Sample viewer

vx.netlux.org/Virus.DOS.HLLW.Icommand.9776

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:56:16.043098737Z	53	PC: 13fbb \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:56:16.044643175Z	53	PC: 13fc8 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:56:16.045788858Z	53	PC: 13fd5 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:56:16.046782474Z	53	PC: 13fe2 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:16.049169604Z	53	PC: 13fef \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:56:16.050392679Z	37	PC: 14002 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:56:16.051534044Z	37	PC: 1400a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:56:16.053022274Z	37	PC: 14012 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:16.054495817Z	68	PC: 14743 \| I/O control for devices (Set for = '')
2018-12-17T22:56:16.122305418Z	53	PC: 1398f \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:56:16.123917365Z	37	PC: 139a2 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:56:16.125743535Z	67	PC: 1383d \| Get or set file attributes
2018-12-17T22:56:16.131279913Z	67	PC: 1383d \| Get or set file attributes
2018-12-17T22:56:16.477347313Z	61	PC: 1472b \| Open file (Filename = 'c:\autoexec.bat')
2018-12-17T22:56:16.483475711Z	68	PC: 14743 \| I/O control for devices (Set for = 'c:\autoexec.bat')
2018-12-17T22:56:16.48476213Z	66	PC: 14787 \| Move file pointer
2018-12-17T22:56:16.486444373Z	66	PC: 1479e \| Move file pointer
2018-12-17T22:56:16.487932762Z	63	PC: 147ab \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:56:16.490972182Z	64	PC: 14821 \| Write file or device (Write 10 bytes on handle 5)
2018-12-17T22:56:16.493670904Z	62	PC: 1486a \| Close file
2018-12-17T22:56:16.501045519Z	67	PC: 1383d \| Get or set file attributes
2018-12-17T22:56:16.510848671Z	67	PC: 1383d \| Get or set file attributes
2018-12-17T22:56:16.519862584Z	67	PC: 1383d \| Get or set file attributes
2018-12-17T22:56:16.526682311Z	41	PC: 138c9 \| Parse filename
2018-12-17T22:56:16.528077434Z	41	PC: 138d7 \| Parse filename
2018-12-17T22:56:16.529419555Z	75	PC: 138e2 \| Execute program
2018-12-17T22:56:16.547988143Z	80	PC: 1ad69 \| Set current PSP
2018-12-17T22:56:16.548830674Z	48	PC: 1ad6e \| Get DOS version
2018-12-17T22:56:16.550332741Z	99	PC: 21550 \| Get DBCS lead byte table pointer
2018-12-17T22:56:16.553675267Z	101	PC: 1adf4 \| Get extended country info
2018-12-17T22:56:16.555275414Z	99	PC: 1adfa \| Get DBCS lead byte table pointer
2018-12-17T22:56:16.556698336Z	74	PC: 1ae5c \| Reallocate memory
2018-12-17T22:56:16.559055861Z	25	PC: 1ae93 \| Get default drive
2018-12-17T22:56:16.560130434Z	37	PC: 1a953 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:56:16.561182733Z	37	PC: 1a95a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:56:16.562843387Z	37	PC: 1a961 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:16.567085101Z	74	PC: 19afc \| Reallocate memory
2018-12-17T22:56:16.568523492Z	72	PC: 19b3d \| Allocate memory
2018-12-17T22:56:16.571204176Z	72	PC: 19b75 \| Allocate memory
2018-12-17T22:56:16.572832998Z	72	PC: 19b7d \| Allocate memory