Sample viewer

vx.netlux.org/Virus.DOS.Luce.4628

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:43:53.34868523Z 53 PC: 13f67 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:43:53.352038928Z 37 PC: 13f76 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:43:53.354246585Z 37 PC: 13f5d | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:43:53.355935297Z 84 PC: 13ffd | Get verify flag
2018-12-17T22:43:53.358014402Z 42 PC: 1400c | Get date 0x1400c: mov byte ptr cs:[0x370], al
0x14010: mov word ptr cs:[0x36c], dx
0x14015: mov word ptr cs:[0x36e], cx
0x1401a: xor bx, bx
0x1401c: mov cx, 0x145
0x1401f: sub word ptr [bx + 2], cx
0x14022: mov ax, ds
0x14024: dec ax
0x14025: mov ds, ax
0x14027: inc ax
0x14028: add ax, word ptr [bx + 3]
0x1402b: sub ax, cx
0x1402d: mov es, ax
0x1402f: sub ax, 0xe
0x14032: push ax
0x14033: mov word ptr es:[bx + 1], 8
0x14039: mov word ptr es:[bx + 0x10], 0x40
0x1403f: mov al, byte ptr [bx]
0x14041: mov byte ptr es:[bx], al
0x14044: mov byte ptr [bx], 0x4d
2018-12-17T22:43:53.361888638Z 9 PC: 12a85 | Display string (String= '1400h (5120 dec) byte long virus goat file ')
2018-12-17T22:43:53.367791645Z 0 PC: 12a89 | Program terminate