Sample viewer

vx.netlux.org/Virus.DOS.PS-MPC.Bamestra.534

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:51:32.21153624Z 26 PC: 12a76 | Set disk transfer address
2018-12-17T22:51:32.217401424Z 53 PC: 12a7b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:32.218571632Z 37 PC: 12a8b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:32.219734857Z 78 PC: 12a98 | Find first file
2018-12-17T22:51:32.226701182Z 42 PC: 12abe | Get date 0x12abe: cmp al, 0xff
0x12ac0: jne 0x12ad5
0x12ac2: mov ah, 0x2c
0x12ac4: int 0x21
0x12ac6: cmp ch, 0xff
0x12ac9: jne 0x12ad5
0x12acb: cmp cl, 0xff
0x12ace: jne 0x12ad5
0x12ad0: cmp dh, 0xff
0x12ad3: jne 0x12ad5
0x12ad5: mov ax, 0x2524
0x12ad8: lds dx, ptr [bp + 0x344]
0x12adc: int 0x21
0x12ade: push cs
0x12adf: pop ds
0x12ae0: mov ah, 0x1a
0x12ae2: mov dx, 0x80
0x12ae5: pop es
0x12ae6: pop ds
0x12ae7: int 0x21
2018-12-17T22:51:32.229644106Z 37 PC: 12ade | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:32.230867414Z 26 PC: 12ae9 | Set disk transfer address