Sample viewer

vx.netlux.org/Virus.DOS.VFSI.427

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:13.834118871Z	26	PC: 12bc4 \| Set disk transfer address
2018-12-17T22:43:13.835473826Z	78	PC: 12bcf \| Find first file
2018-12-17T22:43:13.836893944Z	62	PC: 12c8d \| Close file
2018-12-17T22:43:13.838243499Z	44	PC: 12c92 \| Get time 0x12c92: cmp dl, 0x14 0x12c95: jg 0x12cea 0x12c97: mov ax, 0xe07 0x12c9a: int 0x10 0x12c9c: mov ax, 0xf00 0x12c9f: int 0x10 0x12ca1: push ax 0x12ca2: xor ax, ax 0x12ca4: int 0x10 0x12ca6: mov cx, 0x1e 0x12ca9: mov dx, 0xa06 0x12cac: mov bl, 0xe 0x12cae: mov bp, 0x20 0x12cb1: mov ah, 2 0x12cb3: int 0x10 0x12cb5: mov si, 0x1e 0x12cb8: sub si, cx 0x12cba: mov al, byte ptr ds:[bp + si] 0x12cbd: add al, 0x1e 0x12cbf: sub al, 0x1e
2018-12-17T22:43:13.840236682Z	26	PC: 12cf4 \| Set disk transfer address
2018-12-17T22:43:13.846334044Z	26	PC: 12b49 \| Set disk transfer address
2018-12-17T22:43:13.847444039Z	26	PC: 12bc4 \| Set disk transfer address
2018-12-17T22:43:13.848628433Z	78	PC: 12bcf \| Find first file
2018-12-17T22:43:13.856276547Z	62	PC: 12c8d \| Close file
2018-12-17T22:43:13.857814105Z	44	PC: 12c92 \| Get time 0x12c92: cmp dl, 0x14 0x12c95: jg 0x12cea 0x12c97: mov ax, 0xe07 0x12c9a: int 0x10 0x12c9c: mov ax, 0xf00 0x12c9f: int 0x10 0x12ca1: push ax 0x12ca2: xor ax, ax 0x12ca4: int 0x10 0x12ca6: mov cx, 0x1e 0x12ca9: mov dx, 0xa06 0x12cac: mov bl, 0xe 0x12cae: mov bp, 0x20 0x12cb1: mov ah, 2 0x12cb3: int 0x10 0x12cb5: mov si, 0x1e 0x12cb8: sub si, cx 0x12cba: mov al, byte ptr ds:[bp + si] 0x12cbd: add al, 0x1e 0x12cbf: sub al, 0x1e
2018-12-17T22:43:13.86052148Z	26	PC: 12cf4 \| Set disk transfer address
2018-12-17T22:43:13.862253152Z	76	PC: 12b49 \| Terminate with return code (Return code = '0')