Sample viewer

vx.netlux.org/Virus.DOS.HLLC.Happy.LZExe

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:05:56.782791636Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:05:56.79242592Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:05:56.793701609Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:05:56.794881663Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:56.795964922Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:56.798036894Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:05:56.799231424Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:05:56.800367625Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:05:56.81370271Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:05:56.815451996Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:05:56.817179673Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:05:56.825434723Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:05:56.826737777Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:05:56.827977622Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:05:56.829642583Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:05:56.830888897Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:05:56.831953873Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:05:56.833902149Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:05:56.835272877Z	37	PC: 1399b \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:05:56.836462702Z	37	PC: 139a3 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:56.837936111Z	37	PC: 139ab \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:56.839573603Z	37	PC: 139b3 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:05:56.841400404Z	68	PC: 13f93 \| I/O control for devices (Set for = '')
2018-12-17T23:05:56.871881461Z	37	PC: 130b7 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:05:56.873941058Z	48	PC: 1444e \| Get DOS version
2018-12-17T23:05:56.875751066Z	42	PC: 13647 \| Get date 0x13647: xor ah, ah 0x13649: les di, ptr [bp + 6] 0x1364c: stosw word ptr es:[di], ax 0x1364d: mov al, dl 0x1364f: les di, ptr [bp + 0xa] 0x13652: stosw word ptr es:[di], ax 0x13653: mov al, dh 0x13655: les di, ptr [bp + 0xe] 0x13658: stosw word ptr es:[di], ax 0x13659: xchg ax, cx 0x1365a: les di, ptr [bp + 0x12] 0x1365d: stosw word ptr es:[di], ax 0x1365e: pop bp 0x1365f: retf 0x10 0x13662: push bp 0x13663: mov bp, sp 0x13665: mov cx, word ptr [bp + 0xa] 0x13668: mov dh, byte ptr [bp + 8] 0x1366b: mov dl, byte ptr [bp + 6] 0x1366e: mov ah, 0x2b
2018-12-17T23:05:56.878761782Z	26	PC: 1371d \| Set disk transfer address
2018-12-17T23:05:56.894796398Z	78	PC: 13729 \| Find first file
2018-12-17T23:05:56.90173162Z	26	PC: 13741 \| Set disk transfer address
2018-12-17T23:05:56.903328919Z	79	PC: 13746 \| Find next file
2018-12-17T23:05:56.908455443Z	41	PC: 13895 \| Parse filename
2018-12-17T23:05:56.910798714Z	41	PC: 138a3 \| Parse filename
2018-12-17T23:05:56.912832158Z	75	PC: 138ae \| Execute program
2018-12-17T23:05:56.936111235Z	80	PC: 17889 \| Set current PSP
2018-12-17T23:05:56.937229799Z	48	PC: 1788e \| Get DOS version
2018-12-17T23:05:56.939040492Z	99	PC: 1e070 \| Get DBCS lead byte table pointer
2018-12-17T23:05:56.942744015Z	101	PC: 17914 \| Get extended country info
2018-12-17T23:05:56.944402508Z	99	PC: 1791a \| Get DBCS lead byte table pointer
2018-12-17T23:05:56.945582094Z	74	PC: 1797c \| Reallocate memory
2018-12-17T23:05:56.947660283Z	25	PC: 179b3 \| Get default drive
2018-12-17T23:05:56.948748794Z	37	PC: 17473 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:05:56.949754061Z	37	PC: 1747a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:56.951264655Z	37	PC: 17481 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:56.956527424Z	74	PC: 1661c \| Reallocate memory
2018-12-17T23:05:56.95819374Z	72	PC: 1665d \| Allocate memory
2018-12-17T23:05:56.960322035Z	72	PC: 16695 \| Allocate memory
2018-12-17T23:05:56.962372224Z	72	PC: 1669d \| Allocate memory