Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Bishkek.4160

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:50:59.638709639Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:50:59.640122077Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:50:59.641436505Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:50:59.642712041Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:50:59.644399944Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:50:59.645721055Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:59.647078028Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:50:59.648753826Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:50:59.649851335Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:50:59.650843332Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:50:59.652349128Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:50:59.653349017Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:50:59.654299998Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:50:59.655437773Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:50:59.656859467Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:50:59.657827632Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:50:59.658784641Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:50:59.660532549Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:50:59.662542786Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:50:59.663801871Z 37 PC: 131b7 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:50:59.66553556Z 37 PC: 131bf | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:50:59.66657298Z 37 PC: 131c7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:59.667581158Z 37 PC: 131cf | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:50:59.669920366Z 68 PC: 134ec | I/O control for devices (Set for = '')
2018-12-17T22:50:59.671502973Z 25 PC: 13c3c | Get default drive
2018-12-17T22:50:59.672515953Z 71 PC: 13c4f | Get current directory
2018-12-17T22:50:59.676451503Z 48 PC: 13baf | Get DOS version
2018-12-17T22:50:59.677887283Z 61 PC: 139d5 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:50:59.684398653Z 87 PC: 12fa0 | Get or set file date and time
2018-12-17T22:50:59.687240877Z 63 PC: 13aa8 | Read file or device (Read 4160 bytes on handle 5)
2018-12-17T22:50:59.69478036Z 66 PC: 13b71 | Move file pointer
2018-12-17T22:50:59.695896663Z 66 PC: 13b7f | Move file pointer
2018-12-17T22:50:59.69746439Z 66 PC: 13b8d | Move file pointer
2018-12-17T22:50:59.699093424Z 66 PC: 13b07 | Move file pointer
2018-12-17T22:50:59.700661663Z 63 PC: 13aa8 | Read file or device (Read 4160 bytes on handle 5)
2018-12-17T22:50:59.709299816Z 66 PC: 13b07 | Move file pointer
2018-12-17T22:50:59.711110753Z 64 PC: 13aa8 | Write file or device (Write 4160 bytes on handle 5)
2018-12-17T22:50:59.726134627Z 66 PC: 13b07 | Move file pointer
2018-12-17T22:50:59.728455946Z 64 PC: 13a06 | Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:50:59.7369527Z 87 PC: 12fcd | Get or set file date and time
2018-12-17T22:50:59.738542644Z 62 PC: 13a25 | Close file
2018-12-17T22:50:59.745925286Z 48 PC: 13baf | Get DOS version
2018-12-17T22:50:59.748284452Z 41 PC: 130b4 | Parse filename
2018-12-17T22:50:59.749990626Z 41 PC: 130c2 | Parse filename
2018-12-17T22:50:59.751656894Z 75 PC: 130cd | Execute program
2018-12-17T22:50:59.771534387Z 48 PC: 188dc | Get DOS version
2018-12-17T22:50:59.773046136Z 53 PC: 18a3d | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:50:59.774590919Z 53 PC: 18a4a | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:50:59.777101725Z 53 PC: 18a57 | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:50:59.778730971Z 53 PC: 18a64 | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:50:59.780397805Z 37 PC: 18a78 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:50:59.782646366Z 74 PC: 18985 | Reallocate memory
2018-12-17T22:50:59.784675073Z 68 PC: 1a981 | I/O control for devices (Set for = '��')
2018-12-17T22:50:59.786454533Z 68 PC: 1a981 | I/O control for devices (Set for = '')
2018-12-17T22:50:59.789389427Z 62 PC: 1a7e6 | Close file
2018-12-17T22:50:59.791731871Z 64 PC: 1b235 | Write file or device (Write 82 bytes on handle 2)
2018-12-17T22:50:59.799563277Z 64 PC: 1b235 | Write file or device (Write 55 bytes on handle 2)
2018-12-17T22:50:59.80668972Z 64 PC: 1b235 | Write file or device (Write 81 bytes on handle 2)
2018-12-17T22:50:59.813664233Z 64 PC: 1b235 | Write file or device (Write 81 bytes on handle 2)
2018-12-17T22:50:59.820006352Z 64 PC: 1b235 | Write file or device (Write 81 bytes on handle 2)
2018-12-17T22:50:59.828648709Z 64 PC: 1b235 | Write file or device (Write 81 bytes on handle 2)
2018-12-17T22:50:59.83513557Z 64 PC: 1b235 | Write file or device (Write 81 bytes on handle 2)
2018-12-17T22:50:59.841407535Z 64 PC: 1b235 | Write file or device (Write 81 bytes on handle 2)
2018-12-17T22:50:59.848540262Z 64 PC: 1b235 | Write file or device (Write 81 bytes on handle 2)
2018-12-17T22:50:59.855013474Z 64 PC: 1b235 | Write file or device (Write 81 bytes on handle 2)
2018-12-17T22:50:59.862839085Z 64 PC: 1b235 | Write file or device (Write 81 bytes on handle 2)
2018-12-17T22:50:59.869499097Z 64 PC: 1b235 | Write file or device (Write 81 bytes on handle 2)
2018-12-17T22:50:59.87637606Z 64 PC: 1b235 | Write file or device (Write 81 bytes on handle 2)
2018-12-17T22:50:59.882291228Z 53 PC: 1a885 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:50:59.884288792Z 53 PC: 1a885 | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T22:50:59.885794082Z 52 PC: 19566 | Get InDOS flag pointer
2018-12-17T22:50:59.886969991Z 37 PC: 1a898 | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T22:50:59.88856464Z 37 PC: 1a898 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:50:59.88963783Z 37 PC: 1a898 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:50:59.89075045Z 37 PC: 1a898 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:59.893549441Z 64 PC: 1b235 | Write file or device (Write 32 bytes on handle 2)
2018-12-17T22:51:00.096398408Z 64 PC: 1b235 | Write file or device (Write 11 bytes on handle 2)
2018-12-17T22:51:00.101995356Z 37 PC: 1a898 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:51:00.104040735Z 37 PC: 1a898 | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T22:51:00.110290913Z 64 PC: 1b235 | Write file or device (Write 81 bytes on handle 2)
2018-12-17T22:51:00.117917545Z 64 PC: 1b235 | Write file or device (Write 82 bytes on handle 2)
2018-12-17T22:51:00.126232069Z 64 PC: 1b235 | Write file or device (Write 8 bytes on handle 2)
2018-12-17T22:51:00.131716749Z 64 PC: 1b235 | Write file or device (Write 69 bytes on handle 2)
2018-12-17T22:51:00.142720932Z 64 PC: 1b235 | Write file or device (Write 31 bytes on handle 2)
2018-12-17T22:51:00.15088946Z 37 PC: 18a84 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:51:00.152019646Z 37 PC: 18a8f | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:51:00.153095776Z 37 PC: 18a9a | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:51:00.154341758Z 37 PC: 18aa5 | Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:51:00.156291413Z 76 PC: 18a2e | Terminate with return code (Return code = '0')
2018-12-17T22:51:00.160411544Z 26 PC: 12ffd | Set disk transfer address
2018-12-17T22:51:00.16153601Z 78 PC: 13009 | Find first file
2018-12-17T22:51:00.171159003Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:51:00.172345976Z 79 PC: 13026 | Find next file
2018-12-17T22:51:00.177792582Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:51:00.179889444Z 79 PC: 13026 | Find next file
2018-12-17T22:51:00.183271975Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:51:00.184567556Z 79 PC: 13026 | Find next file
2018-12-17T22:51:00.188552067Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:51:00.190041343Z 79 PC: 13026 | Find next file
2018-12-17T22:51:00.193757337Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:51:00.196196917Z 79 PC: 13026 | Find next file
2018-12-17T22:51:00.199668583Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:51:00.201125818Z 79 PC: 13026 | Find next file
2018-12-17T22:51:00.205198204Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:51:00.206312651Z 79 PC: 13026 | Find next file
2018-12-17T22:51:00.209378283Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:51:00.21115149Z 79 PC: 13026 | Find next file
2018-12-17T22:51:00.213558015Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:51:00.214509269Z 79 PC: 13026 | Find next file
2018-12-17T22:51:00.217487558Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:51:00.218745596Z 79 PC: 13026 | Find next file
2018-12-17T22:51:00.220991886Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:51:00.222893469Z 79 PC: 13026 | Find next file
2018-12-17T22:51:00.224936388Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:51:00.225756916Z 79 PC: 13026 | Find next file
2018-12-17T22:51:00.228545107Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:51:00.229310136Z 79 PC: 13026 | Find next file
2018-12-17T22:51:00.231309054Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:51:00.232676501Z 79 PC: 13026 | Find next file
2018-12-17T22:51:00.234770072Z 67 PC: 12f86 | Get or set file attributes
2018-12-17T22:51:00.240848964Z 61 PC: 139d5 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:00.245697014Z 87 PC: 12fa0 | Get or set file date and time
2018-12-17T22:51:00.247683493Z 63 PC: 13aa8 | Read file or device (Read 4160 bytes on handle 5)
2018-12-17T22:51:00.255381622Z 66 PC: 13b07 | Move file pointer
2018-12-17T22:51:00.258840224Z 64 PC: 13aa8 | Write file or device (Write 4160 bytes on handle 5)
2018-12-17T22:51:00.266945221Z 66 PC: 13b71 | Move file pointer
2018-12-17T22:51:00.268661434Z 66 PC: 13b7f | Move file pointer
2018-12-17T22:51:00.271157295Z 66 PC: 13b8d | Move file pointer
2018-12-17T22:51:00.273332026Z 66 PC: 13b07 | Move file pointer
2018-12-17T22:51:00.275070022Z 64 PC: 13aa8 | Write file or device (Write 4160 bytes on handle 5)
2018-12-17T22:51:00.284219811Z 87 PC: 12fcd | Get or set file date and time
2018-12-17T22:51:00.286044281Z 62 PC: 13a25 | Close file
2018-12-17T22:51:00.293678606Z 67 PC: 12f86 | Get or set file attributes
2018-12-17T22:51:00.303772417Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:51:00.304883172Z 79 PC: 13026 | Find next file
2018-12-17T22:51:00.3071993Z 44 PC: 13956 | Get time 0x13956: mov word ptr [0x68], cx
0x1395a: mov word ptr [0x6a], dx
0x1395e: retf
0x1395f: mov bx, sp
0x13961: push ds
0x13962: les di, ptr ss:[bx + 8]
0x13966: lds si, ptr ss:[bx + 4]
0x1396a: cld
0x1396b: xor ax, ax
0x1396d: stosw word ptr es:[di], ax
0x1396e: mov ax, 0xd7b0
0x13971: stosw word ptr es:[di], ax
0x13972: xor ax, ax
0x13974: mov cx, 0x16
0x13977: rep stosd dword ptr es:[di], eax
0x13979: lodsb al, byte ptr [si]
0x1397a: cmp al, 0x4f
0x1397c: jbe 0x13980
0x1397e: mov al, 0x4f
0x13980: mov cl, al
2018-12-17T22:51:00.310901201Z 64 PC: 135ef | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:51:00.312553548Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:51:00.313653747Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:51:00.315797496Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:51:00.317056359Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:51:00.31835921Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:51:00.320524098Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:00.32270695Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:51:00.323956485Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:51:00.326396793Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:51:00.327509136Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:51:00.328625621Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:51:00.330287638Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:51:00.331342283Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:51:00.332341289Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:51:00.334048784Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:51:00.335177185Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:51:00.337002012Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:51:00.339080017Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:51:00.340088866Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:51:00.341093305Z 76 PC: 132f5 | Terminate with return code (Return code = '0')