Sample viewer

vx.netlux.org/Virus.DOS.Sadist.1209

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:43:44.055110873Z 42 PC: 12bc8 | Get date 0x12bc8: mov word ptr cs:[0xe9], cx
0x12bcd: mov cl, dl
0x12bcf: mov al, dh
0x12bd1: mov bl, 0x1f
0x12bd3: mul bl
0x12bd5: sub ch, ch
0x12bd7: add ax, cx
0x12bd9: add ax, word ptr cs:[0xeb]
0x12bde: sub dx, dx
0x12be0: mov bx, 0x174
0x12be3: div bx
0x12be5: add word ptr cs:[0xe9], ax
0x12bea: mov ax, dx
0x12bec: mov bl, 0x1f
0x12bee: div bl
0x12bf0: xchg al, ah
0x12bf2: mov word ptr cs:[0xe7], ax
0x12bf6: mov ah, 0x2f
0x12bf8: int 0x21
0x12bfa: mov ax, es
2018-12-17T22:43:44.058608926Z 47 PC: 12bfa | Get disk transfer address
2018-12-17T22:43:44.059663194Z 26 PC: 12c1d | Set disk transfer address
2018-12-17T22:43:44.061068055Z 44 PC: 12c21 | Get time 0x12c21: mov al, ch
0x12c23: add al, dh
0x12c25: sub ah, ah
0x12c27: mov dh, dl
0x12c29: mov dl, cl
0x12c2b: mov word ptr cs:[0x5b], ax
0x12c2f: int 0x12
0x12c31: shr ax, 1
0x12c33: shr ax, 1
0x12c35: dec ax
0x12c36: mov bx, ax
0x12c38: mov ax, dx
0x12c3a: sub dx, dx
0x12c3c: div bx
0x12c3e: mov word ptr cs:[0x5d], dx
0x12c43: mov al, 0x5c
0x12c45: mov byte ptr cs:[0x5f], al
0x12c49: mov byte ptr cs:[0xa0], al
0x12c4d: mov ax, cs
0x12c4f: mov ds, ax
2018-12-17T22:43:44.077468659Z 71 PC: 12c5b | Get current directory
2018-12-17T22:43:44.080606437Z 59 PC: 12c69 | Change current directory
2018-12-17T22:43:44.084855595Z 78 PC: 12f63 | Find first file
2018-12-17T22:43:44.091461681Z 78 PC: 12f63 | Find first file
2018-12-17T22:43:44.097243524Z 79 PC: 12f7c | Find next file
2018-12-17T22:43:44.099813696Z 78 PC: 12f63 | Find first file
2018-12-17T22:43:44.111331939Z 78 PC: 12f63 | Find first file
2018-12-17T22:43:44.117354087Z 61 PC: 12d26 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:43:44.123951405Z 63 PC: 12d40 | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:43:44.131235739Z 66 PC: 12d51 | Move file pointer
2018-12-17T22:43:44.133354212Z 63 PC: 12d65 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:43:44.14044232Z 62 PC: 12eab | Close file
2018-12-17T22:43:44.145650875Z 79 PC: 12ec5 | Find next file
2018-12-17T22:43:44.150059742Z 78 PC: 12f63 | Find first file
2018-12-17T22:43:44.155980719Z 61 PC: 12d26 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:43:44.162679697Z 63 PC: 12d40 | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:43:44.166175286Z 66 PC: 12d51 | Move file pointer
2018-12-17T22:43:44.169729144Z 63 PC: 12d65 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:43:44.173702705Z 62 PC: 12eab | Close file
2018-12-17T22:43:44.176296108Z 79 PC: 12ec5 | Find next file
2018-12-17T22:43:44.181709604Z 78 PC: 12f63 | Find first file
2018-12-17T22:43:44.193681309Z 61 PC: 12d26 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:43:44.201060531Z 63 PC: 12d40 | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:43:44.203841137Z 66 PC: 12d51 | Move file pointer
2018-12-17T22:43:44.205474442Z 63 PC: 12d65 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:43:44.209425317Z 62 PC: 12eab | Close file
2018-12-17T22:43:44.211181397Z 79 PC: 12ec5 | Find next file
2018-12-17T22:43:44.213518008Z 78 PC: 12f63 | Find first file
2018-12-17T22:43:44.220132275Z 61 PC: 12d26 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:43:44.226488593Z 63 PC: 12d40 | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:43:44.22890796Z 66 PC: 12d51 | Move file pointer
2018-12-17T22:43:44.230783484Z 63 PC: 12d65 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:43:44.233611389Z 62 PC: 12eab | Close file
2018-12-17T22:43:44.235278761Z 59 PC: 12ede | Change current directory
2018-12-17T22:43:44.240873409Z 42 PC: 12ee2 | Get date 0x12ee2: cmp cx, word ptr cs:[0x39]
0x12ee7: je 0x12eee
0x12ee9: jns 0x12ef8
0x12eeb: jmp 0x12ef8
0x12eed: nop
0x12eee: cmp dx, word ptr cs:[0x37]
0x12ef3: jns 0x12ef8
0x12ef5: jmp 0x12ef8
0x12ef7: nop
0x12ef8: mov ax, word ptr cs:[0x24]
0x12efc: mov ds, ax
0x12efe: mov dx, word ptr cs:[0x22]
0x12f03: mov ah, 0x1a
0x12f05: int 0x21
0x12f07: pop es
0x12f08: pop ds
0x12f09: mov ax, word ptr cs:[0x1a]
0x12f0d: cli
0x12f0e: mov ss, ax
0x12f10: mov sp, word ptr cs:[0x1c]
2018-12-17T22:43:44.243277217Z 26 PC: 12f07 | Set disk transfer address
2018-12-17T22:43:46.378756186Z 72 PC: 8f1b9 | Allocate memory
2018-12-17T22:43:46.381076523Z 72 PC: 8f1bd | Allocate memory
2018-12-17T22:43:46.383328155Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-17T22:43:46.385970697Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-17T22:43:46.39657757Z 66 PC: 91f95 | Move file pointer
2018-12-17T22:43:46.398172246Z 62 PC: 91fc1 | Close file
2018-12-17T22:43:46.400274775Z 75 PC: 91fe0 | Execute program
2018-12-17T22:43:46.417045051Z 98 PC: 916f1 | Get current PSP
2018-12-17T22:43:46.418761882Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-17T22:43:46.423130036Z 48 PC: c609 | Get DOS version
2018-12-17T22:43:46.426589303Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-17T22:43:46.430857199Z 2 PC: c38c | Character output (Char = '32')
2018-12-17T22:43:46.433062186Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-17T22:43:46.437242575Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-17T22:43:46.441927301Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-17T22:43:46.447070875Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\SMARTDRV.EXE')
2018-12-17T22:43:46.457653485Z 66 PC: 91f95 | Move file pointer
2018-12-17T22:43:46.460425577Z 62 PC: 91fc1 | Close file
2018-12-17T22:43:46.466075102Z 75 PC: 91fe0 | Execute program
2018-12-17T22:43:46.486749156Z 98 PC: 916f1 | Get current PSP
2018-12-17T22:43:46.491519862Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:43:46.49356865Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:43:46.495084344Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:43:46.497480134Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:43:46.498799475Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:43:46.499999691Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-17T22:43:46.507523096Z 62 PC: 8f8eb | Close file
2018-12-17T22:43:46.509736458Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.511456287Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.513618065Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.515376478Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.516766197Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.518139867Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.520846046Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.522283828Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.52372542Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.526565931Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.52794165Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.529291878Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.531359119Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.532835109Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.534365013Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.536760283Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.538198046Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.53958836Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.541764398Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.543426783Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.545017214Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.548527268Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.550519293Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.552051219Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.554713324Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.556284578Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.557905876Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.561741654Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.563413586Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.565347092Z 62 PC: 8f8f2 | Close file
2018-12-17T22:43:46.568067133Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-17T22:43:46.572961234Z 62 PC: 8f90e | Close file
2018-12-17T22:43:46.590918722Z 69 PC: 8f915 | Duplicate handle
2018-12-17T22:43:46.593839565Z 69 PC: 8f919 | Duplicate handle
2018-12-17T22:43:46.595745405Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T22:43:46.600785211Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T22:43:46.602445245Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T22:43:46.606773101Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T22:43:46.608233771Z 74 PC: 8f9c4 | Reallocate memory
2018-12-17T22:43:46.610020576Z 72 PC: 8f9e0 | Allocate memory
2018-12-17T22:43:46.611576454Z 72 PC: 8f9e4 | Allocate memory
2018-12-17T22:43:46.612905094Z 74 PC: 8f9fb | Reallocate memory
2018-12-17T22:43:46.614555646Z 72 PC: 8fa02 | Allocate memory
2018-12-17T22:43:46.61607191Z 72 PC: 8fa06 | Allocate memory
2018-12-17T22:43:46.617457862Z 73 PC: 8fa11 | Release memory
2018-12-17T22:43:46.619253265Z 73 PC: 8efea | Release memory
2018-12-17T22:43:46.620373127Z 74 PC: 8f003 | Reallocate memory
2018-12-17T22:43:46.621740436Z 72 PC: 8f054 | Allocate memory
2018-12-17T22:43:46.623685061Z 72 PC: 8f058 | Allocate memory
2018-12-17T22:43:46.624960465Z 73 PC: 8f060 | Release memory
2018-12-17T22:43:46.626043295Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-17T22:43:46.634819173Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:43:46.640004877Z 66 PC: 8f0ad | Move file pointer
2018-12-17T22:43:46.641362968Z 62 PC: 8f0d1 | Close file
2018-12-17T22:43:46.643491573Z 75 PC: 8f0f2 | Execute program
2018-12-17T22:43:46.663820361Z 80 PC: 12be9 | Set current PSP
2018-12-17T22:43:46.664491612Z 48 PC: 12bee | Get DOS version
2018-12-17T22:43:46.666150685Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-17T22:43:46.669247515Z 101 PC: 12c74 | Get extended country info
2018-12-17T22:43:46.670511279Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-17T22:43:46.672064837Z 74 PC: 12cdc | Reallocate memory
2018-12-17T22:43:46.673585157Z 72 PC: 1355d | Allocate memory
2018-12-17T22:43:46.675165692Z 25 PC: 13596 | Get default drive
2018-12-17T22:43:46.676386663Z 71 PC: 135ad | Get current directory
2018-12-17T22:43:46.678636464Z 59 PC: 135ba | Change current directory
2018-12-17T22:43:46.683569106Z 59 PC: 135c8 | Change current directory
2018-12-17T22:43:46.689638188Z 59 PC: 135d3 | Change current directory
2018-12-17T22:43:46.692882737Z 25 PC: 12d13 | Get default drive
2018-12-17T22:43:46.693893983Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:43:46.695477065Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:46.696419869Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:46.698321899Z 80 PC: 1301d | Set current PSP
2018-12-17T22:43:46.699390589Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T22:43:46.701205381Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:43:46.702399402Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:43:46.703813406Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-17T22:43:46.705980667Z 72 PC: 130ec | Allocate memory
2018-12-17T22:43:46.707939885Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-17T22:43:46.714878352Z 62 PC: 131ba | Close file
2018-12-17T22:43:46.717484837Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-17T22:43:46.718801113Z 74 PC: 1197c | Reallocate memory
2018-12-17T22:43:46.720643925Z 72 PC: 11991 | Allocate memory
2018-12-17T22:43:46.723309681Z 73 PC: 119b2 | Release memory
2018-12-17T22:43:46.724831269Z 72 PC: 119bd | Allocate memory
2018-12-17T22:43:46.726686446Z 73 PC: 119df | Release memory
2018-12-17T22:43:46.729739978Z 72 PC: 119f5 | Allocate memory
2018-12-17T22:43:46.731868618Z 72 PC: 119fd | Allocate memory