Sample viewer

vx.netlux.org/Virus.DOS.Detic.1514

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:44:46.881407593Z	53	PC: 12f61 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:44:46.88363826Z	53	PC: 12f71 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:44:46.885549933Z	37	PC: 12fce \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:44:46.887513209Z	67	PC: 9ee0d \| Get or set file attributes
2018-12-17T22:44:47.234033084Z	61	PC: 9ee0d \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:44:47.249587478Z	66	PC: 9ee0d \| Move file pointer
2018-12-17T22:44:47.250933313Z	63	PC: 9ee0d \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:44:47.255652506Z	66	PC: 9ee0d \| Move file pointer
2018-12-17T22:44:47.256902628Z	66	PC: 9ee0d \| Move file pointer
2018-12-17T22:44:47.258040094Z	63	PC: 9ee0d \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:44:47.260452164Z	66	PC: 9ee0d \| Move file pointer
2018-12-17T22:44:47.262232538Z	64	PC: 9ee0d \| Write file or device (Write 11 bytes on handle 5)
2018-12-17T22:44:47.264466108Z	66	PC: 9ee0d \| Move file pointer
2018-12-17T22:44:47.265601045Z	66	PC: 9ee0d \| Move file pointer
2018-12-17T22:44:47.267542745Z	64	PC: 9ee0d \| Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:44:47.270112421Z	64	PC: 9ee0d \| Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:44:47.272797113Z	66	PC: 9ee0d \| Move file pointer
2018-12-17T22:44:47.275566753Z	66	PC: 9ee0d \| Move file pointer
2018-12-17T22:44:47.277247629Z	63	PC: 9ee0d \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:44:47.279496721Z	66	PC: 9ee0d \| Move file pointer
2018-12-17T22:44:47.281242541Z	66	PC: 9ee0d \| Move file pointer
2018-12-17T22:44:47.282417928Z	64	PC: 9ee0d \| Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:44:47.284350122Z	44	PC: 9ee0d \| Get time 0x9ee0d: ret 0x9ee0e: mov ah, 0x40 0x9ee10: call 0xaee07 0x9ee13: ret 0x9ee14: mov ax, 0x4202 0x9ee17: xor cx, cx 0x9ee19: xor dx, dx 0x9ee1b: call 0xaee07 0x9ee1e: ret 0x9ee1f: mov ax, 0x4200 0x9ee22: xor cx, cx 0x9ee24: mov dx, bp 0x9ee26: call 0xaee07 0x9ee29: ret 0x9ee2a: mov ah, 0x3f 0x9ee2c: call 0xaee07 0x9ee2f: ret 0x9ee30: call 0xaee1f 0x9ee33: xor dx, dx 0x9ee35: mov cx, 2
2018-12-17T22:44:47.286565749Z	66	PC: 9ee0d \| Move file pointer
2018-12-17T22:44:47.287786433Z	66	PC: 9ee0d \| Move file pointer
2018-12-17T22:44:47.289373468Z	64	PC: 9f12f \| Write file or device (Write 1514 bytes on handle 5)
2018-12-17T22:44:47.296796736Z	62	PC: 9ee0d \| Close file
2018-12-17T22:44:47.302618799Z	57	PC: 9ee0d \| Create subdirectory
2018-12-17T22:44:47.311814Z	43	PC: 9ee0d \| Set date
2018-12-17T22:44:47.3131149Z	45	PC: 9ee0d \| Set time
2018-12-17T22:44:47.315449362Z	61	PC: 9ee0d \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:44:47.320304949Z	62	PC: 12bbd \| Close file
2018-12-17T22:44:47.321991604Z	42	PC: 9ee0d \| Get date 0x9ee0d: ret 0x9ee0e: mov ah, 0x40 0x9ee10: call 0xaee07 0x9ee13: ret 0x9ee14: mov ax, 0x4202 0x9ee17: xor cx, cx 0x9ee19: xor dx, dx 0x9ee1b: call 0xaee07 0x9ee1e: ret 0x9ee1f: mov ax, 0x4200 0x9ee22: xor cx, cx 0x9ee24: mov dx, bp 0x9ee26: call 0xaee07 0x9ee29: ret 0x9ee2a: mov ah, 0x3f 0x9ee2c: call 0xaee07 0x9ee2f: ret 0x9ee30: call 0xaee1f 0x9ee33: xor dx, dx 0x9ee35: mov cx, 2
2018-12-17T22:44:47.323844495Z	42	PC: 9ee0d \| Get date 0x9ee0d: ret 0x9ee0e: mov ah, 0x40 0x9ee10: call 0xaee07 0x9ee13: ret 0x9ee14: mov ax, 0x4202 0x9ee17: xor cx, cx 0x9ee19: xor dx, dx 0x9ee1b: call 0xaee07 0x9ee1e: ret 0x9ee1f: mov ax, 0x4200 0x9ee22: xor cx, cx 0x9ee24: mov dx, bp 0x9ee26: call 0xaee07 0x9ee29: ret 0x9ee2a: mov ah, 0x3f 0x9ee2c: call 0xaee07 0x9ee2f: ret 0x9ee30: call 0xaee1f 0x9ee33: xor dx, dx 0x9ee35: mov cx, 2
2018-12-17T22:44:47.325425541Z	76	PC: 9ee0d \| Terminate with return code (Return code = '1')