Sample viewer

vx.netlux.org/Virus.DOS.Dreg.709

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:14.784382636Z	53	PC: 12a53 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:14.786063839Z	37	PC: 12a72 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:14.787351384Z	26	PC: 12a98 \| Set disk transfer address
2018-12-17T22:43:14.788425654Z	78	PC: 12ad2 \| Find first file
2018-12-17T22:43:14.794611493Z	61	PC: 12ae9 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:43:14.808444766Z	63	PC: 12af7 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:43:14.815069564Z	62	PC: 12b3a \| Close file
2018-12-17T22:43:14.817117823Z	67	PC: 12b48 \| Get or set file attributes
2018-12-17T22:43:14.835059285Z	61	PC: 12b51 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:43:14.841791958Z	44	PC: 12c74 \| Get time 0x12c74: pop cx 0x12c75: xchg dl, dl 0x12c77: push dx 0x12c78: push cx 0x12c79: ret 0x12c7a: lea di, word ptr [bp + 0x10a] 0x12c7e: mov cx, 0x109 0x12c81: mov si, di 0x12c83: push ax 0x12c84: lahf 0x12c85: pop ax 0x12c86: lodsw ax, word ptr [si] 0x12c87: cli 0x12c88: sti 0x12c89: jmp 0x12c8f 0x12c8b: stosw word ptr es:[di], ax 0x12c8c: loop 0x12c86 0x12c8e: ret 0x12c8f: xor ax, word ptr [bp + 0x321] 0x12c93: xor ax, word ptr [bp + 0x323]
2018-12-17T22:43:14.844671562Z	44	PC: 12c74 \| Get time 0x12c74: pop cx 0x12c75: xchg dl, dl 0x12c77: push dx 0x12c78: push cx 0x12c79: ret 0x12c7a: lea di, word ptr [bp + 0x10a] 0x12c7e: mov cx, 0x109 0x12c81: mov si, di 0x12c83: push ax 0x12c84: lahf 0x12c85: pop ax 0x12c86: lodsw ax, word ptr [si] 0x12c87: cli 0x12c88: sti 0x12c89: jmp 0x12c8f 0x12c8b: stosw word ptr es:[di], ax 0x12c8c: loop 0x12c86 0x12c8e: ret 0x12c8f: xor ax, word ptr [bp + 0x321] 0x12c93: xor ax, word ptr [bp + 0x323]
2018-12-17T22:43:14.848233485Z	44	PC: 12c74 \| Get time 0x12c74: pop cx 0x12c75: xchg dl, dl 0x12c77: push dx 0x12c78: push cx 0x12c79: ret 0x12c7a: lea di, word ptr [bp + 0x10a] 0x12c7e: mov cx, 0x109 0x12c81: mov si, di 0x12c83: push ax 0x12c84: lahf 0x12c85: pop ax 0x12c86: lodsw ax, word ptr [si] 0x12c87: cli 0x12c88: sti 0x12c89: jmp 0x12c8f 0x12c8b: stosw word ptr es:[di], ax 0x12c8c: loop 0x12c86 0x12c8e: ret 0x12c8f: xor ax, word ptr [bp + 0x321] 0x12c93: xor ax, word ptr [bp + 0x323]
2018-12-17T22:43:14.851111338Z	44	PC: 12c74 \| Get time 0x12c74: pop cx 0x12c75: xchg dl, dl 0x12c77: push dx 0x12c78: push cx 0x12c79: ret 0x12c7a: lea di, word ptr [bp + 0x10a] 0x12c7e: mov cx, 0x109 0x12c81: mov si, di 0x12c83: push ax 0x12c84: lahf 0x12c85: pop ax 0x12c86: lodsw ax, word ptr [si] 0x12c87: cli 0x12c88: sti 0x12c89: jmp 0x12c8f 0x12c8b: stosw word ptr es:[di], ax 0x12c8c: loop 0x12c86 0x12c8e: ret 0x12c8f: xor ax, word ptr [bp + 0x321] 0x12c93: xor ax, word ptr [bp + 0x323]
2018-12-17T22:43:14.853523804Z	44	PC: 12c74 \| Get time 0x12c74: pop cx 0x12c75: xchg dl, dl 0x12c77: push dx 0x12c78: push cx 0x12c79: ret 0x12c7a: lea di, word ptr [bp + 0x10a] 0x12c7e: mov cx, 0x109 0x12c81: mov si, di 0x12c83: push ax 0x12c84: lahf 0x12c85: pop ax 0x12c86: lodsw ax, word ptr [si] 0x12c87: cli 0x12c88: sti 0x12c89: jmp 0x12c8f 0x12c8b: stosw word ptr es:[di], ax 0x12c8c: loop 0x12c86 0x12c8e: ret 0x12c8f: xor ax, word ptr [bp + 0x321] 0x12c93: xor ax, word ptr [bp + 0x323]
2018-12-17T22:43:14.857283987Z	66	PC: 12d41 \| Move file pointer
2018-12-17T22:43:14.869927332Z	64	PC: 12d5a \| Write file or device (Write 709 bytes on handle 5)
2018-12-17T22:43:14.879111657Z	66	PC: 12d63 \| Move file pointer
2018-12-17T22:43:14.882347253Z	64	PC: 12d70 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:43:14.889926928Z	87	PC: 12bb0 \| Get or set file date and time
2018-12-17T22:43:14.892435843Z	62	PC: 12bb6 \| Close file
2018-12-17T22:43:14.900821297Z	67	PC: 12bcf \| Get or set file attributes
2018-12-17T22:43:14.910662344Z	26	PC: 12beb \| Set disk transfer address
2018-12-17T22:43:14.911995391Z	37	PC: 12bfc \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')