Sample viewer

vx.netlux.org/Virus.DOS.HLLC.4505.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:27:43.470772611Z	53	PC: 13462 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:27:43.472205748Z	53	PC: 13462 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:27:43.475637129Z	53	PC: 13462 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:27:43.477157416Z	53	PC: 13462 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:27:43.478638842Z	53	PC: 13462 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:27:43.481752928Z	53	PC: 13462 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:27:43.482947199Z	53	PC: 13462 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:27:43.484118818Z	53	PC: 13462 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:27:43.486298066Z	53	PC: 13462 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:27:43.487686132Z	53	PC: 13462 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:27:43.489046266Z	53	PC: 13462 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:27:43.491180575Z	53	PC: 13462 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:27:43.493129975Z	53	PC: 13462 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:27:43.495052122Z	53	PC: 13462 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:27:43.500573433Z	53	PC: 13462 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:27:43.501834253Z	53	PC: 13462 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:27:43.502943215Z	53	PC: 13462 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:27:43.504833023Z	53	PC: 13462 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:27:43.50594539Z	53	PC: 13462 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:27:43.506991757Z	37	PC: 13477 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:27:43.508430554Z	37	PC: 1347f \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:27:43.509642738Z	37	PC: 13487 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:27:43.510757985Z	37	PC: 1348f \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:27:43.512566625Z	68	PC: 137ac \| I/O control for devices (Set for = '')
2018-12-17T22:27:43.515337004Z	44	PC: 13c16 \| Get time 0x13c16: mov word ptr [0x3e], cx 0x13c1a: mov word ptr [0x40], dx 0x13c1e: retf 0x13c1f: mov bx, sp 0x13c21: push ds 0x13c22: les di, ptr ss:[bx + 8] 0x13c26: lds si, ptr ss:[bx + 4] 0x13c2a: cld 0x13c2b: xor ax, ax 0x13c2d: stosw word ptr es:[di], ax 0x13c2e: mov ax, 0xd7b0 0x13c31: stosw word ptr es:[di], ax 0x13c32: xor ax, ax 0x13c34: mov cx, 0x16 0x13c37: rep stosd dword ptr es:[di], eax 0x13c39: lodsb al, byte ptr [si] 0x13c3a: cmp al, 0x4f 0x13c3c: jbe 0x13c40 0x13c3e: mov al, 0x4f 0x13c40: mov cl, al
2018-12-17T22:27:43.518534151Z	48	PC: 13ed5 \| Get DOS version
2018-12-17T22:27:43.520672331Z	67	PC: 13304 \| Get or set file attributes
2018-12-17T22:27:43.527790752Z	25	PC: 13370 \| Get default drive
2018-12-17T22:27:43.528948606Z	71	PC: 1338f \| Get current directory
2018-12-17T22:27:43.533375657Z	26	PC: 1316b \| Set disk transfer address
2018-12-17T22:27:43.53593427Z	78	PC: 13177 \| Find first file
2018-12-17T22:27:43.542098601Z	26	PC: 1318f \| Set disk transfer address
2018-12-17T22:27:43.543447702Z	79	PC: 13194 \| Find next file
2018-12-17T22:27:43.546907995Z	26	PC: 1318f \| Set disk transfer address
2018-12-17T22:27:43.547980547Z	79	PC: 13194 \| Find next file
2018-12-17T22:27:43.550501073Z	26	PC: 1318f \| Set disk transfer address
2018-12-17T22:27:43.552186209Z	79	PC: 13194 \| Find next file
2018-12-17T22:27:43.5547651Z	26	PC: 1318f \| Set disk transfer address
2018-12-17T22:27:43.555780321Z	79	PC: 13194 \| Find next file
2018-12-17T22:27:43.558970155Z	26	PC: 1318f \| Set disk transfer address
2018-12-17T22:27:43.560033507Z	79	PC: 13194 \| Find next file
2018-12-17T22:27:43.56287724Z	26	PC: 1318f \| Set disk transfer address
2018-12-17T22:27:43.564714099Z	79	PC: 13194 \| Find next file
2018-12-17T22:27:43.567307863Z	26	PC: 1318f \| Set disk transfer address
2018-12-17T22:27:43.56836409Z	79	PC: 13194 \| Find next file
2018-12-17T22:27:43.571916007Z	26	PC: 1318f \| Set disk transfer address
2018-12-17T22:27:43.5733898Z	79	PC: 13194 \| Find next file
2018-12-17T22:27:43.576693806Z	26	PC: 1318f \| Set disk transfer address
2018-12-17T22:27:43.578290754Z	79	PC: 13194 \| Find next file
2018-12-17T22:27:43.580831019Z	64	PC: 138af \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:27:43.582523035Z	37	PC: 13576 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:27:43.584232251Z	37	PC: 13576 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:27:43.585592563Z	37	PC: 13576 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:27:43.586899461Z	37	PC: 13576 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:27:43.588874918Z	37	PC: 13576 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:27:43.59005436Z	37	PC: 13576 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:27:43.591371751Z	37	PC: 13576 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:27:43.593350117Z	37	PC: 13576 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:27:43.594674711Z	37	PC: 13576 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:27:43.595991458Z	37	PC: 13576 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:27:43.597981841Z	37	PC: 13576 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:27:43.599312953Z	37	PC: 13576 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:27:43.600604624Z	37	PC: 13576 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:27:43.602572712Z	37	PC: 13576 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:27:43.603901262Z	37	PC: 13576 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:27:43.605201916Z	37	PC: 13576 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:27:43.606934486Z	37	PC: 13576 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:27:43.608344309Z	37	PC: 13576 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:27:43.611793932Z	37	PC: 13576 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:27:43.617463456Z	76	PC: 135b5 \| Terminate with return code (Return code = '0')