Sample viewer

vx.netlux.org/Virus.DOS.Fisher.2420

Time	Syscall Op	Syscall Name
2018-12-17T23:08:05.746317909Z	204	PC: 136ab \| UNKNOWN!
2018-12-17T23:08:05.747789538Z	53	PC: 136bc \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:05.74994405Z	37	PC: 136f9 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:05.752187877Z	42	PC: 13700 \| Get date 0x13700: cmp al, 4 0x13702: ja 0x13719 0x13704: mov ax, 0x3517 0x13707: int 0x21 0x13709: mov word ptr [0xf], bx 0x1370d: mov word ptr [0x11], es 0x13711: mov dx, 0x69a 0x13714: mov ax, 0x2517 0x13717: int 0x21 0x13719: sti 0x1371a: mov si, bp 0x1371c: add si, 0x13 0x13720: cmp word ptr cs:[si], 0x5a4d 0x13725: je 0x1373e 0x13727: mov di, 0x100 0x1372a: push cs 0x1372b: push cs 0x1372c: pop es 0x1372d: pop ds 0x1372e: add bp, 0x168
2018-12-17T23:08:05.755236477Z	53	PC: 13709 \| Get interrupt vector (Interrupt = '23' AKA 'Rename file')
2018-12-17T23:08:05.757325779Z	37	PC: 13719 \| Set interrupt vector (Interrupt = '23' AKA 'Rename file')

Time	Syscall Op	Syscall Name
2018-12-25T12:45:23.44414577Z	204	PC: 136ab \| UNKNOWN!
2018-12-25T12:45:23.445666553Z	53	PC: 136bc \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:23.447230213Z	37	PC: 136f9 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:23.44844607Z	42	PC: 13700 \| Get date 0x13700: cmp al, 4 0x13702: ja 0x13719 0x13704: mov ax, 0x3517 0x13707: int 0x21 0x13709: mov word ptr [0xf], bx 0x1370d: mov word ptr [0x11], es 0x13711: mov dx, 0x69a 0x13714: mov ax, 0x2517 0x13717: int 0x21 0x13719: sti 0x1371a: mov si, bp 0x1371c: add si, 0x13 0x13720: cmp word ptr cs:[si], 0x5a4d 0x13725: je 0x1373e 0x13727: mov di, 0x100 0x1372a: push cs 0x1372b: push cs 0x1372c: pop es 0x1372d: pop ds 0x1372e: add bp, 0x168
2018-12-25T12:45:23.450804808Z	53	PC: 13709 \| Get interrupt vector (Interrupt = '23' AKA 'Rename file')
2018-12-25T12:45:23.452443987Z	37	PC: 13719 \| Set interrupt vector (Interrupt = '23' AKA 'Rename file')

Time	Syscall Op	Syscall Name
2018-12-25T12:45:23.635742164Z	204	PC: 136ab \| UNKNOWN!
2018-12-25T12:45:23.63769865Z	53	PC: 136bc \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:23.638981116Z	37	PC: 136f9 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:23.64062933Z	42	PC: 13700 \| Get date 0x13700: cmp al, 4 0x13702: ja 0x13719 0x13704: mov ax, 0x3517 0x13707: int 0x21 0x13709: mov word ptr [0xf], bx 0x1370d: mov word ptr [0x11], es 0x13711: mov dx, 0x69a 0x13714: mov ax, 0x2517 0x13717: int 0x21 0x13719: sti 0x1371a: mov si, bp 0x1371c: add si, 0x13 0x13720: cmp word ptr cs:[si], 0x5a4d 0x13725: je 0x1373e 0x13727: mov di, 0x100 0x1372a: push cs 0x1372b: push cs 0x1372c: pop es 0x1372d: pop ds 0x1372e: add bp, 0x168