Sample viewer

vx.netlux.org/Virus.DOS.PS-MPC.Bamestra.529

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:02:56.698563464Z 26 PC: 12a76 | Set disk transfer address
2018-12-17T23:02:56.700181468Z 53 PC: 12a7b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:56.701732346Z 37 PC: 12a8b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:56.703276282Z 78 PC: 12a98 | Find first file
2018-12-17T23:02:56.710066475Z 42 PC: 12abe | Get date 0x12abe: cmp al, 0xff
0x12ac0: jne 0x12ad5
0x12ac2: mov ah, 0x2c
0x12ac4: int 0x21
0x12ac6: cmp ch, 0xff
0x12ac9: jne 0x12ad5
0x12acb: cmp cl, 0xff
0x12ace: jne 0x12ad5
0x12ad0: cmp dh, 0xff
0x12ad3: jne 0x12ad5
0x12ad5: mov ax, 0x2524
0x12ad8: lds dx, ptr [bp + 0x33f]
0x12adc: int 0x21
0x12ade: push cs
0x12adf: pop ds
0x12ae0: mov ah, 0x1a
0x12ae2: mov dx, 0x80
0x12ae5: pop es
0x12ae6: pop ds
0x12ae7: int 0x21
2018-12-17T23:02:56.712109686Z 37 PC: 12ade | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:56.713159655Z 26 PC: 12ae9 | Set disk transfer address