Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Barlo.14000

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:52:14.827628342Z 48 PC: 12a4c | Get DOS version
2018-12-17T22:52:14.829033974Z 53 PC: 12bf6 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:52:14.830146588Z 53 PC: 12c03 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:52:14.831287285Z 53 PC: 12c10 | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:52:14.832759146Z 53 PC: 12c1d | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:52:14.833863844Z 37 PC: 12c31 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:52:14.835066754Z 74 PC: 12af7 | Reallocate memory
2018-12-17T22:52:14.837165322Z 68 PC: 13070 | I/O control for devices (Set for = 'pyright 1991 Borland Intl.')
2018-12-17T22:52:14.838924097Z 68 PC: 13070 | I/O control for devices (Set for = '')
2018-12-17T22:52:14.843206548Z 25 PC: 12ed5 | Get default drive
2018-12-17T22:52:14.84532518Z 25 PC: 12ed5 | Get default drive
2018-12-17T22:52:14.846501553Z 71 PC: 13249 | Get current directory
2018-12-17T22:52:14.848627045Z 47 PC: 12e72 | Get disk transfer address
2018-12-17T22:52:14.851047007Z 26 PC: 12e7b | Set disk transfer address
2018-12-17T22:52:14.851995728Z 78 PC: 12e85 | Find first file
2018-12-17T22:52:14.855676985Z 26 PC: 12e8e | Set disk transfer address
2018-12-17T22:52:14.857513851Z 47 PC: 12e72 | Get disk transfer address
2018-12-17T22:52:14.858649324Z 26 PC: 12e7b | Set disk transfer address
2018-12-17T22:52:14.859777509Z 78 PC: 12e85 | Find first file
2018-12-17T22:52:14.866178379Z 26 PC: 12e8e | Set disk transfer address
2018-12-17T22:52:14.867586893Z 67 PC: 14d76 | Get or set file attributes
2018-12-17T22:52:14.871462787Z 61 PC: 1590e | Open file (Filename = 'N �V�!r�P��]�U��A�V�!r3��P��]�U��VW�v�~��
2018-12-17T22:52:14.876103925Z 68 PC: 14276 | I/O control for devices (Set for = '')
2018-12-17T22:52:14.877197298Z 68 PC: 13070 | I/O control for devices
2018-12-17T22:52:14.878619885Z 67 PC: 14d76 | Get or set file attributes
2018-12-17T22:52:14.883445707Z 61 PC: 1590e | Open file (Filename = ' ;uƇ� ')
2018-12-17T22:52:14.888734Z 68 PC: 14276 | I/O control for devices (Set for = 'Y^]�')
2018-12-17T22:52:14.890068537Z 68 PC: 13070 | I/O control for devices
2018-12-17T22:52:14.894281605Z 66 PC: 15075 | Move file pointer
2018-12-17T22:52:14.895276643Z 66 PC: 15082 | Move file pointer
2018-12-17T22:52:14.89624337Z 66 PC: 15091 | Move file pointer
2018-12-17T22:52:14.898260391Z 66 PC: 1312e | Move file pointer
2018-12-17T22:52:14.899347043Z 63 PC: 131f5 | Read file or device (Read 512 bytes on handle 6)
2018-12-17T22:52:14.90344652Z 66 PC: 1312e | Move file pointer
2018-12-17T22:52:14.905371126Z 63 PC: 131f5 | Read file or device (Read 512 bytes on handle 6)
2018-12-17T22:52:14.910952652Z 66 PC: 1312e | Move file pointer
2018-12-17T22:52:14.912784216Z 63 PC: 131f5 | Read file or device (Read 512 bytes on handle 6)
2018-12-17T22:52:14.916780136Z 66 PC: 1312e | Move file pointer
2018-12-17T22:52:14.918580416Z 63 PC: 131f5 | Read file or device (Read 512 bytes on handle 6)
2018-12-17T22:52:14.921928639Z 67 PC: 14d76 | Get or set file attributes
2018-12-17T22:52:14.929076371Z 67 PC: 14d76 | Get or set file attributes
2018-12-17T22:52:15.611082064Z 87 PC: 12fee | Get or set file date and time
2018-12-17T22:52:15.613136406Z 62 PC: 14e76 | Close file
2018-12-17T22:52:15.616510415Z 67 PC: 14d76 | Get or set file attributes
2018-12-17T22:52:15.623254673Z 61 PC: 1590e | Open file (Filename = ' ;uƇ� ')
2018-12-17T22:52:15.630065756Z 68 PC: 14276 | I/O control for devices (Set for = 'Y^]�')
2018-12-17T22:52:15.632179835Z 68 PC: 13070 | I/O control for devices
2018-12-17T22:52:15.634044295Z 66 PC: 15075 | Move file pointer
2018-12-17T22:52:15.635357584Z 66 PC: 15082 | Move file pointer
2018-12-17T22:52:15.637031087Z 66 PC: 15091 | Move file pointer
2018-12-17T22:52:15.639674148Z 66 PC: 1312e | Move file pointer
2018-12-17T22:52:15.64157907Z 63 PC: 131f5 | Read file or device (Read 13824 bytes on handle 6)
2018-12-17T22:52:15.649642251Z 63 PC: 131f5 | Read file or device (Read 512 bytes on handle 6)
2018-12-17T22:52:15.656512226Z 66 PC: 1312e | Move file pointer
2018-12-17T22:52:15.65845115Z 64 PC: 1620b | Write file or device (Write 14000 bytes on handle 6)
2018-12-17T22:52:15.683272613Z 63 PC: 131f5 | Read file or device (Read 13824 bytes on handle 5)
2018-12-17T22:52:15.691174872Z 63 PC: 131f5 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:15.698030995Z 66 PC: 1312e | Move file pointer
2018-12-17T22:52:15.699588304Z 64 PC: 1620b | Write file or device (Write 14000 bytes on handle 6)
2018-12-17T22:52:15.714544695Z 87 PC: 13519 | Get or set file date and time
2018-12-17T22:52:15.716884748Z 62 PC: 14e76 | Close file
2018-12-17T22:52:15.718840795Z 62 PC: 14e76 | Close file
2018-12-17T22:52:15.76452688Z 42 PC: 168e6 | Get date 0x168e6: mov ah, 0
0x168e8: mov di, ax
0x168ea: mov al, dh
0x168ec: mov ah, 0
0x168ee: mov word ptr [bp - 2], ax
0x168f1: mov al, dl
0x168f3: mov ah, 0
0x168f5: mov si, ax
0x168f7: cmp si, 1
0x168fa: jne 0x16901
0x168fc: nop
0x168fd: push cs
0x168fe: call 0x172e0
0x16901: cmp si, 0xd
0x16904: jne 0x16910
0x16906: cmp di, 5
0x16909: jne 0x16910
0x1690b: nop
0x1690c: push cs
0x1690d: call 0x172ef
2018-12-17T22:52:15.766928078Z 37 PC: 12c3d | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:52:15.767895516Z 37 PC: 12c48 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:52:15.769181344Z 37 PC: 12c53 | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:52:15.770114536Z 37 PC: 12c5e | Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:52:15.771420566Z 62 PC: 14e76 | Close file
2018-12-17T22:52:15.773282168Z 62 PC: 14e76 | Close file
2018-12-17T22:52:15.775014564Z 62 PC: 14e76 | Close file
2018-12-17T22:52:15.77677267Z 62 PC: 14e76 | Close file
2018-12-17T22:52:15.779278564Z 62 PC: 14e76 | Close file
2018-12-17T22:52:15.780960137Z 76 PC: 12be7 | Terminate with return code (Return code = '65')