Sample viewer

vx.netlux.org/Virus.DOS.IVP.Orudis.1009

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:48:17.124851123Z 26 PC: 13529 | Set disk transfer address
2018-12-17T22:48:17.126544212Z 53 PC: 13258 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:17.128002428Z 37 PC: 1326e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:17.129389623Z 71 PC: 1327e | Get current directory
2018-12-17T22:48:17.132721111Z 78 PC: 13318 | Find first file
2018-12-17T22:48:17.139018112Z 61 PC: 13534 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:48:17.145516514Z 63 PC: 1333b | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:17.148398153Z 62 PC: 1333f | Close file
2018-12-17T22:48:17.161724004Z 79 PC: 13318 | Find next file
2018-12-17T22:48:17.164018319Z 78 PC: 13318 | Find first file
2018-12-17T22:48:17.169647796Z 61 PC: 13534 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:48:17.181586075Z 63 PC: 1333b | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:17.188336285Z 62 PC: 1333f | Close file
2018-12-17T22:48:17.190421225Z 67 PC: 13545 | Get or set file attributes
2018-12-17T22:48:17.870455814Z 61 PC: 13534 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:48:17.878501309Z 64 PC: 1344c | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:48:17.881406759Z 66 PC: 13522 | Move file pointer
2018-12-17T22:48:17.883665672Z 44 PC: 1345d | Get time 0x1345d: cmp dh, 0
0x13460: xchg ax, dx
0x13461: xchg ax, dx
0x13462: je 0x13457
0x13464: mov byte ptr cs:[bp + 0x504], dh
0x13469: xchg ax, dx
0x1346a: xchg ax, dx
0x1346b: call 0x1359c
0x1346e: xchg ax, dx
0x1346f: xchg ax, dx
0x13470: inc byte ptr cs:[bp + 0x505]
0x13475: mov ax, 0x5701
0x13478: xchg ax, dx
0x13479: xchg ax, dx
0x1347a: mov cx, word ptr cs:[bp + 0x578]
0x1347f: mov dx, word ptr cs:[bp + 0x57a]
0x13484: xchg ax, dx
0x13485: xchg ax, dx
0x13486: int 0x21
0x13488: mov ah, 0x3e
2018-12-17T22:48:17.886885931Z 64 PC: 135f5 | Write file or device (Write 1009 bytes on handle 5)
2018-12-17T22:48:18.043399978Z 87 PC: 13488 | Get or set file date and time
2018-12-17T22:48:18.045938051Z 62 PC: 1348e | Close file
2018-12-17T22:48:18.068131289Z 67 PC: 13545 | Get or set file attributes
2018-12-17T22:48:18.079740045Z 79 PC: 13318 | Find next file
2018-12-17T22:48:18.084576258Z 61 PC: 13534 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:48:18.091475053Z 63 PC: 1333b | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:18.103510934Z 62 PC: 1333f | Close file
2018-12-17T22:48:18.106141537Z 67 PC: 13545 | Get or set file attributes
2018-12-17T22:48:18.118962505Z 61 PC: 13534 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:48:18.126533368Z 64 PC: 1344c | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:48:18.141347413Z 66 PC: 13522 | Move file pointer
2018-12-17T22:48:18.143276778Z 44 PC: 1345d | Get time 0x1345d: cmp dh, 0
0x13460: xchg ax, dx
0x13461: xchg ax, dx
0x13462: je 0x13457
0x13464: mov byte ptr cs:[bp + 0x504], dh
0x13469: xchg ax, dx
0x1346a: xchg ax, dx
0x1346b: call 0x1359c
0x1346e: xchg ax, dx
0x1346f: xchg ax, dx
0x13470: inc byte ptr cs:[bp + 0x505]
0x13475: mov ax, 0x5701
0x13478: xchg ax, dx
0x13479: xchg ax, dx
0x1347a: mov cx, word ptr cs:[bp + 0x578]
0x1347f: mov dx, word ptr cs:[bp + 0x57a]
0x13484: xchg ax, dx
0x13485: xchg ax, dx
0x13486: int 0x21
0x13488: mov ah, 0x3e
2018-12-17T22:48:18.146363837Z 64 PC: 135f5 | Write file or device (Write 1009 bytes on handle 5)
2018-12-17T22:48:18.156060755Z 87 PC: 13488 | Get or set file date and time
2018-12-17T22:48:18.158123824Z 62 PC: 1348e | Close file
2018-12-17T22:48:18.166134042Z 67 PC: 13545 | Get or set file attributes
2018-12-17T22:48:18.177813092Z 79 PC: 13318 | Find next file
2018-12-17T22:48:18.18074931Z 61 PC: 13534 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:48:18.187383819Z 63 PC: 1333b | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:18.194241273Z 62 PC: 1333f | Close file
2018-12-17T22:48:18.197431623Z 67 PC: 13545 | Get or set file attributes
2018-12-17T22:48:18.210305632Z 61 PC: 13534 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:48:18.217693695Z 64 PC: 1344c | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:48:18.221508999Z 66 PC: 13522 | Move file pointer
2018-12-17T22:48:18.223571806Z 44 PC: 1345d | Get time 0x1345d: cmp dh, 0
0x13460: xchg ax, dx
0x13461: xchg ax, dx
0x13462: je 0x13457
0x13464: mov byte ptr cs:[bp + 0x504], dh
0x13469: xchg ax, dx
0x1346a: xchg ax, dx
0x1346b: call 0x1359c
0x1346e: xchg ax, dx
0x1346f: xchg ax, dx
0x13470: inc byte ptr cs:[bp + 0x505]
0x13475: mov ax, 0x5701
0x13478: xchg ax, dx
0x13479: xchg ax, dx
0x1347a: mov cx, word ptr cs:[bp + 0x578]
0x1347f: mov dx, word ptr cs:[bp + 0x57a]
0x13484: xchg ax, dx
0x13485: xchg ax, dx
0x13486: int 0x21
0x13488: mov ah, 0x3e
2018-12-17T22:48:18.226670838Z 64 PC: 135f5 | Write file or device (Write 1009 bytes on handle 5)
2018-12-17T22:48:18.236314003Z 87 PC: 13488 | Get or set file date and time
2018-12-17T22:48:18.23810898Z 62 PC: 1348e | Close file
2018-12-17T22:48:18.24591608Z 67 PC: 13545 | Get or set file attributes
2018-12-17T22:48:18.25708444Z 79 PC: 13318 | Find next file
2018-12-17T22:48:18.260025331Z 61 PC: 13534 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:48:18.271169838Z 63 PC: 1333b | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:18.278657621Z 62 PC: 1333f | Close file
2018-12-17T22:48:18.280755275Z 67 PC: 13545 | Get or set file attributes
2018-12-17T22:48:18.290822302Z 61 PC: 13534 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:48:18.298597148Z 64 PC: 1344c | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:48:18.301614487Z 66 PC: 13522 | Move file pointer
2018-12-17T22:48:18.303234224Z 44 PC: 1345d | Get time 0x1345d: cmp dh, 0
0x13460: xchg ax, dx
0x13461: xchg ax, dx
0x13462: je 0x13457
0x13464: mov byte ptr cs:[bp + 0x504], dh
0x13469: xchg ax, dx
0x1346a: xchg ax, dx
0x1346b: call 0x1359c
0x1346e: xchg ax, dx
0x1346f: xchg ax, dx
0x13470: inc byte ptr cs:[bp + 0x505]
0x13475: mov ax, 0x5701
0x13478: xchg ax, dx
0x13479: xchg ax, dx
0x1347a: mov cx, word ptr cs:[bp + 0x578]
0x1347f: mov dx, word ptr cs:[bp + 0x57a]
0x13484: xchg ax, dx
0x13485: xchg ax, dx
0x13486: int 0x21
0x13488: mov ah, 0x3e
2018-12-17T22:48:18.306851332Z 64 PC: 135f5 | Write file or device (Write 1009 bytes on handle 5)
2018-12-17T22:48:18.316291395Z 87 PC: 13488 | Get or set file date and time
2018-12-17T22:48:18.318034646Z 62 PC: 1348e | Close file
2018-12-17T22:48:18.326576458Z 67 PC: 13545 | Get or set file attributes
2018-12-17T22:48:18.337115151Z 79 PC: 13318 | Find next file
2018-12-17T22:48:18.339958197Z 61 PC: 13534 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:48:18.34727278Z 63 PC: 1333b | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:18.353740478Z 62 PC: 1333f | Close file
2018-12-17T22:48:18.355866057Z 67 PC: 13545 | Get or set file attributes
2018-12-17T22:48:18.361223718Z 61 PC: 13534 | Open file (Filename = 'PRINTA~1.COM�')
2018-12-17T22:48:18.367113853Z 64 PC: 1344c | Write file or device (Write 5 bytes on handle 2)
2018-12-17T22:48:18.369817359Z 66 PC: 13522 | Move file pointer
2018-12-17T22:48:18.371459853Z 44 PC: 1345d | Get time 0x1345d: cmp dh, 0
0x13460: xchg ax, dx
0x13461: xchg ax, dx
0x13462: je 0x13457
0x13464: mov byte ptr cs:[bp + 0x504], dh
0x13469: xchg ax, dx
0x1346a: xchg ax, dx
0x1346b: call 0x1359c
0x1346e: xchg ax, dx
0x1346f: xchg ax, dx
0x13470: inc byte ptr cs:[bp + 0x505]
0x13475: mov ax, 0x5701
0x13478: xchg ax, dx
0x13479: xchg ax, dx
0x1347a: mov cx, word ptr cs:[bp + 0x578]
0x1347f: mov dx, word ptr cs:[bp + 0x57a]
0x13484: xchg ax, dx
0x13485: xchg ax, dx
0x13486: int 0x21
0x13488: mov ah, 0x3e
2018-12-17T22:48:18.374374573Z 64 PC: 135f5 | Write file or device (Write 1009 bytes on handle 2)
2018-12-17T22:48:18.385070106Z 87 PC: 13488 | Get or set file date and time
2018-12-17T22:48:18.386617097Z 62 PC: 1348e | Close file
2018-12-17T22:48:18.388527799Z 67 PC: 13545 | Get or set file attributes
2018-12-17T22:48:18.392956663Z 79 PC: 13318 | Find next file
2018-12-17T22:48:18.396043312Z 61 PC: 13534 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:48:18.408642635Z 63 PC: 1333b | Read file or device (Read 26 bytes on handle 2)
2018-12-17T22:48:18.415172871Z 62 PC: 1333f | Close file
2018-12-17T22:48:18.417582044Z 67 PC: 13545 | Get or set file attributes
2018-12-17T22:48:18.427719113Z 61 PC: 13534 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:48:18.434540736Z 64 PC: 1344c | Write file or device (Write 5 bytes on handle 2)
2018-12-17T22:48:18.437792026Z 66 PC: 13522 | Move file pointer
2018-12-17T22:48:18.439688657Z 44 PC: 1345d | Get time 0x1345d: cmp dh, 0
0x13460: xchg ax, dx
0x13461: xchg ax, dx
0x13462: je 0x13457
0x13464: mov byte ptr cs:[bp + 0x504], dh
0x13469: xchg ax, dx
0x1346a: xchg ax, dx
0x1346b: call 0x1359c
0x1346e: xchg ax, dx
0x1346f: xchg ax, dx
0x13470: inc byte ptr cs:[bp + 0x505]
0x13475: mov ax, 0x5701
0x13478: xchg ax, dx
0x13479: xchg ax, dx
0x1347a: mov cx, word ptr cs:[bp + 0x578]
0x1347f: mov dx, word ptr cs:[bp + 0x57a]
0x13484: xchg ax, dx
0x13485: xchg ax, dx
0x13486: int 0x21
0x13488: mov ah, 0x3e
2018-12-17T22:48:18.44253364Z 64 PC: 135f5 | Write file or device (Write 1009 bytes on handle 2)
2018-12-17T22:48:18.451929948Z 87 PC: 13488 | Get or set file date and time
2018-12-17T22:48:18.45454745Z 62 PC: 1348e | Close file
2018-12-17T22:48:18.462178346Z 67 PC: 13545 | Get or set file attributes
2018-12-17T22:48:18.472353245Z 79 PC: 13318 | Find next file
2018-12-17T22:48:18.475700838Z 61 PC: 13534 | Open file (Filename = 'PAH.COM')
2018-12-17T22:48:18.48198468Z 63 PC: 1333b | Read file or device (Read 26 bytes on handle 2)
2018-12-17T22:48:18.488151719Z 62 PC: 1333f | Close file
2018-12-17T22:48:18.491015768Z 67 PC: 13545 | Get or set file attributes
2018-12-17T22:48:18.500865929Z 61 PC: 13534 | Open file (Filename = 'PAH.COM')
2018-12-17T22:48:18.50746666Z 64 PC: 1344c | Write file or device (Write 5 bytes on handle 2)
2018-12-17T22:48:18.511187152Z 66 PC: 13522 | Move file pointer
2018-12-17T22:48:18.512436761Z 44 PC: 1345d | Get time 0x1345d: cmp dh, 0
0x13460: xchg ax, dx
0x13461: xchg ax, dx
0x13462: je 0x13457
0x13464: mov byte ptr cs:[bp + 0x504], dh
0x13469: xchg ax, dx
0x1346a: xchg ax, dx
0x1346b: call 0x1359c
0x1346e: xchg ax, dx
0x1346f: xchg ax, dx
0x13470: inc byte ptr cs:[bp + 0x505]
0x13475: mov ax, 0x5701
0x13478: xchg ax, dx
0x13479: xchg ax, dx
0x1347a: mov cx, word ptr cs:[bp + 0x578]
0x1347f: mov dx, word ptr cs:[bp + 0x57a]
0x13484: xchg ax, dx
0x13485: xchg ax, dx
0x13486: int 0x21
0x13488: mov ah, 0x3e
2018-12-17T22:48:18.514964548Z 64 PC: 135f5 | Write file or device (Write 1009 bytes on handle 2)
2018-12-17T22:48:18.52889748Z 87 PC: 13488 | Get or set file date and time
2018-12-17T22:48:18.530937853Z 62 PC: 1348e | Close file
2018-12-17T22:48:18.538318633Z 67 PC: 13545 | Get or set file attributes
2018-12-17T22:48:18.54826691Z 79 PC: 13318 | Find next file
2018-12-17T22:48:18.550620922Z 59 PC: 1329e | Change current directory
2018-12-17T22:48:18.554736119Z 42 PC: 134a1 | Get date 0x134a1: xchg ax, dx
0x134a2: xchg ax, dx
0x134a3: cmp cx, 0x7cb
0x134a7: jb 0x13515
0x134a9: cmp dh, 6
0x134ac: jb 0x13515
0x134ae: cmp dl, 5
0x134b1: jb 0x13515
0x134b3: cmp al, 2
0x134b5: jb 0x13515
0x134b7: xchg ax, dx
0x134b8: xchg ax, dx
0x134b9: mov ah, 0x2c
0x134bb: int 0x21
0x134bd: xchg ax, dx
0x134be: xchg ax, dx
0x134bf: cmp ch, 9
0x134c2: jb 0x13515
0x134c4: cmp cl, 1
0x134c7: jb 0x13515
2018-12-17T22:48:18.558172356Z 37 PC: 132b1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:18.559580726Z 59 PC: 132bf | Change current directory
2018-12-17T22:48:18.561502635Z 26 PC: 13529 | Set disk transfer address