Sample viewer

vx.netlux.org/Virus.DOS.HLLC.Pest.4243

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:57:03.751126539Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:03.752667778Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:57:03.753680409Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:57:03.754638482Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:03.756198732Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:57:03.757219351Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:03.758529235Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:57:03.760385717Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:57:03.761790549Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:57:03.762993257Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:57:03.764777641Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:57:03.766558735Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:57:03.768016372Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:57:03.769576468Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:57:03.771792532Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:57:03.772726243Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:57:03.773636323Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:57:03.781492157Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:57:03.782542959Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:57:03.783657029Z	37	PC: 1332f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:03.786942438Z	37	PC: 13337 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:57:03.787888245Z	37	PC: 1333f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:03.788697661Z	37	PC: 13347 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:57:03.790595133Z	68	PC: 13d5a \| I/O control for devices (Set for = '��')
2018-12-17T22:57:03.792252382Z	25	PC: 13a2c \| Get default drive
2018-12-17T22:57:03.793256509Z	71	PC: 13a3f \| Get current directory
2018-12-17T22:57:03.797488187Z	14	PC: 13a85 \| Set default drive (Drive = 'C')
2018-12-17T22:57:03.798833478Z	25	PC: 13a89 \| Get default drive
2018-12-17T22:57:03.800348658Z	26	PC: 1315d \| Set disk transfer address
2018-12-17T22:57:03.802209838Z	78	PC: 13169 \| Find first file
2018-12-17T22:57:03.807687662Z	26	PC: 13181 \| Set disk transfer address
2018-12-17T22:57:03.808676737Z	79	PC: 13186 \| Find next file
2018-12-17T22:57:03.811798775Z	26	PC: 13181 \| Set disk transfer address
2018-12-17T22:57:03.813183125Z	79	PC: 13186 \| Find next file
2018-12-17T22:57:03.815816833Z	26	PC: 13181 \| Set disk transfer address
2018-12-17T22:57:03.817477695Z	79	PC: 13186 \| Find next file
2018-12-17T22:57:03.820338886Z	26	PC: 1315d \| Set disk transfer address
2018-12-17T22:57:03.821393669Z	78	PC: 13169 \| Find first file
2018-12-17T22:57:03.828526752Z	48	PC: 1399f \| Get DOS version
2018-12-17T22:57:03.829913909Z	67	PC: 130bf \| Get or set file attributes
2018-12-17T22:57:03.837032247Z	61	PC: 137dd \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:57:03.847388452Z	67	PC: 130bf \| Get or set file attributes
2018-12-17T22:57:03.863890922Z	61	PC: 137dd \| Open file (Filename = '\DOS\ATTRIB.EXE')
2018-12-17T22:57:03.871690426Z	87	PC: 13100 \| Get or set file date and time
2018-12-17T22:57:03.873704538Z	62	PC: 1382d \| Close file
2018-12-17T22:57:03.875762849Z	86	PC: 1396a \| Rename file
2018-12-17T22:57:04.234419783Z	60	PC: 137dd \| Create or truncate file
2018-12-17T22:57:04.246380458Z	63	PC: 138b0 \| Read file or device (Read 4243 bytes on handle 5)
2018-12-17T22:57:04.254183962Z	64	PC: 138b0 \| Write file or device (Write 4243 bytes on handle 6)
2018-12-17T22:57:04.264894137Z	87	PC: 1312d \| Get or set file date and time
2018-12-17T22:57:04.267382306Z	62	PC: 1382d \| Close file
2018-12-17T22:57:04.274836248Z	67	PC: 130e6 \| Get or set file attributes
2018-12-17T22:57:04.285164347Z	62	PC: 1382d \| Close file
2018-12-17T22:57:04.287788035Z	26	PC: 1315d \| Set disk transfer address
2018-12-17T22:57:04.289242704Z	78	PC: 13169 \| Find first file
2018-12-17T22:57:04.295979152Z	14	PC: 13a85 \| Set default drive (Drive = 'A')
2018-12-17T22:57:04.297747668Z	25	PC: 13a89 \| Get default drive
2018-12-17T22:57:04.299181942Z	59	PC: 13af3 \| Change current directory
2018-12-17T22:57:04.303095389Z	48	PC: 1399f \| Get DOS version
2018-12-17T22:57:04.305266112Z	41	PC: 13279 \| Parse filename
2018-12-17T22:57:04.307257235Z	41	PC: 13287 \| Parse filename
2018-12-17T22:57:04.308811482Z	75	PC: 13292 \| Execute program
2018-12-17T22:57:04.315599605Z	64	PC: 13738 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:57:04.31798636Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:04.319022348Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:57:04.320064011Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:57:04.321782015Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:04.322902003Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:57:04.323987976Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:04.325793061Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:57:04.326834416Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:57:04.328219409Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:57:04.329768843Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:57:04.330859753Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:57:04.331818019Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:57:04.333406852Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:57:04.334779031Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:57:04.335811761Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:57:04.337337309Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:57:04.338284101Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:57:04.339177175Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:57:04.340993116Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:57:04.342020728Z	76	PC: 134b0 \| Terminate with return code (Return code = '0')