Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Ding.3583

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:53:07.884908902Z	48	PC: 12b4b \| Get DOS version
2018-12-17T21:53:07.886550461Z	53	PC: 12c86 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:53:07.888172374Z	53	PC: 12c93 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T21:53:07.890081907Z	53	PC: 12ca0 \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T21:53:07.892395368Z	53	PC: 12cad \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T21:53:07.89389754Z	37	PC: 12cc1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:53:07.895365724Z	74	PC: 12c18 \| Reallocate memory
2018-12-17T21:53:07.898450733Z	67	PC: 13422 \| Get or set file attributes
2018-12-17T21:53:07.904954067Z	67	PC: 13422 \| Get or set file attributes
2018-12-17T21:53:07.92113505Z	61	PC: 132d0 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:53:07.92756725Z	63	PC: 13326 \| Read file or device (Read 3577 bytes on handle 5)
2018-12-17T21:53:07.935585413Z	62	PC: 132ff \| Close file
2018-12-17T21:53:07.937525643Z	26	PC: 136a5 \| Set disk transfer address
2018-12-17T21:53:07.938651049Z	78	PC: 136af \| Find first file
2018-12-17T21:53:07.945931633Z	67	PC: 13422 \| Get or set file attributes
2018-12-17T21:53:07.957601596Z	67	PC: 13422 \| Get or set file attributes
2018-12-17T21:53:07.96735384Z	61	PC: 132d0 \| Open file (Filename = 'TEST.EXE')
2018-12-17T21:53:07.974517867Z	66	PC: 13396 \| Move file pointer
2018-12-17T21:53:07.976072144Z	63	PC: 13326 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T21:53:07.982992977Z	66	PC: 13396 \| Move file pointer
2018-12-17T21:53:07.985093011Z	63	PC: 13326 \| Read file or device (Read 3577 bytes on handle 5)
2018-12-17T21:53:07.992035842Z	66	PC: 1357f \| Move file pointer
2018-12-17T21:53:07.993263124Z	66	PC: 1358c \| Move file pointer
2018-12-17T21:53:07.995484793Z	66	PC: 1359b \| Move file pointer
2018-12-17T21:53:07.996851992Z	66	PC: 13396 \| Move file pointer
2018-12-17T21:53:07.998097509Z	64	PC: 1335f \| Write file or device (Write 3577 bytes on handle 5)
2018-12-17T21:53:08.006906253Z	64	PC: 1335f \| Write file or device (Write 6 bytes on handle 5)
2018-12-17T21:53:08.008830141Z	66	PC: 13396 \| Move file pointer
2018-12-17T21:53:08.00993733Z	64	PC: 1335f \| Write file or device (Write 3577 bytes on handle 5)
2018-12-17T21:53:08.017777397Z	62	PC: 132ff \| Close file
2018-12-17T21:53:08.027892706Z	67	PC: 13422 \| Get or set file attributes
2018-12-17T21:53:08.03787142Z	26	PC: 136c7 \| Set disk transfer address
2018-12-17T21:53:08.039976766Z	79	PC: 136cb \| Find next file
2018-12-17T21:53:08.042470834Z	61	PC: 132d0 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:53:08.04897728Z	66	PC: 1357f \| Move file pointer
2018-12-17T21:53:08.050640356Z	66	PC: 1358c \| Move file pointer
2018-12-17T21:53:08.052423416Z	66	PC: 1359b \| Move file pointer
2018-12-17T21:53:08.053743298Z	66	PC: 13396 \| Move file pointer
2018-12-17T21:53:08.054998155Z	63	PC: 13326 \| Read file or device (Read 3577 bytes on handle 5)
2018-12-17T21:53:08.064934149Z	66	PC: 13396 \| Move file pointer
2018-12-17T21:53:08.066363452Z	64	PC: 1335f \| Write file or device (Write 3577 bytes on handle 5)
2018-12-17T21:53:08.074534099Z	55	PC: 1373f \| Get or set switch character
2018-12-17T21:53:08.07729948Z	41	PC: 1378d \| Parse filename
2018-12-17T21:53:08.07862848Z	41	PC: 1379b \| Parse filename
2018-12-17T21:53:08.079993374Z	75	PC: 137db \| Execute program
2018-12-17T21:53:08.101572047Z	80	PC: 24129 \| Set current PSP
2018-12-17T21:53:08.10246029Z	48	PC: 2412e \| Get DOS version
2018-12-17T21:53:08.103986505Z	99	PC: 2a910 \| Get DBCS lead byte table pointer
2018-12-17T21:53:08.107923824Z	101	PC: 241b4 \| Get extended country info
2018-12-17T21:53:08.109380655Z	99	PC: 241ba \| Get DBCS lead byte table pointer
2018-12-17T21:53:08.11084348Z	74	PC: 2421c \| Reallocate memory
2018-12-17T21:53:08.113010974Z	25	PC: 24253 \| Get default drive
2018-12-17T21:53:08.114666245Z	37	PC: 23d13 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T21:53:08.116077732Z	37	PC: 23d1a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:53:08.118037172Z	37	PC: 23d21 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:53:08.122598274Z	74	PC: 22ebc \| Reallocate memory
2018-12-17T21:53:08.124163019Z	72	PC: 22efd \| Allocate memory
2018-12-17T21:53:08.126362165Z	72	PC: 22f35 \| Allocate memory
2018-12-17T21:53:08.128001136Z	72	PC: 22f3d \| Allocate memory