Sample viewer

vx.netlux.org/Virus.DOS.Gippo.1039

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:53:04.575010221Z 48 PC: 12c7f | Get DOS version
2018-12-17T21:53:04.584728742Z 105 PC: 12c91 | Get or set media id
2018-12-17T21:53:04.590218194Z 53 PC: 12caa | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:53:04.591703366Z 53 PC: 12cc0 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T21:53:04.59385294Z 42 PC: 12d05 | Get date 0x12d05: xor dh, byte ptr [0x41d]
0x12d09: je 0x12d18
0x12d0b: and dl, 1
0x12d0e: je 0x12d18
0x12d10: mov dx, 0x3ad
0x12d13: mov ax, 0x2508
0x12d16: int 0x21
0x12d18: mov dx, 0x155
0x12d1b: mov ax, 0x2521
0x12d1e: int 0x21
0x12d20: cmp word ptr cs:[0x21], -1
0x12d26: jne 0x12d5a
0x12d28: push cs
0x12d29: pop ds
0x12d2a: mov dx, 0x116
0x12d2d: mov ah, 9
0x12d2f: int 0x21
0x12d31: mov ax, 0x4c00
0x12d34: int 0x21
0x12d36: and byte ptr [bx + di], ah
2018-12-17T21:53:04.596550264Z 37 PC: 12d18 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T21:53:04.597699839Z 37 PC: 12d20 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:53:04.599284572Z 76 PC: 12aa4 | Terminate with return code (Return code = '0')