Sample viewer

vx.netlux.org/Virus.DOS.HLLO.Puzo.2906

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:54:40.820780313Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:54:40.82316983Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:54:40.824825479Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:54:40.826347463Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:54:40.82846431Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:54:40.830762069Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:54:40.831873216Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:54:40.833697965Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:54:40.83555281Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:54:40.837041174Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:54:40.83869612Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:54:40.840671869Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:54:40.841883926Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:54:40.843187799Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:54:40.845206692Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:54:40.846592094Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:54:40.847797281Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:54:40.860148081Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:54:40.86233062Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:54:40.863762695Z	37	PC: 12d4f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:54:40.866341658Z	37	PC: 12d57 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:54:40.867556251Z	37	PC: 12d5f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:54:40.868716851Z	37	PC: 12d67 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:54:40.870800023Z	68	PC: 1344d \| I/O control for devices (Set for = '�!�')
2018-12-17T21:54:40.874406094Z	60	PC: 13431 \| Create or truncate file
2018-12-17T21:54:40.890511069Z	68	PC: 1344d \| I/O control for devices (Set for = '�!�')
2018-12-17T21:54:40.89368801Z	48	PC: 1338f \| Get DOS version
2018-12-17T21:54:40.895580219Z	64	PC: 13133 \| Write file or device (Write 86 bytes on handle 5)
2018-12-17T21:54:40.90036799Z	62	PC: 13172 \| Close file
2018-12-17T21:54:40.918558388Z	41	PC: 12c9f \| Parse filename
2018-12-17T21:54:40.920157481Z	41	PC: 12cad \| Parse filename
2018-12-17T21:54:40.921585103Z	75	PC: 12cb8 \| Execute program
2018-12-17T21:54:40.94150738Z	80	PC: 19f69 \| Set current PSP
2018-12-17T21:54:40.942332549Z	48	PC: 19f6e \| Get DOS version
2018-12-17T21:54:40.943566067Z	99	PC: 20750 \| Get DBCS lead byte table pointer
2018-12-17T21:54:40.945960422Z	101	PC: 19ff4 \| Get extended country info
2018-12-17T21:54:40.947214342Z	99	PC: 19ffa \| Get DBCS lead byte table pointer
2018-12-17T21:54:40.94859514Z	74	PC: 1a05c \| Reallocate memory
2018-12-17T21:54:40.949953865Z	25	PC: 1a093 \| Get default drive
2018-12-17T21:54:40.951274302Z	37	PC: 19b53 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T21:54:40.952228326Z	37	PC: 19b5a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:54:40.953302371Z	37	PC: 19b61 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:54:40.95620398Z	74	PC: 18cfc \| Reallocate memory
2018-12-17T21:54:40.957350157Z	72	PC: 18d3d \| Allocate memory
2018-12-17T21:54:40.958525061Z	72	PC: 18d75 \| Allocate memory
2018-12-17T21:54:40.960291533Z	72	PC: 18d7d \| Allocate memory