Sample viewer

vx.netlux.org/Virus.DOS.Izhevsk.2329

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:55:38.861986327Z 42 PC: 12c0d | Get date 0x12c0d: mov dl, 0
0x12c0f: cmp cx, word ptr [8]
0x12c13: jne 0x12c1d
0x12c15: cmp dx, word ptr [0xa]
0x12c19: jne 0x12c1d
0x12c1b: jmp 0x12c23
0x12c1d: mov byte ptr cs:[0x21b], 1
0x12c23: mov ax, cs
0x12c25: mov ds, ax
0x12c27: pop ax
0x12c28: mov word ptr cs:[0x21c], ax
0x12c2c: mov ax, 0x3521
0x12c2f: int 0x21
0x12c31: cmp bx, 0x279
0x12c35: je 0x12c96
0x12c37: mov ax, word ptr cs:[0x21c]
0x12c3b: dec ax
0x12c3c: mov es, ax
0x12c3e: mov bx, word ptr es:[3]
0x12c43: sub bx, 0x93
2018-12-17T22:55:38.865253131Z 53 PC: 12c31 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:55:38.866836318Z 74 PC: 12c4e | Reallocate memory
2018-12-17T22:55:38.86842177Z 72 PC: 12c5a | Allocate memory
2018-12-17T22:55:38.87050049Z 53 PC: 9f78b | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:55:38.872724783Z 37 PC: 9f79b | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:55:38.874045156Z 53 PC: 9f529 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:55:38.875290037Z 37 PC: 9f54a | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:55:38.877307351Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=00000064h/0000000100d bytes. ')
2018-12-17T22:55:38.886354015Z 76 PC: 12a86 | Terminate with return code (Return code = '36')