Sample viewer

vx.netlux.org/Virus.DOS.SH.2062

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:52:32.085586357Z 255 PC: 133d5 | UNKNOWN!
2018-12-17T21:52:32.086544336Z 72 PC: 133e5 | Allocate memory
2018-12-17T21:52:32.088288076Z 74 PC: 13412 | Reallocate memory
2018-12-17T21:52:32.089550124Z 72 PC: 133e5 | Allocate memory
2018-12-17T21:52:32.091410862Z 74 PC: 13412 | Reallocate memory
2018-12-17T21:52:32.093342685Z 72 PC: 133e5 | Allocate memory
2018-12-17T21:52:32.095795701Z 72 PC: 1341d | Allocate memory
2018-12-17T21:52:32.098071936Z 74 PC: 1342e | Reallocate memory
2018-12-17T21:52:32.100668752Z 72 PC: 13435 | Allocate memory
2018-12-17T21:52:32.102999431Z 73 PC: 1343b | Release memory
2018-12-17T21:52:32.105228616Z 52 PC: 13469 | Get InDOS flag pointer
2018-12-17T21:52:32.107989845Z 42 PC: 13475 | Get date 0x13475: mov ax, cx
0x13477: mov cx, 4
0x1347a: mov bx, 0x92c
0x1347d: call 0x22e52
0x13480: jae 0x1348b
0x13482: mov byte ptr [bx], 1
0x13485: inc bx
0x13486: call 0x22e78
0x13489: loop 0x1347d
0x1348b: xor ax, ax
0x1348d: mov es, ax
0x1348f: mov ah, byte ptr es:[0x46c]
0x13494: and ah, 7
0x13497: inc ah
0x13499: mov byte ptr [0x91b], ah
0x1349d: pop bx
0x1349e: cli
0x1349f: mov ax, word ptr es:[0x84]
0x134a3: mov word ptr [0x912], ax
0x134a6: mov ax, word ptr es:[0x86]