Sample viewer

vx.netlux.org/Virus.DOS.Hiroshima.826

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:09:13.619520314Z 42 PC: 13e83 | Get date 0x13e83: mov byte ptr [0x30d], dh
0x13e87: mov byte ptr [0x30c], dl
0x13e8b: mov word ptr [0x30e], cx
0x13e8f: mov ah, 0x2c
0x13e91: int 0x21
0x13e93: mov byte ptr [0x30a], ch
0x13e97: mov byte ptr [0x30b], cl
0x13e9b: cmp byte ptr [0x30d], 8
0x13ea0: jl 0x13ed5
0x13ea2: nop
0x13ea3: nop
0x13ea4: nop
0x13ea5: jne 0x13ed2
0x13ea7: nop
0x13ea8: nop
0x13ea9: nop
0x13eaa: cmp byte ptr [0x30c], 6
0x13eaf: jl 0x13ed5
0x13eb1: nop
0x13eb2: nop
2018-12-17T23:09:13.622410566Z 44 PC: 13e93 | Get time 0x13e93: mov byte ptr [0x30a], ch
0x13e97: mov byte ptr [0x30b], cl
0x13e9b: cmp byte ptr [0x30d], 8
0x13ea0: jl 0x13ed5
0x13ea2: nop
0x13ea3: nop
0x13ea4: nop
0x13ea5: jne 0x13ed2
0x13ea7: nop
0x13ea8: nop
0x13ea9: nop
0x13eaa: cmp byte ptr [0x30c], 6
0x13eaf: jl 0x13ed5
0x13eb1: nop
0x13eb2: nop
0x13eb3: nop
0x13eb4: jne 0x13ed2
0x13eb6: nop
0x13eb7: nop
0x13eb8: nop
2018-12-17T23:09:13.626694127Z 37 PC: 140c7 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:09:13.700966048Z 61 PC: 13ee1 | Open file
2018-12-17T23:09:13.708217907Z 87 PC: 13ef7 | Get or set file date and time
2018-12-17T23:09:13.710827631Z 63 PC: 13f0d | Read file or device (Read 10 bytes on handle 5)
2018-12-17T23:09:13.714115631Z 66 PC: 13f30 | Move file pointer
2018-12-17T23:09:13.716083069Z 66 PC: 13f7a | Move file pointer
2018-12-17T23:09:13.719079861Z 64 PC: 13f8d | Write file or device (Write 10 bytes on handle 5)
2018-12-17T23:09:13.722556656Z 66 PC: 13f9f | Move file pointer
2018-12-17T23:09:13.724452159Z 64 PC: 13fb3 | Write file or device (Write 11 bytes on handle 5)
2018-12-17T23:09:13.728870373Z 64 PC: 13fc1 | Write file or device (Write 826 bytes on handle 5)
2018-12-17T23:09:14.089458281Z 87 PC: 13ff7 | Get or set file date and time
2018-12-17T23:09:14.091606739Z 62 PC: 13fff | Close file
2018-12-17T23:09:14.101426093Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T23:09:14.108142136Z 0 PC: 12a89 | Program terminate