Sample viewer

vx.netlux.org/Virus.DOS.Marawi.2888

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:51:33.43110205Z 240 PC: 1447c | UNKNOWN!
2018-12-17T22:51:33.433026393Z 74 PC: 1339a | Reallocate memory
2018-12-17T22:51:33.434428825Z 53 PC: 133ac | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:51:33.435439143Z 37 PC: 13146 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:51:33.436836182Z 53 PC: 13146 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:51:33.438210481Z 37 PC: 13146 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:51:33.439611294Z 26 PC: 13146 | Set disk transfer address
2018-12-17T22:51:33.440810754Z 78 PC: 13146 | Find first file
2018-12-17T22:51:33.447389151Z 75 PC: 13146 | Execute program
2018-12-17T22:51:33.466418198Z 9 PC: 13965 | Display string (String= ' Mabuhay! This program came from Bahay Kawayan at http://come.to/hexfiles Putoksa Kawayan [email protected] ')
2018-12-17T22:51:33.482371877Z 76 PC: 13969 | Terminate with return code (Return code = '36')
2018-12-17T22:51:33.485966689Z 73 PC: 13146 | Release memory
2018-12-17T22:51:33.487867371Z 77 PC: 13146 | Get program return code
2018-12-17T22:51:33.489737739Z 49 PC: 1340c | Terminate and stay resident (Return code = '36' | Memory size = '219')