Sample viewer

vx.netlux.org/Virus.DOS.HLLP.IC.8942

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:12:39.928477694Z	53	PC: 13faa \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:39.930759775Z	53	PC: 13faa \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:12:39.93233136Z	53	PC: 13faa \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:12:39.93390559Z	53	PC: 13faa \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:12:39.945729654Z	53	PC: 13faa \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:12:39.947412177Z	53	PC: 13faa \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:39.954581779Z	53	PC: 13faa \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:12:39.9571775Z	53	PC: 13faa \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:12:39.958657693Z	53	PC: 13faa \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:12:39.960071321Z	53	PC: 13faa \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:12:39.96464959Z	53	PC: 13faa \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:12:39.968364174Z	53	PC: 13faa \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:12:39.969575892Z	53	PC: 13faa \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:12:39.970791067Z	53	PC: 13faa \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:12:39.972962981Z	53	PC: 13faa \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:12:39.974728571Z	53	PC: 13faa \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:12:39.976587667Z	53	PC: 13faa \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:12:39.978853026Z	53	PC: 13faa \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:12:39.980113587Z	53	PC: 13faa \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:12:39.981685763Z	37	PC: 13fbf \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:39.983994694Z	37	PC: 13fc7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:12:39.985395288Z	37	PC: 13fcf \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:39.986802334Z	37	PC: 13fd7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:12:39.989302876Z	68	PC: 14ef6 \| I/O control for devices (Set for = '')
2018-12-17T23:12:40.018279942Z	37	PC: 13721 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:12:40.02025177Z	48	PC: 14a21 \| Get DOS version
2018-12-17T23:12:40.022866927Z	61	PC: 148d3 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:12:40.030283983Z	66	PC: 14a05 \| Move file pointer
2018-12-17T23:12:40.031886006Z	63	PC: 149a6 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T23:12:40.035666674Z	62	PC: 14923 \| Close file
2018-12-17T23:12:40.037584671Z	25	PC: 14aae \| Get default drive
2018-12-17T23:12:40.038643432Z	71	PC: 14ac1 \| Get current directory
2018-12-17T23:12:40.042427518Z	59	PC: 14b75 \| Change current directory
2018-12-17T23:12:40.047180585Z	26	PC: 13dbf \| Set disk transfer address
2018-12-17T23:12:40.048637775Z	78	PC: 13dcb \| Find first file
2018-12-17T23:12:40.057031818Z	59	PC: 14b75 \| Change current directory
2018-12-17T23:12:40.063422034Z	26	PC: 13de3 \| Set disk transfer address
2018-12-17T23:12:40.06515885Z	79	PC: 13de8 \| Find next file
2018-12-17T23:12:40.068540558Z	59	PC: 14b75 \| Change current directory
2018-12-17T23:12:40.075560027Z	26	PC: 13de3 \| Set disk transfer address
2018-12-17T23:12:40.076780492Z	79	PC: 13de8 \| Find next file
2018-12-17T23:12:40.079770334Z	59	PC: 14b75 \| Change current directory
2018-12-17T23:12:40.087490801Z	26	PC: 13de3 \| Set disk transfer address
2018-12-17T23:12:40.088627839Z	79	PC: 13de8 \| Find next file
2018-12-17T23:12:40.091580581Z	59	PC: 14b75 \| Change current directory
2018-12-17T23:12:40.105982201Z	26	PC: 13de3 \| Set disk transfer address
2018-12-17T23:12:40.107845524Z	79	PC: 13de8 \| Find next file
2018-12-17T23:12:40.111441366Z	59	PC: 14b75 \| Change current directory
2018-12-17T23:12:40.119200135Z	26	PC: 13de3 \| Set disk transfer address
2018-12-17T23:12:40.120363252Z	79	PC: 13de8 \| Find next file
2018-12-17T23:12:40.12357453Z	59	PC: 14b75 \| Change current directory
2018-12-17T23:12:40.131009941Z	26	PC: 13de3 \| Set disk transfer address
2018-12-17T23:12:40.132659623Z	79	PC: 13de8 \| Find next file
2018-12-17T23:12:40.135809355Z	59	PC: 14b75 \| Change current directory
2018-12-17T23:12:40.143267389Z	26	PC: 13de3 \| Set disk transfer address
2018-12-17T23:12:40.144657222Z	79	PC: 13de8 \| Find next file
2018-12-17T23:12:40.14796925Z	59	PC: 14b75 \| Change current directory
2018-12-17T23:12:40.154799072Z	26	PC: 13de3 \| Set disk transfer address
2018-12-17T23:12:40.156583828Z	79	PC: 13de8 \| Find next file
2018-12-17T23:12:40.15955775Z	59	PC: 14b75 \| Change current directory
2018-12-17T23:12:40.16655675Z	26	PC: 13de3 \| Set disk transfer address
2018-12-17T23:12:40.168706162Z	79	PC: 13de8 \| Find next file
2018-12-17T23:12:40.171299619Z	26	PC: 13dbf \| Set disk transfer address
2018-12-17T23:12:40.172487492Z	78	PC: 13dcb \| Find first file
2018-12-17T23:12:40.193171134Z	61	PC: 148d3 \| Open file (Filename = 'TEST.EXE')
2018-12-17T23:12:40.201153574Z	66	PC: 14a05 \| Move file pointer
2018-12-17T23:12:40.203096327Z	63	PC: 149a6 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T23:12:40.207297857Z	62	PC: 14923 \| Close file
2018-12-17T23:12:40.209839727Z	26	PC: 13de3 \| Set disk transfer address
2018-12-17T23:12:40.211359775Z	79	PC: 13de8 \| Find next file
2018-12-17T23:12:40.214719271Z	14	PC: 14b07 \| Set default drive (Drive = 'A')
2018-12-17T23:12:40.217119715Z	25	PC: 14b0b \| Get default drive
2018-12-17T23:12:40.218535598Z	59	PC: 14b75 \| Change current directory
2018-12-17T23:12:40.223175622Z	48	PC: 14a21 \| Get DOS version
2018-12-17T23:12:40.225027805Z	26	PC: 13dbf \| Set disk transfer address
2018-12-17T23:12:40.226204648Z	78	PC: 13dcb \| Find first file
2018-12-17T23:12:40.232887484Z	42	PC: 13ca7 \| Get date 0x13ca7: xor ah, ah 0x13ca9: les di, ptr [bp + 6] 0x13cac: stosw word ptr es:[di], ax 0x13cad: mov al, dl 0x13caf: les di, ptr [bp + 0xa] 0x13cb2: stosw word ptr es:[di], ax 0x13cb3: mov al, dh 0x13cb5: les di, ptr [bp + 0xe] 0x13cb8: stosw word ptr es:[di], ax 0x13cb9: xchg ax, cx 0x13cba: les di, ptr [bp + 0x12] 0x13cbd: stosw word ptr es:[di], ax 0x13cbe: pop bp 0x13cbf: retf 0x10 0x13cc2: push bp 0x13cc3: mov bp, sp 0x13cc5: mov cx, word ptr [bp + 0xa] 0x13cc8: mov dh, byte ptr [bp + 8] 0x13ccb: mov dl, byte ptr [bp + 6] 0x13cce: mov ah, 0x2b
2018-12-17T23:12:40.237307285Z	44	PC: 13cdd \| Get time 0x13cdd: xor ah, ah 0x13cdf: mov al, dl 0x13ce1: les di, ptr [bp + 6] 0x13ce4: stosw word ptr es:[di], ax 0x13ce5: mov al, dh 0x13ce7: les di, ptr [bp + 0xa] 0x13cea: stosw word ptr es:[di], ax 0x13ceb: mov al, cl 0x13ced: les di, ptr [bp + 0xe] 0x13cf0: stosw word ptr es:[di], ax 0x13cf1: mov al, ch 0x13cf3: les di, ptr [bp + 0x12] 0x13cf6: stosw word ptr es:[di], ax 0x13cf7: pop bp 0x13cf8: retf 0x10 0x13cfb: push bp 0x13cfc: mov bp, sp 0x13cfe: mov ch, byte ptr [bp + 0xc] 0x13d01: mov cl, byte ptr [bp + 0xa] 0x13d04: mov dh, byte ptr [bp + 8]