Sample viewer

vx.netlux.org/Virus.DOS.HLLC.Globe.6610

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:09:19.195253905Z	48	PC: 12a4b \| Get DOS version
2018-12-17T23:09:19.197339091Z	53	PC: 12b86 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:09:19.198434025Z	53	PC: 12b93 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:09:19.199556406Z	53	PC: 12ba0 \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T23:09:19.201771514Z	53	PC: 12bad \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T23:09:19.203615703Z	37	PC: 12bc1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:09:19.205197876Z	74	PC: 12b18 \| Reallocate memory
2018-12-17T23:09:19.20881925Z	26	PC: 14431 \| Set disk transfer address
2018-12-17T23:09:19.209907827Z	78	PC: 1443b \| Find first file
2018-12-17T23:09:19.216300906Z	26	PC: 14431 \| Set disk transfer address
2018-12-17T23:09:19.217412842Z	78	PC: 1443b \| Find first file
2018-12-17T23:09:19.227003075Z	61	PC: 135fd \| Open file (Filename = 'C:\DOS\ATTRIB.COM')
2018-12-17T23:09:19.236449104Z	67	PC: 13d39 \| Get or set file attributes
2018-12-17T23:09:19.253207139Z	55	PC: 146ea \| Get or set switch character
2018-12-17T23:09:19.255361438Z	41	PC: 14a65 \| Parse filename
2018-12-17T23:09:19.256635777Z	41	PC: 14a73 \| Parse filename
2018-12-17T23:09:19.257985295Z	75	PC: 14ab3 \| Execute program
2018-12-17T23:09:19.279586139Z	80	PC: 24029 \| Set current PSP
2018-12-17T23:09:19.280554187Z	48	PC: 2402e \| Get DOS version
2018-12-17T23:09:19.282174381Z	99	PC: 2a810 \| Get DBCS lead byte table pointer
2018-12-17T23:09:19.285082543Z	101	PC: 240b4 \| Get extended country info
2018-12-17T23:09:19.286213809Z	99	PC: 240ba \| Get DBCS lead byte table pointer
2018-12-17T23:09:19.287280591Z	74	PC: 2411c \| Reallocate memory
2018-12-17T23:09:19.289275688Z	25	PC: 24153 \| Get default drive
2018-12-17T23:09:19.290245008Z	37	PC: 23c13 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:09:19.291273061Z	37	PC: 23c1a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:09:19.30215048Z	37	PC: 23c21 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:19.306621355Z	74	PC: 22dbc \| Reallocate memory
2018-12-17T23:09:19.30827283Z	72	PC: 22dfd \| Allocate memory
2018-12-17T23:09:19.311212976Z	72	PC: 22e35 \| Allocate memory
2018-12-17T23:09:19.312718113Z	72	PC: 22e3d \| Allocate memory