Sample viewer

vx.netlux.org/Virus.DOS.Zoid.1759

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:31:51.191629849Z 48 PC: 212a5 | Get DOS version
2018-12-17T22:31:51.194376026Z 255 PC: 212b1 | UNKNOWN!
2018-12-17T22:31:51.196079468Z 42 PC: 2130a | Get date 0x2130a: cmp dl, byte ptr [0x640]
0x2130e: jne 0x21336
0x21310: cmp dh, byte ptr [0x641]
0x21314: jne 0x21336
0x21316: push ds
0x21317: mov ax, 0xb800
0x2131a: mov ds, ax
0x2131c: mov bp, 0
0x2131f: mov cx, 0x400
0x21322: xor ah, ah
0x21324: add ah, byte ptr ds:[bp]
0x21328: inc bp
0x21329: loop 0x21324
0x2132b: pop ds
0x2132c: and ah, 3
0x2132f: jne 0x21336
0x21331: mov byte ptr [0x63e], 0xff
0x21336: mov ax, es
0x21338: dec ax
0x21339: mov es, ax
2018-12-17T22:31:51.199203033Z 37 PC: 21368 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:31:51.200608442Z 53 PC: 2136d | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:31:51.202554323Z 37 PC: 21398 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:31:51.203937754Z 53 PC: 213cf | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:31:51.205952503Z 172 PC: 213e6 | UNKNOWN!
2018-12-17T22:31:51.211706561Z 37 PC: 2142d | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:31:51.212971598Z 37 PC: 21435 | Set interrupt vector (Interrupt = '1' AKA 'Character input')