Sample viewer

vx.netlux.org/Virus.DOS.Champaigne.511

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:12:05.798373136Z 42 PC: 12a57 | Get date 0x12a57: mov byte ptr ds:[bp + 0x2b9], dl
0x12a5c: mov byte ptr ds:[bp + 0x2b8], dh
0x12a61: mov byte ptr ds:[bp + 0x2b7], al
0x12a66: cmp al, 0
0x12a68: je 0x12a74
0x12a6a: mov di, 0x100
0x12a6d: lea si, word ptr [bp + 0x28d]
0x12a71: push di
0x12a72: movsw word ptr es:[di], word ptr [si]
0x12a73: movsw word ptr es:[di], word ptr [si]
0x12a74: lea dx, word ptr [bp + 0x2d9]
0x12a78: call 0x12b7d
0x12a7b: jmp 0x12b68
0x12a7e: cmp byte ptr ds:[bp + 0x2b9], 0x17
0x12a84: jne 0x12a91
0x12a86: call 0x12ab8
0x12a89: cmp byte ptr ds:[bp + 0x2b8], 6
0x12a8f: je 0x12aaf
0x12a91: mov dx, 0x80
0x12a94: call 0x12b7d
2018-12-17T23:12:05.801741163Z 26 PC: 12b81 | Set disk transfer address
2018-12-17T23:12:05.802983064Z 78 PC: 12b73 | Find first file
2018-12-17T23:12:05.808983309Z 61 PC: 12ad6 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:12:05.816982498Z 87 PC: 12adc | Get or set file date and time
2018-12-17T23:12:05.819497539Z 63 PC: 12ae9 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:12:05.82706914Z 66 PC: 12b87 | Move file pointer
2018-12-17T23:12:05.828506333Z 66 PC: 12b87 | Move file pointer
2018-12-17T23:12:05.830635992Z 64 PC: 12bc2 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:12:05.833281017Z 66 PC: 12b87 | Move file pointer