0x1379d 0x137a0: pop bp 0x137a1: pop ds 0x137a2: pop es 0x137a3: pop dx 0x137a4: pop ds 0x137a5: popf 0x137a6: jmp 0x1370b
2018-12-17T22:40:26.768802085Z	44	PC: 1378f \| Get time 0x1378f: xchg dl, cl 0x13791: in al, 0x40 0x13793: xchg al, ah 0x13795: in al, 0x40 0x13797: xor ax, cx 0x13799: ret 0x1379a: mov cx, 9 0x1379d: pop ax 0x1379e: loop 0x1379d 0x137a0: pop bp 0x137a1: pop ds 0x137a2: pop es 0x137a3: pop dx 0x137a4: pop ds 0x137a5: popf 0x137a6: jmp 0x1370b 0x137a9: add ax, 0x200 0x137ac: fninit 0x137ae: mov ah, 0xe9 0x137b0: add dword ptr [bp + si], bp
2018-12-17T22:40:26.771589076Z	64	PC: 1359c \| Write file or device (Write 727 bytes on handle 5)
2018-12-17T22:40:26.781256507Z	66	PC: 1376a \| Move file pointer
2018-12-17T22:40:26.784128706Z	44	PC: 13788 \| Get time 0x13788: xchg dl, ch 0x1378a: nop 0x1378b: mov ah, 0x2c 0x1378d: int 0x21 0x1378f: xchg dl, cl 0x13791: in al, 0x40 0x13793: xchg al, ah 0x13795: in al, 0x40 0x13797: xor ax, cx 0x13799: ret 0x1379a: mov cx, 9 0x1379d: pop ax 0x1379e: loop 0x1379d 0x137a0: pop bp 0x137a1: pop ds 0x137a2: pop es 0x137a3: pop dx 0x137a4: pop ds 0x137a5: popf 0x137a6: jmp 0x1370b
2018-12-17T22:40:26.786722069Z	44	PC: 1378f \| Get time 0x1378f: xchg dl, cl 0x13791: in al, 0x40 0x13793: xchg al, ah 0x13795: in al, 0x40 0x13797: xor ax, cx 0x13799: ret 0x1379a: mov cx, 9 0x1379d: pop ax 0x1379e: loop 0x1379d 0x137a0: pop bp 0x137a1: pop ds 0x137a2: pop es 0x137a3: pop dx 0x137a4: pop ds 0x137a5: popf 0x137a6: jmp 0x1370b 0x137a9: add ax, 0x200 0x137ac: fninit 0x137ae: mov ah, 0xe9 0x137b0: leave
2018-12-17T22:40:26.789555433Z	44	PC: 13788 \| Get time 0x13788: xchg dl, ch 0x1378a: nop 0x1378b: mov ah, 0x2c 0x1378d: int 0x21 0x1378f: xchg dl, cl 0x13791: in al, 0x40 0x13793: xchg al, ah 0x13795: in al, 0x40 0x13797: xor ax, cx 0x13799: ret 0x1379a: mov cx, 9 0x1379d: pop ax 0x1379e: loop 0x1379d 0x137a0: pop bp 0x137a1: pop ds 0x137a2: pop es 0x137a3: pop dx 0x137a4: pop ds 0x137a5: popf 0x137a6: jmp 0x1370b
2018-12-17T22:40:26.793104496Z	44	PC: 1378f \| Get time 0x1378f: xchg dl, cl 0x13791: in al, 0x40 0x13793: xchg al, ah 0x13795: in al, 0x40 0x13797: xor ax, cx 0x13799: ret 0x1379a: mov cx, 9 0x1379d: pop ax 0x1379e: loop 0x1379d 0x137a0: pop bp 0x137a1: pop ds 0x137a2: pop es 0x137a3: pop dx 0x137a4: pop ds 0x137a5: popf 0x137a6: jmp 0x1370b 0x137a9: add ax, 0x200 0x137ac: fninit 0x137ae: mov ah, 0xe9 0x137b0: leave
2018-12-17T22:40:26.79588252Z	44	PC: 13788 \| Get time 0x13788: xchg dl, ch 0x1378a: nop 0x1378b: mov ah, 0x2c 0x1378d: int 0x21 0x1378f: xchg dl, cl 0x13791: in al, 0x40 0x13793: xchg al, ah 0x13795: in al, 0x40 0x13797: xor ax, cx 0x13799: ret 0x1379a: mov cx, 9 0x1379d: pop ax 0x1379e: loop 0x1379d 0x137a0: pop bp 0x137a1: pop ds 0x137a2: pop es 0x137a3: pop dx 0x137a4: pop ds 0x137a5: popf 0x137a6: jmp 0x1370b
2018-12-17T22:40:26.798692118Z	44	PC: 1378f \| Get time 0x1378f: xchg dl, cl 0x13791: in al, 0x40 0x13793: xchg al, ah 0x13795: in al, 0x40 0x13797: xor ax, cx 0x13799: ret 0x1379a: mov cx, 9 0x1379d: pop ax 0x1379e: loop 0x1379d 0x137a0: pop bp 0x137a1: pop ds 0x137a2: pop es 0x137a3: pop dx 0x137a4: pop ds 0x137a5: popf 0x137a6: jmp 0x1370b 0x137a9: add ax, 0x200 0x137ac: fninit 0x137ae: mov ah, 0xe9 0x137b0: leave
2018-12-17T22:40:26.802102441Z	44	PC: 13788 \| Get time 0x13788: xchg dl, ch 0x1378a: nop 0x1378b: mov ah, 0x2c 0x1378d: int 0x21 0x1378f: xchg dl, cl 0x13791: in al, 0x40 0x13793: xchg al, ah 0x13795: in al, 0x40 0x13797: xor ax, cx 0x13799: ret 0x1379a: mov cx, 9 0x1379d: pop ax 0x1379e: loop 0x1379d 0x137a0: pop bp 0x137a1: pop ds 0x137a2: pop es 0x137a3: pop dx 0x137a4: pop ds 0x137a5: popf 0x137a6: jmp 0x1370b
2018-12-17T22:40:26.804839002Z	44	PC: 1378f \| Get time 0x1378f: xchg dl, cl 0x13791: in al, 0x40 0x13793: xchg al, ah 0x13795: in al, 0x40 0x13797: xor ax, cx 0x13799: ret 0x1379a: mov cx, 9 0x1379d: pop ax 0x1379e: loop 0x1379d 0x137a0: pop bp 0x137a1: pop ds 0x137a2: pop es 0x137a3: pop dx 0x137a4: pop ds 0x137a5: popf 0x137a6: jmp 0x1370b 0x137a9: add ax, 0x200 0x137ac: fninit 0x137ae: mov ah, 0xe9 0x137b0: leave
2018-12-17T22:40:26.808661692Z	64	PC: 1391f \| Write file or device (Write 1171 bytes on handle 5)
2018-12-17T22:40:26.819023649Z	66	PC: 136d4 \| Move file pointer
2018-12-17T22:40:26.821885872Z	64	PC: 136df \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:40:26.830997477Z	87	PC: 134fa \| Get or set file date and time
2018-12-17T22:40:26.833035197Z	62	PC: 134fe \| Close file
2018-12-17T22:40:26.842679542Z	67	PC: 1350e \| Get or set file attributes
2018-12-17T22:40:26.854057118Z	79	PC: 13520 \| Find next file
2018-12-17T22:40:26.857097074Z	67	PC: 1353f \| Get or set file attributes
2018-12-17T22:40:26.869569071Z	61	PC: 13544 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:40:26.878234742Z	63	PC: 13562 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:40:26.885818716Z	66	PC: 1376a \| Move file pointer
2018-12-17T22:40:26.888807785Z	87	PC: 134fa \| Get or set file date and time
2018-12-17T22:40:26.891200726Z	62	PC: 134fe \| Close file
2018-12-17T22:40:26.89963367Z	67	PC: 1350e \| Get or set file attributes
2018-12-17T22:40:26.912387184Z	79	PC: 13520 \| Find next file
2018-12-17T22:40:26.915629463Z	67	PC: 1353f \| Get or set file attributes
2018-12-17T22:40:26.926631166Z	61	PC: 13544 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:40:26.935351757Z	63	PC: 13562 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:40:26.94302827Z	66	PC: 1376a \| Move file pointer
2018-12-17T22:40:26.945005825Z	87	PC: 134fa \| Get or set file date and time
2018-12-17T22:40:26.946894831Z	62	PC: 134fe \| Close file
2018-12-17T22:40:26.955569506Z	67	PC: 1350e \| Get or set file attributes
2018-12-17T22:40:26.966938439Z	79	PC: 13520 \| Find next file
2018-12-17T22:40:26.969922259Z	59	PC: 1352f \| Change current directory
2018-12-17T22:40:26.97556431Z	37	PC: 13919 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:40:26.977293928Z	26	PC: 1391f \| Set disk transfer address
2018-12-17T22:40:26.978933213Z	59	PC: 13929 \| Change current directory
2018-12-17T22:40:26.984256455Z	9	PC: 12a5f \| Display string (String= 'Infect me up!')