Sample viewer

vx.netlux.org/Virus.DOS.HLLO.Puzo.4000

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:57:42.282279151Z 53 PC: 12ffa | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:42.292304951Z 53 PC: 12ffa | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:57:42.293715894Z 53 PC: 12ffa | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:57:42.295070942Z 53 PC: 12ffa | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:42.298602085Z 53 PC: 12ffa | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:57:42.30018193Z 53 PC: 12ffa | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:42.301523063Z 53 PC: 12ffa | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:57:42.302723723Z 53 PC: 12ffa | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:57:42.304608781Z 53 PC: 12ffa | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:57:42.305658841Z 53 PC: 12ffa | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:57:42.306778042Z 53 PC: 12ffa | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:57:42.315209152Z 53 PC: 12ffa | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:57:42.31652924Z 53 PC: 12ffa | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:57:42.31770662Z 53 PC: 12ffa | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:57:42.319420689Z 53 PC: 12ffa | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:57:42.320821316Z 53 PC: 12ffa | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:57:42.32206003Z 53 PC: 12ffa | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:57:42.327537806Z 53 PC: 12ffa | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:57:42.328549316Z 53 PC: 12ffa | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:57:42.329523859Z 37 PC: 1300f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:42.331508273Z 37 PC: 13017 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:57:42.332673193Z 37 PC: 1301f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:42.333663273Z 37 PC: 13027 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:57:42.335261349Z 68 PC: 1370d | I/O control for devices (Set for = '�(8D�u A�:8Du��+ʃ>E')
2018-12-17T22:57:42.336721179Z 44 PC: 13844 | Get time 0x13844: mov word ptr [0x3e], cx
0x13848: mov word ptr [0x40], dx
0x1384c: retf
0x1384d: mov di, 0x52
0x13850: push ds
0x13851: pop es
0x13852: mov cx, 0x52a
0x13855: sub cx, di
0x13857: shr cx, 1
0x13859: xor ax, ax
0x1385b: cld
0x1385c: rep stosd dword ptr es:[di], eax
0x1385e: ret
0x1385f: add byte ptr [bx + si], al
0x13861: add byte ptr [bx + si], al
0x13863: add byte ptr [bx + si], al
0x13865: add byte ptr [bx + si], al
0x13867: add byte ptr [bx + si], al
0x13869: add byte ptr [bp + si + 0x16], cl
0x1386c: dec dx
2018-12-17T22:57:42.338441113Z 60 PC: 136f1 | Create or truncate file
2018-12-17T22:57:42.351991263Z 68 PC: 1370d | I/O control for devices (Set for = '�(8D�u A�:8Du��+ʃ>E')
2018-12-17T22:57:42.353744037Z 48 PC: 1364f | Get DOS version
2018-12-17T22:57:42.355085552Z 64 PC: 133f3 | Write file or device (Write 86 bytes on handle 5)
2018-12-17T22:57:42.357659145Z 62 PC: 13432 | Close file
2018-12-17T22:57:42.364043025Z 41 PC: 12f5f | Parse filename
2018-12-17T22:57:42.365200176Z 41 PC: 12f6d | Parse filename
2018-12-17T22:57:42.366649091Z 75 PC: 12f78 | Execute program
2018-12-17T22:57:42.390258899Z 80 PC: 1a2f9 | Set current PSP
2018-12-17T22:57:42.391106791Z 48 PC: 1a2fe | Get DOS version
2018-12-17T22:57:42.392670288Z 99 PC: 20ae0 | Get DBCS lead byte table pointer
2018-12-17T22:57:42.395856671Z 101 PC: 1a384 | Get extended country info
2018-12-17T22:57:42.397228014Z 99 PC: 1a38a | Get DBCS lead byte table pointer
2018-12-17T22:57:42.398506206Z 74 PC: 1a3ec | Reallocate memory
2018-12-17T22:57:42.400274545Z 25 PC: 1a423 | Get default drive
2018-12-17T22:57:42.401363702Z 37 PC: 19ee3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:57:42.402452453Z 37 PC: 19eea | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:57:42.404075842Z 37 PC: 19ef1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:42.409736619Z 74 PC: 1908c | Reallocate memory
2018-12-17T22:57:42.411160577Z 72 PC: 190cd | Allocate memory
2018-12-17T22:57:42.413324417Z 72 PC: 19105 | Allocate memory
2018-12-17T22:57:42.415031855Z 72 PC: 1910d | Allocate memory