Sample viewer

vx.netlux.org/Virus.DOS.Riot.Conjurer.Tng.277

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:05:38.827208017Z	26	PC: 12aa6 \| Set disk transfer address
2018-12-17T23:05:38.830154508Z	78	PC: 12abd \| Find first file
2018-12-17T23:05:38.837092045Z	61	PC: 12af0 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:05:38.844768267Z	63	PC: 12afe \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:05:38.852883003Z	66	PC: 12b19 \| Move file pointer
2018-12-17T23:05:38.854616874Z	64	PC: 12b2a \| Write file or device (Write 277 bytes on handle 5)
2018-12-17T23:05:38.870135148Z	66	PC: 12b35 \| Move file pointer
2018-12-17T23:05:38.872087995Z	64	PC: 12b40 \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:05:38.880432925Z	62	PC: 12b48 \| Close file
2018-12-17T23:05:38.889349184Z	79	PC: 12abd \| Find next file
2018-12-17T23:05:38.892215398Z	61	PC: 12af0 \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:05:38.909892008Z	63	PC: 12afe \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:05:38.917045813Z	66	PC: 12b19 \| Move file pointer
2018-12-17T23:05:38.918528947Z	64	PC: 12b2a \| Write file or device (Write 277 bytes on handle 5)
2018-12-17T23:05:38.921906509Z	66	PC: 12b35 \| Move file pointer
2018-12-17T23:05:38.925154612Z	64	PC: 12b40 \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:05:38.929242669Z	62	PC: 12b48 \| Close file
2018-12-17T23:05:38.938809622Z	79	PC: 12abd \| Find next file
2018-12-17T23:05:38.941739975Z	61	PC: 12af0 \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:05:38.949331228Z	63	PC: 12afe \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:05:38.957245777Z	66	PC: 12b19 \| Move file pointer
2018-12-17T23:05:38.958981731Z	64	PC: 12b2a \| Write file or device (Write 277 bytes on handle 5)
2018-12-17T23:05:38.96237125Z	66	PC: 12b35 \| Move file pointer
2018-12-17T23:05:38.965564023Z	64	PC: 12b40 \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:05:38.9690956Z	62	PC: 12b48 \| Close file
2018-12-17T23:05:38.978984116Z	79	PC: 12abd \| Find next file
2018-12-17T23:05:38.982704726Z	61	PC: 12af0 \| Open file (Filename = 'PHANG.COM')
2018-12-17T23:05:38.99101488Z	63	PC: 12afe \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:05:38.99838019Z	66	PC: 12b19 \| Move file pointer
2018-12-17T23:05:39.000674818Z	64	PC: 12b2a \| Write file or device (Write 277 bytes on handle 5)
2018-12-17T23:05:39.004416562Z	66	PC: 12b35 \| Move file pointer
2018-12-17T23:05:39.006086837Z	64	PC: 12b40 \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:05:39.009165549Z	62	PC: 12b48 \| Close file
2018-12-17T23:05:39.022118975Z	79	PC: 12abd \| Find next file
2018-12-17T23:05:39.025018412Z	61	PC: 12af0 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:05:39.032746405Z	63	PC: 12afe \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:05:39.043338147Z	66	PC: 12b19 \| Move file pointer
2018-12-17T23:05:39.045040045Z	64	PC: 12b2a \| Write file or device (Write 277 bytes on handle 5)
2018-12-17T23:05:39.048147228Z	66	PC: 12b35 \| Move file pointer
2018-12-17T23:05:39.050769244Z	64	PC: 12b40 \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:05:39.054673523Z	62	PC: 12b48 \| Close file
2018-12-17T23:05:39.06411439Z	26	PC: 12acd \| Set disk transfer address
2018-12-17T23:05:39.065830241Z	44	PC: 12ad1 \| Get time 0x12ad1: cmp dl, 0xf 0x12ad4: jge 0x12ae2 0x12ad6: mov ah, 9 0x12ad8: lea dx, word ptr [bp + 0x21a] 0x12adc: int 0x21 0x12ade: mov ah, 7 0x12ae0: int 0x21 0x12ae2: mov di, 0x100 0x12ae5: push di 0x12ae6: ret 0x12ae7: mov ax, 0x3d02 0x12aea: lea dx, word ptr [bp + 0x27b] 0x12aee: int 0x21 0x12af0: jb 0x12b48 0x12af2: xchg ax, bx 0x12af3: mov ah, 0x3f 0x12af5: mov cx, 5 0x12af8: lea dx, word ptr [bp + 0x210] 0x12afc: int 0x21 0x12afe: cmp word ptr [bp + 0x210], 0x5a4d
2018-12-17T23:05:39.069130648Z	9	PC: 12a4e \| Display string (String= 'This is a dropper of: Conjurer: The Next Generation! ')