Sample viewer

vx.netlux.org/Virus.DOS.Gippo.1039.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:56:05.015359082Z 48 PC: 12adf | Get DOS version
2018-12-17T22:56:05.017212387Z 105 PC: 12af1 | Get or set media id
2018-12-17T22:56:05.028941263Z 53 PC: 12b0a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:56:05.030902601Z 53 PC: 12b20 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:56:05.032955431Z 42 PC: 12b63 | Get date 0x12b63: xor dh, byte ptr [0x41d]
0x12b67: mov ax, es
0x12b69: mov ds, ax
0x12b6b: je 0x12b75
0x12b6d: mov dx, 0x3ad
0x12b70: mov ax, 0x2508
0x12b73: int 0x21
0x12b75: mov dx, 0x14a
0x12b78: mov ax, 0x2521
0x12b7b: int 0x21
0x12b7d: cmp word ptr cs:[0x21], -1
0x12b83: jne 0x12baf
0x12b85: push cs
0x12b86: pop ds
0x12b87: mov dx, 0x113
0x12b8a: mov ah, 9
0x12b8c: int 0x21
0x12b8e: mov ax, 0x4c00
0x12b91: int 0x21
0x12b93: and byte ptr [bx + si], ah
2018-12-17T22:56:05.037048849Z 37 PC: 12b75 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:56:05.038319648Z 37 PC: 12b7d | Set interrupt vector (Interrupt = '33' AKA 'Random read')