Sample viewer

vx.netlux.org/Virus.DOS.Spooky.735

Time	Syscall Op	Syscall Name
2018-12-17T23:02:19.443678263Z	222	PC: 171ce \| UNKNOWN!
2018-12-17T23:02:19.446149662Z	44	PC: 1720f \| Get time 0x1720f: in al, 0x40 0x17211: and al, 0x17 0x17213: cmp ch, al 0x17215: jne 0x17232 0x17217: mov ax, 0x1bd 0x1721a: sub ax, 0x103 0x1721d: mov bx, es 0x1721f: cli 0x17220: xchg word ptr [0x84], ax 0x17224: xchg word ptr [0x86], bx 0x17228: mov word ptr es:[0xda], ax 0x1722c: mov word ptr es:[0xdc], bx 0x17231: sti 0x17232: mov ax, 0x1e1 0x17235: sub ax, 0x103 0x17238: mov bx, es 0x1723a: cli 0x1723b: xchg word ptr [0x84], ax 0x1723f: xchg word ptr [0x86], bx 0x17243: mov word ptr es:[0x234], ax
2018-12-17T23:02:19.449768932Z	9	PC: 12a65 \| Display string (String= 'd=g>j?m@pAsBvCyD\|EF�G�H�I�J�K�L�M�N�O�P�Q�R�S�T�U�V�W�X�Y�Z�[�\�]�^�_�`�a�b�c�d�e�f�g�h�i�j�k�l�m�n�o�prst u vwxyz{\|!}')
2018-12-17T23:02:19.455126194Z	48	PC: 12a69 \| Get DOS version
2018-12-17T23:02:19.4580109Z	76	PC: 12a71 \| Terminate with return code (Return code = '0')