Sample viewer

vx.netlux.org/Virus.DOS.HLLC.Lanc.7376

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:06:27.199772353Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:06:27.202039794Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:06:27.203322718Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:06:27.204705688Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:06:27.206693965Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:06:27.208921696Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:06:27.210425382Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:06:27.212056474Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:06:27.214158172Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:06:27.215659002Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:06:27.217115678Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:06:27.219128014Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:06:27.220752463Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:06:27.221965653Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:06:27.237403929Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:06:27.239611952Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:06:27.241086541Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:06:27.243376518Z	53	PC: 13986 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:06:27.245293697Z	37	PC: 1399b \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:06:27.247851288Z	37	PC: 139a3 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:06:27.24990532Z	37	PC: 139ab \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:06:27.253461902Z	37	PC: 139b3 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:06:27.255529745Z	68	PC: 13f93 \| I/O control for devices (Set for = '')
2018-12-17T22:06:27.364923343Z	37	PC: 130b7 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:06:27.366757556Z	48	PC: 1444e \| Get DOS version
2018-12-17T22:06:27.368370957Z	42	PC: 13647 \| Get date 0x13647: xor ah, ah 0x13649: les di, ptr [bp + 6] 0x1364c: stosw word ptr es:[di], ax 0x1364d: mov al, dl 0x1364f: les di, ptr [bp + 0xa] 0x13652: stosw word ptr es:[di], ax 0x13653: mov al, dh 0x13655: les di, ptr [bp + 0xe] 0x13658: stosw word ptr es:[di], ax 0x13659: xchg ax, cx 0x1365a: les di, ptr [bp + 0x12] 0x1365d: stosw word ptr es:[di], ax 0x1365e: pop bp 0x1365f: retf 0x10 0x13662: push bp 0x13663: mov bp, sp 0x13665: mov cx, word ptr [bp + 0xa] 0x13668: mov dh, byte ptr [bp + 8] 0x1366b: mov dl, byte ptr [bp + 6] 0x1366e: mov ah, 0x2b
2018-12-17T22:06:27.371100294Z	26	PC: 1371d \| Set disk transfer address
2018-12-17T22:06:27.372198279Z	78	PC: 13729 \| Find first file
2018-12-17T22:06:27.378749427Z	26	PC: 13741 \| Set disk transfer address
2018-12-17T22:06:27.380882957Z	79	PC: 13746 \| Find next file
2018-12-17T22:06:27.384178467Z	41	PC: 13895 \| Parse filename
2018-12-17T22:06:27.38603605Z	41	PC: 138a3 \| Parse filename
2018-12-17T22:06:27.388651955Z	75	PC: 138ae \| Execute program
2018-12-17T22:06:27.436984127Z	80	PC: 17929 \| Set current PSP
2018-12-17T22:06:27.438230411Z	48	PC: 1792e \| Get DOS version
2018-12-17T22:06:27.448199882Z	99	PC: 1e110 \| Get DBCS lead byte table pointer
2018-12-17T22:06:27.450910331Z	101	PC: 179b4 \| Get extended country info
2018-12-17T22:06:27.452339986Z	99	PC: 179ba \| Get DBCS lead byte table pointer
2018-12-17T22:06:27.468613479Z	74	PC: 17a1c \| Reallocate memory
2018-12-17T22:06:27.470378917Z	25	PC: 17a53 \| Get default drive
2018-12-17T22:06:27.471686461Z	37	PC: 17513 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:06:27.473824748Z	37	PC: 1751a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:06:27.474916135Z	37	PC: 17521 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:06:27.479140251Z	74	PC: 166bc \| Reallocate memory
2018-12-17T22:06:27.481462111Z	72	PC: 166fd \| Allocate memory
2018-12-17T22:06:27.483778592Z	72	PC: 16735 \| Allocate memory
2018-12-17T22:06:27.485701869Z	72	PC: 1673d \| Allocate memory