Sample viewer

vx.netlux.org/Virus.DOS.CeCe.1703

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:35.31698094Z	255	PC: 144a6 \| UNKNOWN!
2018-12-17T22:43:35.318509207Z	74	PC: 144b9 \| Reallocate memory
2018-12-17T22:43:35.320356224Z	74	PC: 144c6 \| Reallocate memory
2018-12-17T22:43:35.322315583Z	72	PC: 144cd \| Allocate memory
2018-12-17T22:43:35.337419448Z	53	PC: 9f559 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:35.338855784Z	53	PC: 9f566 \| Get interrupt vector (Interrupt = '42' AKA 'Get date')
2018-12-17T22:43:35.339962707Z	37	PC: 9f576 \| Set interrupt vector (Interrupt = '42' AKA 'Get date')
2018-12-17T22:43:35.341608519Z	48	PC: 9f57a \| Get DOS version
2018-12-17T22:43:35.342906405Z	37	PC: 9f589 \| Set interrupt vector (Interrupt = '42' AKA 'Get date')
2018-12-17T22:43:35.34402642Z	37	PC: 9f593 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:43:35.346127193Z	48	PC: 9f5a5 \| Get DOS version
2018-12-17T22:43:35.34756831Z	37	PC: 9f5af \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:35.350739678Z	67	PC: 12e2a \| Get or set file attributes
2018-12-17T22:43:35.361607849Z	61	PC: 12e32 \| Open file (Filename = 'V��N��')
2018-12-17T22:43:35.367491319Z	98	PC: 1389a \| Get current PSP
2018-12-17T22:43:35.36873857Z	67	PC: 13028 \| Get or set file attributes
2018-12-17T22:43:35.373983341Z	67	PC: 9f715 \| Get or set file attributes
2018-12-17T22:43:35.37928509Z	67	PC: 9f715 \| Get or set file attributes
2018-12-17T22:43:35.706610881Z	61	PC: 9f715 \| Open file (Filename = '')
2018-12-17T22:43:35.713371882Z	63	PC: 9f715 \| Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:43:35.718433532Z	87	PC: 9f715 \| Get or set file date and time
2018-12-17T22:43:35.720055118Z	66	PC: 9f715 \| Move file pointer
2018-12-17T22:43:35.723155739Z	64	PC: 9fac0 \| Write file or device (Write 1703 bytes on handle 5)
2018-12-17T22:43:35.736204411Z	66	PC: 9f715 \| Move file pointer
2018-12-17T22:43:35.737650067Z	64	PC: 9f715 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:43:35.740685328Z	87	PC: 9f715 \| Get or set file date and time
2018-12-17T22:43:35.74310336Z	62	PC: 9f715 \| Close file
2018-12-17T22:43:35.750496044Z	67	PC: 9f715 \| Get or set file attributes
2018-12-17T22:43:35.759360644Z	61	PC: 13028 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:43:35.766491628Z	53	PC: 13028 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:35.767951571Z	37	PC: 13028 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:35.769194063Z	68	PC: 13028 \| I/O control for devices
2018-12-17T22:43:35.771390651Z	87	PC: 13028 \| Get or set file date and time
2018-12-17T22:43:35.772925954Z	66	PC: 13028 \| Move file pointer
2018-12-17T22:43:35.774390485Z	63	PC: 13028 \| Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:43:35.777789192Z	66	PC: 13028 \| Move file pointer
2018-12-17T22:43:35.779425607Z	63	PC: 13028 \| Read file or device (Read 111 bytes on handle 5)
2018-12-17T22:43:35.785482026Z	44	PC: 13028 \| Get time 0x13028: ret 0x13029: pushf 0x1302a: cmp ax, 0x4200 0x1302d: jne 0x1304a 0x1302f: cmp bx, -1 0x13032: jne 0x1304a 0x13034: cmp byte ptr cs:[0x196c], bl 0x13039: jne 0x1304a 0x1303b: and dx, dx 0x1303d: jne 0x1304a 0x1303f: and cx, cx 0x13041: jne 0x1304a 0x13043: mov word ptr cs:[0x196d], dx 0x13048: jmp 0x13052 0x1304a: cmp ax, 0xabcd 0x1304d: jne 0x1305b 0x1304f: mov ax, 0xffff 0x13052: popf 0x13053: clc 0x13054: retf 2
2018-12-17T22:43:35.788841647Z	44	PC: 13028 \| Get time 0x13028: ret 0x13029: pushf 0x1302a: cmp ax, 0x4200 0x1302d: jne 0x1304a 0x1302f: cmp bx, -1 0x13032: jne 0x1304a 0x13034: cmp byte ptr cs:[0x196c], bl 0x13039: jne 0x1304a 0x1303b: and dx, dx 0x1303d: jne 0x1304a 0x1303f: and cx, cx 0x13041: jne 0x1304a 0x13043: mov word ptr cs:[0x196d], dx 0x13048: jmp 0x13052 0x1304a: cmp ax, 0xabcd 0x1304d: jne 0x1305b 0x1304f: mov ax, 0xffff 0x13052: popf 0x13053: clc 0x13054: retf 2
2018-12-17T22:43:35.791077396Z	44	PC: 13028 \| Get time 0x13028: ret 0x13029: pushf 0x1302a: cmp ax, 0x4200 0x1302d: jne 0x1304a 0x1302f: cmp bx, -1 0x13032: jne 0x1304a 0x13034: cmp byte ptr cs:[0x196c], bl 0x13039: jne 0x1304a 0x1303b: and dx, dx 0x1303d: jne 0x1304a 0x1303f: and cx, cx 0x13041: jne 0x1304a 0x13043: mov word ptr cs:[0x196d], dx 0x13048: jmp 0x13052 0x1304a: cmp ax, 0xabcd 0x1304d: jne 0x1305b 0x1304f: mov ax, 0xffff 0x13052: popf 0x13053: clc 0x13054: retf 2
2018-12-17T22:43:35.793299726Z	44	PC: 13028 \| Get time 0x13028: ret 0x13029: pushf 0x1302a: cmp ax, 0x4200 0x1302d: jne 0x1304a 0x1302f: cmp bx, -1 0x13032: jne 0x1304a 0x13034: cmp byte ptr cs:[0x196c], bl 0x13039: jne 0x1304a 0x1303b: and dx, dx 0x1303d: jne 0x1304a 0x1303f: and cx, cx 0x13041: jne 0x1304a 0x13043: mov word ptr cs:[0x196d], dx 0x13048: jmp 0x13052 0x1304a: cmp ax, 0xabcd 0x1304d: jne 0x1305b 0x1304f: mov ax, 0xffff 0x13052: popf 0x13053: clc 0x13054: retf 2
2018-12-17T22:43:35.796403362Z	44	PC: 13028 \| Get time 0x13028: ret 0x13029: pushf 0x1302a: cmp ax, 0x4200 0x1302d: jne 0x1304a 0x1302f: cmp bx, -1 0x13032: jne 0x1304a 0x13034: cmp byte ptr cs:[0x196c], bl 0x13039: jne 0x1304a 0x1303b: and dx, dx 0x1303d: jne 0x1304a 0x1303f: and cx, cx 0x13041: jne 0x1304a 0x13043: mov word ptr cs:[0x196d], dx 0x13048: jmp 0x13052 0x1304a: cmp ax, 0xabcd 0x1304d: jne 0x1305b 0x1304f: mov ax, 0xffff 0x13052: popf 0x13053: clc 0x13054: retf 2
2018-12-17T22:43:35.798626571Z	44	PC: 13028 \| Get time 0x13028: ret 0x13029: pushf 0x1302a: cmp ax, 0x4200 0x1302d: jne 0x1304a 0x1302f: cmp bx, -1 0x13032: jne 0x1304a 0x13034: cmp byte ptr cs:[0x196c], bl 0x13039: jne 0x1304a 0x1303b: and dx, dx 0x1303d: jne 0x1304a 0x1303f: and cx, cx 0x13041: jne 0x1304a 0x13043: mov word ptr cs:[0x196d], dx 0x13048: jmp 0x13052 0x1304a: cmp ax, 0xabcd 0x1304d: jne 0x1305b 0x1304f: mov ax, 0xffff 0x13052: popf 0x13053: clc 0x13054: retf 2
2018-12-17T22:43:35.80092215Z	44	PC: 13028 \| Get time 0x13028: ret 0x13029: pushf 0x1302a: cmp ax, 0x4200 0x1302d: jne 0x1304a 0x1302f: cmp bx, -1 0x13032: jne 0x1304a 0x13034: cmp byte ptr cs:[0x196c], bl 0x13039: jne 0x1304a 0x1303b: and dx, dx 0x1303d: jne 0x1304a 0x1303f: and cx, cx 0x13041: jne 0x1304a 0x13043: mov word ptr cs:[0x196d], dx 0x13048: jmp 0x13052 0x1304a: cmp ax, 0xabcd 0x1304d: jne 0x1305b 0x1304f: mov ax, 0xffff 0x13052: popf 0x13053: clc 0x13054: retf 2
2018-12-17T22:43:35.80355056Z	44	PC: 13028 \| Get time 0x13028: ret 0x13029: pushf 0x1302a: cmp ax, 0x4200 0x1302d: jne 0x1304a 0x1302f: cmp bx, -1 0x13032: jne 0x1304a 0x13034: cmp byte ptr cs:[0x196c], bl 0x13039: jne 0x1304a 0x1303b: and dx, dx 0x1303d: jne 0x1304a 0x1303f: and cx, cx 0x13041: jne 0x1304a 0x13043: mov word ptr cs:[0x196d], dx 0x13048: jmp 0x13052 0x1304a: cmp ax, 0xabcd 0x1304d: jne 0x1305b 0x1304f: mov ax, 0xffff 0x13052: popf 0x13053: clc 0x13054: retf 2
2018-12-17T22:43:35.80580479Z	44	PC: 13028 \| Get time 0x13028: ret 0x13029: pushf 0x1302a: cmp ax, 0x4200 0x1302d: jne 0x1304a 0x1302f: cmp bx, -1 0x13032: jne 0x1304a 0x13034: cmp byte ptr cs:[0x196c], bl 0x13039: jne 0x1304a 0x1303b: and dx, dx 0x1303d: jne 0x1304a 0x1303f: and cx, cx 0x13041: jne 0x1304a 0x13043: mov word ptr cs:[0x196d], dx 0x13048: jmp 0x13052 0x1304a: cmp ax, 0xabcd 0x1304d: jne 0x1305b 0x1304f: mov ax, 0xffff 0x13052: popf 0x13053: clc 0x13054: retf 2
2018-12-17T22:43:35.807975023Z	44	PC: 13028 \| Get time 0x13028: ret 0x13029: pushf 0x1302a: cmp ax, 0x4200 0x1302d: jne 0x1304a 0x1302f: cmp bx, -1 0x13032: jne 0x1304a 0x13034: cmp byte ptr cs:[0x196c], bl 0x13039: jne 0x1304a 0x1303b: and dx, dx 0x1303d: jne 0x1304a 0x1303f: and cx, cx 0x13041: jne 0x1304a 0x13043: mov word ptr cs:[0x196d], dx 0x13048: jmp 0x13052 0x1304a: cmp ax, 0xabcd 0x1304d: jne 0x1305b 0x1304f: mov ax, 0xffff 0x13052: popf 0x13053: clc 0x13054: retf 2
2018-12-17T22:43:35.810303325Z	44	PC: 13028 \| Get time 0x13028: ret 0x13029: pushf 0x1302a: cmp ax, 0x4200 0x1302d: jne 0x1304a 0x1302f: cmp bx, -1 0x13032: jne 0x1304a 0x13034: cmp byte ptr cs:[0x196c], bl 0x13039: jne 0x1304a 0x1303b: and dx, dx 0x1303d: jne 0x1304a 0x1303f: and cx, cx 0x13041: jne 0x1304a 0x13043: mov word ptr cs:[0x196d], dx 0x13048: jmp 0x13052 0x1304a: cmp ax, 0xabcd 0x1304d: jne 0x1305b 0x1304f: mov ax, 0xffff 0x13052: popf 0x13053: clc 0x13054: retf 2
2018-12-17T22:43:35.812869886Z	44	PC: 13028 \| Get time 0x13028: ret 0x13029: pushf 0x1302a: cmp ax, 0x4200 0x1302d: jne 0x1304a 0x1302f: cmp bx, -1 0x13032: jne 0x1304a 0x13034: cmp byte ptr cs:[0x196c], bl 0x13039: jne 0x1304a 0x1303b: and dx, dx 0x1303d: jne 0x1304a 0x1303f: and cx, cx 0x13041: jne 0x1304a 0x13043: mov word ptr cs:[0x196d], dx 0x13048: jmp 0x13052 0x1304a: cmp ax, 0xabcd 0x1304d: jne 0x1305b 0x1304f: mov ax, 0xffff 0x13052: popf 0x13053: clc 0x13054: retf 2
2018-12-17T22:43:35.815039768Z	44	PC: 13028 \| Get time 0x13028: ret 0x13029: pushf 0x1302a: cmp ax, 0x4200 0x1302d: jne 0x1304a 0x1302f: cmp bx, -1 0x13032: jne 0x1304a 0x13034: cmp byte ptr cs:[0x196c], bl 0x13039: jne 0x1304a 0x1303b: and dx, dx 0x1303d: jne 0x1304a 0x1303f: and cx, cx 0x13041: jne 0x1304a 0x13043: mov word ptr cs:[0x196d], dx 0x13048: jmp 0x13052 0x1304a: cmp ax, 0xabcd 0x1304d: jne 0x1305b 0x1304f: mov ax, 0xffff 0x13052: popf 0x13053: clc 0x13054: retf 2
2018-12-17T22:43:35.817619738Z	44	PC: 13028 \| Get time 0x13028: ret 0x13029: pushf 0x1302a: cmp ax, 0x4200 0x1302d: jne 0x1304a 0x1302f: cmp bx, -1 0x13032: jne 0x1304a 0x13034: cmp byte ptr cs:[0x196c], bl 0x13039: jne 0x1304a 0x1303b: and dx, dx 0x1303d: jne 0x1304a 0x1303f: and cx, cx 0x13041: jne 0x1304a 0x13043: mov word ptr cs:[0x196d], dx 0x13048: jmp 0x13052 0x1304a: cmp ax, 0xabcd 0x1304d: jne 0x1305b 0x1304f: mov ax, 0xffff 0x13052: popf 0x13053: clc 0x13054: retf 2
2018-12-17T22:43:35.820304075Z	64	PC: 13028 \| Write file or device (Write 94 bytes on handle 5)
2018-12-17T22:43:35.824346231Z	64	PC: 14446 \| Write file or device (Write 5999 bytes on handle 5)
2018-12-17T22:43:35.834398992Z	66	PC: 13028 \| Move file pointer
2018-12-17T22:43:35.837071031Z	64	PC: 13028 \| Write file or device (Write 28 bytes on handle 5)
2018-12-17T22:43:35.839973324Z	87	PC: 13028 \| Get or set file date and time
2018-12-17T22:43:35.841608437Z	62	PC: 13028 \| Close file
2018-12-17T22:43:35.849485921Z	37	PC: 13028 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:35.85238195Z	74	PC: 12bc9 \| Reallocate memory
2018-12-17T22:43:35.854085699Z	53	PC: 1378b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:35.867513503Z	37	PC: 13797 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:35.869934048Z	42	PC: 12e20 \| Get date 0x12e20: ret 0x12e21: popf 0x12e22: int 0x21 0x12e24: ret 0x12e25: pushf 0x12e26: cmp ax, 0x4200 0x12e29: jne 0x12e46 0x12e2b: cmp bx, -1 0x12e2e: jne 0x12e46 0x12e30: cmp byte ptr cs:[0x196c], bl 0x12e35: jne 0x12e46 0x12e37: and dx, dx 0x12e39: jne 0x12e46 0x12e3b: and cx, cx 0x12e3d: jne 0x12e46 0x12e3f: mov word ptr cs:[0x196d], dx 0x12e44: jmp 0x12e4e 0x12e46: cmp ax, 0xabcd 0x12e49: jne 0x12e57 0x12e4b: mov ax, 0xffff
2018-12-17T22:43:35.872832612Z	73	PC: 12bd6 \| Release memory
2018-12-17T22:43:35.876404781Z	67	PC: 12c26 \| Get or set file attributes
2018-12-17T22:43:35.883909836Z	67	PC: 12e20 \| Get or set file attributes
2018-12-17T22:43:35.88980798Z	67	PC: 9f715 \| Get or set file attributes
2018-12-17T22:43:35.896110705Z	67	PC: 9f715 \| Get or set file attributes
2018-12-17T22:43:35.913088252Z	61	PC: 9f715 \| Open file (Filename = '')
2018-12-17T22:43:35.919920467Z	63	PC: 9f715 \| Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:43:35.923662892Z	87	PC: 9f715 \| Get or set file date and time
2018-12-17T22:43:35.925048319Z	62	PC: 9f715 \| Close file
2018-12-17T22:43:35.92679906Z	67	PC: 9f715 \| Get or set file attributes
2018-12-17T22:43:35.937604601Z	61	PC: 12e20 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:43:35.944284504Z	53	PC: 12e20 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:35.946273938Z	37	PC: 12e20 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:35.948988878Z	68	PC: 12e20 \| I/O control for devices
2018-12-17T22:43:35.950487427Z	87	PC: 12e20 \| Get or set file date and time
2018-12-17T22:43:35.951964105Z	66	PC: 12e20 \| Move file pointer
2018-12-17T22:43:35.954002728Z	63	PC: 12e20 \| Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:43:35.956704845Z	66	PC: 12e20 \| Move file pointer
2018-12-17T22:43:35.958117187Z	63	PC: 12e20 \| Read file or device (Read 111 bytes on handle 5)
2018-12-17T22:43:35.965973771Z	87	PC: 12e20 \| Get or set file date and time
2018-12-17T22:43:35.967825029Z	62	PC: 12e20 \| Close file
2018-12-17T22:43:35.975199545Z	37	PC: 12e20 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:35.977096233Z	67	PC: 9f715 \| Get or set file attributes
2018-12-17T22:43:35.98275213Z	67	PC: 9f715 \| Get or set file attributes
2018-12-17T22:43:35.992264319Z	61	PC: 9f715 \| Open file (Filename = '')
2018-12-17T22:43:35.99957465Z	63	PC: 9f715 \| Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:43:36.002411318Z	87	PC: 9f715 \| Get or set file date and time
2018-12-17T22:43:36.004195465Z	62	PC: 9f715 \| Close file
2018-12-17T22:43:36.007148904Z	67	PC: 9f715 \| Get or set file attributes
2018-12-17T22:43:36.020037096Z	75	PC: 12c04 \| Execute program
2018-12-17T22:43:36.038773016Z	67	PC: 1871a \| Get or set file attributes
2018-12-17T22:43:36.046005699Z	9	PC: 18372 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-17T22:43:36.050248258Z	76	PC: 18376 \| Terminate with return code (Return code = '36')
2018-12-17T22:43:36.053335271Z	77	PC: 12c08 \| Get program return code
2018-12-17T22:43:36.055824829Z	76	PC: 12c0c \| Terminate with return code (Return code = '36')