Sample viewer

vx.netlux.org/Virus.DOS.HLLP.FLV.10217

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:33:37.188233939Z	48	PC: 12a4c \| Get DOS version
2018-12-17T22:33:37.19017416Z	53	PC: 12b6b \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:33:37.191697509Z	53	PC: 12b78 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:33:37.193210407Z	53	PC: 12b85 \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:33:37.195889139Z	53	PC: 12b92 \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:33:37.197279386Z	37	PC: 12ba6 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:33:37.198693436Z	74	PC: 12afb \| Reallocate memory
2018-12-17T22:33:37.201615705Z	74	PC: 13c16 \| Reallocate memory
2018-12-17T22:33:37.204570024Z	74	PC: 13c16 \| Reallocate memory
2018-12-17T22:33:37.206566058Z	26	PC: 14561 \| Set disk transfer address
2018-12-17T22:33:37.20858203Z	78	PC: 1456b \| Find first file
2018-12-17T22:33:37.217782004Z	26	PC: 1458e \| Set disk transfer address
2018-12-17T22:33:37.218889618Z	79	PC: 14592 \| Find next file
2018-12-17T22:33:37.221809254Z	26	PC: 1458e \| Set disk transfer address
2018-12-17T22:33:37.223136902Z	79	PC: 14592 \| Find next file
2018-12-17T22:33:37.226041306Z	26	PC: 14561 \| Set disk transfer address
2018-12-17T22:33:37.226968539Z	78	PC: 1456b \| Find first file
2018-12-17T22:33:37.24631138Z	26	PC: 1458e \| Set disk transfer address
2018-12-17T22:33:37.247541813Z	79	PC: 14592 \| Find next file
2018-12-17T22:33:37.250685658Z	26	PC: 1458e \| Set disk transfer address
2018-12-17T22:33:37.252797871Z	79	PC: 14592 \| Find next file
2018-12-17T22:33:37.25594005Z	42	PC: 145b1 \| Get date 0x145b1: les bx, ptr [bp + 6] 0x145b4: mov word ptr es:[bx], cx 0x145b7: les bx, ptr [bp + 6] 0x145ba: mov word ptr es:[bx + 2], dx 0x145be: pop ds 0x145bf: pop bp 0x145c0: retf 0x145c1: push bp 0x145c2: mov bp, sp 0x145c4: push ds 0x145c5: mov ax, 0x14c1 0x145c8: mov ds, ax 0x145ca: mov ah, 0x2c 0x145cc: int 0x21 0x145ce: les bx, ptr [bp + 6] 0x145d1: mov word ptr es:[bx], cx 0x145d4: les bx, ptr [bp + 6] 0x145d7: mov word ptr es:[bx + 2], dx 0x145db: pop ds 0x145dc: pop bp
2018-12-17T22:33:37.259038821Z	61	PC: 13c58 \| Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T22:33:37.266499287Z	66	PC: 13d68 \| Move file pointer
2018-12-17T22:33:37.267911221Z	63	PC: 13cce \| Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:33:37.274458011Z	62	PC: 13c97 \| Close file
2018-12-17T22:33:37.278455963Z	74	PC: 13c16 \| Reallocate memory
2018-12-17T22:33:37.282035819Z	55	PC: 14698 \| Get or set switch character
2018-12-17T22:33:37.285445221Z	41	PC: 12e02 \| Parse filename
2018-12-17T22:33:37.297449778Z	41	PC: 12e10 \| Parse filename
2018-12-17T22:33:37.298920412Z	75	PC: 12e5d \| Execute program
2018-12-17T22:33:37.319445715Z	80	PC: 18c29 \| Set current PSP
2018-12-17T22:33:37.320943209Z	48	PC: 18c2e \| Get DOS version
2018-12-17T22:33:37.338645338Z	99	PC: 1f410 \| Get DBCS lead byte table pointer
2018-12-17T22:33:37.341458361Z	101	PC: 18cb4 \| Get extended country info
2018-12-17T22:33:37.343509666Z	99	PC: 18cba \| Get DBCS lead byte table pointer
2018-12-17T22:33:37.346671187Z	74	PC: 18d1c \| Reallocate memory
2018-12-17T22:33:37.349198077Z	25	PC: 18d53 \| Get default drive
2018-12-17T22:33:37.352036167Z	37	PC: 18813 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:33:37.354059184Z	37	PC: 1881a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:33:37.357638671Z	37	PC: 18821 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:33:37.369406119Z	74	PC: 179bc \| Reallocate memory
2018-12-17T22:33:37.370842982Z	72	PC: 179fd \| Allocate memory
2018-12-17T22:33:37.372372592Z	72	PC: 17a35 \| Allocate memory
2018-12-17T22:33:37.374953559Z	72	PC: 17a3d \| Allocate memory