Sample viewer

vx.netlux.org/Virus.DOS.HLLO.DeadByte.5712

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:39:57.757404411Z 53 PC: 130ea | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:39:57.758975893Z 53 PC: 130ea | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:39:57.760832063Z 53 PC: 130ea | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:39:57.763279525Z 53 PC: 130ea | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:39:57.765136388Z 53 PC: 130ea | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:39:57.766421179Z 53 PC: 130ea | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:57.767802466Z 53 PC: 130ea | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:39:57.769913323Z 53 PC: 130ea | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:39:57.771610492Z 53 PC: 130ea | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:39:57.773237214Z 53 PC: 130ea | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:39:57.77564447Z 53 PC: 130ea | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:39:57.776993181Z 53 PC: 130ea | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:39:57.778325811Z 53 PC: 130ea | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:39:57.780380939Z 53 PC: 130ea | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:39:57.781450321Z 53 PC: 130ea | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:39:57.782410913Z 53 PC: 130ea | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:39:57.784324474Z 53 PC: 130ea | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:39:57.785490812Z 53 PC: 130ea | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:39:57.786678157Z 53 PC: 130ea | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:39:57.78806306Z 37 PC: 130ff | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:39:57.790758832Z 37 PC: 13107 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:39:57.792577382Z 37 PC: 1310f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:57.794522272Z 37 PC: 13117 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:39:57.797379577Z 68 PC: 13de0 | I/O control for devices (Set for = 'r,����')
2018-12-17T22:39:57.799197834Z 44 PC: 12dfd | Get time 0x12dfd: xor ah, ah
0x12dff: mov al, dl
0x12e01: les di, ptr [bp + 6]
0x12e04: stosw word ptr es:[di], ax
0x12e05: mov al, dh
0x12e07: les di, ptr [bp + 0xa]
0x12e0a: stosw word ptr es:[di], ax
0x12e0b: mov al, cl
0x12e0d: les di, ptr [bp + 0xe]
0x12e10: stosw word ptr es:[di], ax
0x12e11: mov al, ch
0x12e13: les di, ptr [bp + 0x12]
0x12e16: stosw word ptr es:[di], ax
0x12e17: pop bp
0x12e18: retf 0x10
0x12e1b: push bp
0x12e1c: mov bp, sp
0x12e1e: mov ch, byte ptr [bp + 0xc]
0x12e21: mov cl, byte ptr [bp + 0xa]
0x12e24: mov dh, byte ptr [bp + 8]
2018-12-17T22:39:57.801809812Z 48 PC: 13b06 | Get DOS version
2018-12-17T22:39:57.804173998Z 61 PC: 139b8 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:39:57.811895422Z 63 PC: 13a8b | Read file or device (Read 5712 bytes on handle 5)
2018-12-17T22:39:57.819968524Z 62 PC: 13a08 | Close file
2018-12-17T22:39:57.826118369Z 48 PC: 13b06 | Get DOS version
2018-12-17T22:39:57.828555084Z 26 PC: 12e57 | Set disk transfer address
2018-12-17T22:39:57.830428666Z 78 PC: 12e63 | Find first file
2018-12-17T22:39:57.840011428Z 60 PC: 139b8 | Create or truncate file
2018-12-17T22:39:57.860663131Z 64 PC: 13a8b | Write file or device (Write 50051 bytes on handle 5)
2018-12-17T22:39:57.872050241Z 62 PC: 13a08 | Close file
2018-12-17T22:39:57.878067144Z 41 PC: 12fe1 | Parse filename
2018-12-17T22:39:57.883293323Z 41 PC: 12fef | Parse filename
2018-12-17T22:39:57.884870329Z 75 PC: 12ffa | Execute program
2018-12-17T22:39:57.903399178Z 80 PC: 1aa99 | Set current PSP
2018-12-17T22:39:57.905330793Z 48 PC: 1aa9e | Get DOS version
2018-12-17T22:39:57.907818464Z 99 PC: 21280 | Get DBCS lead byte table pointer
2018-12-17T22:39:57.911573793Z 101 PC: 1ab24 | Get extended country info
2018-12-17T22:39:57.913587238Z 99 PC: 1ab2a | Get DBCS lead byte table pointer
2018-12-17T22:39:57.915907461Z 74 PC: 1ab8c | Reallocate memory
2018-12-17T22:39:57.918079309Z 25 PC: 1abc3 | Get default drive
2018-12-17T22:39:57.920081067Z 37 PC: 1a683 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:39:57.921955541Z 37 PC: 1a68a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:39:57.923547159Z 37 PC: 1a691 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:57.929469893Z 74 PC: 1982c | Reallocate memory
2018-12-17T22:39:57.93110223Z 72 PC: 1986d | Allocate memory
2018-12-17T22:39:57.932825186Z 72 PC: 198a5 | Allocate memory
2018-12-17T22:39:57.934692058Z 72 PC: 198ad | Allocate memory