Sample viewer

vx.netlux.org/Virus.DOS.RatSoft.821

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:02:43.980879603Z 44 PC: 152c8 | Get time 0x152c8: cmp ch, byte ptr [0x133]
0x152cc: je 0x15295
0x152ce: mov dx, 0x134
0x152d1: mov cx, 0x27
0x152d4: mov ah, 0x4e
0x152d6: int 0x21
0x152d8: jae 0x152f4
0x152da: jmp 0x1541f
0x152dd: mov bx, word ptr [0x14a]
0x152e1: mov ah, 0x3e
0x152e3: int 0x21
0x152e5: mov word ptr [0x14a], 0xffff
0x152eb: mov ah, 0x4f
0x152ed: int 0x21
0x152ef: jae 0x152f4
0x152f1: jmp 0x1541f
0x152f4: mov bx, 0
0x152f7: mov al, byte ptr cs:[bx + 0x9e]
0x152fc: mov byte ptr [bx + 0x13a], al
0x15300: cmp byte ptr cs:[bx + 0x9e], 0
2018-12-17T23:02:43.983468549Z 78 PC: 152d8 | Find first file
2018-12-17T23:02:43.989401063Z 87 PC: 1531a | Get or set file date and time
2018-12-17T23:02:43.991161477Z 67 PC: 15334 | Get or set file attributes
2018-12-17T23:02:44.007724824Z 61 PC: 15341 | Open file (Filename = '008, ��������, �.��⥡�-8, �/� 6. ���.(0212) 33-14-58.')
2018-12-17T23:02:44.012110299Z 63 PC: 15357 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:02:44.017537274Z 66 PC: 1536c | Move file pointer
2018-12-17T23:02:44.033407871Z 66 PC: 153a6 | Move file pointer
2018-12-17T23:02:44.034602049Z 63 PC: 153b8 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:02:44.036391888Z 66 PC: 153e4 | Move file pointer
2018-12-17T23:02:44.042128903Z 64 PC: 153f4 | Write file or device (Write 821 bytes on handle 5)
2018-12-17T23:02:44.048620466Z 66 PC: 15406 | Move file pointer
2018-12-17T23:02:44.049819983Z 64 PC: 15416 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:02:44.061908455Z 9 PC: 1541f | Display string (Could not find end pointer)
2018-12-17T23:02:44.077882722Z 62 PC: 1542e | Close file
2018-12-17T23:02:44.086440818Z 67 PC: 1543c | Get or set file attributes
2018-12-17T23:02:44.097304203Z 87 PC: 1544d | Get or set file date and time
2018-12-17T23:02:44.099016246Z 76 PC: 1514a | Terminate with return code (Return code = '148')