Sample viewer

vx.netlux.org/Virus.DOS.HLLC.Happy.PKLite

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:10:17.420046932Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:10:17.421848572Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:10:17.423055323Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:10:17.424117138Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:10:17.42561594Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:17.427493142Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:10:17.428484609Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:10:17.429552888Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:10:17.431105589Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:10:17.432038102Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:10:17.432859396Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:10:17.436314016Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:10:17.437224271Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:10:17.438136518Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:10:17.439939102Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:10:17.441056665Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:10:17.442082976Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:10:17.44368013Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:10:17.445003409Z	37	PC: 1399b \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:10:17.446317778Z	37	PC: 139a3 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:10:17.448140342Z	37	PC: 139ab \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:17.449570181Z	37	PC: 139b3 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:10:17.451122562Z	68	PC: 13f93 \| I/O control for devices (Set for = '')
2018-12-17T23:10:17.517815761Z	37	PC: 130b7 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:10:17.51939645Z	48	PC: 1444e \| Get DOS version
2018-12-17T23:10:17.521072143Z	42	PC: 13647 \| Get date 0x13647: xor ah, ah 0x13649: les di, ptr [bp + 6] 0x1364c: stosw word ptr es:[di], ax 0x1364d: mov al, dl 0x1364f: les di, ptr [bp + 0xa] 0x13652: stosw word ptr es:[di], ax 0x13653: mov al, dh 0x13655: les di, ptr [bp + 0xe] 0x13658: stosw word ptr es:[di], ax 0x13659: xchg ax, cx 0x1365a: les di, ptr [bp + 0x12] 0x1365d: stosw word ptr es:[di], ax 0x1365e: pop bp 0x1365f: retf 0x10 0x13662: push bp 0x13663: mov bp, sp 0x13665: mov cx, word ptr [bp + 0xa] 0x13668: mov dh, byte ptr [bp + 8] 0x1366b: mov dl, byte ptr [bp + 6] 0x1366e: mov ah, 0x2b
2018-12-17T23:10:17.524429768Z	26	PC: 1371d \| Set disk transfer address
2018-12-17T23:10:17.525493888Z	78	PC: 13729 \| Find first file
2018-12-17T23:10:17.531358511Z	26	PC: 13741 \| Set disk transfer address
2018-12-17T23:10:17.533069905Z	79	PC: 13746 \| Find next file
2018-12-17T23:10:17.536739477Z	41	PC: 13895 \| Parse filename
2018-12-17T23:10:17.538702049Z	41	PC: 138a3 \| Parse filename
2018-12-17T23:10:17.540473934Z	75	PC: 138ae \| Execute program
2018-12-17T23:10:17.56832789Z	80	PC: 178f9 \| Set current PSP
2018-12-17T23:10:17.569153081Z	48	PC: 178fe \| Get DOS version
2018-12-17T23:10:17.572029624Z	99	PC: 1e0e0 \| Get DBCS lead byte table pointer
2018-12-17T23:10:17.57478186Z	101	PC: 17984 \| Get extended country info
2018-12-17T23:10:17.576027947Z	99	PC: 1798a \| Get DBCS lead byte table pointer
2018-12-17T23:10:17.577817214Z	74	PC: 179ec \| Reallocate memory
2018-12-17T23:10:17.580060858Z	25	PC: 17a23 \| Get default drive
2018-12-17T23:10:17.581226232Z	37	PC: 174e3 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:10:17.582583507Z	37	PC: 174ea \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:10:17.584607675Z	37	PC: 174f1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:17.588733282Z	74	PC: 1668c \| Reallocate memory
2018-12-17T23:10:17.590152498Z	72	PC: 166cd \| Allocate memory
2018-12-17T23:10:17.593080605Z	72	PC: 16705 \| Allocate memory
2018-12-17T23:10:17.594891277Z	72	PC: 1670d \| Allocate memory