Sample viewer

vx.netlux.org/Virus.DOS.HLLO.Candym.6688

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:29:07.899555071Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:29:07.901725601Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:29:07.902947557Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:29:07.904562063Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:29:07.906416888Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:29:07.907610858Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:29:07.908754438Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:29:07.910887714Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:29:07.91205824Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:29:07.913237175Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:29:07.927616623Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:29:07.928869882Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:29:07.930843372Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:29:07.933360339Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:29:07.93477666Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:29:07.935908734Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:29:07.937330789Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:29:07.939193965Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:29:07.940485763Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:29:07.941756267Z	37	PC: 134af \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:29:07.944026104Z	37	PC: 134b7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:29:07.945746858Z	37	PC: 134bf \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:29:07.947413239Z	37	PC: 134c7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:29:07.949844275Z	68	PC: 14014 \| I/O control for devices (Set for = '��^�QW�G��')
2018-12-17T22:29:07.951661978Z	44	PC: 1414b \| Get time 0x1414b: mov word ptr [0x3e], cx 0x1414f: mov word ptr [0x40], dx 0x14153: retf 0x14154: mov di, 0x52 0x14157: push ds 0x14158: pop es 0x14159: mov cx, 0x5b8 0x1415c: sub cx, di 0x1415e: shr cx, 1 0x14160: xor ax, ax 0x14162: cld 0x14163: rep stosd dword ptr es:[di], eax 0x14165: ret 0x14166: add byte ptr [bx + si], al 0x14168: add byte ptr [bx + si], al 0x1416a: add byte ptr [bx + si], al 0x1416c: add byte ptr [bx + si], al 0x1416e: add byte ptr [bx + si], al 0x14170: add byte ptr [bx + si], al 0x14172: add byte ptr [bx + si], al
2018-12-17T22:29:07.954002116Z	44	PC: 1328d \| Get time 0x1328d: xor ah, ah 0x1328f: mov al, dl 0x13291: les di, ptr [bp + 6] 0x13294: stosw word ptr es:[di], ax 0x13295: mov al, dh 0x13297: les di, ptr [bp + 0xa] 0x1329a: stosw word ptr es:[di], ax 0x1329b: mov al, cl 0x1329d: les di, ptr [bp + 0xe] 0x132a0: stosw word ptr es:[di], ax 0x132a1: mov al, ch 0x132a3: les di, ptr [bp + 0x12] 0x132a6: stosw word ptr es:[di], ax 0x132a7: pop bp 0x132a8: retf 0x10 0x132ab: push bp 0x132ac: mov bp, sp 0x132ae: mov ch, byte ptr [bp + 0xc] 0x132b1: mov cl, byte ptr [bp + 0xa] 0x132b4: mov dh, byte ptr [bp + 8]
2018-12-17T22:29:07.966603298Z	26	PC: 1336f \| Set disk transfer address
2018-12-17T22:29:07.967832631Z	78	PC: 1337b \| Find first file
2018-12-17T22:29:07.975030246Z	64	PC: 138b8 \| Write file or device (Write 35 bytes on handle 1)
2018-12-17T22:29:07.980158793Z	64	PC: 138b8 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:29:07.981776622Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:29:07.982833423Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:29:07.985217183Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:29:07.987491307Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:29:07.998878346Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:29:08.000624506Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:29:08.002029607Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:29:08.003374981Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:29:08.005482113Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:29:08.007328127Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:29:08.009279924Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:29:08.011486081Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:29:08.013297099Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:29:08.015351891Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:29:08.017751401Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:29:08.019294839Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:29:08.020986658Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:29:08.023707925Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:29:08.024795584Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:29:08.025900414Z	76	PC: 13630 \| Terminate with return code (Return code = '0')