Sample viewer

vx.netlux.org/Virus.DOS.HLLC.Unvisible.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:53:34.231804055Z	48	PC: 12a4c \| Get DOS version
2018-12-17T22:53:34.234453957Z	53	PC: 12b75 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:34.236087612Z	53	PC: 12b82 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:53:34.237539439Z	53	PC: 12b8f \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:53:34.239128072Z	53	PC: 12b9c \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:53:34.255359966Z	37	PC: 12bb0 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:34.256656142Z	74	PC: 12af4 \| Reallocate memory
2018-12-17T22:53:34.259259224Z	74	PC: 13f9d \| Reallocate memory
2018-12-17T22:53:34.26174964Z	42	PC: 16a97 \| Get date 0x16a97: les bx, ptr [bp + 6] 0x16a9a: mov word ptr es:[bx], cx 0x16a9d: les bx, ptr [bp + 6] 0x16aa0: mov word ptr es:[bx + 2], dx 0x16aa4: pop bp 0x16aa5: retf 0x16aa6: push bp 0x16aa7: mov bp, sp 0x16aa9: mov ah, 0x2c 0x16aab: int 0x21 0x16aad: les bx, ptr [bp + 6] 0x16ab0: mov word ptr es:[bx], cx 0x16ab3: les bx, ptr [bp + 6] 0x16ab6: mov word ptr es:[bx + 2], dx 0x16aba: pop bp 0x16abb: retf 0x16abc: push bp 0x16abd: mov bp, sp 0x16abf: sub sp, 4 0x16ac2: push si
2018-12-17T22:53:34.264195207Z	44	PC: 16aad \| Get time 0x16aad: les bx, ptr [bp + 6] 0x16ab0: mov word ptr es:[bx], cx 0x16ab3: les bx, ptr [bp + 6] 0x16ab6: mov word ptr es:[bx + 2], dx 0x16aba: pop bp 0x16abb: retf 0x16abc: push bp 0x16abd: mov bp, sp 0x16abf: sub sp, 4 0x16ac2: push si 0x16ac3: push di 0x16ac4: les di, ptr [bp + 6] 0x16ac7: mov ax, es 0x16ac9: or ax, di 0x16acb: je 0x16aed 0x16acd: mov al, 0 0x16acf: mov ah, byte ptr es:[di] 0x16ad2: mov cx, 0xffff 0x16ad5: cld 0x16ad6: repne scasb al, byte ptr es:[di]
2018-12-17T22:53:34.269867489Z	74	PC: 13f9d \| Reallocate memory
2018-12-17T22:53:34.272882401Z	61	PC: 14443 \| Open file (Filename = '��>~�')
2018-12-17T22:53:34.281823122Z	68	PC: 1481a \| I/O control for devices (Set for = 'Divide error Abnormal program termination W�')
2018-12-17T22:53:34.29118319Z	68	PC: 1483e \| I/O control for devices (Set for = '')
2018-12-17T22:53:34.300703009Z	74	PC: 13f9d \| Reallocate memory
2018-12-17T22:53:34.303831061Z	63	PC: 14d8a \| Read file or device (Read 14336 bytes on handle 5)
2018-12-17T22:53:34.313018486Z	63	PC: 14d8a \| Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:53:34.32178445Z	74	PC: 13f9d \| Reallocate memory
2018-12-17T22:53:34.323543525Z	62	PC: 14a9b \| Close file
2018-12-17T22:53:34.325611323Z	25	PC: 16134 \| Get default drive
2018-12-17T22:53:34.327517708Z	42	PC: 16a97 \| Get date 0x16a97: les bx, ptr [bp + 6] 0x16a9a: mov word ptr es:[bx], cx 0x16a9d: les bx, ptr [bp + 6] 0x16aa0: mov word ptr es:[bx + 2], dx 0x16aa4: pop bp 0x16aa5: retf 0x16aa6: push bp 0x16aa7: mov bp, sp 0x16aa9: mov ah, 0x2c 0x16aab: int 0x21 0x16aad: les bx, ptr [bp + 6] 0x16ab0: mov word ptr es:[bx], cx 0x16ab3: les bx, ptr [bp + 6] 0x16ab6: mov word ptr es:[bx + 2], dx 0x16aba: pop bp 0x16abb: retf 0x16abc: push bp 0x16abd: mov bp, sp 0x16abf: sub sp, 4 0x16ac2: push si
2018-12-17T22:53:34.329999049Z	44	PC: 16aad \| Get time 0x16aad: les bx, ptr [bp + 6] 0x16ab0: mov word ptr es:[bx], cx 0x16ab3: les bx, ptr [bp + 6] 0x16ab6: mov word ptr es:[bx + 2], dx 0x16aba: pop bp 0x16abb: retf 0x16abc: push bp 0x16abd: mov bp, sp 0x16abf: sub sp, 4 0x16ac2: push si 0x16ac3: push di 0x16ac4: les di, ptr [bp + 6] 0x16ac7: mov ax, es 0x16ac9: or ax, di 0x16acb: je 0x16aed 0x16acd: mov al, 0 0x16acf: mov ah, byte ptr es:[di] 0x16ad2: mov cx, 0xffff 0x16ad5: cld 0x16ad6: repne scasb al, byte ptr es:[di]
2018-12-17T22:53:34.334026735Z	74	PC: 13f9d \| Reallocate memory
2018-12-17T22:53:34.336359193Z	14	PC: 16143 \| Set default drive (Drive = 'A')
2018-12-17T22:53:34.339119754Z	59	PC: 1611f \| Change current directory
2018-12-17T22:53:34.346610387Z	26	PC: 166c1 \| Set disk transfer address
2018-12-17T22:53:34.349147964Z	78	PC: 166cb \| Find first file
2018-12-17T22:53:34.357204984Z	37	PC: 12bbc \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:34.358977097Z	37	PC: 12bc7 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:53:34.360763134Z	37	PC: 12bd2 \| Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:53:34.362328946Z	37	PC: 12bdd \| Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:53:34.363414964Z	76	PC: 12b65 \| Terminate with return code (Return code = '1')