Sample viewer

vx.netlux.org/Virus.DOS.NightKing.1568

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:21:46.901910255Z	44	PC: 12f9e \| Get time 0x12f9e: mov cx, 0x200 0x12fa1: mov al, byte ptr [si] 0x12fa3: loop 0x12fa1 0x12fa5: pop bp 0x12fa6: sub bp, 0x62c 0x12faa: xor dx, cx 0x12fac: jne 0x12fbf 0x12fae: lea di, word ptr [bp + 0x651] 0x12fb2: push ds 0x12fb3: push cs 0x12fb4: pop es 0x12fb5: xor ax, ax 0x12fb7: mov cx, 0xcf 0x12fba: cld 0x12fbb: repne stosd dword ptr es:[di], eax 0x12fbd: push cx 0x12fbe: retf 0x12fbf: mov ah, 0xde 0x12fc1: int 0x21 0x12fc3: cmp cx, -2
2018-12-17T22:21:46.905073946Z	222	PC: 12fc3 \| UNKNOWN!
2018-12-17T22:21:46.906534099Z	53	PC: 12fd0 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:21:46.916552692Z	72	PC: 12fe3 \| Allocate memory
2018-12-17T22:21:46.926171445Z	74	PC: 12ff6 \| Reallocate memory
2018-12-17T22:21:46.928195377Z	72	PC: 12fe3 \| Allocate memory
2018-12-17T22:21:46.934757971Z	42	PC: 12f7d \| Get date 0x12f7d: mov word ptr es:[bx + 0x1b3], cx 0x12f82: mov word ptr es:[bx + 0x1b1], dx 0x12f87: mov ax, 0x301 0x12f8a: mov dx, 0x80 0x12f8d: mov cx, 1 0x12f90: int 0x13 0x12f92: ret 0x12f93: jmp 0xdd6d 0x12f96: push es 0x12f97: call 0x12f9a 0x12f9a: mov ah, 0x2c 0x12f9c: int 0x21 0x12f9e: mov cx, 0x200 0x12fa1: mov al, byte ptr [si] 0x12fa3: loop 0x12fa1 0x12fa5: pop bp 0x12fa6: sub bp, 0x62c 0x12faa: xor dx, cx 0x12fac: jne 0x12fbf 0x12fae: lea di, word ptr [bp + 0x651]
2018-12-17T22:21:47.273479338Z	37	PC: 13021 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:21:47.275687874Z	37	PC: 13028 \| Set interrupt vector (Interrupt = '24' AKA 'Reserved')