Sample viewer

vx.netlux.org/Virus.DOS.Colund.7792

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:48:59.853694089Z 53 PC: 1370a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:59.855563171Z 53 PC: 1370a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:48:59.858440156Z 53 PC: 1370a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:48:59.860132747Z 53 PC: 1370a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:59.861822782Z 53 PC: 1370a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:59.864550246Z 53 PC: 1370a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:59.866878972Z 53 PC: 1370a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:48:59.86855952Z 53 PC: 1370a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:48:59.872294206Z 53 PC: 1370a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:48:59.873851222Z 53 PC: 1370a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:48:59.875538732Z 53 PC: 1370a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:48:59.877552055Z 53 PC: 1370a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:48:59.879790551Z 53 PC: 1370a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:48:59.881403762Z 53 PC: 1370a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:48:59.883049063Z 53 PC: 1370a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:48:59.894310172Z 53 PC: 1370a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:48:59.896115815Z 53 PC: 1370a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:48:59.897804427Z 53 PC: 1370a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:48:59.900600751Z 53 PC: 1370a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:48:59.902409269Z 37 PC: 1371f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:59.904092652Z 37 PC: 13727 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:59.906093521Z 37 PC: 1372f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:59.921242975Z 37 PC: 13737 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:48:59.923625933Z 68 PC: 143dc | I/O control for devices (Set for = '�/ZY �ut����:�t�ٿS���A�:���I�� ')
2018-12-17T22:48:59.925892762Z 48 PC: 13ff2 | Get DOS version
2018-12-17T22:48:59.932873889Z 61 PC: 13e30 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:48:59.942598029Z 63 PC: 13f03 | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:48:59.950041404Z 66 PC: 13f62 | Move file pointer
2018-12-17T22:48:59.953510963Z 63 PC: 13f03 | Read file or device (Read 840 bytes on handle 5)
2018-12-17T22:48:59.961893373Z 66 PC: 13f62 | Move file pointer
2018-12-17T22:48:59.964249389Z 63 PC: 13f03 | Read file or device (Read 7120 bytes on handle 5)
2018-12-17T22:48:59.973889282Z 62 PC: 13e80 | Close file
2018-12-17T22:48:59.976689553Z 26 PC: 135b5 | Set disk transfer address
2018-12-17T22:48:59.978074615Z 78 PC: 135c1 | Find first file
2018-12-17T22:48:59.990029217Z 61 PC: 13e30 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:49:00.001455886Z 63 PC: 13f03 | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:49:00.009055966Z 66 PC: 13f62 | Move file pointer
2018-12-17T22:49:00.024401829Z 63 PC: 13f03 | Read file or device (Read 868 bytes on handle 5)
2018-12-17T22:49:00.043396748Z 66 PC: 13f62 | Move file pointer
2018-12-17T22:49:00.045778393Z 60 PC: 13e30 | Create or truncate file
2018-12-17T22:49:00.066818855Z 63 PC: 13f03 | Read file or device (Read 5000 bytes on handle 5)
2018-12-17T22:49:00.087008278Z 64 PC: 13f03 | Write file or device (Write 5000 bytes on handle 6)
2018-12-17T22:49:00.102818705Z 63 PC: 13f03 | Read file or device (Read 5000 bytes on handle 5)
2018-12-17T22:49:00.143374424Z 64 PC: 13f03 | Write file or device (Write 3000 bytes on handle 6)
2018-12-17T22:49:00.155818535Z 63 PC: 13f03 | Read file or device (Read 5000 bytes on handle 5)
2018-12-17T22:49:00.159161957Z 66 PC: 13f62 | Move file pointer
2018-12-17T22:49:00.161238689Z 64 PC: 13f03 | Write file or device (Write 840 bytes on handle 6)
2018-12-17T22:49:00.171400521Z 66 PC: 1457d | Move file pointer
2018-12-17T22:49:00.173270855Z 66 PC: 1458b | Move file pointer
2018-12-17T22:49:00.175243963Z 66 PC: 14599 | Move file pointer
2018-12-17T22:49:00.178129374Z 66 PC: 13f62 | Move file pointer
2018-12-17T22:49:00.180537088Z 66 PC: 1457d | Move file pointer
2018-12-17T22:49:00.18255533Z 66 PC: 1458b | Move file pointer
2018-12-17T22:49:00.185343739Z 66 PC: 14599 | Move file pointer
2018-12-17T22:49:00.187610909Z 66 PC: 1457d | Move file pointer
2018-12-17T22:49:00.189648958Z 66 PC: 1458b | Move file pointer
2018-12-17T22:49:00.191674865Z 66 PC: 14599 | Move file pointer
2018-12-17T22:49:00.194966189Z 64 PC: 13f03 | Write file or device (Write 12 bytes on handle 6)
2018-12-17T22:49:00.198975051Z 64 PC: 13f03 | Write file or device (Write 868 bytes on handle 6)
2018-12-17T22:49:00.208825979Z 66 PC: 1457d | Move file pointer
2018-12-17T22:49:00.212000755Z 66 PC: 1458b | Move file pointer
2018-12-17T22:49:00.214064683Z 66 PC: 14599 | Move file pointer
2018-12-17T22:49:00.216279253Z 64 PC: 13f03 | Write file or device (Write 7120 bytes on handle 6)
2018-12-17T22:49:00.227494876Z 66 PC: 1457d | Move file pointer
2018-12-17T22:49:00.229379947Z 66 PC: 1458b | Move file pointer
2018-12-17T22:49:00.231224403Z 66 PC: 14599 | Move file pointer
2018-12-17T22:49:00.234026098Z 66 PC: 1457d | Move file pointer
2018-12-17T22:49:00.236229337Z 66 PC: 1458b | Move file pointer
2018-12-17T22:49:00.23808829Z 66 PC: 14599 | Move file pointer
2018-12-17T22:49:00.240822627Z 66 PC: 13f62 | Move file pointer
2018-12-17T22:49:00.243106018Z 64 PC: 13f03 | Write file or device (Write 28 bytes on handle 6)
2018-12-17T22:49:00.250634553Z 62 PC: 13e80 | Close file
2018-12-17T22:49:00.260075291Z 65 PC: 13f79 | Delete file (Filename = 'TEST.EXE')
2018-12-17T22:49:00.274266835Z 86 PC: 13fbd | Rename file
2018-12-17T22:49:00.286683003Z 62 PC: 13e80 | Close file
2018-12-17T22:49:00.288983556Z 26 PC: 135d9 | Set disk transfer address
2018-12-17T22:49:00.291637883Z 79 PC: 135de | Find next file
2018-12-17T22:49:00.295238037Z 61 PC: 13e30 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:49:00.30336673Z 63 PC: 13f03 | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:49:00.307447498Z 62 PC: 13e80 | Close file
2018-12-17T22:49:00.310176284Z 26 PC: 135d9 | Set disk transfer address
2018-12-17T22:49:00.311745793Z 79 PC: 135de | Find next file
2018-12-17T22:49:00.315780334Z 26 PC: 135b5 | Set disk transfer address
2018-12-17T22:49:00.317427859Z 78 PC: 135c1 | Find first file
2018-12-17T22:49:00.324968498Z 61 PC: 13e30 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:49:00.33301165Z 63 PC: 13f03 | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:49:00.341640983Z 66 PC: 13f62 | Move file pointer
2018-12-17T22:49:00.34356093Z 63 PC: 13f03 | Read file or device (Read 868 bytes on handle 5)
2018-12-17T22:49:00.346843217Z 64 PC: 13d8b | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:49:00.350138899Z 37 PC: 13861 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:49:00.351777809Z 37 PC: 13861 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:49:00.353459318Z 37 PC: 13861 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:49:00.355721739Z 37 PC: 13861 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:00.357785206Z 37 PC: 13861 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:49:00.359539873Z 37 PC: 13861 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:00.362032587Z 37 PC: 13861 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:49:00.364015903Z 37 PC: 13861 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:49:00.365700889Z 37 PC: 13861 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:49:00.368414176Z 37 PC: 13861 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:49:00.370085476Z 37 PC: 13861 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:49:00.371745275Z 37 PC: 13861 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:49:00.373121742Z 37 PC: 13861 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:49:00.376544492Z 37 PC: 13861 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:49:00.378223096Z 37 PC: 13861 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:49:00.3798856Z 37 PC: 13861 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:49:00.382996585Z 37 PC: 13861 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:49:00.384426792Z 37 PC: 13861 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:49:00.386196217Z 37 PC: 13861 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:49:00.389034781Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.391475576Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.393886987Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.397105394Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.400665182Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.403306385Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.406292565Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.409665764Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.412200115Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.414778129Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.41862653Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.42126654Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.423811151Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.427433076Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.430533241Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.43306619Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.436756033Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.43951177Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.442076239Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.445507165Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.44876152Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.45136998Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.45422242Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.457723839Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.460255716Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.463828358Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.467605084Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.470201994Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.47282364Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.476521958Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.487107317Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.489632962Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.493249067Z 6 PC: 138e8 | Direct console I/O
2018-12-17T22:49:00.497378014Z 76 PC: 138a0 | Terminate with return code (Return code = '100')