Sample viewer

vx.netlux.org/Virus.DOS.Ash.858

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:48:42.733845331Z	26	PC: 12a99 \| Set disk transfer address
2018-12-17T22:48:42.735474097Z	78	PC: 12aa5 \| Find first file
2018-12-17T22:48:42.742762825Z	67	PC: 12ace \| Get or set file attributes
2018-12-17T22:48:42.761043245Z	61	PC: 12ad5 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:48:42.769255624Z	63	PC: 12ae5 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:48:42.778341069Z	66	PC: 12af5 \| Move file pointer
2018-12-17T22:48:42.78023574Z	64	PC: 12b12 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:48:42.783509319Z	44	PC: 12a6e \| Get time 0x12a6e: mov word ptr [bp + 0x115], dx 0x12a72: call 0x22a57 0x12a75: mov ah, 0x40 0x12a77: mov cx, 0x356 0x12a7a: lea dx, word ptr [bp + 0x108] 0x12a7e: int 0x21 0x12a80: call 0x22a57 0x12a83: ret 0x12a84: lea si, word ptr [bp + 0x104] 0x12a88: mov di, 0x100 0x12a8b: mov cx, 4 0x12a8e: cld 0x12a8f: rep movsb byte ptr es:[di], byte ptr [si] 0x12a91: mov ah, 0x1a 0x12a93: lea dx, word ptr [bp + 0x45e] 0x12a97: int 0x21 0x12a99: mov ah, 0x4e 0x12a9b: lea dx, word ptr [bp + 0x25f] 0x12a9f: lea si, word ptr [bp + 0x47c] 0x12aa3: int 0x21
2018-12-17T22:48:42.787415552Z	64	PC: 12a80 \| Write file or device (Write 854 bytes on handle 5)
2018-12-17T22:48:42.797415224Z	66	PC: 12b1e \| Move file pointer
2018-12-17T22:48:42.799388953Z	64	PC: 12b3c \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:48:42.807812744Z	87	PC: 12b49 \| Get or set file date and time
2018-12-17T22:48:42.810403833Z	62	PC: 12b4d \| Close file
2018-12-17T22:48:42.819860012Z	67	PC: 12b5c \| Get or set file attributes
2018-12-17T22:48:42.831769393Z	60	PC: 12b7c \| Create or truncate file
2018-12-17T22:48:42.844598579Z	64	PC: 12b8a \| Write file or device (Write 492 bytes on handle 5)
2018-12-17T22:48:42.849288099Z	62	PC: 12b8e \| Close file
2018-12-17T22:48:42.858909634Z	26	PC: 12b95 \| Set disk transfer address