Sample viewer

vx.netlux.org/Virus.DOS.Rlyeh.1178

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:48:07.71435092Z 53 PC: 12a4b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:07.716011594Z 37 PC: 12a5b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:07.717174948Z 78 PC: 12a6a | Find first file
2018-12-17T22:48:07.723889133Z 61 PC: 12a74 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:48:07.731137625Z 63 PC: 12a7f | Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:48:07.737295271Z 66 PC: 12aac | Move file pointer
2018-12-17T22:48:07.738535898Z 44 PC: 12ab1 | Get time 0x12ab1: mov word ptr [0x594], dx
0x12ab5: jmp 0x12eb5
0x12ab8: mov ah, 0x3e
0x12aba: int 0x21
0x12abc: mov byte ptr [0x529], 0x20
0x12ac1: mov si, 0x554
0x12ac4: mov di, 0x530
0x12ac7: mov cx, 0x21
0x12aca: rep movsb byte ptr es:[di], byte ptr [si]
0x12acc: mov si, 0x9e
0x12acf: mov di, 0x545
0x12ad2: lodsb al, byte ptr [si]
0x12ad3: stosb byte ptr es:[di], al
0x12ad4: or al, al
0x12ad6: jne 0x12ad2
0x12ad8: mov dx, 0x1b9
0x12adb: mov ah, 9
0x12add: int 0x21
0x12adf: mov dx, word ptr [0x59a]
0x12ae3: mov ds, dx
2018-12-17T22:48:07.743830054Z 64 PC: 12ec3 | Write file or device (Write 1178 bytes on handle 5)
2018-12-17T22:48:07.761229659Z 62 PC: 12abc | Close file
2018-12-17T22:48:07.76983666Z 9 PC: 12adf | Display string (Could not find end pointer)
2018-12-17T22:48:07.794154467Z 37 PC: 12aee | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')