Sample viewer

vx.netlux.org/Virus.DOS.Oulu.1008

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:42:14.821830179Z 26 PC: 12ab7 | Set disk transfer address
2018-12-17T22:42:14.823117738Z 48 PC: 12abb | Get DOS version
2018-12-17T22:42:14.825558461Z 52 PC: 12ac5 | Get InDOS flag pointer
2018-12-17T22:42:14.826962318Z 37 PC: 12ad6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:42:14.828302676Z 42 PC: 12b3e | Get date 0x12b3e: mov al, 0x1e
0x12b40: dec dh
0x12b42: mul dh
0x12b44: mov word ptr [0x29], ax
0x12b47: sub dh, dh
0x12b49: add word ptr [0x29], dx
0x12b4d: sub cx, 0x7bc
0x12b51: mov ax, 0x16d
0x12b54: mul cx
0x12b56: add word ptr [0x29], ax
0x12b5a: mov ah, 0x2c
0x12b5c: int 0x21
0x12b5e: mov byte ptr [0x3ee], ch
0x12b62: mov byte ptr [0x3ef], cl
0x12b66: mov byte ptr [0x19], dh
0x12b6a: mov byte ptr [0x3c], dl
0x12b6e: ret
0x12b6f: mov dx, 0x3ce
0x12b72: mov ah, 0x4e
0x12b74: mov cx, 0
2018-12-17T22:42:14.83135065Z 44 PC: 12b5e | Get time 0x12b5e: mov byte ptr [0x3ee], ch
0x12b62: mov byte ptr [0x3ef], cl
0x12b66: mov byte ptr [0x19], dh
0x12b6a: mov byte ptr [0x3c], dl
0x12b6e: ret
0x12b6f: mov dx, 0x3ce
0x12b72: mov ah, 0x4e
0x12b74: mov cx, 0
0x12b77: int 0x21
0x12b79: jae 0x12b7e
0x12b7b: jmp 0x12cb7
0x12b7e: mov cl, byte ptr [0x19]
0x12b82: and cl, 7
0x12b85: dec cl
0x12b87: js 0x12b91
0x12b89: mov ah, 0x4f
0x12b8b: int 0x21
0x12b8d: jb 0x12b91
0x12b8f: jmp 0x12b85
0x12b91: mov dx, 0x424
2018-12-17T22:42:14.834148285Z 67 PC: 12b9d | Get or set file attributes
2018-12-17T22:42:14.840892802Z 67 PC: 12ce0 | Get or set file attributes
2018-12-17T22:42:14.847325304Z 67 PC: 12cf5 | Get or set file attributes
2018-12-17T22:42:14.864530118Z 61 PC: 12d04 | Open file (Filename = 'A:\TEST.COM')
2018-12-17T22:42:14.870166744Z 87 PC: 12d11 | Get or set file date and time
2018-12-17T22:42:14.871952008Z 66 PC: 12d27 | Move file pointer
2018-12-17T22:42:14.874704788Z 64 PC: 12d34 | Write file or device (Write 1008 bytes on handle 5)
2018-12-17T22:42:14.882744578Z 62 PC: 12d3a | Close file
2018-12-17T22:42:14.8912322Z 60 PC: 12d5b | Create or truncate file
2018-12-17T22:42:14.905792356Z 64 PC: 12d70 | Write file or device (Write 10 bytes on handle 5)
2018-12-17T22:42:14.909795114Z 87 PC: 12d80 | Get or set file date and time
2018-12-17T22:42:14.911696375Z 67 PC: 12d92 | Get or set file attributes
2018-12-17T22:42:14.924170203Z 62 PC: 12d97 | Close file
2018-12-17T22:42:14.939257841Z 37 PC: 12aee | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:42:14.942454504Z 26 PC: 12af7 | Set disk transfer address