Sample viewer

vx.netlux.org/Virus.DOS.Chameleon.974

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:05:32.968885806Z 47 PC: 12bd6 | Get disk transfer address
2018-12-17T23:05:32.971590701Z 26 PC: 12be7 | Set disk transfer address
2018-12-17T23:05:32.973314863Z 78 PC: 12c65 | Find first file
2018-12-17T23:05:32.979903873Z 67 PC: 12ca2 | Get or set file attributes
2018-12-17T23:05:32.986918964Z 67 PC: 12cb3 | Get or set file attributes
2018-12-17T23:05:33.007390338Z 61 PC: 12cbe | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:05:33.019532089Z 87 PC: 12cca | Get or set file date and time
2018-12-17T23:05:33.021608163Z 63 PC: 12cdd | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:05:33.030362825Z 66 PC: 12ced | Move file pointer
2018-12-17T23:05:33.032195892Z 44 PC: 12d0d | Get time 0x12d0d: xor dx, cx
0x12d0f: mov word ptr [bp - 0x10], dx
0x12d12: call 0x12e00
0x12d15: mov ax, word ptr [bp - 0x10]
0x12d18: and ax, 0xff
0x12d1b: add ax, 0x3a7
0x12d1e: mov word ptr [bp - 0x18], ax
0x12d21: mov word ptr [si + 7], ax
0x12d24: pop cx
0x12d25: add cx, 0x127
0x12d29: mov word ptr [si + 1], cx
0x12d2c: call 0x12e00
0x12d2f: mov ax, word ptr [bp - 0x10]
0x12d32: mov word ptr [bp - 0x16], ax
0x12d35: mov word ptr [si + 4], ax
0x12d38: mov di, si
0x12d3a: sub di, 0x2bf
0x12d3e: mov bx, si
0x12d40: add bx, 0x27
0x12d43: mov word ptr [bp - 0x1a], 7
2018-12-17T23:05:33.03563021Z 64 PC: 13076 | Write file or device (Write 974 bytes on handle 5)
2018-12-17T23:05:33.045866267Z 66 PC: 12db2 | Move file pointer
2018-12-17T23:05:33.048583437Z 64 PC: 12dc1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:05:33.055411014Z 87 PC: 12dd2 | Get or set file date and time
2018-12-17T23:05:33.057327869Z 62 PC: 12dd6 | Close file
2018-12-17T23:05:33.0706505Z 67 PC: 12de4 | Get or set file attributes
2018-12-17T23:05:33.082438125Z 26 PC: 12def | Set disk transfer address
2018-12-17T23:05:33.088594422Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T23:05:33.093930766Z 76 PC: 12a86 | Terminate with return code (Return code = '36')