Sample viewer

vx.netlux.org/Virus.DOS.HLLW.Modula.14332

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:51:50.324743682Z	53	PC: 12cd7 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:51:50.32672817Z	37	PC: 12ce8 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:51:50.329119482Z	53	PC: 12cd7 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:51:50.33066747Z	37	PC: 12ce8 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:51:50.332215228Z	53	PC: 12cd7 \| Get interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-17T22:51:50.341641395Z	37	PC: 12ce8 \| Set interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-17T22:51:50.343200735Z	53	PC: 12cd7 \| Get interrupt vector (Interrupt = '97' AKA 'Reserved')
2018-12-17T22:51:50.344827861Z	37	PC: 12ce8 \| Set interrupt vector (Interrupt = '97' AKA 'Reserved')
2018-12-17T22:51:50.347159652Z	53	PC: 12cd7 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:51:50.349089166Z	37	PC: 12ce8 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:51:50.350809127Z	53	PC: 12cd7 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:51:50.361507585Z	37	PC: 12ce8 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:51:50.364218117Z	53	PC: 172b5 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:51:50.365957354Z	53	PC: 172b5 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:51:50.368145605Z	53	PC: 172b5 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:51:50.369754367Z	53	PC: 172b5 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:51:50.370995057Z	53	PC: 172b5 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:51:50.372638224Z	53	PC: 172b5 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:51:50.374782853Z	53	PC: 172b5 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:51:50.376326142Z	53	PC: 172b5 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:51:50.377917131Z	53	PC: 172b5 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:51:50.380955849Z	53	PC: 172b5 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:51:50.382642959Z	37	PC: 172dd \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:51:50.384241782Z	37	PC: 172dd \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:51:50.386790921Z	37	PC: 172dd \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:51:50.389465675Z	37	PC: 172dd \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:51:50.392064537Z	37	PC: 172dd \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:51:50.394316448Z	37	PC: 172dd \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:51:50.396835059Z	37	PC: 172dd \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:51:50.410559711Z	37	PC: 172dd \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:51:50.412868959Z	37	PC: 172dd \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:51:50.415120018Z	37	PC: 172dd \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:51:50.418260337Z	44	PC: 1305d \| Get time 0x1305d: call 0x22fbb 0x13060: mov ds, word ptr cs:[0x143] 0x13065: mov byte ptr [0xe], 1 0x1306a: popf 0x1306b: pop di 0x1306c: pop si 0x1306d: pop es 0x1306e: pop ds 0x1306f: pop bp 0x13070: retf 4 0x13073: sti 0x13074: jmp 0x13073 0x13076: pop ax 0x13077: push cs 0x13078: push ax 0x13079: push bp 0x1307a: mov bp, sp 0x1307c: mov ax, word ptr [bp + 0xc] 0x1307f: and ax, ax 0x13081: jne 0x130a4
2018-12-17T22:51:50.425104534Z	61	PC: 1305d \| Open file (Filename = '')
2018-12-17T22:51:50.434896971Z	9	PC: 13007 \| Display string (String= 'Open : file not found ( already exists %1 bytes Total files listed: *(Error occurr)')
2018-12-17T22:51:50.458390073Z	37	PC: 171ec \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:51:50.460411761Z	37	PC: 171ec \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:51:50.462383195Z	37	PC: 171ec \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:51:50.464823248Z	37	PC: 171ec \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:51:50.474404167Z	37	PC: 171ec \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:51:50.475903072Z	37	PC: 171ec \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:51:50.478048693Z	37	PC: 171ec \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:51:50.479997855Z	37	PC: 171ec \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:51:50.481605915Z	37	PC: 171ec \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:51:50.483885147Z	37	PC: 171ec \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:51:50.485797149Z	37	PC: 12d0b \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:51:50.487430307Z	37	PC: 12d0b \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:51:50.489047735Z	37	PC: 12d0b \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:51:50.492426362Z	37	PC: 12d0b \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:51:50.494040815Z	37	PC: 12d0b \| Set interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-17T22:51:50.495662151Z	37	PC: 12d0b \| Set interrupt vector (Interrupt = '97' AKA 'Reserved')
2018-12-17T22:51:50.498641988Z	76	PC: 12d9d \| Terminate with return code (Return code = '1')