Sample viewer

vx.netlux.org/Virus.DOS.HLLW.Path.3785

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:53:16.158840763Z 53 PC: 1335a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:16.160532167Z 53 PC: 1335a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:53:16.162592549Z 53 PC: 1335a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:53:16.163950106Z 53 PC: 1335a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:53:16.165125687Z 53 PC: 1335a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:53:16.167069316Z 53 PC: 1335a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:53:16.168653896Z 53 PC: 1335a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:53:16.170310154Z 53 PC: 1335a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:53:16.173027413Z 53 PC: 1335a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:53:16.174493325Z 53 PC: 1335a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:53:16.175975602Z 53 PC: 1335a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:53:16.17895876Z 53 PC: 1335a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:53:16.182013528Z 53 PC: 1335a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:53:16.183821808Z 53 PC: 1335a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:53:16.186539176Z 53 PC: 1335a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:53:16.19127214Z 53 PC: 1335a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:53:16.192732552Z 53 PC: 1335a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:53:16.194163462Z 53 PC: 1335a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:53:16.196289742Z 53 PC: 1335a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:53:16.198898829Z 37 PC: 1336f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:16.200719746Z 37 PC: 13377 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:53:16.203815495Z 37 PC: 1337f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:53:16.205567345Z 37 PC: 13387 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:53:16.207393759Z 68 PC: 13a2b | I/O control for devices (Set for = '�����������r�U=��t�SE�#���g��AEþ�')
2018-12-17T22:53:16.210209282Z 48 PC: 13751 | Get DOS version
2018-12-17T22:53:16.212625324Z 67 PC: 1311a | Get or set file attributes
2018-12-17T22:53:16.220639817Z 26 PC: 13097 | Set disk transfer address
2018-12-17T22:53:16.223694968Z 78 PC: 130a3 | Find first file
2018-12-17T22:53:16.231383698Z 44 PC: 13b62 | Get time 0x13b62: mov word ptr [0x3e], cx
0x13b66: mov word ptr [0x40], dx
0x13b6a: retf
0x13b6b: mov di, 0x50
0x13b6e: push ds
0x13b6f: pop es
0x13b70: mov cx, 0x380
0x13b73: sub cx, di
0x13b75: shr cx, 1
0x13b77: xor ax, ax
0x13b79: cld
0x13b7a: rep stosd dword ptr es:[di], eax
0x13b7c: ret
0x13b7d: add byte ptr [bx + si], al
0x13b7f: add byte ptr [bx + si], al
0x13b81: add byte ptr [bx + si], al
0x13b83: add byte ptr [bx + si], al
0x13b85: add byte ptr [bx + si], al
0x13b87: add byte ptr [bx + si], al
0x13b89: add dl, dl
2018-12-17T22:53:16.234918991Z 26 PC: 13097 | Set disk transfer address
2018-12-17T22:53:16.250204175Z 78 PC: 130a3 | Find first file
2018-12-17T22:53:16.258381365Z 26 PC: 13097 | Set disk transfer address
2018-12-17T22:53:16.259732723Z 78 PC: 130a3 | Find first file
2018-12-17T22:53:16.267495467Z 26 PC: 13097 | Set disk transfer address
2018-12-17T22:53:16.269722978Z 78 PC: 130a3 | Find first file
2018-12-17T22:53:16.277718191Z 53 PC: 132d3 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:16.279696463Z 37 PC: 132dc | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:16.299044209Z 53 PC: 132d3 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:53:16.301583841Z 37 PC: 132dc | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:53:16.303829883Z 53 PC: 132d3 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:53:16.306633625Z 37 PC: 132dc | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:53:16.308471491Z 53 PC: 132d3 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:53:16.309799384Z 37 PC: 132dc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:53:16.312147388Z 53 PC: 132d3 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:53:16.314327732Z 37 PC: 132dc | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:53:16.316370464Z 53 PC: 132d3 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:53:16.319870296Z 37 PC: 132dc | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:53:16.321325152Z 53 PC: 132d3 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:53:16.32270551Z 37 PC: 132dc | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:53:16.3254977Z 53 PC: 132d3 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:53:16.327192469Z 37 PC: 132dc | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:53:16.328881445Z 53 PC: 132d3 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:53:16.330622878Z 37 PC: 132dc | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:53:16.332964396Z 53 PC: 132d3 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:53:16.334662549Z 37 PC: 132dc | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:53:16.336324906Z 53 PC: 132d3 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:53:16.340849642Z 37 PC: 132dc | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:53:16.342609125Z 53 PC: 132d3 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:53:16.344377332Z 37 PC: 132dc | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:53:16.347567451Z 53 PC: 132d3 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:53:16.349290445Z 37 PC: 132dc | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:53:16.35078781Z 53 PC: 132d3 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:53:16.352598828Z 37 PC: 132dc | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:53:16.355321579Z 53 PC: 132d3 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:53:16.357634494Z 37 PC: 132dc | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:53:16.360654538Z 53 PC: 132d3 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:53:16.362557531Z 37 PC: 132dc | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:53:16.364742855Z 53 PC: 132d3 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:53:16.366629489Z 37 PC: 132dc | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:53:16.370525322Z 53 PC: 132d3 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:53:16.372857722Z 37 PC: 132dc | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:53:16.374693393Z 53 PC: 132d3 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:53:16.376966199Z 37 PC: 132dc | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:53:16.379915059Z 41 PC: 1328a | Parse filename
2018-12-17T22:53:16.38177147Z 41 PC: 13298 | Parse filename
2018-12-17T22:53:16.384871657Z 75 PC: 132a3 | Execute program
2018-12-17T22:53:16.404545896Z 80 PC: 1cec9 | Set current PSP
2018-12-17T22:53:16.405891566Z 48 PC: 1cece | Get DOS version
2018-12-17T22:53:16.409067804Z 99 PC: 236b0 | Get DBCS lead byte table pointer
2018-12-17T22:53:16.41205341Z 101 PC: 1cf54 | Get extended country info
2018-12-17T22:53:16.414347633Z 99 PC: 1cf5a | Get DBCS lead byte table pointer
2018-12-17T22:53:16.416083598Z 74 PC: 1cfbc | Reallocate memory
2018-12-17T22:53:16.418959284Z 25 PC: 1cff3 | Get default drive
2018-12-17T22:53:16.42062498Z 37 PC: 1cab3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:53:16.422155686Z 37 PC: 1caba | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:53:16.424981216Z 37 PC: 1cac1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:53:16.429985554Z 74 PC: 1bc5c | Reallocate memory
2018-12-17T22:53:16.431252304Z 72 PC: 1bc9d | Allocate memory
2018-12-17T22:53:16.433340198Z 72 PC: 1bcd5 | Allocate memory
2018-12-17T22:53:16.434820047Z 72 PC: 1bcdd | Allocate memory