Sample viewer

vx.netlux.org/Virus.DOS.HLLC.6919

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:05:34.523571852Z	53	PC: 13f4a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:05:34.525024517Z	53	PC: 13f4a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:05:34.526136684Z	53	PC: 13f4a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:05:34.527149565Z	53	PC: 13f4a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:34.528372236Z	53	PC: 13f4a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:34.529787449Z	53	PC: 13f4a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:34.530810006Z	53	PC: 13f4a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:05:34.5318051Z	53	PC: 13f4a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:05:34.533063309Z	53	PC: 13f4a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:05:34.534106791Z	53	PC: 13f4a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:05:34.535234588Z	53	PC: 13f4a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:05:34.536791516Z	53	PC: 13f4a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:05:34.537873505Z	53	PC: 13f4a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:05:34.538960988Z	53	PC: 13f4a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:05:34.54082512Z	53	PC: 13f4a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:05:34.541852212Z	53	PC: 13f4a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:05:34.543033697Z	53	PC: 13f4a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:05:34.544646605Z	53	PC: 13f4a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:05:34.546206547Z	53	PC: 13f4a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:05:34.547759276Z	37	PC: 13f5f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:05:34.549063936Z	37	PC: 13f67 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:34.550452616Z	37	PC: 13f6f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:34.553786384Z	37	PC: 13f77 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:05:34.555565489Z	68	PC: 14c23 \| I/O control for devices (Set for = '�s��N3��')
2018-12-17T23:05:34.618706523Z	37	PC: 13691 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:05:34.620277264Z	48	PC: 14863 \| Get DOS version
2018-12-17T23:05:34.621943289Z	25	PC: 148f0 \| Get default drive
2018-12-17T23:05:34.623671921Z	71	PC: 14903 \| Get current directory
2018-12-17T23:05:34.625905711Z	59	PC: 149b7 \| Change current directory
2018-12-17T23:05:34.628548122Z	26	PC: 13ce9 \| Set disk transfer address
2018-12-17T23:05:34.630018598Z	78	PC: 13cf5 \| Find first file
2018-12-17T23:05:34.633796741Z	26	PC: 13ce9 \| Set disk transfer address
2018-12-17T23:05:34.634788902Z	78	PC: 13cf5 \| Find first file
2018-12-17T23:05:34.64070906Z	48	PC: 14863 \| Get DOS version
2018-12-17T23:05:34.642565054Z	26	PC: 13ce9 \| Set disk transfer address
2018-12-17T23:05:34.643422065Z	78	PC: 13cf5 \| Find first file
2018-12-17T23:05:34.649702441Z	26	PC: 13d0d \| Set disk transfer address
2018-12-17T23:05:34.650568095Z	79	PC: 13d12 \| Find next file
2018-12-17T23:05:34.652572861Z	48	PC: 14863 \| Get DOS version
2018-12-17T23:05:34.654465711Z	14	PC: 14949 \| Set default drive (Drive = 'A')
2018-12-17T23:05:34.655933748Z	25	PC: 1494d \| Get default drive
2018-12-17T23:05:34.656941865Z	59	PC: 149b7 \| Change current directory
2018-12-17T23:05:34.660916213Z	42	PC: 13c17 \| Get date 0x13c17: xor ah, ah 0x13c19: les di, ptr [bp + 6] 0x13c1c: stosw word ptr es:[di], ax 0x13c1d: mov al, dl 0x13c1f: les di, ptr [bp + 0xa] 0x13c22: stosw word ptr es:[di], ax 0x13c23: mov al, dh 0x13c25: les di, ptr [bp + 0xe] 0x13c28: stosw word ptr es:[di], ax 0x13c29: xchg ax, cx 0x13c2a: les di, ptr [bp + 0x12] 0x13c2d: stosw word ptr es:[di], ax 0x13c2e: pop bp 0x13c2f: retf 0x10 0x13c32: push bp 0x13c33: mov bp, sp 0x13c35: mov cx, word ptr [bp + 0xa] 0x13c38: mov dh, byte ptr [bp + 8] 0x13c3b: mov dl, byte ptr [bp + 6] 0x13c3e: mov ah, 0x2b
2018-12-17T23:05:34.6641559Z	44	PC: 13c4d \| Get time 0x13c4d: xor ah, ah 0x13c4f: mov al, dl 0x13c51: les di, ptr [bp + 6] 0x13c54: stosw word ptr es:[di], ax 0x13c55: mov al, dh 0x13c57: les di, ptr [bp + 0xa] 0x13c5a: stosw word ptr es:[di], ax 0x13c5b: mov al, cl 0x13c5d: les di, ptr [bp + 0xe] 0x13c60: stosw word ptr es:[di], ax 0x13c61: mov al, ch 0x13c63: les di, ptr [bp + 0x12] 0x13c66: stosw word ptr es:[di], ax 0x13c67: pop bp 0x13c68: retf 0x10 0x13c6b: push bp 0x13c6c: mov bp, sp 0x13c6e: mov ch, byte ptr [bp + 0xc] 0x13c71: mov cl, byte ptr [bp + 0xa] 0x13c74: mov dh, byte ptr [bp + 8]
2018-12-17T23:05:34.666614971Z	26	PC: 13ce9 \| Set disk transfer address
2018-12-17T23:05:34.667818907Z	78	PC: 13cf5 \| Find first file
2018-12-17T23:05:34.679797044Z	37	PC: 140a1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:05:34.68109924Z	37	PC: 140a1 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:05:34.682399539Z	37	PC: 140a1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:05:34.684545059Z	37	PC: 140a1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:34.686535636Z	37	PC: 140a1 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:34.687813469Z	37	PC: 140a1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:34.689967045Z	37	PC: 140a1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:05:34.691285818Z	37	PC: 140a1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:05:34.692562288Z	37	PC: 140a1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:05:34.694563109Z	37	PC: 140a1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:05:34.696137605Z	37	PC: 140a1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:05:34.697425403Z	37	PC: 140a1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:05:34.699337937Z	37	PC: 140a1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:05:34.70088662Z	37	PC: 140a1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:05:34.702202182Z	37	PC: 140a1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:05:34.704188331Z	37	PC: 140a1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:05:34.705756307Z	37	PC: 140a1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:05:34.707065482Z	37	PC: 140a1 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:05:34.709181361Z	37	PC: 140a1 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:05:34.710566221Z	76	PC: 140e0 \| Terminate with return code (Return code = '0')