Sample viewer

vx.netlux.org/Virus.DOS.V.573

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:57:31.4656677Z	53	PC: 12ab1 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:57:31.467878752Z	37	PC: 12ac2 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:57:31.469315085Z	53	PC: 12b14 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:57:31.470275558Z	37	PC: 12b25 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:57:31.472099444Z	47	PC: 12b29 \| Get disk transfer address
2018-12-17T21:57:31.473014404Z	26	PC: 12b38 \| Set disk transfer address
2018-12-17T21:57:31.474152638Z	78	PC: 12b44 \| Find first file
2018-12-17T21:57:31.478508703Z	61	PC: 12bb3 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T21:57:31.482762055Z	66	PC: 12bbe \| Move file pointer
2018-12-17T21:57:31.483826759Z	66	PC: 12bcc \| Move file pointer
2018-12-17T21:57:31.48493311Z	63	PC: 12bd7 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T21:57:31.48920705Z	87	PC: 12c03 \| Get or set file date and time
2018-12-17T21:57:31.490167698Z	66	PC: 12c0e \| Move file pointer
2018-12-17T21:57:31.491060579Z	44	PC: 12c19 \| Get time 0x12c19: cmp dl, 0 0x12c1c: je 0x12c15 0x12c1e: mov byte ptr [bp + 0x13a], dl 0x12c22: lea ax, word ptr [bp + 0x341] 0x12c26: add ax, 0x5b 0x12c29: push bx 0x12c2a: call 0x22ae0 0x12c2d: lea bx, word ptr [bp + 0x104] 0x12c31: lea dx, word ptr [bp + 0x341] 0x12c35: mov cx, 0x5b 0x12c38: mov al, byte ptr [bx] 0x12c3a: xchg bx, dx 0x12c3c: mov byte ptr [bx], al 0x12c3e: xchg bx, dx 0x12c40: inc bx 0x12c41: inc dx 0x12c42: dec cx 0x12c43: jne 0x12c38 0x12c45: pop bx 0x12c46: mov ah, 0x40
2018-12-17T21:57:31.493037491Z	64	PC: 12c51 \| Write file or device (Write 573 bytes on handle 5)
2018-12-17T21:57:31.504971565Z	66	PC: 12c5a \| Move file pointer
2018-12-17T21:57:31.506645643Z	64	PC: 12c65 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T21:57:31.513977691Z	87	PC: 12c6c \| Get or set file date and time
2018-12-17T21:57:31.515857516Z	62	PC: 12c70 \| Close file
2018-12-17T21:57:31.531438572Z	26	PC: 12b75 \| Set disk transfer address
2018-12-17T21:57:31.534997595Z	37	PC: 12b82 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:57:31.539493258Z	37	PC: 12b94 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:57:31.541709781Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')