Sample viewer

vx.netlux.org/Virus.DOS.HLLW.DPVG.6032

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:51:32.37679517Z	53	PC: 1336a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:51:32.378365322Z	53	PC: 1336a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:51:32.385758997Z	53	PC: 1336a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:51:32.386908868Z	53	PC: 1336a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:51:32.392196844Z	53	PC: 1336a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:51:32.393618287Z	53	PC: 1336a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:32.395620848Z	53	PC: 1336a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:51:32.397162057Z	53	PC: 1336a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:51:32.398689209Z	53	PC: 1336a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:51:32.399848254Z	53	PC: 1336a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:51:32.400965847Z	53	PC: 1336a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:51:32.402750413Z	53	PC: 1336a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:51:32.403954135Z	53	PC: 1336a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:51:32.405129462Z	53	PC: 1336a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:51:32.406775975Z	53	PC: 1336a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:51:32.408101572Z	53	PC: 1336a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:51:32.409426781Z	53	PC: 1336a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:51:32.411294505Z	53	PC: 1336a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:51:32.412427318Z	53	PC: 1336a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:51:32.413581953Z	37	PC: 1337f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:51:32.415321804Z	37	PC: 13387 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:51:32.416666343Z	37	PC: 1338f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:32.418043213Z	37	PC: 13397 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:51:32.42018168Z	68	PC: 13e71 \| I/O control for devices (Set for = '')
2018-12-17T22:51:32.422513879Z	44	PC: 13fa8 \| Get time 0x13fa8: mov word ptr [0x3e], cx 0x13fac: mov word ptr [0x40], dx 0x13fb0: retf 0x13fb1: mov di, 0x52 0x13fb4: push ds 0x13fb5: pop es 0x13fb6: mov cx, 0x1fb4 0x13fb9: sub cx, di 0x13fbb: shr cx, 1 0x13fbd: xor ax, ax 0x13fbf: cld 0x13fc0: rep stosd dword ptr es:[di], eax 0x13fc2: ret 0x13fc3: add byte ptr [bx + si], al 0x13fc5: add byte ptr [bx + si], al 0x13fc7: add byte ptr [bx + si], al 0x13fc9: add byte ptr [bx + si], al 0x13fcb: add byte ptr [bx + si], al 0x13fcd: add byte ptr [bx + si], al 0x13fcf: add byte ptr [bx + si], al
2018-12-17T22:51:32.424909109Z	48	PC: 13b97 \| Get DOS version
2018-12-17T22:51:32.427062937Z	61	PC: 139d5 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:51:32.44127953Z	63	PC: 13aa8 \| Read file or device (Read 6032 bytes on handle 5)
2018-12-17T22:51:32.45098865Z	62	PC: 13a25 \| Close file
2018-12-17T22:51:32.4558899Z	26	PC: 131a7 \| Set disk transfer address
2018-12-17T22:51:32.457215269Z	78	PC: 131b3 \| Find first file
2018-12-17T22:51:32.463977953Z	26	PC: 131a7 \| Set disk transfer address
2018-12-17T22:51:32.465699244Z	78	PC: 131b3 \| Find first file
2018-12-17T22:51:32.475277946Z	26	PC: 131a7 \| Set disk transfer address
2018-12-17T22:51:32.476352918Z	78	PC: 131b3 \| Find first file
2018-12-17T22:51:32.483248064Z	26	PC: 131a7 \| Set disk transfer address
2018-12-17T22:51:32.484807823Z	78	PC: 131b3 \| Find first file
2018-12-17T22:51:32.492169573Z	26	PC: 131a7 \| Set disk transfer address
2018-12-17T22:51:32.493810689Z	78	PC: 131b3 \| Find first file
2018-12-17T22:51:32.500686392Z	26	PC: 131a7 \| Set disk transfer address
2018-12-17T22:51:32.501758748Z	78	PC: 131b3 \| Find first file
2018-12-17T22:51:32.509197917Z	26	PC: 131a7 \| Set disk transfer address
2018-12-17T22:51:32.510212642Z	78	PC: 131b3 \| Find first file
2018-12-17T22:51:32.51716036Z	26	PC: 131a7 \| Set disk transfer address
2018-12-17T22:51:32.518164933Z	78	PC: 131b3 \| Find first file
2018-12-17T22:51:32.525124859Z	64	PC: 1372d \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:51:32.529448733Z	64	PC: 1372d \| Write file or device (Write 33 bytes on handle 1)
2018-12-17T22:51:32.534041429Z	64	PC: 1372d \| Write file or device (Write 25 bytes on handle 1)
2018-12-17T22:51:32.540942492Z	64	PC: 1372d \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:51:32.542558391Z	37	PC: 134c1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:51:32.543583328Z	37	PC: 134c1 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:51:32.545062827Z	37	PC: 134c1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:51:32.546069022Z	37	PC: 134c1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:51:32.547016859Z	37	PC: 134c1 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:51:32.548484354Z	37	PC: 134c1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:32.549698345Z	37	PC: 134c1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:51:32.550947789Z	37	PC: 134c1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:51:32.552601972Z	37	PC: 134c1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:51:32.553846891Z	37	PC: 134c1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:51:32.55511473Z	37	PC: 134c1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:51:32.557190516Z	37	PC: 134c1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:51:32.558427723Z	37	PC: 134c1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:51:32.559671495Z	37	PC: 134c1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:51:32.561720814Z	37	PC: 134c1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:51:32.562799091Z	37	PC: 134c1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:51:32.563819647Z	37	PC: 134c1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:51:32.565265692Z	37	PC: 134c1 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:51:32.566354799Z	37	PC: 134c1 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:51:32.567532485Z	76	PC: 13500 \| Terminate with return code (Return code = '0')