Sample viewer

vx.netlux.org/Virus.DOS.HLLC.Rider.5552

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:09:35.429533101Z	53	PC: 131ba \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:09:35.43201603Z	53	PC: 131ba \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:09:35.433526198Z	53	PC: 131ba \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:09:35.435086233Z	53	PC: 131ba \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:09:35.437196682Z	53	PC: 131ba \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:09:35.442353489Z	53	PC: 131ba \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:35.443801898Z	53	PC: 131ba \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:09:35.446056399Z	53	PC: 131ba \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:09:35.447380698Z	53	PC: 131ba \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:09:35.44894561Z	53	PC: 131ba \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:09:35.450584985Z	53	PC: 131ba \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:09:35.452820446Z	53	PC: 131ba \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:09:35.454450369Z	53	PC: 131ba \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:09:35.456041839Z	53	PC: 131ba \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:09:35.461787418Z	53	PC: 131ba \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:09:35.463246766Z	53	PC: 131ba \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:09:35.464629596Z	53	PC: 131ba \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:09:35.466765782Z	53	PC: 131ba \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:09:35.467872436Z	53	PC: 131ba \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:09:35.468994339Z	37	PC: 131cf \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:09:35.470744352Z	37	PC: 131d7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:09:35.472198496Z	37	PC: 131df \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:35.473336102Z	37	PC: 131e7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:09:35.475244213Z	68	PC: 13d1c \| I/O control for devices (Set for = '�;�s�;��[]��&�Ë��')
2018-12-17T23:09:35.477710982Z	48	PC: 13a42 \| Get DOS version
2018-12-17T23:09:35.48031987Z	48	PC: 13a42 \| Get DOS version
2018-12-17T23:09:35.482463664Z	48	PC: 13a42 \| Get DOS version
2018-12-17T23:09:35.485193215Z	60	PC: 13880 \| Create or truncate file
2018-12-17T23:09:35.515933137Z	65	PC: 139c9 \| Delete file (Filename = '�')
2018-12-17T23:09:35.533609639Z	26	PC: 12fc5 \| Set disk transfer address
2018-12-17T23:09:35.534848064Z	78	PC: 12fd1 \| Find first file
2018-12-17T23:09:35.541526431Z	26	PC: 12fc5 \| Set disk transfer address
2018-12-17T23:09:35.545675087Z	78	PC: 12fd1 \| Find first file
2018-12-17T23:09:35.552105682Z	86	PC: 13a0d \| Rename file
2018-12-17T23:09:35.563692631Z	53	PC: 13134 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:09:35.570378274Z	37	PC: 1313d \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:09:35.572011021Z	53	PC: 13134 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:09:35.573321756Z	37	PC: 1313d \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:09:35.575546175Z	53	PC: 13134 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:09:35.577274388Z	37	PC: 1313d \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:09:35.578929299Z	53	PC: 13134 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:09:35.581112958Z	37	PC: 1313d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:09:35.58250433Z	53	PC: 13134 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:09:35.583868224Z	37	PC: 1313d \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:09:35.585667508Z	53	PC: 13134 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:35.587574313Z	37	PC: 1313d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:35.588742263Z	53	PC: 13134 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:09:35.590654157Z	37	PC: 1313d \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:09:35.591808503Z	53	PC: 13134 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:09:35.592977398Z	37	PC: 1313d \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:09:35.595186619Z	53	PC: 13134 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:09:35.596678634Z	37	PC: 1313d \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:09:35.598226424Z	53	PC: 13134 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:09:35.600453996Z	37	PC: 1313d \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:09:35.601987513Z	53	PC: 13134 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:09:35.603462914Z	37	PC: 1313d \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:09:35.605782493Z	53	PC: 13134 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:09:35.60729727Z	37	PC: 1313d \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:09:35.608735266Z	53	PC: 13134 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:09:35.611142261Z	37	PC: 1313d \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:09:35.612432351Z	53	PC: 13134 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:09:35.613586079Z	37	PC: 1313d \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:09:35.615367757Z	53	PC: 13134 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:09:35.616513893Z	37	PC: 1313d \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:09:35.617605099Z	53	PC: 13134 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:09:35.619431555Z	37	PC: 1313d \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:09:35.621119059Z	53	PC: 13134 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:09:35.622324581Z	37	PC: 1313d \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:09:35.623648937Z	53	PC: 13134 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:09:35.625208592Z	37	PC: 1313d \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:09:35.626347918Z	53	PC: 13134 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:09:35.630910842Z	37	PC: 1313d \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:09:35.633851511Z	41	PC: 130eb \| Parse filename
2018-12-17T23:09:35.635322214Z	41	PC: 130f9 \| Parse filename
2018-12-17T23:09:35.636898214Z	75	PC: 13104 \| Execute program
2018-12-17T23:09:35.659769636Z	80	PC: 16249 \| Set current PSP
2018-12-17T23:09:35.660896052Z	48	PC: 1624e \| Get DOS version
2018-12-17T23:09:35.662882038Z	99	PC: 1ca30 \| Get DBCS lead byte table pointer
2018-12-17T23:09:35.666976045Z	101	PC: 162d4 \| Get extended country info
2018-12-17T23:09:35.66872121Z	99	PC: 162da \| Get DBCS lead byte table pointer
2018-12-17T23:09:35.670382248Z	74	PC: 1633c \| Reallocate memory
2018-12-17T23:09:35.67359835Z	25	PC: 16373 \| Get default drive
2018-12-17T23:09:35.675383951Z	37	PC: 15e33 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:09:35.677082696Z	37	PC: 15e3a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:09:35.67930177Z	37	PC: 15e41 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:35.684202479Z	74	PC: 14fdc \| Reallocate memory
2018-12-17T23:09:35.6862037Z	72	PC: 1501d \| Allocate memory
2018-12-17T23:09:35.688656364Z	72	PC: 15055 \| Allocate memory
2018-12-17T23:09:35.693922068Z	72	PC: 1505d \| Allocate memory