Sample viewer

vx.netlux.org/Virus.DOS.Slam.Hunter.327

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:03:14.766565264Z	53	PC: 12aa7 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:14.768194133Z	37	PC: 12ab7 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:14.770825485Z	71	PC: 12ac0 \| Get current directory
2018-12-17T23:03:14.774299085Z	53	PC: 12ac7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:14.775893647Z	37	PC: 12ad0 \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:03:14.781425582Z	78	PC: 12b01 \| Find first file
2018-12-17T23:03:14.788815725Z	67	PC: 12b0a \| Get or set file attributes
2018-12-17T23:03:14.795405822Z	67	PC: 12b14 \| Get or set file attributes
2018-12-17T23:03:14.817611857Z	61	PC: 12b18 \| Open file (Filename = '')
2018-12-17T23:03:14.831558438Z	87	PC: 12b1d \| Get or set file date and time
2018-12-17T23:03:14.833411662Z	63	PC: 12b28 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:03:14.84183537Z	66	PC: 12b37 \| Move file pointer
2018-12-17T23:03:14.84342404Z	44	PC: 12a50 \| Get time 0x12a50: cmp dl, 0 0x12a53: je 0x12a4c 0x12a55: mov byte ptr [0x10a], dl 0x12a59: call 0x12a6e 0x12a5c: pop bx 0x12a5d: mov cx, 0x147 0x12a60: mov dx, 0x100 0x12a63: mov ah, 0x40 0x12a65: int3 0x12a66: inc byte ptr [0x247] 0x12a6a: call 0x12a6e 0x12a6d: ret 0x12a6e: mov bx, 0x146 0x12a71: mov al, byte ptr [0x10a] 0x12a75: cmp al, 0 0x12a77: je 0x12a85 0x12a79: xor byte ptr [bx], al 0x12a7c: inc bx 0x12a7d: add al, bh 0x12a7f: cmp bx, 0x22d
2018-12-17T23:03:14.846071327Z	64	PC: 12a66 \| Write file or device (Write 327 bytes on handle 5)
2018-12-17T23:03:14.849489602Z	87	PC: 12b42 \| Get or set file date and time
2018-12-17T23:03:14.859401237Z	62	PC: 12b45 \| Close file
2018-12-17T23:03:14.868151443Z	67	PC: 12b50 \| Get or set file attributes
2018-12-17T23:03:14.880201413Z	79	PC: 12b01 \| Find next file
2018-12-17T23:03:14.884705548Z	67	PC: 12b0a \| Get or set file attributes
2018-12-17T23:03:14.892208457Z	67	PC: 12b14 \| Get or set file attributes
2018-12-17T23:03:14.903751899Z	61	PC: 12b18 \| Open file (Filename = '')
2018-12-17T23:03:14.912425581Z	87	PC: 12b1d \| Get or set file date and time
2018-12-17T23:03:14.914988402Z	63	PC: 12b28 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:03:14.922703616Z	66	PC: 12b37 \| Move file pointer
2018-12-17T23:03:14.926300996Z	44	PC: 12a50 \| Get time 0x12a50: cmp dl, 0 0x12a53: je 0x12a4c 0x12a55: mov byte ptr [0x10a], dl 0x12a59: call 0x12a6e 0x12a5c: pop bx 0x12a5d: mov cx, 0x147 0x12a60: mov dx, 0x100 0x12a63: mov ah, 0x40 0x12a65: int3 0x12a66: inc byte ptr [0x247] 0x12a6a: call 0x12a6e 0x12a6d: ret 0x12a6e: mov bx, 0x146 0x12a71: mov al, byte ptr [0x10a] 0x12a75: cmp al, 0 0x12a77: je 0x12a85 0x12a79: xor byte ptr [bx], al 0x12a7c: inc bx 0x12a7d: add al, bh 0x12a7f: cmp bx, 0x22d
2018-12-17T23:03:14.929365837Z	64	PC: 12a66 \| Write file or device (Write 327 bytes on handle 5)
2018-12-17T23:03:14.932697441Z	87	PC: 12b42 \| Get or set file date and time
2018-12-17T23:03:14.935051243Z	62	PC: 12b45 \| Close file
2018-12-17T23:03:14.943492878Z	67	PC: 12b50 \| Get or set file attributes
2018-12-17T23:03:14.955395016Z	59	PC: 12aed \| Change current directory
2018-12-17T23:03:14.958236048Z	37	PC: 12af9 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')