Sample viewer

vx.netlux.org/Virus.DOS.Chameleon.1006

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:01:02.141809264Z	48	PC: 12a8f \| Get DOS version
2018-12-17T23:01:02.143322487Z	47	PC: 12a9b \| Get disk transfer address
2018-12-17T23:01:02.144465002Z	26	PC: 12aac \| Set disk transfer address
2018-12-17T23:01:02.145664127Z	78	PC: 12b2d \| Find first file
2018-12-17T23:01:02.152398311Z	67	PC: 12b6b \| Get or set file attributes
2018-12-17T23:01:02.158106876Z	67	PC: 12b7c \| Get or set file attributes
2018-12-17T23:01:02.190126457Z	61	PC: 12b87 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:01:02.197230084Z	87	PC: 12b93 \| Get or set file date and time
2018-12-17T23:01:02.198564697Z	63	PC: 12ba6 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:01:02.204402622Z	66	PC: 12bb8 \| Move file pointer
2018-12-17T23:01:02.205878144Z	44	PC: 12bd8 \| Get time 0x12bd8: xor dx, cx 0x12bda: mov word ptr [bp - 0x10], dx 0x12bdd: call 0x12cd6 0x12be0: mov ax, word ptr [bp - 0x10] 0x12be3: and ax, 0xff 0x12be6: add ax, 0x3c7 0x12be9: mov word ptr [bp - 0x18], ax 0x12bec: mov word ptr [si + 7], ax 0x12bef: nop 0x12bf0: pop cx 0x12bf1: add cx, 0x127 0x12bf5: mov word ptr [si + 1], cx 0x12bf8: nop 0x12bf9: call 0x12cd6 0x12bfc: mov ax, word ptr [bp - 0x10] 0x12bff: mov word ptr [bp - 0x16], ax 0x12c02: mov word ptr [si + 4], ax 0x12c05: nop 0x12c06: mov di, si 0x12c08: sub di, 0x2df
2018-12-17T23:01:02.217002298Z	64	PC: 12f50 \| Write file or device (Write 1006 bytes on handle 5)
2018-12-17T23:01:02.225759062Z	66	PC: 12c88 \| Move file pointer
2018-12-17T23:01:02.227212563Z	64	PC: 12c97 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:01:02.234302469Z	87	PC: 12ca8 \| Get or set file date and time
2018-12-17T23:01:02.235619197Z	62	PC: 12cac \| Close file
2018-12-17T23:01:02.24328087Z	67	PC: 12cba \| Get or set file attributes
2018-12-17T23:01:02.253642218Z	26	PC: 12cc5 \| Set disk transfer address
2018-12-17T23:01:02.254480095Z	0	PC: 12a47 \| Program terminate