Sample viewer

vx.netlux.org/Virus.DOS.Spanz.639

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:48:31.935505925Z 48 PC: 12b22 | Get DOS version
2018-12-17T22:48:31.944029199Z 26 PC: 12b39 | Set disk transfer address
2018-12-17T22:48:31.945043042Z 42 PC: 12b43 | Get date 0x12b43: sub cx, 0x7bc
0x12b47: mov ax, cx
0x12b49: mov cl, 0xc
0x12b4b: mul cl
0x12b4d: dec dh
0x12b4f: add al, dh
0x12b51: mov byte ptr [si + 0x37c], al
0x12b55: lea bx, word ptr [si + 0x37d]
0x12b59: jmp 0x12bd7
0x12b5b: nop
0x12b5c: lea bx, word ptr [si + 0x37d]
0x12b60: push es
0x12b61: cmp word ptr [si + 0x376], 0
0x12b66: je 0x12b7d
0x12b68: mov ax, word ptr [si + 0x374]
0x12b6c: mov di, ax
0x12b6e: mov ax, word ptr [si + 0x376]
0x12b72: mov es, ax
0x12b74: cmp byte ptr es:[di - 1], 0
0x12b79: jne 0x12bb3
2018-12-17T22:48:31.947163781Z 78 PC: 12bf4 | Find first file
2018-12-17T22:48:31.95373134Z 61 PC: 12c42 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:48:31.960205657Z 63 PC: 12c59 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:48:31.966512938Z 66 PC: 12c7d | Move file pointer
2018-12-17T22:48:31.972726061Z 64 PC: 12c91 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:48:31.975381335Z 66 PC: 12cba | Move file pointer
2018-12-17T22:48:31.976716819Z 64 PC: 12cce | Write file or device (Write 12 bytes on handle 5)
2018-12-17T22:48:31.979338041Z 64 PC: 12ce9 | Write file or device (Write 627 bytes on handle 5)
2018-12-17T22:48:31.994548647Z 87 PC: 12d0b | Get or set file date and time
2018-12-17T22:48:31.99654406Z 62 PC: 12d13 | Close file
2018-12-17T22:48:32.004235804Z 26 PC: 12d1a | Set disk transfer address
2018-12-17T22:48:32.005645249Z 9 PC: 12a47 | Display string (String= '(C) 1993 American Eagle Publications Inc., All Rights Reserved. Unauthorized use will be prosecuted under applicable copyright and software piracy laws. HOST #1 - You have just released a virus!')
2018-12-17T22:48:32.01297192Z 76 PC: 12a4c | Terminate with return code (Return code = '0')