Sample viewer

vx.netlux.org/Virus.DOS.Ahav.337

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:03:11.602268034Z	53	PC: 12f1f \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:11.604134724Z	37	PC: 12f30 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:11.606828508Z	26	PC: 12e45 \| Set disk transfer address
2018-12-17T23:03:11.609118443Z	78	PC: 12e4e \| Find first file
2018-12-17T23:03:11.617233118Z	61	PC: 12e59 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:03:11.625730543Z	63	PC: 12e65 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:03:11.632967046Z	44	PC: 12eb4 \| Get time 0x12eb4: mov word ptr [bp + 0x24b], dx 0x12eb8: call 0x22ea7 0x12ebb: lea si, word ptr [bp + 0x266] 0x12ebf: mov cx, 9 0x12ec2: lea di, word ptr [bp + 0x23e] 0x12ec6: rep movsb byte ptr es:[di], byte ptr [si] 0x12ec8: mov ax, 0x4202 0x12ecb: xor dx, dx 0x12ecd: xor cx, cx 0x12ecf: int 0x21 0x12ed1: sub ax, 3 0x12ed4: mov word ptr [bp + 0x23b], ax 0x12ed8: mov ah, 0x40 0x12eda: mov cx, 0x151 0x12edd: lea dx, word ptr [bp + 0x100] 0x12ee1: int 0x21 0x12ee3: mov ax, 0x4200 0x12ee6: xor cx, cx 0x12ee8: xor dx, dx 0x12eea: int 0x21
2018-12-17T23:03:11.635868816Z	66	PC: 12ed1 \| Move file pointer
2018-12-17T23:03:11.639087818Z	64	PC: 12ee3 \| Write file or device (Write 337 bytes on handle 5)
2018-12-17T23:03:11.865084574Z	66	PC: 12eec \| Move file pointer
2018-12-17T23:03:11.867055271Z	64	PC: 12ef7 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:03:11.890003747Z	87	PC: 12f05 \| Get or set file date and time
2018-12-17T23:03:11.892334814Z	62	PC: 12f09 \| Close file
2018-12-17T23:03:11.901323642Z	67	PC: 12f19 \| Get or set file attributes
2018-12-17T23:03:11.922878574Z	26	PC: 12e97 \| Set disk transfer address
2018-12-17T23:03:11.928701705Z	37	PC: 12f44 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')