Sample viewer

vx.netlux.org/Virus.DOS.HLLC.Dope.4870

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:12:43.856589341Z 48 PC: 12a4b | Get DOS version
2018-12-17T23:12:43.858063493Z 53 PC: 12bc7 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:43.860064225Z 53 PC: 12bd4 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:12:43.861374058Z 53 PC: 12be1 | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T23:12:43.862718977Z 53 PC: 12bee | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T23:12:43.865170577Z 37 PC: 12c02 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:43.866887215Z 74 PC: 12af3 | Reallocate memory
2018-12-17T23:12:43.86938426Z 68 PC: 13274 | I/O control for devices (Set for = 'WW')
2018-12-17T23:12:43.876280747Z 68 PC: 13274 | I/O control for devices (Set for = '� ��')
2018-12-17T23:12:43.879246454Z 44 PC: 12d2b | Get time 0x12d2b: mov al, dl
0x12d2d: mov ah, 0
0x12d2f: push ax
0x12d30: call 0x132d6
0x12d33: pop cx
0x12d34: mov ax, 0x2b62
0x12d37: push ax
0x12d38: call 0x13038
0x12d3b: pop cx
0x12d3c: call 0x12ec2
0x12d3f: push ax
0x12d40: lea ax, word ptr [bp - 0x50]
0x12d43: push ax
0x12d44: call 0x12f69
0x12d47: pop cx
0x12d48: pop cx
0x12d49: cmp byte ptr [bp - 0x50], 0x5a
0x12d4d: jg 0x12d5e
0x12d4f: cmp byte ptr [bp - 0x50], 0x41
0x12d53: jl 0x12d5e
2018-12-17T23:12:43.881963412Z 71 PC: 1304c | Get current directory
2018-12-17T23:12:43.885757737Z 25 PC: 13050 | Get default drive
2018-12-17T23:12:43.887787073Z 64 PC: 12c8f | Write file or device (Write 14 bytes on handle 2)
2018-12-17T23:12:43.892338812Z 37 PC: 12c0e | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:43.893930615Z 37 PC: 12c19 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:12:43.89582175Z 37 PC: 12c24 | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T23:12:43.898205292Z 37 PC: 12c2f | Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T23:12:43.899640581Z 76 PC: 12bb8 | Terminate with return code (Return code = '3')