Sample viewer

vx.netlux.org/Virus.DOS.HLLC.Unvisible.d

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:55:40.941613373Z	48	PC: 12a4c \| Get DOS version
2018-12-17T22:55:40.943902339Z	53	PC: 12b75 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:55:40.959674862Z	53	PC: 12b82 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:55:40.961212234Z	53	PC: 12b8f \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:55:40.964304497Z	53	PC: 12b9c \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:55:40.966125397Z	37	PC: 12bb0 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:55:40.968124339Z	74	PC: 12af4 \| Reallocate memory
2018-12-17T22:55:40.971114405Z	74	PC: 13f9d \| Reallocate memory
2018-12-17T22:55:40.97372058Z	42	PC: 16a97 \| Get date 0x16a97: les bx, ptr [bp + 6] 0x16a9a: mov word ptr es:[bx], cx 0x16a9d: les bx, ptr [bp + 6] 0x16aa0: mov word ptr es:[bx + 2], dx 0x16aa4: pop bp 0x16aa5: retf 0x16aa6: push bp 0x16aa7: mov bp, sp 0x16aa9: mov ah, 0x2c 0x16aab: int 0x21 0x16aad: les bx, ptr [bp + 6] 0x16ab0: mov word ptr es:[bx], cx 0x16ab3: les bx, ptr [bp + 6] 0x16ab6: mov word ptr es:[bx + 2], dx 0x16aba: pop bp 0x16abb: retf 0x16abc: push bp 0x16abd: mov bp, sp 0x16abf: sub sp, 4 0x16ac2: push si
2018-12-17T22:55:40.976171181Z	44	PC: 16aad \| Get time 0x16aad: les bx, ptr [bp + 6] 0x16ab0: mov word ptr es:[bx], cx 0x16ab3: les bx, ptr [bp + 6] 0x16ab6: mov word ptr es:[bx + 2], dx 0x16aba: pop bp 0x16abb: retf 0x16abc: push bp 0x16abd: mov bp, sp 0x16abf: sub sp, 4 0x16ac2: push si 0x16ac3: push di 0x16ac4: les di, ptr [bp + 6] 0x16ac7: mov ax, es 0x16ac9: or ax, di 0x16acb: je 0x16aed 0x16acd: mov al, 0 0x16acf: mov ah, byte ptr es:[di] 0x16ad2: mov cx, 0xffff 0x16ad5: cld 0x16ad6: repne scasb al, byte ptr es:[di]
2018-12-17T22:55:40.981961171Z	74	PC: 13f9d \| Reallocate memory
2018-12-17T22:55:40.984926248Z	61	PC: 14443 \| Open file (Filename = '��>~�')
2018-12-17T22:55:40.991723345Z	68	PC: 1481a \| I/O control for devices (Set for = 'Divide error Abnormal program termination W�')
2018-12-17T22:55:41.002593266Z	68	PC: 1483e \| I/O control for devices (Set for = '')
2018-12-17T22:55:41.005039054Z	74	PC: 13f9d \| Reallocate memory
2018-12-17T22:55:41.010738004Z	63	PC: 14d8a \| Read file or device (Read 14336 bytes on handle 5)
2018-12-17T22:55:41.019561409Z	63	PC: 14d8a \| Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:55:41.027118565Z	74	PC: 13f9d \| Reallocate memory
2018-12-17T22:55:41.029199867Z	62	PC: 14a9b \| Close file
2018-12-17T22:55:41.032074266Z	25	PC: 16134 \| Get default drive
2018-12-17T22:55:41.033600507Z	42	PC: 16a97 \| Get date 0x16a97: les bx, ptr [bp + 6] 0x16a9a: mov word ptr es:[bx], cx 0x16a9d: les bx, ptr [bp + 6] 0x16aa0: mov word ptr es:[bx + 2], dx 0x16aa4: pop bp 0x16aa5: retf 0x16aa6: push bp 0x16aa7: mov bp, sp 0x16aa9: mov ah, 0x2c 0x16aab: int 0x21 0x16aad: les bx, ptr [bp + 6] 0x16ab0: mov word ptr es:[bx], cx 0x16ab3: les bx, ptr [bp + 6] 0x16ab6: mov word ptr es:[bx + 2], dx 0x16aba: pop bp 0x16abb: retf 0x16abc: push bp 0x16abd: mov bp, sp 0x16abf: sub sp, 4 0x16ac2: push si
2018-12-17T22:55:41.036085985Z	44	PC: 16aad \| Get time 0x16aad: les bx, ptr [bp + 6] 0x16ab0: mov word ptr es:[bx], cx 0x16ab3: les bx, ptr [bp + 6] 0x16ab6: mov word ptr es:[bx + 2], dx 0x16aba: pop bp 0x16abb: retf 0x16abc: push bp 0x16abd: mov bp, sp 0x16abf: sub sp, 4 0x16ac2: push si 0x16ac3: push di 0x16ac4: les di, ptr [bp + 6] 0x16ac7: mov ax, es 0x16ac9: or ax, di 0x16acb: je 0x16aed 0x16acd: mov al, 0 0x16acf: mov ah, byte ptr es:[di] 0x16ad2: mov cx, 0xffff 0x16ad5: cld 0x16ad6: repne scasb al, byte ptr es:[di]
2018-12-17T22:55:41.040802887Z	74	PC: 13f9d \| Reallocate memory
2018-12-17T22:55:41.042985435Z	14	PC: 16143 \| Set default drive (Drive = 'A')
2018-12-17T22:55:41.045314472Z	59	PC: 1611f \| Change current directory
2018-12-17T22:55:41.051961979Z	26	PC: 166c1 \| Set disk transfer address
2018-12-17T22:55:41.053998253Z	78	PC: 166cb \| Find first file
2018-12-17T22:55:41.060629738Z	37	PC: 12bbc \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:55:41.062333504Z	37	PC: 12bc7 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:55:41.065732781Z	37	PC: 12bd2 \| Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:55:41.066752305Z	37	PC: 12bdd \| Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:55:41.067769864Z	76	PC: 12b65 \| Terminate with return code (Return code = '1')