Sample viewer

vx.netlux.org/Virus.DOS.HLLP.7408

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:52:03.685303982Z	53	PC: 13632 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:52:03.686939296Z	53	PC: 13632 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:52:03.68825126Z	53	PC: 13632 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:52:03.689447008Z	53	PC: 13632 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:52:03.69094194Z	53	PC: 13632 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:52:03.692552661Z	53	PC: 13632 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:03.693579368Z	53	PC: 13632 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:52:03.694780695Z	53	PC: 13632 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:52:03.695872185Z	53	PC: 13632 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:52:03.696894367Z	53	PC: 13632 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:52:03.697898963Z	53	PC: 13632 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:52:03.700185693Z	53	PC: 13632 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:52:03.701411291Z	53	PC: 13632 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:52:03.702618346Z	53	PC: 13632 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:52:03.704477768Z	53	PC: 13632 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:52:03.705552513Z	53	PC: 13632 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:52:03.7065884Z	53	PC: 13632 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:52:03.708130568Z	53	PC: 13632 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:52:03.709231737Z	53	PC: 13632 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:52:03.710275218Z	37	PC: 13647 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:52:03.718224399Z	37	PC: 1364f \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:52:03.721583688Z	37	PC: 13657 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:03.724827707Z	37	PC: 1365f \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:52:03.727261932Z	68	PC: 13c32 \| I/O control for devices (Set for = '')
2018-12-17T22:52:03.729585645Z	44	PC: 1409c \| Get time 0x1409c: mov word ptr [0x64], cx 0x140a0: mov word ptr [0x66], dx 0x140a4: retf 0x140a5: mov bx, sp 0x140a7: push ds 0x140a8: les di, ptr ss:[bx + 8] 0x140ac: lds si, ptr ss:[bx + 4] 0x140b0: cld 0x140b1: xor ax, ax 0x140b3: stosw word ptr es:[di], ax 0x140b4: mov ax, 0xd7b0 0x140b7: stosw word ptr es:[di], ax 0x140b8: xor ax, ax 0x140ba: mov cx, 0x16 0x140bd: rep stosd dword ptr es:[di], eax 0x140bf: lodsb al, byte ptr [si] 0x140c0: cmp al, 0x4f 0x140c2: jbe 0x140c6 0x140c4: mov al, 0x4f 0x140c6: mov cl, al
2018-12-17T22:52:03.731946479Z	48	PC: 1435b \| Get DOS version
2018-12-17T22:52:03.734192853Z	67	PC: 1333b \| Get or set file attributes
2018-12-17T22:52:03.739952056Z	61	PC: 1411b \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:52:03.744298869Z	87	PC: 1337c \| Get or set file date and time
2018-12-17T22:52:03.750573623Z	63	PC: 141ee \| Read file or device (Read 7408 bytes on handle 5)
2018-12-17T22:52:03.757967042Z	66	PC: 1424d \| Move file pointer
2018-12-17T22:52:03.759294289Z	64	PC: 141ee \| Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:52:03.762206808Z	87	PC: 133a9 \| Get or set file date and time
2018-12-17T22:52:03.764300873Z	60	PC: 1411b \| Create or truncate file
2018-12-17T22:52:03.781357808Z	63	PC: 141ee \| Read file or device (Read 8192 bytes on handle 5)
2018-12-17T22:52:03.784810533Z	66	PC: 142b7 \| Move file pointer
2018-12-17T22:52:03.787087103Z	66	PC: 142c5 \| Move file pointer
2018-12-17T22:52:03.788321234Z	66	PC: 142d3 \| Move file pointer
2018-12-17T22:52:03.789854921Z	62	PC: 1416b \| Close file
2018-12-17T22:52:03.797781323Z	87	PC: 133a9 \| Get or set file date and time
2018-12-17T22:52:03.800226601Z	62	PC: 1416b \| Close file
2018-12-17T22:52:03.810790547Z	67	PC: 13362 \| Get or set file attributes
2018-12-17T22:52:03.82621849Z	26	PC: 133d9 \| Set disk transfer address
2018-12-17T22:52:03.827430508Z	78	PC: 133e5 \| Find first file
2018-12-17T22:52:03.837600509Z	61	PC: 1411b \| Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T22:52:03.84558692Z	63	PC: 141ee \| Read file or device (Read 27 bytes on handle 5)
2018-12-17T22:52:03.852089847Z	62	PC: 1416b \| Close file
2018-12-17T22:52:03.855632895Z	60	PC: 1411b \| Create or truncate file
2018-12-17T22:52:04.203403038Z	67	PC: 1333b \| Get or set file attributes
2018-12-17T22:52:04.209813347Z	61	PC: 1411b \| Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T22:52:04.217116334Z	87	PC: 1337c \| Get or set file date and time
2018-12-17T22:52:04.219861112Z	64	PC: 141ee \| Write file or device (Write 7408 bytes on handle 5)
2018-12-17T22:52:04.230440438Z	63	PC: 141ee \| Read file or device (Read 8192 bytes on handle 6)
2018-12-17T22:52:04.237540916Z	64	PC: 141ee \| Write file or device (Write 8192 bytes on handle 5)
2018-12-17T22:52:04.251937696Z	66	PC: 142b7 \| Move file pointer
2018-12-17T22:52:04.253306527Z	66	PC: 142c5 \| Move file pointer
2018-12-17T22:52:04.254726914Z	66	PC: 142d3 \| Move file pointer
2018-12-17T22:52:04.257786719Z	63	PC: 141ee \| Read file or device (Read 8192 bytes on handle 6)
2018-12-17T22:52:04.265929181Z	64	PC: 141ee \| Write file or device (Write 3016 bytes on handle 5)
2018-12-17T22:52:04.274124943Z	66	PC: 142b7 \| Move file pointer
2018-12-17T22:52:04.276778468Z	66	PC: 142c5 \| Move file pointer
2018-12-17T22:52:04.278183543Z	66	PC: 142d3 \| Move file pointer
2018-12-17T22:52:04.279626255Z	62	PC: 1416b \| Close file
2018-12-17T22:52:04.282369978Z	87	PC: 133a9 \| Get or set file date and time
2018-12-17T22:52:04.283939491Z	62	PC: 1416b \| Close file
2018-12-17T22:52:04.290838878Z	67	PC: 13362 \| Get or set file attributes
2018-12-17T22:52:04.303458119Z	65	PC: 142f0 \| Delete file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T22:52:04.312626006Z	86	PC: 14326 \| Rename file
2018-12-17T22:52:04.321178537Z	67	PC: 13362 \| Get or set file attributes
2018-12-17T22:52:04.328659775Z	26	PC: 133fd \| Set disk transfer address
2018-12-17T22:52:04.330100563Z	79	PC: 13402 \| Find next file
2018-12-17T22:52:04.334073321Z	61	PC: 1411b \| Open file (Filename = 'C:\DOS\CHKDSK.EXE')
2018-12-17T22:52:04.342842741Z	63	PC: 141ee \| Read file or device (Read 27 bytes on handle 5)
2018-12-17T22:52:04.353162486Z	62	PC: 1416b \| Close file
2018-12-17T22:52:04.355481943Z	60	PC: 1411b \| Create or truncate file
2018-12-17T22:52:04.368333884Z	67	PC: 1333b \| Get or set file attributes
2018-12-17T22:52:04.374460361Z	61	PC: 1411b \| Open file (Filename = 'C:\DOS\CHKDSK.EXE')
2018-12-17T22:52:04.382552921Z	87	PC: 1337c \| Get or set file date and time
2018-12-17T22:52:04.384684633Z	64	PC: 141ee \| Write file or device (Write 7408 bytes on handle 5)
2018-12-17T22:52:04.394772828Z	63	PC: 141ee \| Read file or device (Read 8192 bytes on handle 6)
2018-12-17T22:52:04.402205402Z	64	PC: 141ee \| Write file or device (Write 8192 bytes on handle 5)
2018-12-17T22:52:04.411626697Z	66	PC: 142b7 \| Move file pointer
2018-12-17T22:52:04.413523428Z	66	PC: 142c5 \| Move file pointer
2018-12-17T22:52:04.415194005Z	66	PC: 142d3 \| Move file pointer
2018-12-17T22:52:04.417179935Z	63	PC: 141ee \| Read file or device (Read 8192 bytes on handle 6)
2018-12-17T22:52:04.426046652Z	64	PC: 141ee \| Write file or device (Write 4049 bytes on handle 5)
2018-12-17T22:52:04.43425307Z	66	PC: 142b7 \| Move file pointer
2018-12-17T22:52:04.435639282Z	66	PC: 142c5 \| Move file pointer
2018-12-17T22:52:04.437276796Z	66	PC: 142d3 \| Move file pointer
2018-12-17T22:52:04.438663567Z	62	PC: 1416b \| Close file
2018-12-17T22:52:04.440401741Z	87	PC: 133a9 \| Get or set file date and time
2018-12-17T22:52:04.442469489Z	62	PC: 1416b \| Close file
2018-12-17T22:52:04.449263504Z	67	PC: 13362 \| Get or set file attributes
2018-12-17T22:52:04.459449567Z	65	PC: 142f0 \| Delete file (Filename = 'C:\DOS\CHKDSK.EXE')
2018-12-17T22:52:04.470688538Z	86	PC: 14326 \| Rename file
2018-12-17T22:52:04.481693398Z	67	PC: 13362 \| Get or set file attributes
2018-12-17T22:52:04.491447384Z	26	PC: 133fd \| Set disk transfer address
2018-12-17T22:52:04.494046605Z	79	PC: 13402 \| Find next file
2018-12-17T22:52:04.498063976Z	61	PC: 1411b \| Open file (Filename = 'C:\DOS\DEBUG.EXE')
2018-12-17T22:52:04.506094337Z	63	PC: 141ee \| Read file or device (Read 27 bytes on handle 5)
2018-12-17T22:52:04.513235983Z	62	PC: 1416b \| Close file
2018-12-17T22:52:04.515878659Z	60	PC: 1411b \| Create or truncate file
2018-12-17T22:52:04.527986318Z	67	PC: 1333b \| Get or set file attributes
2018-12-17T22:52:04.535201979Z	61	PC: 1411b \| Open file (Filename = 'C:\DOS\DEBUG.EXE')
2018-12-17T22:52:04.542226652Z	87	PC: 1337c \| Get or set file date and time
2018-12-17T22:52:04.544106614Z	64	PC: 141ee \| Write file or device (Write 7408 bytes on handle 5)
2018-12-17T22:52:04.553922095Z	63	PC: 141ee \| Read file or device (Read 8192 bytes on handle 6)
2018-12-17T22:52:04.561789158Z	64	PC: 141ee \| Write file or device (Write 8192 bytes on handle 5)
2018-12-17T22:52:04.570888089Z	66	PC: 142b7 \| Move file pointer
2018-12-17T22:52:04.573775263Z	66	PC: 142c5 \| Move file pointer
2018-12-17T22:52:04.575997649Z	66	PC: 142d3 \| Move file pointer
2018-12-17T22:52:04.577915815Z	63	PC: 141ee \| Read file or device (Read 8192 bytes on handle 6)
2018-12-17T22:52:04.586657513Z	64	PC: 141ee \| Write file or device (Write 7526 bytes on handle 5)
2018-12-17T22:52:04.596631604Z	66	PC: 142b7 \| Move file pointer
2018-12-17T22:52:04.598318378Z	66	PC: 142c5 \| Move file pointer
2018-12-17T22:52:04.60073858Z	66	PC: 142d3 \| Move file pointer
2018-12-17T22:52:04.602860986Z	62	PC: 1416b \| Close file
2018-12-17T22:52:04.604909373Z	87	PC: 133a9 \| Get or set file date and time
2018-12-17T22:52:04.606958354Z	62	PC: 1416b \| Close file
2018-12-17T22:52:04.614538659Z	67	PC: 13362 \| Get or set file attributes
2018-12-17T22:52:04.624326432Z	65	PC: 142f0 \| Delete file (Filename = 'C:\DOS\DEBUG.EXE')
2018-12-17T22:52:04.635494556Z	86	PC: 14326 \| Rename file
2018-12-17T22:52:04.647586212Z	67	PC: 13362 \| Get or set file attributes
2018-12-17T22:52:04.658531957Z	26	PC: 133fd \| Set disk transfer address
2018-12-17T22:52:04.660121368Z	79	PC: 13402 \| Find next file
2018-12-17T22:52:04.665533282Z	61	PC: 1411b \| Open file (Filename = 'C:\DOS\EXPAND.EXE')
2018-12-17T22:52:04.67298629Z	63	PC: 141ee \| Read file or device (Read 27 bytes on handle 5)
2018-12-17T22:52:04.679094588Z	62	PC: 1416b \| Close file
2018-12-17T22:52:04.682926905Z	60	PC: 1411b \| Create or truncate file
2018-12-17T22:52:04.697033494Z	67	PC: 1333b \| Get or set file attributes
2018-12-17T22:52:04.70339764Z	61	PC: 1411b \| Open file (Filename = 'C:\DOS\EXPAND.EXE')
2018-12-17T22:52:04.711188153Z	87	PC: 1337c \| Get or set file date and time
2018-12-17T22:52:04.713435839Z	64	PC: 141ee \| Write file or device (Write 7408 bytes on handle 5)
2018-12-17T22:52:04.722318067Z	63	PC: 141ee \| Read file or device (Read 8192 bytes on handle 6)
2018-12-17T22:52:04.730110844Z	64	PC: 141ee \| Write file or device (Write 8192 bytes on handle 5)
2018-12-17T22:52:04.739236818Z	66	PC: 142b7 \| Move file pointer
2018-12-17T22:52:04.74092829Z	66	PC: 142c5 \| Move file pointer
2018-12-17T22:52:04.743342975Z	66	PC: 142d3 \| Move file pointer
2018-12-17T22:52:04.745477908Z	63	PC: 141ee \| Read file or device (Read 8192 bytes on handle 6)
2018-12-17T22:52:04.753474288Z	64	PC: 141ee \| Write file or device (Write 7937 bytes on handle 5)
2018-12-17T22:52:04.76311081Z	66	PC: 142b7 \| Move file pointer
2018-12-17T22:52:04.764657149Z	66	PC: 142c5 \| Move file pointer
2018-12-17T22:52:04.766096463Z	66	PC: 142d3 \| Move file pointer
2018-12-17T22:52:04.767895448Z	62	PC: 1416b \| Close file
2018-12-17T22:52:04.769993584Z	87	PC: 133a9 \| Get or set file date and time
2018-12-17T22:52:04.771670376Z	62	PC: 1416b \| Close file
2018-12-17T22:52:04.778672881Z	67	PC: 13362 \| Get or set file attributes
2018-12-17T22:52:04.789883833Z	65	PC: 142f0 \| Delete file (Filename = 'C:\DOS\EXPAND.EXE')
2018-12-17T22:52:04.800798548Z	86	PC: 14326 \| Rename file
2018-12-17T22:52:04.812112515Z	67	PC: 13362 \| Get or set file attributes
2018-12-17T22:52:04.82187542Z	26	PC: 133fd \| Set disk transfer address
2018-12-17T22:52:04.822865287Z	79	PC: 13402 \| Find next file
2018-12-17T22:52:04.826632627Z	26	PC: 133d9 \| Set disk transfer address
2018-12-17T22:52:04.827668932Z	78	PC: 133e5 \| Find first file
2018-12-17T22:52:04.834406611Z	41	PC: 134d5 \| Parse filename
2018-12-17T22:52:04.835860477Z	41	PC: 134e3 \| Parse filename
2018-12-17T22:52:04.837312761Z	75	PC: 134ee \| Execute program
2018-12-17T22:52:04.848995665Z	65	PC: 142f0 \| Delete file (Filename = 'A:\MUJAMMTR.CST')
2018-12-17T22:52:04.859994926Z	37	PC: 13455 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:52:04.861847197Z	37	PC: 13455 \| Set interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-17T22:52:04.862932839Z	49	PC: 13470 \| Terminate and stay resident (Return code = '0' \| Memory size = '2211')