Sample viewer

vx.netlux.org/Virus.DOS.Salman.2000

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:13:04.287670043Z	37	PC: 144f5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:13:04.289986646Z	42	PC: 14504 \| Get date 0x14504: mov word ptr [0xbce], ax 0x14507: mov word ptr [0xbd0], cx 0x1450b: mov word ptr [0xbd2], dx 0x1450f: mov ah, 0x19 0x14511: int 0x21 0x14513: add al, 0x41 0x14515: mov byte ptr [0x7dd], al 0x14518: mov byte ptr [0x7fb], al 0x1451b: mov byte ptr [0xc6a], al 0x1451e: call 0x147ca 0x14521: mov ax, 0x5c3a 0x14524: mov word ptr [0xc6b], ax 0x14527: mov ah, 0x47 0x14529: mov dl, 0 0x1452b: mov si, 0xc6d 0x1452e: int 0x21 0x14530: call 0x1458d 0x14533: mov ah, 0x3b 0x14535: mov dx, 0xc6a 0x14538: int 0x21
2018-12-17T22:13:04.292432205Z	25	PC: 14513 \| Get default drive
2018-12-17T22:13:04.293623303Z	65	PC: 147d1 \| Delete file (Filename = 'A:\signture.dat')
2018-12-17T22:13:04.300147752Z	71	PC: 14530 \| Get current directory
2018-12-17T22:13:04.30327704Z	59	PC: 14598 \| Change current directory
2018-12-17T22:13:04.312693Z	26	PC: 1461b \| Set disk transfer address
2018-12-17T22:13:04.314099567Z	78	PC: 14625 \| Find first file
2018-12-17T22:13:04.323897967Z	86	PC: 14679 \| Rename file
2018-12-17T22:13:04.341544095Z	67	PC: 14697 \| Get or set file attributes
2018-12-17T22:13:04.351222686Z	61	PC: 1469c \| Open file (Filename = 'hklist.cps')
2018-12-17T22:13:04.357126947Z	63	PC: 146a8 \| Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:13:04.363394347Z	66	PC: 146b1 \| Move file pointer
2018-12-17T22:13:04.364889745Z	65	PC: 147c2 \| Delete file (Filename = 'chklist.cps')
2018-12-17T22:13:04.377732919Z	65	PC: 147c9 \| Delete file (Filename = 'chklist.ms')
2018-12-17T22:13:04.388774989Z	87	PC: 146f8 \| Get or set file date and time
2018-12-17T22:13:04.390439418Z	62	PC: 146fc \| Close file
2018-12-17T22:13:04.398161879Z	67	PC: 1470a \| Get or set file attributes
2018-12-17T22:13:04.411013577Z	86	PC: 14686 \| Rename file
2018-12-17T22:13:04.429148766Z	79	PC: 1468a \| Find next file
2018-12-17T22:13:04.432675742Z	26	PC: 145a2 \| Set disk transfer address
2018-12-17T22:13:04.433851858Z	78	PC: 145b3 \| Find first file
2018-12-17T22:13:04.444416275Z	59	PC: 1453a \| Change current directory
2018-12-17T22:13:04.454608901Z	9	PC: 14549 \| Display string (String= 'Kill Salman Rushdie and Taslima Nasrin !')
2018-12-17T22:13:04.456886683Z	8	PC: 1454d \| Console input without echo