Sample viewer

vx.netlux.org/Virus.DOS.Manuel.1155

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:44:00.998466377Z	42	PC: 12b57 \| Get date 0x12b57: mov al, dh 0x12b59: sub cx, 0x76c 0x12b5d: mov ah, cl 0x12b5f: ret 0x12b60: push ax 0x12b61: mov ah, 0x35 0x12b63: int 0x21 0x12b65: mov ax, es 0x12b67: mov word ptr [si + 2], ax 0x12b6a: mov word ptr [si], bx 0x12b6c: pop ax 0x12b6d: mov ah, 0x25 0x12b6f: int 0x21 0x12b71: ret 0x12b72: push cs 0x12b73: pop ds 0x12b74: mov byte ptr [0x19], 0 0x12b79: mov byte ptr [0x1a], 0 0x12b7e: call 0x22b53 0x12b81: cmp ax, word ptr [0x17]
2018-12-17T22:44:01.001643113Z	82	PC: 12ade \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:44:01.009104597Z	74	PC: 12b2e \| Reallocate memory
2018-12-17T22:44:01.010860484Z	72	PC: 12b37 \| Allocate memory
2018-12-17T22:44:01.012933468Z	42	PC: 9f823 \| Get date 0x9f823: mov al, dh 0x9f825: sub cx, 0x76c 0x9f829: mov ah, cl 0x9f82b: ret 0x9f82c: push ax 0x9f82d: mov ah, 0x35 0x9f82f: int 0x21 0x9f831: mov ax, es 0x9f833: mov word ptr [si + 2], ax 0x9f836: mov word ptr [si], bx 0x9f838: pop ax 0x9f839: mov ah, 0x25 0x9f83b: int 0x21 0x9f83d: ret 0x9f83e: push cs 0x9f83f: pop ds 0x9f840: mov byte ptr [0x19], 0 0x9f845: mov byte ptr [0x1a], 0 0x9f84a: call 0xaf81f 0x9f84d: cmp ax, word ptr [0x17]
2018-12-17T22:44:01.016449181Z	53	PC: 9f831 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:01.018739663Z	37	PC: 9f83d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:01.021287107Z	67	PC: 9f936 \| Get or set file attributes
2018-12-17T22:44:01.030892758Z	61	PC: 9f954 \| Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-17T22:44:01.042674176Z	87	PC: 9f962 \| Get or set file date and time
2018-12-17T22:44:01.044473015Z	63	PC: 9f96e \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:44:01.050766484Z	66	PC: 9f979 \| Move file pointer
2018-12-17T22:44:01.05349025Z	66	PC: 9f99a \| Move file pointer
2018-12-17T22:44:01.055078533Z	63	PC: 9f9a4 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:44:01.061869608Z	42	PC: 9f823 \| Get date 0x9f823: mov al, dh 0x9f825: sub cx, 0x76c 0x9f829: mov ah, cl 0x9f82b: ret 0x9f82c: push ax 0x9f82d: mov ah, 0x35 0x9f82f: int 0x21 0x9f831: mov ax, es 0x9f833: mov word ptr [si + 2], ax 0x9f836: mov word ptr [si], bx 0x9f838: pop ax 0x9f839: mov ah, 0x25 0x9f83b: int 0x21 0x9f83d: ret 0x9f83e: push cs 0x9f83f: pop ds 0x9f840: mov byte ptr [0x19], 0 0x9f845: mov byte ptr [0x1a], 0 0x9f84a: call 0xaf81f 0x9f84d: cmp ax, word ptr [0x17]
2018-12-17T22:44:01.065602529Z	64	PC: 9f9d8 \| Write file or device (Write 1155 bytes on handle 5)
2018-12-17T22:44:01.407023983Z	66	PC: 9f9e3 \| Move file pointer
2018-12-17T22:44:01.409052383Z	64	PC: 9f9f5 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:44:01.413385772Z	87	PC: 9f9fc \| Get or set file date and time
2018-12-17T22:44:01.415771663Z	62	PC: 9fa00 \| Close file
2018-12-17T22:44:01.423057898Z	37	PC: 9fa1f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:01.424729557Z	53	PC: 9f831 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:01.427405914Z	37	PC: 9f83d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:01.429230691Z	67	PC: 9f936 \| Get or set file attributes
2018-12-17T22:44:01.436021305Z	37	PC: 9fa1f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:01.438828056Z	30	PC: 9f874 \| Reserved
2018-12-17T22:44:01.440253363Z	53	PC: 9f831 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:01.44165746Z	37	PC: 9f83d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:01.447964126Z	67	PC: 9f936 \| Get or set file attributes
2018-12-17T22:44:01.455459924Z	61	PC: 9f954 \| Open file (Filename = 'C:\DOS\KEYB.COM')
2018-12-17T22:44:01.463014793Z	87	PC: 9f962 \| Get or set file date and time
2018-12-17T22:44:01.466072496Z	63	PC: 9f96e \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:44:01.472321603Z	66	PC: 9f979 \| Move file pointer
2018-12-17T22:44:01.474243884Z	66	PC: 9f99a \| Move file pointer
2018-12-17T22:44:01.47720264Z	63	PC: 9f9a4 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:44:01.483845767Z	42	PC: 9f823 \| Get date 0x9f823: mov al, dh 0x9f825: sub cx, 0x76c 0x9f829: mov ah, cl 0x9f82b: ret 0x9f82c: push ax 0x9f82d: mov ah, 0x35 0x9f82f: int 0x21 0x9f831: mov ax, es 0x9f833: mov word ptr [si + 2], ax 0x9f836: mov word ptr [si], bx 0x9f838: pop ax 0x9f839: mov ah, 0x25 0x9f83b: int 0x21 0x9f83d: ret 0x9f83e: push cs 0x9f83f: pop ds 0x9f840: mov byte ptr [0x19], 0 0x9f845: mov byte ptr [0x1a], 0 0x9f84a: call 0xaf81f 0x9f84d: cmp ax, word ptr [0x17]
2018-12-17T22:44:01.486568691Z	64	PC: 9f9d8 \| Write file or device (Write 1155 bytes on handle 5)
2018-12-17T22:44:01.497316097Z	66	PC: 9f9e3 \| Move file pointer
2018-12-17T22:44:01.499974539Z	64	PC: 9f9f5 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:44:01.504925598Z	87	PC: 9f9fc \| Get or set file date and time
2018-12-17T22:44:01.506792705Z	62	PC: 9fa00 \| Close file
2018-12-17T22:44:01.518831055Z	37	PC: 9fa1f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:01.520204755Z	53	PC: 9f831 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:01.521938872Z	37	PC: 9f83d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:01.524382732Z	67	PC: 9f936 \| Get or set file attributes
2018-12-17T22:44:01.533264724Z	37	PC: 9fa1f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:01.534814304Z	53	PC: 9f831 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:44:01.537058038Z	37	PC: 9f83d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')