Sample viewer

vx.netlux.org/Virus.DOS.Shire.220

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:42:36.03206125Z	53	PC: 12ba6 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:42:36.035026946Z	37	PC: 12bb5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:42:36.036488083Z	26	PC: 12bbc \| Set disk transfer address
2018-12-17T22:42:36.03787248Z	42	PC: 12bc0 \| Get date 0x12bc0: ror dh, 1 0x12bc2: jb 0x12c2e 0x12bc4: lea dx, word ptr [si + 0xb4] 0x12bc8: mov ah, 0x4e 0x12bca: int 0x21 0x12bcc: jb 0x12be0 0x12bce: mov al, byte ptr [0xffae] 0x12bd1: inc ax 0x12bd2: and al, 0x1f 0x12bd4: mov ah, 0x4f 0x12bd6: je 0x12bca 0x12bd8: mov dx, 0xffb6 0x12bdb: mov ax, 0x3d02 0x12bde: int 0x21 0x12be0: jb 0x12c2e 0x12be2: xchg ax, bx 0x12be3: mov ah, 0x3f 0x12be5: mov dx, di 0x12be7: mov cx, 3 0x12bea: int 0x21
2018-12-17T22:42:36.041098339Z	78	PC: 12bcc \| Find first file
2018-12-17T22:42:36.047307754Z	61	PC: 12be0 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:42:36.053813513Z	63	PC: 12bec \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:42:36.061079494Z	66	PC: 12bf4 \| Move file pointer
2018-12-17T22:42:36.06344062Z	64	PC: 12c58 \| Write file or device (Write 220 bytes on handle 5)
2018-12-17T22:42:36.468299769Z	66	PC: 12c11 \| Move file pointer
2018-12-17T22:42:36.470027167Z	64	PC: 12c1c \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:42:36.477508719Z	87	PC: 12c2a \| Get or set file date and time
2018-12-17T22:42:36.479258925Z	62	PC: 12c2e \| Close file
2018-12-17T22:42:36.486523989Z	37	PC: 12c34 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:42:36.488159148Z	26	PC: 12c58 \| Set disk transfer address
2018-12-17T22:42:36.489150242Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:42:36.491605812Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')