Sample viewer

vx.netlux.org/Virus.DOS.Ksenia.4227

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:48:38.298463385Z	24	PC: 12b73 \| Reserved
2018-12-17T22:48:38.305532229Z	53	PC: 12c01 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:38.306719028Z	37	PC: 12c14 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:38.308032468Z	53	PC: 12c19 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:48:38.311448989Z	37	PC: 12c29 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:48:38.313030841Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:38.314848951Z	74	PC: 12c35 \| Reallocate memory
2018-12-17T22:48:38.317470356Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:38.319800752Z	67	PC: 135a8 \| Get or set file attributes
2018-12-17T22:48:38.325944934Z	67	PC: 135a8 \| Get or set file attributes
2018-12-17T22:48:38.63647717Z	61	PC: 135a8 \| Open file (Filename = '')
2018-12-17T22:48:38.643866009Z	68	PC: 135a8 \| I/O control for devices (Set for = '')
2018-12-17T22:48:38.645524606Z	66	PC: 135a8 \| Move file pointer
2018-12-17T22:48:38.648126893Z	66	PC: 135a8 \| Move file pointer
2018-12-17T22:48:38.650375842Z	63	PC: 135a8 \| Read file or device (Read 4227 bytes on handle 5)
2018-12-17T22:48:38.659318498Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:38.661922938Z	66	PC: 135a8 \| Move file pointer
2018-12-17T22:48:38.664884983Z	63	PC: 135a8 \| Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:48:38.667913672Z	66	PC: 135a8 \| Move file pointer
2018-12-17T22:48:38.669727698Z	87	PC: 135a8 \| Get or set file date and time
2018-12-17T22:48:38.672336226Z	44	PC: 135a8 \| Get time 0x135a8: ret 0x135a9: call 0x233e0 0x135ac: mov ax, 0x4400 0x135af: call 0x235a3 0x135b2: jb 0x135be 0x135b4: test dl, 0x80 0x135b7: jne 0x135be 0x135b9: call 0x233f4 0x135bc: clc 0x135bd: ret 0x135be: call 0x233f4 0x135c1: stc 0x135c2: ret 0x135c3: cmp al, 0x61 0x135c5: jb 0x135cd 0x135c7: cmp al, 0x7a 0x135c9: ja 0x135cd 0x135cb: sub al, 0x20 0x135cd: cmp ah, 0x61 0x135d0: jb 0x135da
2018-12-17T22:48:38.674852782Z	66	PC: 135a8 \| Move file pointer
2018-12-17T22:48:38.685395152Z	64	PC: 135a8 \| Write file or device (Write 4227 bytes on handle 5)
2018-12-17T22:48:38.693736529Z	66	PC: 135a8 \| Move file pointer
2018-12-17T22:48:38.694959863Z	64	PC: 135a8 \| Write file or device (Write 32 bytes on handle 5)
2018-12-17T22:48:38.69697734Z	87	PC: 135a8 \| Get or set file date and time
2018-12-17T22:48:38.698817486Z	87	PC: 135a8 \| Get or set file date and time
2018-12-17T22:48:38.700354519Z	66	PC: 135a8 \| Move file pointer
2018-12-17T22:48:38.70179746Z	66	PC: 135a8 \| Move file pointer
2018-12-17T22:48:38.704054721Z	63	PC: 135a8 \| Read file or device (Read 4227 bytes on handle 5)
2018-12-17T22:48:38.712587325Z	66	PC: 135a8 \| Move file pointer
2018-12-17T22:48:38.714547689Z	87	PC: 135a8 \| Get or set file date and time
2018-12-17T22:48:38.717243728Z	62	PC: 135a8 \| Close file
2018-12-17T22:48:38.729546772Z	67	PC: 135a8 \| Get or set file attributes
2018-12-17T22:48:38.743025083Z	75	PC: 12c56 \| Execute program
2018-12-17T22:48:38.760804351Z	48	PC: 15fa8 \| Get DOS version
2018-12-17T22:48:38.762571686Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:38.765328476Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:38.769346713Z	73	PC: 12c60 \| Release memory
2018-12-17T22:48:38.771110394Z	77	PC: 12c84 \| Get program return code
2018-12-17T22:48:38.772409815Z	76	PC: 12c88 \| Terminate with return code (Return code = '0')
2018-12-17T22:48:38.776366797Z	77	PC: 11fe0 \| Get program return code
2018-12-17T22:48:38.777772034Z	72	PC: 12174 \| Allocate memory
2018-12-17T22:48:38.779684455Z	72	PC: 1218d \| Allocate memory
2018-12-17T22:48:38.782100498Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:48:38.783319877Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:38.784678527Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:38.786639019Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:38.787771078Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.789297033Z	62	PC: 135a8 \| Close file
2018-12-17T22:48:38.791281549Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.792967234Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:38.7940973Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.79664676Z	62	PC: 135a8 \| Close file
2018-12-17T22:48:38.798569249Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.801491814Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:38.803233645Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.805742503Z	62	PC: 135a8 \| Close file
2018-12-17T22:48:38.807593403Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.81067098Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:38.811771776Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.813118743Z	62	PC: 135a8 \| Close file
2018-12-17T22:48:38.814467682Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.816587075Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:38.817830535Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.819626248Z	62	PC: 135a8 \| Close file
2018-12-17T22:48:38.822229061Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.824151466Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:38.82548091Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.827486552Z	62	PC: 135a8 \| Close file
2018-12-17T22:48:38.829395464Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.831491288Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:38.83410906Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.835767009Z	62	PC: 135a8 \| Close file
2018-12-17T22:48:38.837349042Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.839823114Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:38.841018467Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.842677854Z	62	PC: 135a8 \| Close file
2018-12-17T22:48:38.845500597Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.847221354Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:38.848357657Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.850833411Z	62	PC: 135a8 \| Close file
2018-12-17T22:48:38.852312844Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.854058248Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:38.855921518Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.857526677Z	62	PC: 135a8 \| Close file
2018-12-17T22:48:38.859101261Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.861415986Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:38.862671292Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.864103819Z	62	PC: 135a8 \| Close file
2018-12-17T22:48:38.866415417Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.868153951Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:38.869367872Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.871561804Z	62	PC: 135a8 \| Close file
2018-12-17T22:48:38.873162945Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.877256404Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:38.879285758Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.880814277Z	62	PC: 135a8 \| Close file
2018-12-17T22:48:38.882699324Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.885778356Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:38.886863996Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.888364335Z	62	PC: 135a8 \| Close file
2018-12-17T22:48:38.890415865Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.892902456Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:38.894134113Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.896618526Z	62	PC: 135a8 \| Close file
2018-12-17T22:48:38.898520243Z	68	PC: 135a8 \| I/O control for devices (Set for = 'mfyW�Wv W�Wj W� WcW�W�W W5W')
2018-12-17T22:48:38.902189978Z	99	PC: 9a5d7 \| Get DBCS lead byte table pointer
2018-12-17T22:48:38.905160915Z	56	PC: 94df9 \| Get or set country info
2018-12-17T22:48:38.907396571Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:38.908843321Z	68	PC: 135a8 \| I/O control for devices (Set for = ' %1 mm-dd-yy')
2018-12-17T22:48:38.911638364Z	68	PC: 135a8 \| I/O control for devices (Set for = ' %1 mm-dd-yy')
2018-12-17T22:48:38.913546937Z	64	PC: 135a8 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:48:38.917788652Z	68	PC: 135a8 \| I/O control for devices (Set for = ' %1 mm-dd-yy')
2018-12-17T22:48:38.920124963Z	25	PC: 94e62 \| Get default drive
2018-12-17T22:48:38.92194274Z	71	PC: 970dd \| Get current directory
2018-12-17T22:48:38.926023727Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:38.928173624Z	68	PC: 135a8 \| I/O control for devices (Set for = 'A:\ win TEMP=C:\WINDOWS\TEMP$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$MS DOS Version 6 (C)Copyright 1981-1994 Microsoft Corp Licensed Material - Property of Microsoft All rights reserved ')
2018-12-17T22:48:38.929703329Z	68	PC: 135a8 \| I/O control for devices (Set for = 'A:\ win TEMP=C:\WINDOWS\TEMP$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$MS DOS Version 6 (C)Copyright 1981-1994 Microsoft Corp Licensed Material - Property of Microsoft All rights reserved ')
2018-12-17T22:48:38.931062674Z	64	PC: 135a8 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:48:38.934351498Z	68	PC: 135a8 \| I/O control for devices (Set for = 'A:\ win TEMP=C:\WINDOWS\TEMP$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$MS DOS Version 6 (C)Copyright 1981-1994 Microsoft Corp Licensed Material - Property of Microsoft All rights reserved ')
2018-12-17T22:48:38.936446334Z	2	PC: 970b2 \| Character output (Char = '3e')
2018-12-17T22:48:38.938747504Z	93	PC: 94f20 \| File sharing functions
2018-12-17T22:48:38.941759429Z	93	PC: 94f27 \| File sharing functions
2018-12-17T22:48:38.943820688Z	10	PC: 94f39 \| Buffered keyboard input
2018-12-17T22:48:39.735806939Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:40.725992772Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:41.715220711Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:42.704462868Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:43.694217221Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:44.683381653Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:45.672630973Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:46.662578291Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:47.651099593Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:48.641282192Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:49.631514183Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:50.620945209Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:51.610493162Z	98	PC: 135a8 \| Get current PSP
2018-12-17T22:48:52.599951158Z	98	PC: 135a8 \| Get current PSP