Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Sauron.4731

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:52:10.134400767Z	53	PC: 1358a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:52:10.136864653Z	53	PC: 1358a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:52:10.138772916Z	53	PC: 1358a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:52:10.140112021Z	53	PC: 1358a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:52:10.141962045Z	53	PC: 1358a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:52:10.1563931Z	53	PC: 1358a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:10.157790162Z	53	PC: 1358a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:52:10.160148338Z	53	PC: 1358a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:52:10.161752811Z	53	PC: 1358a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:52:10.163238434Z	53	PC: 1358a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:52:10.165268787Z	53	PC: 1358a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:52:10.167403909Z	53	PC: 1358a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:52:10.169228848Z	53	PC: 1358a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:52:10.172217947Z	53	PC: 1358a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:52:10.187288411Z	53	PC: 1358a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:52:10.188784606Z	53	PC: 1358a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:52:10.190315202Z	53	PC: 1358a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:52:10.193883048Z	53	PC: 1358a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:52:10.196510471Z	53	PC: 1358a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:52:10.198590249Z	37	PC: 1359f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:52:10.203543087Z	37	PC: 135a7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:52:10.205156123Z	37	PC: 135af \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:10.206795896Z	37	PC: 135b7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:52:10.210220357Z	68	PC: 14188 \| I/O control for devices (Set for = '')
2018-12-17T22:52:10.212519377Z	48	PC: 13d9e \| Get DOS version
2018-12-17T22:52:10.215118507Z	26	PC: 133bf \| Set disk transfer address
2018-12-17T22:52:10.230242169Z	78	PC: 133cb \| Find first file
2018-12-17T22:52:10.238741296Z	26	PC: 133e3 \| Set disk transfer address
2018-12-17T22:52:10.24048201Z	79	PC: 133e8 \| Find next file
2018-12-17T22:52:10.245192298Z	26	PC: 133e3 \| Set disk transfer address
2018-12-17T22:52:10.24668672Z	79	PC: 133e8 \| Find next file
2018-12-17T22:52:10.250224058Z	26	PC: 133bf \| Set disk transfer address
2018-12-17T22:52:10.256870522Z	78	PC: 133cb \| Find first file
2018-12-17T22:52:10.266287071Z	26	PC: 133bf \| Set disk transfer address
2018-12-17T22:52:10.268320015Z	78	PC: 133cb \| Find first file
2018-12-17T22:52:10.27508989Z	26	PC: 133e3 \| Set disk transfer address
2018-12-17T22:52:10.277055816Z	79	PC: 133e8 \| Find next file
2018-12-17T22:52:10.280735131Z	26	PC: 133bf \| Set disk transfer address
2018-12-17T22:52:10.282291654Z	78	PC: 133cb \| Find first file
2018-12-17T22:52:10.286534172Z	26	PC: 133bf \| Set disk transfer address
2018-12-17T22:52:10.288089737Z	78	PC: 133cb \| Find first file
2018-12-17T22:52:10.292137893Z	26	PC: 133bf \| Set disk transfer address
2018-12-17T22:52:10.306184995Z	78	PC: 133cb \| Find first file
2018-12-17T22:52:10.309288393Z	26	PC: 133bf \| Set disk transfer address
2018-12-17T22:52:10.310645927Z	78	PC: 133cb \| Find first file
2018-12-17T22:52:10.314262138Z	26	PC: 133bf \| Set disk transfer address
2018-12-17T22:52:10.31544615Z	78	PC: 133cb \| Find first file
2018-12-17T22:52:10.318378687Z	26	PC: 133bf \| Set disk transfer address
2018-12-17T22:52:10.320329654Z	78	PC: 133cb \| Find first file
2018-12-17T22:52:10.323960534Z	26	PC: 133bf \| Set disk transfer address
2018-12-17T22:52:10.325667661Z	78	PC: 133cb \| Find first file
2018-12-17T22:52:10.329790366Z	26	PC: 133bf \| Set disk transfer address
2018-12-17T22:52:10.331590261Z	78	PC: 133cb \| Find first file
2018-12-17T22:52:10.334820832Z	26	PC: 133bf \| Set disk transfer address
2018-12-17T22:52:10.336905419Z	78	PC: 133cb \| Find first file
2018-12-17T22:52:10.340217324Z	26	PC: 133bf \| Set disk transfer address
2018-12-17T22:52:10.341761287Z	78	PC: 133cb \| Find first file
2018-12-17T22:52:10.34941406Z	26	PC: 133bf \| Set disk transfer address
2018-12-17T22:52:10.352342934Z	78	PC: 133cb \| Find first file
2018-12-17T22:52:10.360118427Z	67	PC: 13348 \| Get or set file attributes
2018-12-17T22:52:10.378524794Z	61	PC: 13c50 \| Open file (Filename = 'a:\TEST.EXE')
2018-12-17T22:52:10.388152854Z	61	PC: 13c50 \| Open file (Filename = 'a:\TEST.EXE')
2018-12-17T22:52:10.395961387Z	66	PC: 13d82 \| Move file pointer
2018-12-17T22:52:10.398038888Z	63	PC: 13d23 \| Read file or device (Read 4731 bytes on handle 5)
2018-12-17T22:52:10.407354152Z	66	PC: 13d82 \| Move file pointer
2018-12-17T22:52:10.40912142Z	64	PC: 13d23 \| Write file or device (Write 4731 bytes on handle 6)
2018-12-17T22:52:10.424903102Z	62	PC: 13ca0 \| Close file
2018-12-17T22:52:10.428322667Z	61	PC: 13c50 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:52:10.440250314Z	66	PC: 13d82 \| Move file pointer
2018-12-17T22:52:10.442062372Z	63	PC: 13d23 \| Read file or device (Read 4731 bytes on handle 5)
2018-12-17T22:52:10.456008183Z	66	PC: 13d82 \| Move file pointer
2018-12-17T22:52:10.457874092Z	64	PC: 13d23 \| Write file or device (Write 4731 bytes on handle 6)
2018-12-17T22:52:10.472186338Z	87	PC: 1338f \| Get or set file date and time
2018-12-17T22:52:10.474802413Z	62	PC: 13ca0 \| Close file
2018-12-17T22:52:10.486991052Z	62	PC: 13ca0 \| Close file
2018-12-17T22:52:10.49118166Z	26	PC: 133e3 \| Set disk transfer address
2018-12-17T22:52:10.492498462Z	79	PC: 133e8 \| Find next file
2018-12-17T22:52:10.496855087Z	26	PC: 133bf \| Set disk transfer address
2018-12-17T22:52:10.498386091Z	78	PC: 133cb \| Find first file
2018-12-17T22:52:10.505569921Z	26	PC: 133e3 \| Set disk transfer address
2018-12-17T22:52:10.507459966Z	79	PC: 133e8 \| Find next file
2018-12-17T22:52:10.510937135Z	26	PC: 133e3 \| Set disk transfer address
2018-12-17T22:52:10.513345455Z	79	PC: 133e8 \| Find next file
2018-12-17T22:52:10.5173367Z	26	PC: 133e3 \| Set disk transfer address
2018-12-17T22:52:10.518622516Z	79	PC: 133e8 \| Find next file
2018-12-17T22:52:10.521916492Z	26	PC: 133e3 \| Set disk transfer address
2018-12-17T22:52:10.524047745Z	79	PC: 133e8 \| Find next file
2018-12-17T22:52:10.527353779Z	26	PC: 133e3 \| Set disk transfer address
2018-12-17T22:52:10.52859423Z	79	PC: 133e8 \| Find next file
2018-12-17T22:52:10.532453873Z	26	PC: 133e3 \| Set disk transfer address
2018-12-17T22:52:10.53382904Z	79	PC: 133e8 \| Find next file
2018-12-17T22:52:10.537204572Z	26	PC: 133e3 \| Set disk transfer address
2018-12-17T22:52:10.539114494Z	79	PC: 133e8 \| Find next file
2018-12-17T22:52:10.542645269Z	26	PC: 133bf \| Set disk transfer address
2018-12-17T22:52:10.544199784Z	78	PC: 133cb \| Find first file