Sample viewer

vx.netlux.org/Virus.DOS.Ha!.1383

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:57:46.040817493Z 48 PC: 12e42 | Get DOS version
2018-12-17T21:57:46.044255116Z 254 PC: 12e4e | UNKNOWN!
2018-12-17T21:57:46.045587883Z 53 PC: 9f711 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:57:46.046984429Z 53 PC: 9f71f | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T21:57:46.049485158Z 53 PC: 9f72d | Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T21:57:46.050905386Z 37 PC: 9f7c1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:57:46.052310665Z 42 PC: 9f784 | Get date 0x9f784: xor ax, ax
0x9f786: dec dh
0x9f788: je 0x9f798
0x9f78a: xor ch, ch
0x9f78c: mov bx, 0x4f2
0x9f78f: mov cl, byte ptr [bx]
0x9f791: add ax, cx
0x9f793: inc bx
0x9f794: dec dh
0x9f796: jne 0x9f78f
0x9f798: add ax, dx
0x9f79a: and ax, 0xf
0x9f79d: jne 0x9f7aa
0x9f79f: mov al, 9
0x9f7a1: mov dx, 0x465
0x9f7a4: mov ah, 0x25
0x9f7a6: int 0x21
0x9f7a8: jmp 0x9f7ae
0x9f7aa: and al, 7
0x9f7ac: jne 0x9f7b7