Sample viewer

vx.netlux.org/Virus.DOS.HLLC.Enrico.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:49:37.40509371Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:49:37.406930854Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:49:37.408325273Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:49:37.40981471Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:37.411323488Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:49:37.41308553Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:37.414263239Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:49:37.415400947Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:49:37.424935196Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:49:37.426116519Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:49:37.427276916Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:49:37.428784759Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:49:37.429995922Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:49:37.431158751Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:49:37.432696263Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:49:37.43395899Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:49:37.435225502Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:49:37.436973997Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:49:37.438177608Z	53	PC: 13452 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:49:37.439337102Z	37	PC: 13467 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:49:37.441020573Z	37	PC: 1346f \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:49:37.442567358Z	37	PC: 13477 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:37.445361663Z	37	PC: 1347f \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:49:37.447676636Z	68	PC: 1379c \| I/O control for devices (Set for = '')
2018-12-17T22:49:37.459912001Z	44	PC: 13cbb \| Get time 0x13cbb: mov word ptr [0x240], cx 0x13cbf: mov word ptr [0x242], dx 0x13cc3: retf 0x13cc4: mov bx, sp 0x13cc6: mov dx, ds 0x13cc8: lds si, ptr ss:[bx + 0xa] 0x13ccc: les di, ptr ss:[bx + 6] 0x13cd0: mov cx, word ptr ss:[bx + 4] 0x13cd4: cld 0x13cd5: cmp si, di 0x13cd7: jae 0x13ce0 0x13cd9: add si, cx 0x13cdb: add di, cx 0x13cdd: dec si 0x13cde: dec di 0x13cdf: std 0x13ce0: rep movsb byte ptr es:[di], byte ptr [si] 0x13ce2: mov ds, dx 0x13ce4: retf 0xa 0x13ce7: mov bx, sp
2018-12-17T22:49:37.462584175Z	54	PC: 12cc8 \| Get free disk space
2018-12-17T22:49:37.479748352Z	54	PC: 13146 \| Get free disk space
2018-12-17T22:49:37.485215525Z	26	PC: 13195 \| Set disk transfer address
2018-12-17T22:49:37.486826853Z	78	PC: 131a1 \| Find first file
2018-12-17T22:49:37.493933673Z	54	PC: 12cc8 \| Get free disk space