Sample viewer

vx.netlux.org/Virus.DOS.Dolphin.546

Time	Syscall Op	Syscall Name
2018-12-17T23:08:30.961423416Z	26	PC: 12aa9 \| Set disk transfer address
2018-12-17T23:08:30.963313098Z	78	PC: 12ab4 \| Find first file
2018-12-17T23:08:30.971604222Z	44	PC: 12aba \| Get time 0x12aba: cmp cl, 0 0x12abd: jne 0x12acc 0x12abf: mov bx, 1 0x12ac2: mov cx, 0x22 0x12ac5: lea dx, word ptr [bp + 0x2f7] 0x12ac9: call 0x12c32 0x12acc: pop word ptr [bp + 0x324] 0x12ad0: pop word ptr [bp + 0x322] 0x12ad4: pop word ptr [bp + 0x320] 0x12ad8: pop word ptr [bp + 0x31e] 0x12adc: mov ah, 0x1a 0x12ade: mov dx, 0x80 0x12ae1: int 0x21 0x12ae3: pop ds 0x12ae4: pop es 0x12ae5: mov ax, es 0x12ae7: add ax, 0x10 0x12aea: add word ptr [bp + 0x1d3], ax 0x12aee: mov bx, word ptr [bp + 0x322] 0x12af2: mov word ptr [bp + 0x1d1], bx
2018-12-17T23:08:30.974229005Z	26	PC: 12ae3 \| Set disk transfer address

Time	Syscall Op	Syscall Name
2018-12-25T12:45:52.338795138Z	26	PC: 12aa9 \| Set disk transfer address
2018-12-25T12:45:52.340299658Z	78	PC: 12ab4 \| Find first file
2018-12-25T12:45:52.34620582Z	44	PC: 12aba \| Get time 0x12aba: cmp cl, 0 0x12abd: jne 0x12acc 0x12abf: mov bx, 1 0x12ac2: mov cx, 0x22 0x12ac5: lea dx, word ptr [bp + 0x2f7] 0x12ac9: call 0x12c32 0x12acc: pop word ptr [bp + 0x324] 0x12ad0: pop word ptr [bp + 0x322] 0x12ad4: pop word ptr [bp + 0x320] 0x12ad8: pop word ptr [bp + 0x31e] 0x12adc: mov ah, 0x1a 0x12ade: mov dx, 0x80 0x12ae1: int 0x21 0x12ae3: pop ds 0x12ae4: pop es 0x12ae5: mov ax, es 0x12ae7: add ax, 0x10 0x12aea: add word ptr [bp + 0x1d3], ax 0x12aee: mov bx, word ptr [bp + 0x322] 0x12af2: mov word ptr [bp + 0x1d1], bx
2018-12-25T12:45:52.348778702Z	64	PC: 12c36 \| Write file or device (Write 34 bytes on handle 1)
2018-12-25T12:45:52.352001602Z	26	PC: 12ae3 \| Set disk transfer address

Time	Syscall Op	Syscall Name
2018-12-25T12:45:54.094689837Z	26	PC: 12aa9 \| Set disk transfer address
2018-12-25T12:45:54.09602341Z	78	PC: 12ab4 \| Find first file
2018-12-25T12:45:54.101608956Z	44	PC: 12aba \| Get time 0x12aba: cmp cl, 0 0x12abd: jne 0x12acc 0x12abf: mov bx, 1 0x12ac2: mov cx, 0x22 0x12ac5: lea dx, word ptr [bp + 0x2f7] 0x12ac9: call 0x12c32 0x12acc: pop word ptr [bp + 0x324] 0x12ad0: pop word ptr [bp + 0x322] 0x12ad4: pop word ptr [bp + 0x320] 0x12ad8: pop word ptr [bp + 0x31e] 0x12adc: mov ah, 0x1a 0x12ade: mov dx, 0x80 0x12ae1: int 0x21 0x12ae3: pop ds 0x12ae4: pop es 0x12ae5: mov ax, es 0x12ae7: add ax, 0x10 0x12aea: add word ptr [bp + 0x1d3], ax 0x12aee: mov bx, word ptr [bp + 0x322] 0x12af2: mov word ptr [bp + 0x1d1], bx
2018-12-25T12:45:54.103462103Z	26	PC: 12ae3 \| Set disk transfer address