Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Spar.11180

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:51:11.829950222Z 53 PC: 15b5a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:51:11.832631876Z 53 PC: 15b5a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:51:11.83483868Z 53 PC: 15b5a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:51:11.836864429Z 53 PC: 15b5a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:51:11.839608939Z 53 PC: 15b5a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:51:11.841941211Z 53 PC: 15b5a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:11.843898718Z 53 PC: 15b5a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:51:11.845859369Z 53 PC: 15b5a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:51:11.851427788Z 53 PC: 15b5a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:51:11.853187628Z 53 PC: 15b5a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:51:11.854956617Z 53 PC: 15b5a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:51:11.8574595Z 53 PC: 15b5a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:51:11.863930472Z 53 PC: 15b5a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:51:11.879310306Z 53 PC: 15b5a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:51:11.881291771Z 53 PC: 15b5a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:51:11.882695714Z 53 PC: 15b5a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:51:11.884070821Z 53 PC: 15b5a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:51:11.88633575Z 53 PC: 15b5a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:51:11.88792351Z 53 PC: 15b5a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:51:11.88938016Z 37 PC: 15b6f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:51:11.891157246Z 37 PC: 15b77 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:51:11.892919827Z 37 PC: 15b7f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:11.894157179Z 37 PC: 15b87 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:51:11.896586616Z 68 PC: 167dd | I/O control for devices (Set for = '')
2018-12-17T22:51:12.015144736Z 37 PC: 15241 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:51:12.017147677Z 44 PC: 16914 | Get time 0x16914: mov word ptr [0x120], cx
0x16918: mov word ptr [0x122], dx
0x1691c: retf
0x1691d: mov cx, di
0x1691f: mov si, 0xa
0x16922: mov bx, dx
0x16924: or bx, bx
0x16926: jns 0x16939
0x16928: neg bx
0x1692a: neg ax
0x1692c: sbb bx, 0
0x1692f: call 0x16939
0x16932: dec di
0x16933: mov byte ptr es:[di], 0x2d
0x16937: inc cx
0x16938: ret
0x16939: xor dx, dx
0x1693b: xchg ax, bx
0x1693c: div si
0x1693e: xchg ax, bx
2018-12-17T22:51:12.019785438Z 53 PC: 15997 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:51:12.022299857Z 37 PC: 159b3 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:51:12.023804389Z 53 PC: 15997 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:51:12.02536218Z 37 PC: 159b3 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:51:12.027525137Z 53 PC: 15997 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:51:12.029102675Z 37 PC: 159b3 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:51:12.030545862Z 51 PC: 1584f | Get or set Ctrl-Break
2018-12-17T22:51:12.032312309Z 48 PC: 16503 | Get DOS version
2018-12-17T22:51:12.03411768Z 67 PC: 15862 | Get or set file attributes
2018-12-17T22:51:12.041308541Z 67 PC: 15889 | Get or set file attributes
2018-12-17T22:51:12.059723907Z 61 PC: 16341 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:12.068192373Z 63 PC: 16414 | Read file or device (Read 11179 bytes on handle 5)
2018-12-17T22:51:12.077435986Z 67 PC: 15889 | Get or set file attributes
2018-12-17T22:51:12.089947759Z 62 PC: 16391 | Close file
2018-12-17T22:51:12.092217735Z 48 PC: 16503 | Get DOS version
2018-12-17T22:51:12.094216284Z 26 PC: 158ba | Set disk transfer address
2018-12-17T22:51:12.095683838Z 78 PC: 158c6 | Find first file
2018-12-17T22:51:12.103059649Z 26 PC: 158de | Set disk transfer address
2018-12-17T22:51:12.104325006Z 79 PC: 158e3 | Find next file
2018-12-17T22:51:12.107453765Z 26 PC: 158de | Set disk transfer address
2018-12-17T22:51:12.109623342Z 79 PC: 158e3 | Find next file
2018-12-17T22:51:12.113121179Z 26 PC: 158de | Set disk transfer address
2018-12-17T22:51:12.114831993Z 79 PC: 158e3 | Find next file
2018-12-17T22:51:12.11899768Z 26 PC: 158de | Set disk transfer address
2018-12-17T22:51:12.120582448Z 79 PC: 158e3 | Find next file
2018-12-17T22:51:12.123978895Z 26 PC: 158de | Set disk transfer address
2018-12-17T22:51:12.126376947Z 79 PC: 158e3 | Find next file
2018-12-17T22:51:12.130030336Z 26 PC: 158de | Set disk transfer address
2018-12-17T22:51:12.131665938Z 79 PC: 158e3 | Find next file
2018-12-17T22:51:12.135764818Z 26 PC: 158de | Set disk transfer address
2018-12-17T22:51:12.137327795Z 79 PC: 158e3 | Find next file
2018-12-17T22:51:12.140842583Z 26 PC: 158de | Set disk transfer address
2018-12-17T22:51:12.142688847Z 79 PC: 158e3 | Find next file
2018-12-17T22:51:12.146357624Z 26 PC: 158de | Set disk transfer address
2018-12-17T22:51:12.147881981Z 79 PC: 158e3 | Find next file
2018-12-17T22:51:12.152032087Z 26 PC: 158de | Set disk transfer address
2018-12-17T22:51:12.153571816Z 79 PC: 158e3 | Find next file
2018-12-17T22:51:12.15693974Z 26 PC: 158de | Set disk transfer address
2018-12-17T22:51:12.158756615Z 79 PC: 158e3 | Find next file
2018-12-17T22:51:12.162691991Z 26 PC: 158de | Set disk transfer address
2018-12-17T22:51:12.164235723Z 79 PC: 158e3 | Find next file
2018-12-17T22:51:12.168593932Z 26 PC: 158de | Set disk transfer address
2018-12-17T22:51:12.17076541Z 79 PC: 158e3 | Find next file
2018-12-17T22:51:12.174034401Z 26 PC: 158de | Set disk transfer address
2018-12-17T22:51:12.17558492Z 79 PC: 158e3 | Find next file
2018-12-17T22:51:12.179943206Z 26 PC: 158de | Set disk transfer address
2018-12-17T22:51:12.181476142Z 79 PC: 158e3 | Find next file
2018-12-17T22:51:12.187770833Z 44 PC: 157fd | Get time 0x157fd: xor ah, ah
0x157ff: mov al, dl
0x15801: les di, ptr [bp + 6]
0x15804: stosw word ptr es:[di], ax
0x15805: mov al, dh
0x15807: les di, ptr [bp + 0xa]
0x1580a: stosw word ptr es:[di], ax
0x1580b: mov al, cl
0x1580d: les di, ptr [bp + 0xe]
0x15810: stosw word ptr es:[di], ax
0x15811: mov al, ch
0x15813: les di, ptr [bp + 0x12]
0x15816: stosw word ptr es:[di], ax
0x15817: pop bp
0x15818: retf 0x10
0x1581b: push bp
0x1581c: mov bp, sp
0x1581e: mov ch, byte ptr [bp + 0xc]
0x15821: mov cl, byte ptr [bp + 0xa]
0x15824: mov dh, byte ptr [bp + 8]
2018-12-17T22:51:12.202208659Z 48 PC: 16503 | Get DOS version
2018-12-17T22:51:12.204823969Z 48 PC: 16503 | Get DOS version
2018-12-17T22:51:12.206885195Z 26 PC: 158ba | Set disk transfer address
2018-12-17T22:51:12.209013409Z 78 PC: 158c6 | Find first file
2018-12-17T22:51:12.216590046Z 53 PC: 15ad0 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:51:12.21817386Z 37 PC: 15ad9 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:51:12.220331822Z 53 PC: 15ad0 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:51:12.221798132Z 37 PC: 15ad9 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:51:12.223495084Z 53 PC: 15ad0 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:51:12.226010589Z 37 PC: 15ad9 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:51:12.227740643Z 53 PC: 15ad0 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:51:12.230237385Z 37 PC: 15ad9 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:51:12.232544416Z 53 PC: 15ad0 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:51:12.234202661Z 37 PC: 15ad9 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:51:12.23584411Z 53 PC: 15ad0 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:12.237695308Z 37 PC: 15ad9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:12.239596799Z 53 PC: 15ad0 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:51:12.241199241Z 37 PC: 15ad9 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:51:12.243030934Z 53 PC: 15ad0 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:51:12.245909456Z 37 PC: 15ad9 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:51:12.247508034Z 53 PC: 15ad0 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:51:12.249357578Z 37 PC: 15ad9 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:51:12.251177485Z 53 PC: 15ad0 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:51:12.252783963Z 37 PC: 15ad9 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:51:12.254585928Z 53 PC: 15ad0 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:51:12.257045661Z 37 PC: 15ad9 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:51:12.258714865Z 53 PC: 15ad0 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:51:12.261003901Z 37 PC: 15ad9 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:51:12.262681175Z 53 PC: 15ad0 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:51:12.264313493Z 37 PC: 15ad9 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:51:12.266125044Z 53 PC: 15ad0 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:51:12.268096393Z 37 PC: 15ad9 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:51:12.26971644Z 53 PC: 15ad0 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:51:12.271572352Z 37 PC: 15ad9 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:51:12.273447369Z 53 PC: 15ad0 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:51:12.275068377Z 37 PC: 15ad9 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:51:12.276900881Z 53 PC: 15ad0 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:51:12.278841066Z 37 PC: 15ad9 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:51:12.280421223Z 53 PC: 15ad0 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:51:12.282314519Z 37 PC: 15ad9 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:51:12.284323945Z 53 PC: 15ad0 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:51:12.285967352Z 37 PC: 15ad9 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:51:12.28822233Z 41 PC: 15a87 | Parse filename
2018-12-17T22:51:12.290451255Z 41 PC: 15a95 | Parse filename
2018-12-17T22:51:12.292183249Z 75 PC: 15aa0 | Execute program
2018-12-17T22:51:12.32170048Z 80 PC: 46d89 | Set current PSP
2018-12-17T22:51:12.324007099Z 48 PC: 46d8e | Get DOS version
2018-12-17T22:51:12.326955476Z 99 PC: 4d570 | Get DBCS lead byte table pointer
2018-12-17T22:51:12.330231441Z 101 PC: 46e14 | Get extended country info
2018-12-17T22:51:12.33297093Z 99 PC: 46e1a | Get DBCS lead byte table pointer
2018-12-17T22:51:12.334764684Z 74 PC: 46e7c | Reallocate memory
2018-12-17T22:51:12.336698449Z 25 PC: 46eb3 | Get default drive
2018-12-17T22:51:12.339154909Z 37 PC: 46973 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:51:12.340785574Z 37 PC: 4697a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:51:12.342403484Z 37 PC: 46981 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:12.348515231Z 74 PC: 45b1c | Reallocate memory
2018-12-17T22:51:12.350525968Z 72 PC: 45b5d | Allocate memory
2018-12-17T22:51:12.352657984Z 72 PC: 45b95 | Allocate memory
2018-12-17T22:51:12.35581756Z 72 PC: 45b9d | Allocate memory