Sample viewer

vx.netlux.org/Virus.DOS.Gdynia.680

Time	Syscall Op	Syscall Name
2018-12-17T21:55:44.397055255Z	14	PC: 12ef8 \| Set default drive (Drive = 'C')
2018-12-17T21:55:44.410865013Z	78	PC: 12f0f \| Find first file
2018-12-17T21:55:44.416392345Z	47	PC: 12f19 \| Get disk transfer address
2018-12-17T21:55:44.417537843Z	79	PC: 12f4c \| Find next file
2018-12-17T21:55:44.420546903Z	42	PC: 12f58 \| Get date 0x12f58: cmp dh, 2 0x12f5b: jb 0x12f7f 0x12f5d: nop 0x12f5e: nop 0x12f5f: nop 0x12f60: mov bx, word ptr cs:[0x101] 0x12f65: add bx, 0x155 0x12f69: mov dx, bx 0x12f6b: mov cx, 0x5c 0x12f6e: mov al, byte ptr cs:[bx] 0x12f71: xor al, cl 0x12f73: sub al, cl 0x12f75: mov byte ptr cs:[bx], al 0x12f78: inc bx 0x12f79: loop 0x12f6e 0x12f7b: mov ah, 9 0x12f7d: int 0x21 0x12f7f: popaw 0x12f80: ret 0x12f81: pushaw
2018-12-17T21:55:44.422677111Z	9	PC: 12f7f \| Display string (String= ' Windows 95 may be dangerous. OS/2 is the best operating system! I`ll prove it soon... ')
2018-12-17T21:55:44.432090825Z	48	PC: 12a45 \| Get DOS version
2018-12-17T21:55:44.434080708Z	25	PC: 12a55 \| Get default drive
2018-12-17T21:55:44.435164792Z	9	PC: 12c57 \| Display string (String= 'No filename specified ')
2018-12-17T21:55:44.439429373Z	14	PC: 12c60 \| Set default drive (Drive = 'C')
2018-12-17T21:55:44.441557215Z	76	PC: 12c64 \| Terminate with return code (Return code = '5')

Time	Syscall Op	Syscall Name
2018-12-25T11:41:22.886264241Z	14	PC: 12ef8 \| Set default drive (Drive = 'C')
2018-12-25T11:41:22.888006879Z	78	PC: 12f0f \| Find first file
2018-12-25T11:41:22.89321048Z	47	PC: 12f19 \| Get disk transfer address
2018-12-25T11:41:22.894165396Z	79	PC: 12f4c \| Find next file
2018-12-25T11:41:22.897268785Z	42	PC: 12f58 \| Get date 0x12f58: cmp dh, 2 0x12f5b: jb 0x12f7f 0x12f5d: nop 0x12f5e: nop 0x12f5f: nop 0x12f60: mov bx, word ptr cs:[0x101] 0x12f65: add bx, 0x155 0x12f69: mov dx, bx 0x12f6b: mov cx, 0x5c 0x12f6e: mov al, byte ptr cs:[bx] 0x12f71: xor al, cl 0x12f73: sub al, cl 0x12f75: mov byte ptr cs:[bx], al 0x12f78: inc bx 0x12f79: loop 0x12f6e 0x12f7b: mov ah, 9 0x12f7d: int 0x21 0x12f7f: popaw 0x12f80: ret 0x12f81: pushaw
2018-12-25T11:41:22.899346469Z	48	PC: 12a45 \| Get DOS version
2018-12-25T11:41:22.900344586Z	25	PC: 12a55 \| Get default drive
2018-12-25T11:41:22.901455462Z	9	PC: 12c57 \| Display string (String= 'No filename specified ')
2018-12-25T11:41:22.905277488Z	14	PC: 12c60 \| Set default drive (Drive = 'C')
2018-12-25T11:41:22.906185884Z	76	PC: 12c64 \| Terminate with return code (Return code = '5')

Time	Syscall Op	Syscall Name
2018-12-25T11:41:22.952693329Z	14	PC: 12ef8 \| Set default drive (Drive = 'C')
2018-12-25T11:41:22.955638348Z	78	PC: 12f0f \| Find first file
2018-12-25T11:41:22.962052729Z	47	PC: 12f19 \| Get disk transfer address
2018-12-25T11:41:22.963679427Z	79	PC: 12f4c \| Find next file
2018-12-25T11:41:22.966392979Z	42	PC: 12f58 \| Get date 0x12f58: cmp dh, 2 0x12f5b: jb 0x12f7f 0x12f5d: nop 0x12f5e: nop 0x12f5f: nop 0x12f60: mov bx, word ptr cs:[0x101] 0x12f65: add bx, 0x155 0x12f69: mov dx, bx 0x12f6b: mov cx, 0x5c 0x12f6e: mov al, byte ptr cs:[bx] 0x12f71: xor al, cl 0x12f73: sub al, cl 0x12f75: mov byte ptr cs:[bx], al 0x12f78: inc bx 0x12f79: loop 0x12f6e 0x12f7b: mov ah, 9 0x12f7d: int 0x21 0x12f7f: popaw 0x12f80: ret 0x12f81: pushaw
2018-12-25T11:41:22.973329436Z	9	PC: 12f7f \| Display string (String= ' Windows 95 may be dangerous. OS/2 is the best operating system! I`ll prove it soon... ')
2018-12-25T11:41:22.985600828Z	48	PC: 12a45 \| Get DOS version
2018-12-25T11:41:22.987234429Z	25	PC: 12a55 \| Get default drive
2018-12-25T11:41:22.993427033Z	9	PC: 12c57 \| Display string (String= 'No filename specified ')
2018-12-25T11:41:22.99982115Z	14	PC: 12c60 \| Set default drive (Drive = 'C')
2018-12-25T11:41:23.001682217Z	76	PC: 12c64 \| Terminate with return code (Return code = '5')