Sample viewer

vx.netlux.org/Virus.DOS.JDC.5421

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:47:43.281594543Z 37 PC: 1656c | Set interrupt vector (Interrupt = '205' AKA 'UNKNOWN!')
2018-12-17T22:47:43.283536221Z 37 PC: 16587 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:47:43.29441033Z 44 PC: 1519b | Get time 0x1519b: mov word ptr cs:[bp + 0x144], cx
0x151a0: mov word ptr cs:[bp + 0x146], dx
0x151a5: ret
0x151a6: mov ax, word ptr cs:[bp + 0x144]
0x151ab: mov bx, word ptr cs:[bp + 0x146]
0x151b0: mov cx, ax
0x151b2: mul word ptr cs:[bp + 0x148]
0x151b7: shl cx, 1
0x151b9: shl cx, 1
0x151bb: shl cx, 1
0x151bd: add ch, cl
0x151bf: add dx, cx
0x151c1: add dx, bx
0x151c3: shl bx, 1
0x151c5: shl bx, 1
0x151c7: add dx, bx
0x151c9: add dh, bl
0x151cb: mov cl, 5
0x151cd: shl bx, cl
0x151cf: add dh, bl
2018-12-17T22:47:43.296941686Z 26 PC: 15cdd | Set disk transfer address
2018-12-17T22:47:43.302636675Z 53 PC: 15264 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:43.304712034Z 37 PC: 15276 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:43.306473312Z 71 PC: 15394 | Get current directory
2018-12-17T22:47:43.310007613Z 78 PC: 153b7 | Find first file
2018-12-17T22:47:43.325506911Z 78 PC: 153b7 | Find first file
2018-12-17T22:47:43.332951407Z 61 PC: 15cf4 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:47:43.340132809Z 63 PC: 153f9 | Read file or device (Read 4278190106 bytes on handle 5)
2018-12-17T22:47:43.348054741Z 62 PC: 153fd | Close file
2018-12-17T22:47:43.350215531Z 67 PC: 15d0d | Get or set file attributes
2018-12-17T22:47:43.367627854Z 61 PC: 15cf4 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:47:43.375597396Z 64 PC: 15c9a | Write file or device (Write 4278190083 bytes on handle 5)
2018-12-17T22:47:43.378641214Z 66 PC: 15cd8 | Move file pointer
2018-12-17T22:47:43.381877765Z 37 PC: 1656c | Set interrupt vector (Interrupt = '209' AKA 'UNKNOWN!')
2018-12-17T22:47:43.383574552Z 37 PC: 16587 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:47:43.394030797Z 64 PC: 1666f | Write file or device (Write 4278195501 bytes on handle 5)
2018-12-17T22:47:43.405153593Z 37 PC: 1656c | Set interrupt vector (Interrupt = '209' AKA 'UNKNOWN!')
2018-12-17T22:47:43.406891628Z 37 PC: 16587 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:47:43.416903848Z 87 PC: 15b78 | Get or set file date and time
2018-12-17T22:47:43.418867277Z 62 PC: 15b7c | Close file
2018-12-17T22:47:43.577941179Z 67 PC: 15d0d | Get or set file attributes
2018-12-17T22:47:43.660795226Z 79 PC: 153b7 | Find next file
2018-12-17T22:47:43.664047115Z 61 PC: 15cf4 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:47:43.67171459Z 63 PC: 153f9 | Read file or device (Read 4278190106 bytes on handle 5)
2018-12-17T22:47:43.679419064Z 62 PC: 153fd | Close file
2018-12-17T22:47:43.681456763Z 67 PC: 15d0d | Get or set file attributes
2018-12-17T22:47:43.794258604Z 61 PC: 15cf4 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:47:43.802271758Z 64 PC: 15c9a | Write file or device (Write 4278190083 bytes on handle 5)
2018-12-17T22:47:43.805685751Z 66 PC: 15cd8 | Move file pointer
2018-12-17T22:47:43.809007572Z 37 PC: 1656c | Set interrupt vector (Interrupt = '219' AKA 'UNKNOWN!')
2018-12-17T22:47:43.811412881Z 37 PC: 16587 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:47:43.821029628Z 64 PC: 1666f | Write file or device (Write 4278195501 bytes on handle 5)
2018-12-17T22:47:43.964948348Z 37 PC: 1656c | Set interrupt vector (Interrupt = '219' AKA 'UNKNOWN!')
2018-12-17T22:47:43.966838779Z 37 PC: 16587 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:47:43.976108134Z 87 PC: 15b78 | Get or set file date and time
2018-12-17T22:47:43.977769084Z 62 PC: 15b7c | Close file
2018-12-17T22:47:44.003060539Z 67 PC: 15d0d | Get or set file attributes
2018-12-17T22:47:44.047370284Z 79 PC: 153b7 | Find next file
2018-12-17T22:47:44.050579423Z 61 PC: 15cf4 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:47:44.058835132Z 63 PC: 153f9 | Read file or device (Read 4278190106 bytes on handle 5)
2018-12-17T22:47:44.066611903Z 62 PC: 153fd | Close file
2018-12-17T22:47:44.06901105Z 67 PC: 15d0d | Get or set file attributes
2018-12-17T22:47:44.086812453Z 61 PC: 15cf4 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:47:44.094053437Z 64 PC: 15c9a | Write file or device (Write 4278190083 bytes on handle 5)
2018-12-17T22:47:44.096883754Z 66 PC: 15cd8 | Move file pointer
2018-12-17T22:47:44.099861298Z 37 PC: 1656c | Set interrupt vector (Interrupt = '223' AKA 'UNKNOWN!')
2018-12-17T22:47:44.101702868Z 37 PC: 16587 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:47:44.112718763Z 64 PC: 1666f | Write file or device (Write 4278195501 bytes on handle 5)
2018-12-17T22:47:44.122405562Z 37 PC: 1656c | Set interrupt vector (Interrupt = '223' AKA 'UNKNOWN!')
2018-12-17T22:47:44.124451966Z 37 PC: 16587 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:47:44.13492911Z 87 PC: 15b78 | Get or set file date and time
2018-12-17T22:47:44.136799504Z 62 PC: 15b7c | Close file
2018-12-17T22:47:44.146040805Z 67 PC: 15d0d | Get or set file attributes
2018-12-17T22:47:44.157784298Z 79 PC: 153b7 | Find next file
2018-12-17T22:47:44.160631216Z 61 PC: 15cf4 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:47:44.168721846Z 63 PC: 153f9 | Read file or device (Read 4278190106 bytes on handle 5)
2018-12-17T22:47:44.176535395Z 62 PC: 153fd | Close file
2018-12-17T22:47:44.179067612Z 67 PC: 15d0d | Get or set file attributes
2018-12-17T22:47:44.191257614Z 61 PC: 15cf4 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:47:44.198852082Z 64 PC: 15c9a | Write file or device (Write 4278190083 bytes on handle 5)
2018-12-17T22:47:44.202306752Z 66 PC: 15cd8 | Move file pointer
2018-12-17T22:47:44.205852543Z 37 PC: 1656c | Set interrupt vector (Interrupt = '141' AKA 'UNKNOWN!')
2018-12-17T22:47:44.208740409Z 37 PC: 16587 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:47:44.218016746Z 64 PC: 1666f | Write file or device (Write 4278195501 bytes on handle 5)
2018-12-17T22:47:44.227979533Z 37 PC: 1656c | Set interrupt vector (Interrupt = '141' AKA 'UNKNOWN!')
2018-12-17T22:47:44.232128167Z 37 PC: 16587 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:47:44.24289793Z 87 PC: 15b78 | Get or set file date and time
2018-12-17T22:47:44.245067276Z 62 PC: 15b7c | Close file
2018-12-17T22:47:44.255051203Z 67 PC: 15d0d | Get or set file attributes
2018-12-17T22:47:44.266628563Z 79 PC: 153b7 | Find next file
2018-12-17T22:47:44.270194953Z 61 PC: 15cf4 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:47:44.278988253Z 63 PC: 153f9 | Read file or device (Read 4278190106 bytes on handle 5)
2018-12-17T22:47:44.286548556Z 62 PC: 153fd | Close file
2018-12-17T22:47:44.289196841Z 67 PC: 15d0d | Get or set file attributes
2018-12-17T22:47:44.30041671Z 61 PC: 15cf4 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:47:44.310500445Z 64 PC: 15c9a | Write file or device (Write 4278190083 bytes on handle 5)
2018-12-17T22:47:44.313720885Z 66 PC: 15cd8 | Move file pointer
2018-12-17T22:47:44.316968847Z 37 PC: 1656c | Set interrupt vector (Interrupt = '130' AKA 'UNKNOWN!')
2018-12-17T22:47:44.319093248Z 37 PC: 16587 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:47:44.329794312Z 64 PC: 1666f | Write file or device (Write 4278195501 bytes on handle 5)
2018-12-17T22:47:44.339187118Z 37 PC: 1656c | Set interrupt vector (Interrupt = '130' AKA 'UNKNOWN!')
2018-12-17T22:47:44.341054046Z 37 PC: 16587 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:47:44.351542901Z 87 PC: 15b78 | Get or set file date and time
2018-12-17T22:47:44.353554971Z 62 PC: 15b7c | Close file
2018-12-17T22:47:44.362318695Z 67 PC: 15d0d | Get or set file attributes
2018-12-17T22:47:44.372948866Z 79 PC: 153b7 | Find next file
2018-12-17T22:47:44.376532639Z 61 PC: 15cf4 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:47:44.384494727Z 63 PC: 153f9 | Read file or device (Read 4278190106 bytes on handle 5)
2018-12-17T22:47:44.391784082Z 62 PC: 153fd | Close file
2018-12-17T22:47:44.394238352Z 67 PC: 15d0d | Get or set file attributes
2018-12-17T22:47:44.40522866Z 61 PC: 15cf4 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:47:44.41272271Z 64 PC: 15c9a | Write file or device (Write 4278190083 bytes on handle 5)
2018-12-17T22:47:44.416017259Z 66 PC: 15cd8 | Move file pointer
2018-12-17T22:47:44.41945119Z 37 PC: 1656c | Set interrupt vector (Interrupt = '197' AKA 'UNKNOWN!')
2018-12-17T22:47:44.421589808Z 37 PC: 16587 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:47:44.43236983Z 64 PC: 1666f | Write file or device (Write 4278195501 bytes on handle 5)
2018-12-17T22:47:44.442738389Z 37 PC: 1656c | Set interrupt vector (Interrupt = '197' AKA 'UNKNOWN!')
2018-12-17T22:47:44.445286377Z 37 PC: 16587 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:47:44.455835515Z 87 PC: 15b78 | Get or set file date and time
2018-12-17T22:47:44.457761614Z 62 PC: 15b7c | Close file
2018-12-17T22:47:44.46699493Z 67 PC: 15d0d | Get or set file attributes
2018-12-17T22:47:44.478214468Z 79 PC: 153b7 | Find next file
2018-12-17T22:47:44.480991886Z 61 PC: 15cf4 | Open file (Filename = 'PAH.COM')
2018-12-17T22:47:44.488372853Z 63 PC: 153f9 | Read file or device (Read 4278190106 bytes on handle 5)
2018-12-17T22:47:44.495430863Z 62 PC: 153fd | Close file
2018-12-17T22:47:44.497859756Z 67 PC: 15d0d | Get or set file attributes
2018-12-17T22:47:44.509447535Z 61 PC: 15cf4 | Open file (Filename = 'PAH.COM')
2018-12-17T22:47:44.516832139Z 64 PC: 15c9a | Write file or device (Write 4278190083 bytes on handle 5)
2018-12-17T22:47:44.519952732Z 66 PC: 15cd8 | Move file pointer
2018-12-17T22:47:44.523758592Z 37 PC: 1656c | Set interrupt vector (Interrupt = '148' AKA 'UNKNOWN!')
2018-12-17T22:47:44.525514761Z 37 PC: 16587 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:47:44.535566435Z 64 PC: 1666f | Write file or device (Write 4278195501 bytes on handle 5)
2018-12-17T22:47:44.546278981Z 37 PC: 1656c | Set interrupt vector (Interrupt = '148' AKA 'UNKNOWN!')
2018-12-17T22:47:44.54867934Z 37 PC: 16587 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:47:44.56008082Z 87 PC: 15b78 | Get or set file date and time
2018-12-17T22:47:44.563565837Z 62 PC: 15b7c | Close file
2018-12-17T22:47:44.57430857Z 67 PC: 15d0d | Get or set file attributes
2018-12-17T22:47:44.584674595Z 79 PC: 153b7 | Find next file
2018-12-17T22:47:44.587947654Z 61 PC: 15cf4 | Open file (Filename = 'TEST.COM')
2018-12-17T22:47:44.5955682Z 63 PC: 153f9 | Read file or device (Read 4278190106 bytes on handle 5)
2018-12-17T22:47:44.59870373Z 62 PC: 153fd | Close file
2018-12-17T22:47:44.601092508Z 79 PC: 153b7 | Find next file
2018-12-17T22:47:44.604811115Z 59 PC: 152c7 | Change current directory
2018-12-17T22:47:44.609616202Z 81 PC: 16041 | Get current PSP
2018-12-17T22:47:44.611090752Z 78 PC: 152de | Find first file
2018-12-17T22:47:44.617765152Z 61 PC: 15cf4 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:47:44.62406125Z 63 PC: 153f9 | Read file or device (Read 4278190106 bytes on handle 5)
2018-12-17T22:47:44.626823499Z 62 PC: 153fd | Close file
2018-12-17T22:47:44.629647295Z 67 PC: 15d0d | Get or set file attributes
2018-12-17T22:47:44.978556428Z 61 PC: 15cf4 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:47:44.98676018Z 64 PC: 15c9a | Write file or device (Write 4278190083 bytes on handle 5)
2018-12-17T22:47:44.991427249Z 66 PC: 15cd8 | Move file pointer
2018-12-17T22:47:44.994783193Z 37 PC: 1656c | Set interrupt vector (Interrupt = '135' AKA 'UNKNOWN!')
2018-12-17T22:47:44.996317536Z 37 PC: 16587 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:47:45.006273941Z 64 PC: 1666f | Write file or device (Write 4278195501 bytes on handle 5)
2018-12-17T22:47:45.020513633Z 37 PC: 1656c | Set interrupt vector (Interrupt = '135' AKA 'UNKNOWN!')
2018-12-17T22:47:45.02184287Z 37 PC: 16587 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:47:45.031708495Z 87 PC: 15b78 | Get or set file date and time
2018-12-17T22:47:45.033358524Z 62 PC: 15b7c | Close file
2018-12-17T22:47:45.041603263Z 67 PC: 15d0d | Get or set file attributes
2018-12-17T22:47:45.052777356Z 42 PC: 152fa | Get date 0x152fa: cmp cx, word ptr cs:[bp + 0x162d]
0x152ff: ja 0x15313
0x15301: jl 0x15337
0x15303: cmp dh, byte ptr cs:[bp + 0x162c]
0x15308: ja 0x15313
0x1530a: jl 0x15337
0x1530c: cmp dl, byte ptr cs:[bp + 0x162b]
0x15311: jl 0x15337
0x15313: pushaw
0x15314: call 0x2520e
0x15317: cmp ax, 0x32
0x1531a: jl 0x15336
0x1531c: mov word ptr cs:[bp + 0x142], ax
0x15321: call 0x15324
0x15324: pop ax
0x15325: add ax, 0xe
0x15328: push ax
0x15329: mov ax, word ptr cs:[bp + 0x142]
0x1532e: jmp 0x15b3b
0x15331: nop
2018-12-17T22:47:45.055420893Z 44 PC: 15212 | Get time 0x15212: mov al, cl
0x15214: cwde
0x15215: ret
0x15216: add word ptr [di], dx
0x15218: add dl, byte ptr ss:[bx + si - 0x1770]
0x1521d: js 0x1521e
0x1521f: cmp sp, 0x4a56
0x15223: jne 0x1522c
0x15225: jmp 0x153a0
0x15228: movsb byte ptr es:[di], byte ptr [si]
0x15229: movsw word ptr es:[di], word ptr [si]
0x1522a: jmp 0x15244
0x1522c: lea si, word ptr [bp + 0x1054]
0x15230: mov di, 0x100
0x15233: push di
0x15234: jmp 0x15228
0x15236: sub ax, 0x5b2d
0x15239: and byte ptr [bp + si + 0x44], cl
0x1523c: inc bx
0x1523d: and byte ptr [di + 0x2d], bl