Sample viewer

vx.netlux.org/Virus.DOS.Witch.1400

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:25:16.634723108Z 44 PC: 1786f | Get time 0x1786f: or ch, ch
0x17871: jne 0x17883
0x17873: mov ax, 0xc08
0x17876: call 0x277cf
0x17879: lea dx, word ptr [si + 0xd]
0x1787c: mov ah, 9
0x1787e: int 0x21
0x17880: jmp 0x177ac
0x17883: mov ah, 0x2a
0x17885: int 0x21
0x17887: cmp dl, 1
0x1788a: jne 0x178aa
0x1788c: cmp dh, 4
0x1788f: jne 0x178aa
0x17891: mov ax, 0xb12
0x17894: call 0x277cf
0x17897: lea dx, word ptr [si + 0x4e]
0x1789a: mov ah, 9
0x1789c: int 0x21
0x1789e: mov dx, 0xd0c
2018-12-17T22:25:16.640102572Z 9 PC: 17880 | Display string (Could not find end pointer)
2018-12-17T22:25:16.644380312Z 37 PC: 177b4 | Set interrupt vector (Interrupt = '25' AKA 'Get default drive')