Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Inna.6640.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:52:34.499014186Z 53 PC: 135ba | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:52:34.501324601Z 53 PC: 135ba | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:52:34.502976583Z 53 PC: 135ba | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:52:34.504202004Z 53 PC: 135ba | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:52:34.505420618Z 53 PC: 135ba | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:52:34.507197973Z 53 PC: 135ba | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:34.508968689Z 53 PC: 135ba | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:52:34.510823643Z 53 PC: 135ba | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:52:34.51292426Z 53 PC: 135ba | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:52:34.514450356Z 53 PC: 135ba | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:52:34.516301587Z 53 PC: 135ba | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:52:34.521694528Z 53 PC: 135ba | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:52:34.523281356Z 53 PC: 135ba | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:52:34.524688204Z 53 PC: 135ba | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:52:34.527178264Z 53 PC: 135ba | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:52:34.529425086Z 53 PC: 135ba | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:52:34.538784004Z 53 PC: 135ba | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:52:34.540707928Z 53 PC: 135ba | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:52:34.542146053Z 53 PC: 135ba | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:52:34.543598952Z 37 PC: 135cf | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:52:34.546019969Z 37 PC: 135d7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:52:34.547368812Z 37 PC: 135df | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:34.548645946Z 37 PC: 135e7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:52:34.550462149Z 68 PC: 1422c | I/O control for devices (Set for = '')
2018-12-17T22:52:34.554065703Z 53 PC: 13330 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:52:34.555810945Z 37 PC: 1334c | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:52:34.557589269Z 48 PC: 13e42 | Get DOS version
2018-12-17T22:52:34.560464163Z 61 PC: 13c80 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:52:34.568241814Z 63 PC: 13d53 | Read file or device (Read 6640 bytes on handle 5)
2018-12-17T22:52:34.57722017Z 62 PC: 13cd0 | Close file
2018-12-17T22:52:34.588410395Z 26 PC: 132cf | Set disk transfer address
2018-12-17T22:52:34.589394901Z 78 PC: 132db | Find first file
2018-12-17T22:52:34.593815737Z 26 PC: 132f3 | Set disk transfer address
2018-12-17T22:52:34.595187438Z 79 PC: 132f8 | Find next file
2018-12-17T22:52:34.600449658Z 26 PC: 132f3 | Set disk transfer address
2018-12-17T22:52:34.602333017Z 79 PC: 132f8 | Find next file
2018-12-17T22:52:34.607506178Z 26 PC: 132f3 | Set disk transfer address
2018-12-17T22:52:34.609188124Z 79 PC: 132f8 | Find next file
2018-12-17T22:52:34.613077931Z 26 PC: 132f3 | Set disk transfer address
2018-12-17T22:52:34.61570509Z 79 PC: 132f8 | Find next file
2018-12-17T22:52:34.618569964Z 26 PC: 132f3 | Set disk transfer address
2018-12-17T22:52:34.619852315Z 79 PC: 132f8 | Find next file
2018-12-17T22:52:34.623343198Z 26 PC: 132f3 | Set disk transfer address
2018-12-17T22:52:34.624616137Z 79 PC: 132f8 | Find next file
2018-12-17T22:52:34.62695132Z 26 PC: 132f3 | Set disk transfer address
2018-12-17T22:52:34.627960402Z 79 PC: 132f8 | Find next file
2018-12-17T22:52:34.630589166Z 26 PC: 132f3 | Set disk transfer address
2018-12-17T22:52:34.631764767Z 79 PC: 132f8 | Find next file
2018-12-17T22:52:34.634236913Z 26 PC: 132f3 | Set disk transfer address
2018-12-17T22:52:34.636054676Z 79 PC: 132f8 | Find next file
2018-12-17T22:52:34.638179329Z 26 PC: 132f3 | Set disk transfer address
2018-12-17T22:52:34.639363157Z 79 PC: 132f8 | Find next file
2018-12-17T22:52:34.642687269Z 26 PC: 132f3 | Set disk transfer address
2018-12-17T22:52:34.643617859Z 79 PC: 132f8 | Find next file
2018-12-17T22:52:34.645931087Z 26 PC: 132f3 | Set disk transfer address
2018-12-17T22:52:34.647326172Z 79 PC: 132f8 | Find next file
2018-12-17T22:52:34.650870984Z 26 PC: 132f3 | Set disk transfer address
2018-12-17T22:52:34.652192729Z 79 PC: 132f8 | Find next file
2018-12-17T22:52:34.656290744Z 26 PC: 132f3 | Set disk transfer address
2018-12-17T22:52:34.657161673Z 79 PC: 132f8 | Find next file
2018-12-17T22:52:34.660624416Z 67 PC: 13258 | Get or set file attributes
2018-12-17T22:52:34.675300586Z 61 PC: 13c80 | Open file (Filename = '\TEST.EXE')
2018-12-17T22:52:34.680854696Z 66 PC: 13db2 | Move file pointer
2018-12-17T22:52:34.682522169Z 63 PC: 13d53 | Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:52:34.686829884Z 66 PC: 13db2 | Move file pointer
2018-12-17T22:52:34.68841786Z 63 PC: 13d53 | Read file or device (Read 6640 bytes on handle 5)
2018-12-17T22:52:34.697148538Z 66 PC: 13db2 | Move file pointer
2018-12-17T22:52:34.699750365Z 64 PC: 13d53 | Write file or device (Write 6640 bytes on handle 5)
2018-12-17T22:52:34.708641821Z 64 PC: 13d53 | Write file or device (Write 8 bytes on handle 5)
2018-12-17T22:52:34.71106197Z 66 PC: 13db2 | Move file pointer
2018-12-17T22:52:34.712589629Z 64 PC: 13d53 | Write file or device (Write 6640 bytes on handle 5)
2018-12-17T22:52:34.718318513Z 87 PC: 1329f | Get or set file date and time
2018-12-17T22:52:34.719550461Z 67 PC: 13258 | Get or set file attributes
2018-12-17T22:52:34.727283716Z 62 PC: 13cd0 | Close file
2018-12-17T22:52:34.734764044Z 26 PC: 132f3 | Set disk transfer address
2018-12-17T22:52:34.736477647Z 79 PC: 132f8 | Find next file
2018-12-17T22:52:34.739431336Z 44 PC: 131ed | Get time 0x131ed: xor ah, ah
0x131ef: mov al, dl
0x131f1: les di, ptr [bp + 6]
0x131f4: stosw word ptr es:[di], ax
0x131f5: mov al, dh
0x131f7: les di, ptr [bp + 0xa]
0x131fa: stosw word ptr es:[di], ax
0x131fb: mov al, cl
0x131fd: les di, ptr [bp + 0xe]
0x13200: stosw word ptr es:[di], ax
0x13201: mov al, ch
0x13203: les di, ptr [bp + 0x12]
0x13206: stosw word ptr es:[di], ax
0x13207: pop bp
0x13208: retf 0x10
0x1320b: push bp
0x1320c: mov bp, sp
0x1320e: mov ch, byte ptr [bp + 0xc]
0x13211: mov cl, byte ptr [bp + 0xa]
0x13214: mov dh, byte ptr [bp + 8]
2018-12-17T22:52:34.741884011Z 42 PC: 131b7 | Get date 0x131b7: xor ah, ah
0x131b9: les di, ptr [bp + 6]
0x131bc: stosw word ptr es:[di], ax
0x131bd: mov al, dl
0x131bf: les di, ptr [bp + 0xa]
0x131c2: stosw word ptr es:[di], ax
0x131c3: mov al, dh
0x131c5: les di, ptr [bp + 0xe]
0x131c8: stosw word ptr es:[di], ax
0x131c9: xchg ax, cx
0x131ca: les di, ptr [bp + 0x12]
0x131cd: stosw word ptr es:[di], ax
0x131ce: pop bp
0x131cf: retf 0x10
0x131d2: push bp
0x131d3: mov bp, sp
0x131d5: mov cx, word ptr [bp + 0xa]
0x131d8: mov dh, byte ptr [bp + 8]
0x131db: mov dl, byte ptr [bp + 6]
0x131de: mov ah, 0x2b
2018-12-17T22:52:34.744344484Z 37 PC: 1334c | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:52:34.745846094Z 26 PC: 132cf | Set disk transfer address
2018-12-17T22:52:34.748147146Z 78 PC: 132db | Find first file
2018-12-17T22:52:34.756535116Z 67 PC: 13258 | Get or set file attributes
2018-12-17T22:52:34.767995784Z 61 PC: 13c80 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:52:34.776523691Z 66 PC: 1432b | Move file pointer
2018-12-17T22:52:34.778801247Z 66 PC: 14339 | Move file pointer
2018-12-17T22:52:34.780866842Z 66 PC: 14347 | Move file pointer
2018-12-17T22:52:34.783466537Z 66 PC: 13db2 | Move file pointer
2018-12-17T22:52:34.785409306Z 63 PC: 13d53 | Read file or device (Read 6640 bytes on handle 5)
2018-12-17T22:52:34.793865619Z 66 PC: 13db2 | Move file pointer
2018-12-17T22:52:34.796207556Z 64 PC: 13cb1 | Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:52:34.805403404Z 66 PC: 13db2 | Move file pointer
2018-12-17T22:52:34.807207564Z 64 PC: 13d53 | Write file or device (Write 6640 bytes on handle 5)
2018-12-17T22:52:34.816862071Z 87 PC: 1329f | Get or set file date and time
2018-12-17T22:52:34.818944237Z 67 PC: 13258 | Get or set file attributes
2018-12-17T22:52:34.831374134Z 62 PC: 13cd0 | Close file
2018-12-17T22:52:34.839513384Z 53 PC: 13535 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:52:34.842235645Z 37 PC: 1353e | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:52:34.843985937Z 53 PC: 13535 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:52:34.845733012Z 37 PC: 1353e | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:52:34.848566313Z 53 PC: 13535 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:52:34.850338424Z 37 PC: 1353e | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:52:34.852064291Z 53 PC: 13535 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:52:34.85477277Z 37 PC: 1353e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:52:34.856758999Z 53 PC: 13535 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:52:34.85859142Z 37 PC: 1353e | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:52:34.860790952Z 53 PC: 13535 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:34.862863671Z 37 PC: 1353e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:34.864550152Z 53 PC: 13535 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:52:34.866941275Z 37 PC: 1353e | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:52:34.868540095Z 53 PC: 13535 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:52:34.870293325Z 37 PC: 1353e | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:52:34.872347293Z 53 PC: 13535 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:52:34.873983877Z 37 PC: 1353e | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:52:34.87528508Z 53 PC: 13535 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:52:34.877147316Z 37 PC: 1353e | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:52:34.878967011Z 53 PC: 13535 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:52:34.880617857Z 37 PC: 1353e | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:52:34.882247337Z 53 PC: 13535 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:52:34.884950933Z 37 PC: 1353e | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:52:34.886567821Z 53 PC: 13535 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:52:34.888212558Z 37 PC: 1353e | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:52:34.89055353Z 53 PC: 13535 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:52:34.89210532Z 37 PC: 1353e | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:52:34.893407281Z 53 PC: 13535 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:52:34.897000617Z 37 PC: 1353e | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:52:34.89833466Z 53 PC: 13535 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:52:34.899801218Z 37 PC: 1353e | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:52:34.901931748Z 53 PC: 13535 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:52:34.903424035Z 37 PC: 1353e | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:52:34.904657691Z 53 PC: 13535 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:52:34.905774146Z 37 PC: 1353e | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:52:34.907437752Z 53 PC: 13535 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:52:34.908490076Z 37 PC: 1353e | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:52:34.909925773Z 41 PC: 13484 | Parse filename
2018-12-17T22:52:34.911395715Z 41 PC: 13492 | Parse filename
2018-12-17T22:52:34.912841762Z 75 PC: 1349d | Execute program
2018-12-17T22:52:34.934494085Z 80 PC: 19b59 | Set current PSP
2018-12-17T22:52:34.936845956Z 48 PC: 19b5e | Get DOS version
2018-12-17T22:52:34.939001366Z 99 PC: 20340 | Get DBCS lead byte table pointer
2018-12-17T22:52:34.942324894Z 101 PC: 19be4 | Get extended country info
2018-12-17T22:52:34.945399615Z 99 PC: 19bea | Get DBCS lead byte table pointer
2018-12-17T22:52:34.947354598Z 74 PC: 19c4c | Reallocate memory
2018-12-17T22:52:34.949378441Z 25 PC: 19c83 | Get default drive
2018-12-17T22:52:34.952197446Z 37 PC: 19743 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:52:34.953928951Z 37 PC: 1974a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:52:34.955613345Z 37 PC: 19751 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:34.960172187Z 74 PC: 188ec | Reallocate memory
2018-12-17T22:52:34.962117854Z 72 PC: 1892d | Allocate memory
2018-12-17T22:52:34.964342947Z 72 PC: 18965 | Allocate memory
2018-12-17T22:52:34.966666416Z 72 PC: 1896d | Allocate memory