Sample viewer

vx.netlux.org/Virus.DOS.HLLW.Zork

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:02:25.618636851Z	53	PC: 12c8a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:02:25.621466579Z	53	PC: 12c8a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:02:25.622799102Z	53	PC: 12c8a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:02:25.624381021Z	53	PC: 12c8a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:02:25.62776016Z	53	PC: 12c8a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:02:25.629382926Z	53	PC: 12c8a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:02:25.630710304Z	53	PC: 12c8a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:02:25.6318722Z	53	PC: 12c8a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:02:25.634173102Z	53	PC: 12c8a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:02:25.635754736Z	53	PC: 12c8a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:02:25.637325695Z	53	PC: 12c8a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:02:25.642040541Z	53	PC: 12c8a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:02:25.643107545Z	53	PC: 12c8a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:02:25.644041953Z	53	PC: 12c8a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:02:25.665566001Z	53	PC: 12c8a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:02:25.66731841Z	53	PC: 12c8a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:02:25.668533378Z	53	PC: 12c8a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:02:25.670239694Z	53	PC: 12c8a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:02:25.671581551Z	53	PC: 12c8a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:02:25.673166411Z	37	PC: 12c9f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:02:25.675167003Z	37	PC: 12ca7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:02:25.677071939Z	37	PC: 12caf \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:02:25.678488175Z	37	PC: 12cb7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:02:25.681597291Z	68	PC: 13773 \| I/O control for devices (Set for = '')
2018-12-17T22:02:25.683373917Z	44	PC: 138aa \| Get time 0x138aa: mov word ptr [0x98], cx 0x138ae: mov word ptr [0x9a], dx 0x138b2: retf 0x138b3: mov di, 0xac 0x138b6: push ds 0x138b7: pop es 0x138b8: mov cx, 0x477c 0x138bb: sub cx, di 0x138bd: shr cx, 1 0x138bf: xor ax, ax 0x138c1: cld 0x138c2: rep stosd dword ptr es:[di], eax 0x138c4: ret 0x138c5: add byte ptr [bx + si], al 0x138c7: add byte ptr [bx + si], al 0x138c9: add byte ptr [bx + si], al 0x138cb: add byte ptr [bx + si], al 0x138cd: add byte ptr [bx + si], al 0x138cf: add byte ptr [bx + si], al 0x138d1: add byte ptr [di], al
2018-12-17T22:02:25.685715168Z	48	PC: 1349e \| Get DOS version
2018-12-17T22:02:25.688296297Z	61	PC: 13350 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:02:25.695193988Z	63	PC: 13423 \| Read file or device (Read 16384 bytes on handle 5)
2018-12-17T22:02:25.702288626Z	62	PC: 133a0 \| Close file
2018-12-17T22:02:25.705091828Z	64	PC: 130a8 \| Write file or device (Write 29 bytes on handle 1)
2018-12-17T22:02:25.710314235Z	64	PC: 130a8 \| Write file or device (Write 28 bytes on handle 1)
2018-12-17T22:02:25.716227262Z	60	PC: 13350 \| Create or truncate file
2018-12-17T22:02:25.734085241Z	64	PC: 13423 \| Write file or device (Write 4112 bytes on handle 5)
2018-12-17T22:02:25.742875431Z	62	PC: 133a0 \| Close file
2018-12-17T22:02:25.751159047Z	64	PC: 130a8 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:02:25.753130553Z	37	PC: 12de1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:02:25.754370303Z	37	PC: 12de1 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:02:25.755388909Z	37	PC: 12de1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:02:25.756437415Z	37	PC: 12de1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:02:25.758649304Z	37	PC: 12de1 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:02:25.759695154Z	37	PC: 12de1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:02:25.760684436Z	37	PC: 12de1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:02:25.763127287Z	37	PC: 12de1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:02:25.764317602Z	37	PC: 12de1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:02:25.765435182Z	37	PC: 12de1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:02:25.767142347Z	37	PC: 12de1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:02:25.768353696Z	37	PC: 12de1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:02:25.769444323Z	37	PC: 12de1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:02:25.771230272Z	37	PC: 12de1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:02:25.772438579Z	37	PC: 12de1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:02:25.773642639Z	37	PC: 12de1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:02:25.775262119Z	37	PC: 12de1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:02:25.776720657Z	37	PC: 12de1 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:02:25.778141192Z	37	PC: 12de1 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:02:25.780628987Z	76	PC: 12e20 \| Terminate with return code (Return code = '0')