Sample viewer

vx.netlux.org/Virus.DOS.HLLO.Fruit.5598

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:23:45.862299356Z	53	PC: 137c2 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:23:45.864921836Z	53	PC: 137c2 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:23:45.866117841Z	53	PC: 137c2 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:23:45.867607236Z	53	PC: 137c2 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:23:45.870252895Z	53	PC: 137c2 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:23:45.871539267Z	53	PC: 137c2 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:23:45.872764723Z	53	PC: 137c2 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:23:45.875195671Z	53	PC: 137c2 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:23:45.876394905Z	53	PC: 137c2 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:23:45.877418581Z	53	PC: 137c2 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:23:45.87916514Z	53	PC: 137c2 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:23:45.881475313Z	53	PC: 137c2 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:23:45.889475785Z	53	PC: 137c2 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:23:45.907628836Z	53	PC: 137c2 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:23:45.908725629Z	53	PC: 137c2 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:23:45.909637581Z	53	PC: 137c2 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:23:45.921202054Z	53	PC: 137c2 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:23:45.922954714Z	53	PC: 137c2 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:23:45.924686218Z	53	PC: 137c2 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:23:45.926430618Z	37	PC: 137d7 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:23:45.928104116Z	37	PC: 137df \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:23:45.929170477Z	37	PC: 137e7 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:23:45.930229308Z	37	PC: 137ef \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:23:45.932264059Z	68	PC: 13b5f \| I/O control for devices (Set for = '')
2018-12-17T22:23:46.014597077Z	37	PC: 130b5 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:23:46.016119657Z	48	PC: 14278 \| Get DOS version
2018-12-17T22:23:46.018631562Z	44	PC: 140ab \| Get time 0x140ab: mov word ptr [0x13e], cx 0x140af: mov word ptr [0x140], dx 0x140b3: retf 0x140b4: mov bx, sp 0x140b6: push ds 0x140b7: les di, ptr ss:[bx + 8] 0x140bb: lds si, ptr ss:[bx + 4] 0x140bf: cld 0x140c0: xor ax, ax 0x140c2: stosw word ptr es:[di], ax 0x140c3: mov ax, 0xd7b0 0x140c6: stosw word ptr es:[di], ax 0x140c7: xor ax, ax 0x140c9: mov cx, 0x16 0x140cc: rep stosd dword ptr es:[di], eax 0x140ce: lodsb al, byte ptr [si] 0x140cf: cmp al, 0x4f 0x140d1: jbe 0x140d5 0x140d3: mov al, 0x4f 0x140d5: mov cl, al
2018-12-17T22:23:46.023952925Z	25	PC: 14305 \| Get default drive
2018-12-17T22:23:46.024899687Z	71	PC: 14318 \| Get current directory
2018-12-17T22:23:46.028901357Z	25	PC: 14305 \| Get default drive
2018-12-17T22:23:46.02988236Z	71	PC: 14318 \| Get current directory
2018-12-17T22:23:46.032812458Z	14	PC: 1435e \| Set default drive (Drive = 'A')
2018-12-17T22:23:46.035657282Z	25	PC: 14362 \| Get default drive
2018-12-17T22:23:46.036760185Z	59	PC: 143cc \| Change current directory
2018-12-17T22:23:46.041256255Z	25	PC: 14305 \| Get default drive
2018-12-17T22:23:46.043148466Z	71	PC: 14318 \| Get current directory
2018-12-17T22:23:46.046090916Z	14	PC: 1435e \| Set default drive (Drive = 'C')
2018-12-17T22:23:46.047406781Z	25	PC: 14362 \| Get default drive
2018-12-17T22:23:46.049334046Z	59	PC: 143cc \| Change current directory
2018-12-17T22:23:46.055722875Z	14	PC: 1435e \| Set default drive (Drive = 'A')
2018-12-17T22:23:46.057011528Z	25	PC: 14362 \| Get default drive
2018-12-17T22:23:46.058595143Z	59	PC: 143cc \| Change current directory
2018-12-17T22:23:46.065665737Z	26	PC: 136a7 \| Set disk transfer address
2018-12-17T22:23:46.066694829Z	78	PC: 136b3 \| Find first file
2018-12-17T22:23:46.069474913Z	26	PC: 136a7 \| Set disk transfer address
2018-12-17T22:23:46.070839825Z	78	PC: 136b3 \| Find first file
2018-12-17T22:23:46.074945883Z	26	PC: 136cb \| Set disk transfer address
2018-12-17T22:23:46.076280065Z	79	PC: 136d0 \| Find next file
2018-12-17T22:23:46.078191817Z	26	PC: 136a7 \| Set disk transfer address
2018-12-17T22:23:46.0790478Z	78	PC: 136b3 \| Find first file
2018-12-17T22:23:46.093005845Z	26	PC: 136cb \| Set disk transfer address
2018-12-17T22:23:46.094341409Z	79	PC: 136d0 \| Find next file
2018-12-17T22:23:46.09710288Z	26	PC: 136cb \| Set disk transfer address
2018-12-17T22:23:46.098617704Z	79	PC: 136d0 \| Find next file
2018-12-17T22:23:46.101950738Z	26	PC: 136cb \| Set disk transfer address
2018-12-17T22:23:46.102911811Z	79	PC: 136d0 \| Find next file
2018-12-17T22:23:46.107266877Z	26	PC: 136cb \| Set disk transfer address
2018-12-17T22:23:46.108359725Z	79	PC: 136d0 \| Find next file
2018-12-17T22:23:46.11171216Z	26	PC: 136cb \| Set disk transfer address
2018-12-17T22:23:46.113244466Z	79	PC: 136d0 \| Find next file
2018-12-17T22:23:46.116516524Z	26	PC: 136cb \| Set disk transfer address
2018-12-17T22:23:46.11745957Z	79	PC: 136d0 \| Find next file
2018-12-17T22:23:46.126834281Z	26	PC: 136cb \| Set disk transfer address
2018-12-17T22:23:46.127968802Z	79	PC: 136d0 \| Find next file
2018-12-17T22:23:46.132327214Z	26	PC: 136cb \| Set disk transfer address
2018-12-17T22:23:46.134220017Z	79	PC: 136d0 \| Find next file
2018-12-17T22:23:46.137582781Z	26	PC: 136cb \| Set disk transfer address
2018-12-17T22:23:46.138613371Z	79	PC: 136d0 \| Find next file
2018-12-17T22:23:46.142303532Z	26	PC: 136cb \| Set disk transfer address
2018-12-17T22:23:46.143437725Z	79	PC: 136d0 \| Find next file
2018-12-17T22:23:46.146709066Z	26	PC: 136cb \| Set disk transfer address
2018-12-17T22:23:46.148864441Z	79	PC: 136d0 \| Find next file
2018-12-17T22:23:46.152375221Z	26	PC: 136cb \| Set disk transfer address
2018-12-17T22:23:46.155047698Z	79	PC: 136d0 \| Find next file
2018-12-17T22:23:46.158938556Z	26	PC: 136cb \| Set disk transfer address
2018-12-17T22:23:46.170523885Z	79	PC: 136d0 \| Find next file
2018-12-17T22:23:46.174721844Z	26	PC: 136cb \| Set disk transfer address
2018-12-17T22:23:46.176893253Z	79	PC: 136d0 \| Find next file
2018-12-17T22:23:46.191116867Z	26	PC: 136cb \| Set disk transfer address
2018-12-17T22:23:46.192572344Z	79	PC: 136d0 \| Find next file
2018-12-17T22:23:46.197450051Z	26	PC: 136cb \| Set disk transfer address
2018-12-17T22:23:46.199168653Z	79	PC: 136d0 \| Find next file
2018-12-17T22:23:46.202794645Z	67	PC: 1364f \| Get or set file attributes
2018-12-17T22:23:46.210093195Z	61	PC: 1412a \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:23:46.216839409Z	60	PC: 1412a \| Create or truncate file
2018-12-17T22:23:46.565827755Z	63	PC: 141fd \| Read file or device (Read 2048 bytes on handle 5)
2018-12-17T22:23:46.573034654Z	64	PC: 141fd \| Write file or device (Write 2048 bytes on handle 6)
2018-12-17T22:23:46.581314378Z	63	PC: 141fd \| Read file or device (Read 2048 bytes on handle 5)
2018-12-17T22:23:46.588105495Z	64	PC: 141fd \| Write file or device (Write 2048 bytes on handle 6)
2018-12-17T22:23:46.596009647Z	63	PC: 141fd \| Read file or device (Read 2048 bytes on handle 5)
2018-12-17T22:23:46.603810818Z	64	PC: 141fd \| Write file or device (Write 2048 bytes on handle 6)
2018-12-17T22:23:46.61107673Z	63	PC: 141fd \| Read file or device (Read 2048 bytes on handle 5)
2018-12-17T22:23:46.618151021Z	64	PC: 141fd \| Write file or device (Write 1104 bytes on handle 6)
2018-12-17T22:23:46.625736575Z	63	PC: 141fd \| Read file or device (Read 2048 bytes on handle 5)
2018-12-17T22:23:46.627994338Z	62	PC: 1417a \| Close file
2018-12-17T22:23:46.630046597Z	62	PC: 1417a \| Close file
2018-12-17T22:23:46.639436776Z	37	PC: 138d6 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:23:46.640790459Z	37	PC: 138d6 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:23:46.64181734Z	37	PC: 138d6 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:23:46.643354064Z	37	PC: 138d6 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:23:46.644269801Z	37	PC: 138d6 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:23:46.645158638Z	37	PC: 138d6 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:23:46.646604607Z	37	PC: 138d6 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:23:46.647544154Z	37	PC: 138d6 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:23:46.648448997Z	37	PC: 138d6 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:23:46.650018517Z	37	PC: 138d6 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:23:46.650946121Z	37	PC: 138d6 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:23:46.65181345Z	37	PC: 138d6 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:23:46.653158046Z	37	PC: 138d6 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:23:46.653968853Z	37	PC: 138d6 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:23:46.654693776Z	37	PC: 138d6 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:23:46.656387904Z	37	PC: 138d6 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:23:46.657297921Z	37	PC: 138d6 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:23:46.658089532Z	37	PC: 138d6 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:23:46.659530598Z	37	PC: 138d6 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:23:46.660417888Z	76	PC: 13915 \| Terminate with return code (Return code = '0')