Sample viewer

vx.netlux.org/Virus.DOS.HLLO.Oscar

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:19:29.503383406Z	48	PC: 9f7b6 \| Get DOS version
2018-12-17T22:19:29.512788814Z	85	PC: 9f9c9 \| Create program PSP
2018-12-17T22:19:29.527288788Z	74	PC: 9f9d9 \| Reallocate memory
2018-12-17T22:19:29.529530628Z	74	PC: 9f9dd \| Reallocate memory
2018-12-17T22:19:29.531513173Z	74	PC: 9f9e6 \| Reallocate memory
2018-12-17T22:19:29.53417839Z	73	PC: 9f9ea \| Release memory
2018-12-17T22:19:29.535767485Z	74	PC: 9fa04 \| Reallocate memory
2018-12-17T22:19:29.537623484Z	74	PC: 9fa04 \| Reallocate memory
2018-12-17T22:19:29.539911244Z	53	PC: 14952 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:19:29.550522821Z	53	PC: 14952 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:19:29.552189022Z	53	PC: 14952 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:19:29.554303928Z	53	PC: 14952 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:19:29.557437509Z	53	PC: 14952 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:19:29.558782981Z	53	PC: 14952 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:29.560603133Z	53	PC: 14952 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:19:29.562174976Z	53	PC: 14952 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:19:29.563710875Z	53	PC: 14952 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:19:29.565255836Z	53	PC: 14952 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:19:29.573190447Z	53	PC: 14952 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:19:29.574983615Z	53	PC: 14952 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:19:29.57672797Z	53	PC: 14952 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:19:29.579117396Z	53	PC: 14952 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:19:29.581215082Z	53	PC: 14952 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:19:29.58330701Z	53	PC: 14952 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:19:29.585377751Z	53	PC: 14952 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:19:29.586815607Z	53	PC: 14952 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:19:29.588833576Z	53	PC: 14952 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:19:29.59027705Z	37	PC: 14967 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:19:29.591619475Z	37	PC: 1496f \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:19:29.593895169Z	37	PC: 14977 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:29.595415393Z	37	PC: 1497f \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:19:29.598087681Z	68	PC: 14c9c \| I/O control for devices (Set for = '')
2018-12-17T22:19:29.600669284Z	48	PC: 1547b \| Get DOS version
2018-12-17T22:19:29.603019012Z	26	PC: 14827 \| Set disk transfer address
2018-12-17T22:19:29.604670124Z	78	PC: 14833 \| Find first file
2018-12-17T22:19:29.621415465Z	26	PC: 1484b \| Set disk transfer address
2018-12-17T22:19:29.623276628Z	79	PC: 14850 \| Find next file
2018-12-17T22:19:29.632853932Z	26	PC: 1484b \| Set disk transfer address
2018-12-17T22:19:29.635290068Z	79	PC: 14850 \| Find next file
2018-12-17T22:19:29.648727177Z	26	PC: 14827 \| Set disk transfer address
2018-12-17T22:19:29.65019433Z	78	PC: 14833 \| Find first file
2018-12-17T22:19:29.660603448Z	26	PC: 1484b \| Set disk transfer address
2018-12-17T22:19:29.676062632Z	79	PC: 14850 \| Find next file
2018-12-17T22:19:29.679976712Z	26	PC: 1484b \| Set disk transfer address
2018-12-17T22:19:29.681478596Z	79	PC: 14850 \| Find next file
2018-12-17T22:19:29.687186242Z	67	PC: 14795 \| Get or set file attributes
2018-12-17T22:19:29.706638811Z	61	PC: 1532d \| Open file (Filename = 'A:\TEST.COM')
2018-12-17T22:19:29.714864867Z	63	PC: 15400 \| Read file or device (Read 4260 bytes on handle 5)
2018-12-17T22:19:29.737400828Z	62	PC: 1537d \| Close file
2018-12-17T22:19:29.739933091Z	61	PC: 1532d \| Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T22:19:29.762673284Z	64	PC: 15400 \| Write file or device (Write 4260 bytes on handle 5)
2018-12-17T22:19:30.104075809Z	87	PC: 147f7 \| Get or set file date and time
2018-12-17T22:19:30.106340108Z	62	PC: 1537d \| Close file
2018-12-17T22:19:30.113809509Z	64	PC: 14d9f \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:19:30.135148917Z	64	PC: 14d9f \| Write file or device (Write 31 bytes on handle 1)
2018-12-17T22:19:30.14087956Z	64	PC: 14d9f \| Write file or device (Write 19 bytes on handle 1)
2018-12-17T22:19:30.144587021Z	12	PC: 14795 \| Flush input buffer and input