Sample viewer

vx.netlux.org/Virus.DOS.Override.1380

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:42:30.357671762Z	42	PC: 12e24 \| Get date 0x12e24: ret 0x12e25: mov cx, 0x500 0x12e28: mov si, word ptr cs:[0x215] 0x12e2d: mov di, word ptr cs:[0x217] 0x12e32: cmp di, si 0x12e34: jbe 0x12e40 0x12e36: std 0x12e37: add si, cx 0x12e39: dec si 0x12e3a: add di, cx 0x12e3c: dec di 0x12e3d: jmp 0x12e41 0x12e3f: nop 0x12e40: cld 0x12e41: rep movsb byte ptr es:[di], byte ptr [si] 0x12e43: pop es 0x12e44: pop ds 0x12e45: pop di 0x12e46: pop si 0x12e47: pop dx
2018-12-17T22:42:30.361337858Z	42	PC: 12e24 \| Get date 0x12e24: ret 0x12e25: mov cx, 0x500 0x12e28: mov si, word ptr cs:[0x215] 0x12e2d: mov di, word ptr cs:[0x217] 0x12e32: cmp di, si 0x12e34: jbe 0x12e40 0x12e36: std 0x12e37: add si, cx 0x12e39: dec si 0x12e3a: add di, cx 0x12e3c: dec di 0x12e3d: jmp 0x12e41 0x12e3f: nop 0x12e40: cld 0x12e41: rep movsb byte ptr es:[di], byte ptr [si] 0x12e43: pop es 0x12e44: pop ds 0x12e45: pop di 0x12e46: pop si 0x12e47: pop dx
2018-12-17T22:42:30.364582682Z	47	PC: 12c6f \| Get disk transfer address
2018-12-17T22:42:30.366401889Z	26	PC: 12c80 \| Set disk transfer address
2018-12-17T22:42:30.367923797Z	25	PC: 12c84 \| Get default drive
2018-12-17T22:42:30.370306122Z	71	PC: 12c92 \| Get current directory
2018-12-17T22:42:30.373578437Z	78	PC: 12cb9 \| Find first file
2018-12-17T22:42:30.380345487Z	61	PC: 12cfe \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:42:30.388529127Z	63	PC: 12d0a \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:42:30.395396505Z	62	PC: 12d0e \| Close file
2018-12-17T22:42:30.397504014Z	79	PC: 12cc9 \| Find next file
2018-12-17T22:42:30.402156201Z	61	PC: 12cfe \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:42:30.408993483Z	63	PC: 12d0a \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:42:30.415429681Z	62	PC: 12d0e \| Close file
2018-12-17T22:42:30.417893699Z	79	PC: 12cc9 \| Find next file
2018-12-17T22:42:30.421548243Z	61	PC: 12cfe \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:42:30.428608694Z	63	PC: 12d0a \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:42:30.43583706Z	62	PC: 12d0e \| Close file
2018-12-17T22:42:30.438034137Z	79	PC: 12cc9 \| Find next file
2018-12-17T22:42:30.441079035Z	61	PC: 12cfe \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:42:30.447908913Z	63	PC: 12d0a \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:42:30.454964946Z	62	PC: 12d0e \| Close file
2018-12-17T22:42:30.456675499Z	79	PC: 12cc9 \| Find next file
2018-12-17T22:42:30.459812721Z	61	PC: 12cfe \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:42:30.466995702Z	63	PC: 12d0a \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:42:30.474020235Z	62	PC: 12d0e \| Close file
2018-12-17T22:42:30.475978002Z	79	PC: 12cc9 \| Find next file
2018-12-17T22:42:30.47979441Z	61	PC: 12cfe \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:42:30.48750385Z	63	PC: 12d0a \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:42:30.494393791Z	62	PC: 12d0e \| Close file
2018-12-17T22:42:30.498047002Z	79	PC: 12cc9 \| Find next file
2018-12-17T22:42:30.501168455Z	61	PC: 12cfe \| Open file (Filename = 'PAH.COM')
2018-12-17T22:42:30.508265344Z	63	PC: 12d0a \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:42:30.518286686Z	62	PC: 12d0e \| Close file
2018-12-17T22:42:30.520149074Z	79	PC: 12cc9 \| Find next file
2018-12-17T22:42:30.52284651Z	59	PC: 12e09 \| Change current directory
2018-12-17T22:42:30.527852432Z	78	PC: 12cb9 \| Find first file
2018-12-17T22:42:30.535250297Z	61	PC: 12cfe \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:42:30.540387155Z	63	PC: 12d0a \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:42:30.54297239Z	62	PC: 12d0e \| Close file
2018-12-17T22:42:30.544488828Z	79	PC: 12cc9 \| Find next file
2018-12-17T22:42:30.546639708Z	61	PC: 12cfe \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:42:30.556268934Z	63	PC: 12d0a \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:42:30.561438603Z	62	PC: 12d0e \| Close file
2018-12-17T22:42:30.562985849Z	79	PC: 12cc9 \| Find next file
2018-12-17T22:42:30.56517987Z	61	PC: 12cfe \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:42:30.570651356Z	63	PC: 12d0a \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:42:30.575469235Z	62	PC: 12d0e \| Close file
2018-12-17T22:42:30.577072817Z	79	PC: 12cc9 \| Find next file
2018-12-17T22:42:30.582512694Z	61	PC: 12cfe \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:42:30.58946903Z	63	PC: 12d0a \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:42:30.596739284Z	62	PC: 12d0e \| Close file
2018-12-17T22:42:30.599380595Z	79	PC: 12cc9 \| Find next file
2018-12-17T22:42:30.602241739Z	61	PC: 12cfe \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:42:30.608976668Z	63	PC: 12d0a \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:42:30.616342423Z	62	PC: 12d0e \| Close file
2018-12-17T22:42:30.618335676Z	79	PC: 12cc9 \| Find next file
2018-12-17T22:42:30.621156805Z	61	PC: 12cfe \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:42:30.629263541Z	63	PC: 12d0a \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:42:30.636465047Z	62	PC: 12d0e \| Close file
2018-12-17T22:42:30.63851653Z	79	PC: 12cc9 \| Find next file
2018-12-17T22:42:30.641355742Z	61	PC: 12cfe \| Open file (Filename = 'PAH.COM')
2018-12-17T22:42:30.648711989Z	63	PC: 12d0a \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:42:30.655781066Z	62	PC: 12d0e \| Close file
2018-12-17T22:42:30.65815813Z	79	PC: 12cc9 \| Find next file
2018-12-17T22:42:30.661773671Z	14	PC: 12dc5 \| Set default drive (Drive = 'A')
2018-12-17T22:42:30.663185202Z	59	PC: 12e09 \| Change current directory
2018-12-17T22:42:30.667345786Z	59	PC: 12dd0 \| Change current directory
2018-12-17T22:42:30.670253067Z	26	PC: 12dde \| Set disk transfer address
2018-12-17T22:42:30.672461515Z	53	PC: 142ef \| Get interrupt vector (Interrupt = '170' AKA 'UNKNOWN!')
2018-12-17T22:42:30.673808715Z	53	PC: 1431c \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:42:30.67637744Z	37	PC: 1433c \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:42:30.677730812Z	37	PC: 14341 \| Set interrupt vector (Interrupt = '170' AKA 'UNKNOWN!')
2018-12-17T22:42:30.679363167Z	37	PC: 13f73 \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:42:30.681736645Z	26	PC: 13f7e \| Set disk transfer address
2018-12-17T22:42:30.683141143Z	78	PC: 13fc5 \| Find first file
2018-12-17T22:42:30.689031255Z	54	PC: 14027 \| Get free disk space
2018-12-17T22:42:30.732343785Z	61	PC: 14095 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:42:30.741568551Z	63	PC: 140a9 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:42:30.747325042Z	66	PC: 140c2 \| Move file pointer
2018-12-17T22:42:30.749718347Z	64	PC: 140e6 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:42:30.752583158Z	66	PC: 140f3 \| Move file pointer
2018-12-17T22:42:30.754619573Z	64	PC: 143ac \| Write file or device (Write 1512 bytes on handle 5)
2018-12-17T22:42:31.098674561Z	87	PC: 143be \| Get or set file date and time
2018-12-17T22:42:31.100618903Z	67	PC: 143cf \| Get or set file attributes
2018-12-17T22:42:31.111675289Z	62	PC: 143d7 \| Close file
2018-12-17T22:42:31.118535664Z	98	PC: 143db \| Get current PSP
2018-12-17T22:42:31.119950481Z	26	PC: 143e6 \| Set disk transfer address
2018-12-17T22:42:31.121551428Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T22:42:31.127540096Z	0	PC: 12a89 \| Program terminate