Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Wizard.3677

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:52:22.343113195Z	53	PC: 13032 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:52:22.344745521Z	53	PC: 13032 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:52:22.347536706Z	53	PC: 13032 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:52:22.348864368Z	53	PC: 13032 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:52:22.350068791Z	53	PC: 13032 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:52:22.351902701Z	53	PC: 13032 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:52:22.353584824Z	53	PC: 13032 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:52:22.355224504Z	53	PC: 13032 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:52:22.357206336Z	53	PC: 13032 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:52:22.360070454Z	53	PC: 13032 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:52:22.361589317Z	53	PC: 13032 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:52:22.36312163Z	53	PC: 13032 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:52:22.365097776Z	53	PC: 13032 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:52:22.36670574Z	53	PC: 13032 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:52:22.368246256Z	53	PC: 13032 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:52:22.370444048Z	53	PC: 13032 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:52:22.371973603Z	53	PC: 13032 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:52:22.373569102Z	53	PC: 13032 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:52:22.375694474Z	53	PC: 13032 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:52:22.377095021Z	37	PC: 13047 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:52:22.378085361Z	37	PC: 1304f \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:52:22.379953208Z	37	PC: 13057 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:52:22.381099249Z	37	PC: 1305f \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:52:22.382663126Z	68	PC: 133cf \| I/O control for devices (Set for = '')
2018-12-17T21:52:22.384487144Z	44	PC: 138ee \| Get time 0x138ee: mov word ptr [0x52], cx 0x138f2: mov word ptr [0x54], dx 0x138f6: retf 0x138f7: mov bx, sp 0x138f9: push ds 0x138fa: les di, ptr ss:[bx + 8] 0x138fe: lds si, ptr ss:[bx + 4] 0x13902: cld 0x13903: xor ax, ax 0x13905: stosw word ptr es:[di], ax 0x13906: mov ax, 0xd7b0 0x13909: stosw word ptr es:[di], ax 0x1390a: xor ax, ax 0x1390c: mov cx, 0x16 0x1390f: rep stosd dword ptr es:[di], eax 0x13911: lodsb al, byte ptr [si] 0x13912: cmp al, 0x4f 0x13914: jbe 0x13918 0x13916: mov al, 0x4f 0x13918: mov cl, al
2018-12-17T21:52:22.387543218Z	54	PC: 12e93 \| Get free disk space
2018-12-17T21:52:22.396965849Z	26	PC: 12f0f \| Set disk transfer address
2018-12-17T21:52:22.398013302Z	78	PC: 12f1b \| Find first file
2018-12-17T21:52:22.404701538Z	48	PC: 13abb \| Get DOS version
2018-12-17T21:52:22.406617784Z	48	PC: 13abb \| Get DOS version
2018-12-17T21:52:22.408493353Z	26	PC: 12f33 \| Set disk transfer address
2018-12-17T21:52:22.410582873Z	79	PC: 12f38 \| Find next file
2018-12-17T21:52:22.413451747Z	54	PC: 12e93 \| Get free disk space