Sample viewer

vx.netlux.org/Virus.DOS.HLLC.5355

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:59:55.401242049Z	53	PC: 1374a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:59:55.402951477Z	53	PC: 1374a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:59:55.403890489Z	53	PC: 1374a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:59:55.40485064Z	53	PC: 1374a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:59:55.409311962Z	53	PC: 1374a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:59:55.410353779Z	53	PC: 1374a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:59:55.411438354Z	53	PC: 1374a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:59:55.41303505Z	53	PC: 1374a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:59:55.413967212Z	53	PC: 1374a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:59:55.414881707Z	53	PC: 1374a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:59:55.416515663Z	53	PC: 1374a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:59:55.418202532Z	53	PC: 1374a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:59:55.422169628Z	53	PC: 1374a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:59:55.423983928Z	53	PC: 1374a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:59:55.425729145Z	53	PC: 1374a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:59:55.427017643Z	53	PC: 1374a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:59:55.428923228Z	53	PC: 1374a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:59:55.4304333Z	53	PC: 1374a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:59:55.431681276Z	53	PC: 1374a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:59:55.432905841Z	37	PC: 1375f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:59:55.434589165Z	37	PC: 13767 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:59:55.436059301Z	37	PC: 1376f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:59:55.437538247Z	37	PC: 13777 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:59:55.439842464Z	68	PC: 14379 \| I/O control for devices (Set for = ' ��J�8[�S)')
2018-12-17T21:59:55.441497661Z	253	PC: 1368a \| UNKNOWN!
2018-12-17T21:59:55.443358071Z	48	PC: 13fbe \| Get DOS version
2018-12-17T21:59:55.445672876Z	67	PC: 133ef \| Get or set file attributes
2018-12-17T21:59:55.451682234Z	67	PC: 13416 \| Get or set file attributes
2018-12-17T21:59:55.467858934Z	61	PC: 13e70 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:59:55.475111388Z	63	PC: 13f43 \| Read file or device (Read 5355 bytes on handle 5)
2018-12-17T21:59:55.482541078Z	62	PC: 13ec0 \| Close file
2018-12-17T21:59:55.484729842Z	67	PC: 13416 \| Get or set file attributes
2018-12-17T21:59:55.496398842Z	48	PC: 13fbe \| Get DOS version
2018-12-17T21:59:55.498966957Z	26	PC: 13447 \| Set disk transfer address
2018-12-17T21:59:55.50049471Z	78	PC: 13453 \| Find first file
2018-12-17T21:59:55.507864742Z	26	PC: 13447 \| Set disk transfer address
2018-12-17T21:59:55.509477165Z	78	PC: 13453 \| Find first file
2018-12-17T21:59:55.516073312Z	26	PC: 13447 \| Set disk transfer address
2018-12-17T21:59:55.518173214Z	78	PC: 13453 \| Find first file
2018-12-17T21:59:55.523910652Z	25	PC: 1404b \| Get default drive
2018-12-17T21:59:55.525259421Z	71	PC: 1405e \| Get current directory
2018-12-17T21:59:55.529062713Z	59	PC: 14112 \| Change current directory
2018-12-17T21:59:55.53886638Z	60	PC: 13e70 \| Create or truncate file
2018-12-17T21:59:55.551549662Z	64	PC: 13f43 \| Write file or device (Write 5355 bytes on handle 5)
2018-12-17T21:59:55.557581314Z	62	PC: 13ec0 \| Close file
2018-12-17T21:59:55.566132272Z	14	PC: 140a4 \| Set default drive (Drive = 'A')
2018-12-17T21:59:55.568335272Z	25	PC: 140a8 \| Get default drive
2018-12-17T21:59:55.570428469Z	59	PC: 14112 \| Change current directory
2018-12-17T21:59:55.574779043Z	26	PC: 1346b \| Set disk transfer address
2018-12-17T21:59:55.575980351Z	79	PC: 13470 \| Find next file
2018-12-17T21:59:55.583030371Z	25	PC: 1404b \| Get default drive
2018-12-17T21:59:55.584168466Z	71	PC: 1405e \| Get current directory
2018-12-17T21:59:55.588549041Z	26	PC: 13447 \| Set disk transfer address
2018-12-17T21:59:55.591601052Z	78	PC: 13453 \| Find first file
2018-12-17T21:59:55.597934243Z	26	PC: 13447 \| Set disk transfer address
2018-12-17T21:59:55.599070809Z	78	PC: 13453 \| Find first file
2018-12-17T21:59:55.605955321Z	26	PC: 1346b \| Set disk transfer address
2018-12-17T21:59:55.607012808Z	79	PC: 13470 \| Find next file
2018-12-17T21:59:55.609961847Z	26	PC: 13447 \| Set disk transfer address
2018-12-17T21:59:55.612040792Z	78	PC: 13453 \| Find first file
2018-12-17T21:59:55.623029188Z	14	PC: 140a4 \| Set default drive (Drive = 'A')
2018-12-17T21:59:55.624529994Z	25	PC: 140a8 \| Get default drive
2018-12-17T21:59:55.626602056Z	59	PC: 14112 \| Change current directory
2018-12-17T21:59:55.636062286Z	253	PC: 1368a \| UNKNOWN!
2018-12-17T21:59:55.637071501Z	253	PC: 1368a \| UNKNOWN!
2018-12-17T21:59:55.638912197Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:59:55.640107249Z	37	PC: 134c4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:59:55.641411285Z	49	PC: 135b1 \| Terminate and stay resident (Return code = '0' \| Memory size = '1886')