Sample viewer

vx.netlux.org/Virus.DOS.Pulkas.529

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:08:06.147755269Z 44 PC: 12a44 | Get time 0x12a44: cmp dl, 0
0x12a47: jne 0x12a52
0x12a49: nop
0x12a4a: nop
0x12a4b: mov ah, 9
0x12a4d: mov dx, 0x1d2
0x12a50: int 0x21
0x12a52: mov ax, 0xface
0x12a55: int 0x21
0x12a57: cmp ax, 0xa75e
0x12a5a: je 0x12a94
0x12a5c: nop
0x12a5d: nop
0x12a5e: push es
0x12a5f: mov ax, 0
0x12a62: mov es, ax
0x12a64: mov bx, word ptr es:[0x84]
0x12a69: mov word ptr [0x1bc], bx
0x12a6d: mov bx, word ptr es:[0x86]
0x12a72: mov word ptr [0x1be], bx
2018-12-17T23:08:06.151894709Z 250 PC: 12a57 | UNKNOWN!
2018-12-17T23:08:06.154022579Z 49 PC: 12a94 | Terminate and stay resident (Return code = '0' | Memory size = '50')