Sample viewer

vx.netlux.org/Virus.DOS.Sayha.4000

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:06:28.702740304Z 43 PC: 14ccf | Set date
2018-12-17T22:06:28.705730852Z 80 PC: 1713e | Set current PSP
2018-12-17T22:06:28.707403349Z 37 PC: 1382e | Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T22:06:28.709977014Z 47 PC: 13567 | Get disk transfer address
2018-12-17T22:06:28.712353035Z 42 PC: 13567 | Get date 0x13567: ret
0x13568: mov sp, 0x10ec
0x1356b: xor si, si
0x1356d: mov ds, si
0x1356f: pop word ptr [0x92]
0x13573: pop word ptr [0x90]
0x13577: pop word ptr [si + 0x4e]
0x1357a: pop word ptr [si + 0x4c]
0x1357d: pop ds
0x1357e: pop dx
0x1357f: mov ah, 0x1a
0x13581: call 0x23561
0x13584: pushf
0x13585: mov si, 0x1672
0x13588: mov di, 0x272
0x1358b: mov cx, 0x7e1
0x1358e: push cs
0x1358f: push cs
0x13590: pop ds
0x13591: pop es
2018-12-17T22:06:28.715627606Z 26 PC: 13567 | Set disk transfer address
2018-12-17T22:06:28.718689939Z 47 PC: 13567 | Get disk transfer address
2018-12-17T22:06:28.720463309Z 26 PC: 13567 | Set disk transfer address
2018-12-17T22:06:28.726443991Z 78 PC: 13567 | Find first file
2018-12-17T22:06:28.735951102Z 26 PC: 13567 | Set disk transfer address
2018-12-17T22:06:28.738435523Z 9 PC: 15095 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T22:06:28.744818908Z 0 PC: 15099 | Program terminate