Sample viewer

vx.netlux.org/Virus.DOS.Istanbul.1349

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:51:49.076779902Z 67 PC: 151cf | Get or set file attributes
2018-12-17T21:51:49.0826939Z 67 PC: 151d9 | Get or set file attributes
2018-12-17T21:51:49.096737761Z 61 PC: 151e0 | Open file (Filename = '')
2018-12-17T21:51:49.103589545Z 66 PC: 151eb | Move file pointer
2018-12-17T21:51:49.105775059Z 42 PC: 1553b | Get date 0x1553b: call 0x15540
0x1553e: pop bx
0x1553f: ret
0x15540: cmp cx, 0x7d0
0x15544: jne 0x1554e
0x15546: cmp dh, 0xc
0x15549: jne 0x1554e
0x1554b: cmp dl, 0x15
0x1554e: ret
0x1554f: mov al, 3
0x15551: iret
0x15552: adc ax, 0xbd04
0x15555: adc al, 0x3d
0x15557: and al, 0x46
0x15559: jne 0x1555f
0x1555b: mov ax, 0x3434
0x1555e: iret
0x1555f: cmp ax, 0x4b00
0x15562: je 0x15566
0x15564: jmp 0x155d4
2018-12-17T21:51:49.107999507Z 62 PC: 15208 | Close file
2018-12-17T21:51:49.110138487Z 67 PC: 15210 | Get or set file attributes
2018-12-17T21:51:49.122456306Z 70 PC: 1521a | Redirect handle
2018-12-17T21:51:49.126264739Z 42 PC: 1553b | Get date 0x1553b: call 0x15540
0x1553e: pop bx
0x1553f: ret
0x15540: cmp cx, 0x7d0
0x15544: jne 0x1554e
0x15546: cmp dh, 0xc
0x15549: jne 0x1554e
0x1554b: cmp dl, 0x15
0x1554e: ret
0x1554f: mov al, 3
0x15551: iret
0x15552: adc ax, 0xbd04
0x15555: adc al, 0x3d
0x15557: and al, 0x46
0x15559: jne 0x1555f
0x1555b: mov ax, 0x3434
0x1555e: iret
0x1555f: cmp ax, 0x4b00
0x15562: je 0x15566
0x15564: jmp 0x155d4
2018-12-17T21:51:49.12894293Z 9 PC: 12aa4 | Display string (String= ' This file is infected with a virus! Pre infection file size = 10,000 ')
2018-12-17T21:51:49.138288752Z 76 PC: 12aa9 | Terminate with return code (Return code = '1')