Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Hung.4949

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:54:00.279390925Z 53 PC: 132ba | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:00.281097615Z 53 PC: 132ba | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:00.283108371Z 53 PC: 132ba | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:00.284442165Z 53 PC: 132ba | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:00.285779769Z 53 PC: 132ba | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:00.288059754Z 53 PC: 132ba | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:00.289687596Z 53 PC: 132ba | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:00.291299545Z 53 PC: 132ba | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:00.294023293Z 53 PC: 132ba | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:00.295422347Z 53 PC: 132ba | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:00.296758247Z 53 PC: 132ba | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:00.299006638Z 53 PC: 132ba | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:00.30074865Z 53 PC: 132ba | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:00.302460347Z 53 PC: 132ba | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:00.304641388Z 53 PC: 132ba | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:00.307347727Z 53 PC: 132ba | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:00.308993508Z 53 PC: 132ba | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:00.310658046Z 53 PC: 132ba | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:00.313105869Z 53 PC: 132ba | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:00.31529525Z 37 PC: 132cf | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:00.316533456Z 37 PC: 132d7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:00.325969244Z 37 PC: 132df | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:00.327910234Z 37 PC: 132e7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:00.329652959Z 68 PC: 13b45 | I/O control for devices (Set for = '')
2018-12-17T22:54:00.332067965Z 44 PC: 130b3 | Get time 0x130b3: mov byte ptr [0x56], ch
0x130b7: mov di, 0x58
0x130ba: push ds
0x130bb: push di
0x130bc: call 0x22a40
0x130bf: cmp byte ptr [0x56], 0xc
0x130c4: jne 0x130d9
0x130c6: mov ah, 0x40
0x130c8: mov bx, 1
0x130cb: lea dx, word ptr [0x58]
0x130cf: mov cx, 0x1a
0x130d2: int 0x21
0x130d4: mov byte ptr [0x32e], 1
0x130d9: push ax
0x130da: in al, 0x21
0x130dc: or al, 3
0x130de: out 0x21, al
0x130e0: pop ax
0x130e1: call 0x22be3
0x130e4: call 0x2301b
2018-12-17T22:54:00.335167116Z 48 PC: 13870 | Get DOS version
2018-12-17T22:54:00.336811938Z 48 PC: 13870 | Get DOS version
2018-12-17T22:54:00.338516103Z 61 PC: 13722 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:54:00.346580461Z 63 PC: 137f5 | Read file or device (Read 4944 bytes on handle 5)
2018-12-17T22:54:00.354517158Z 62 PC: 13772 | Close file
2018-12-17T22:54:00.356744911Z 26 PC: 13135 | Set disk transfer address
2018-12-17T22:54:00.358895965Z 78 PC: 13141 | Find first file
2018-12-17T22:54:00.365889474Z 26 PC: 13159 | Set disk transfer address
2018-12-17T22:54:00.367187838Z 79 PC: 1315e | Find next file
2018-12-17T22:54:00.370481823Z 48 PC: 13870 | Get DOS version
2018-12-17T22:54:00.372095077Z 26 PC: 13135 | Set disk transfer address
2018-12-17T22:54:00.37340067Z 78 PC: 13141 | Find first file
2018-12-17T22:54:00.380495382Z 48 PC: 13870 | Get DOS version
2018-12-17T22:54:00.38218371Z 67 PC: 12cee | Get or set file attributes
2018-12-17T22:54:00.38665509Z 61 PC: 13722 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:54:00.39520358Z 66 PC: 13854 | Move file pointer
2018-12-17T22:54:00.396902783Z 63 PC: 137f5 | Read file or device (Read 4944 bytes on handle 5)
2018-12-17T22:54:00.398900705Z 66 PC: 13854 | Move file pointer
2018-12-17T22:54:00.401262204Z 64 PC: 13753 | Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:54:00.403470683Z 66 PC: 13854 | Move file pointer
2018-12-17T22:54:00.405367375Z 64 PC: 137f5 | Write file or device (Write 4944 bytes on handle 5)
2018-12-17T22:54:00.422284204Z 62 PC: 13772 | Close file
2018-12-17T22:54:00.430789834Z 53 PC: 13236 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:00.432127413Z 37 PC: 1323f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:00.433624845Z 53 PC: 13236 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:00.435287772Z 37 PC: 1323f | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:00.436590569Z 53 PC: 13236 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:00.437962752Z 37 PC: 1323f | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:00.440085862Z 53 PC: 13236 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:00.441583823Z 37 PC: 1323f | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:00.443137787Z 53 PC: 13236 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:00.445148858Z 37 PC: 1323f | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:00.446689639Z 53 PC: 13236 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:00.448266283Z 37 PC: 1323f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:00.450306933Z 53 PC: 13236 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:00.451819642Z 37 PC: 1323f | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:00.453468779Z 53 PC: 13236 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:00.455532709Z 37 PC: 1323f | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:00.457305412Z 53 PC: 13236 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:00.458977111Z 37 PC: 1323f | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:00.461322268Z 53 PC: 13236 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:00.463268125Z 37 PC: 1323f | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:00.464897034Z 53 PC: 13236 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:00.467240739Z 37 PC: 1323f | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:00.469148867Z 53 PC: 13236 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:00.470799768Z 37 PC: 1323f | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:00.472432022Z 53 PC: 13236 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:00.475026673Z 37 PC: 1323f | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:00.476656231Z 53 PC: 13236 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:00.478311631Z 37 PC: 1323f | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:00.480095336Z 53 PC: 13236 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:00.481314049Z 37 PC: 1323f | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:00.482532948Z 53 PC: 13236 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:00.484470513Z 37 PC: 1323f | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:00.485721285Z 53 PC: 13236 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:00.487196917Z 37 PC: 1323f | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:00.490299236Z 53 PC: 13236 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:00.492771258Z 37 PC: 1323f | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:00.494320177Z 53 PC: 13236 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:00.496089709Z 37 PC: 1323f | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:00.498576384Z 41 PC: 131ed | Parse filename
2018-12-17T22:54:00.500398223Z 41 PC: 131fb | Parse filename
2018-12-17T22:54:00.502219293Z 75 PC: 13206 | Execute program
2018-12-17T22:54:00.661707978Z 53 PC: 13236 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:00.66333122Z 37 PC: 1323f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:00.664893812Z 53 PC: 13236 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:00.667259821Z 37 PC: 1323f | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:00.668611198Z 53 PC: 13236 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:00.669929463Z 37 PC: 1323f | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:00.671892007Z 53 PC: 13236 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:00.673227724Z 37 PC: 1323f | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:00.674501146Z 53 PC: 13236 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:00.675973643Z 37 PC: 1323f | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:00.677976894Z 53 PC: 13236 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:00.679271222Z 37 PC: 1323f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:00.680597859Z 53 PC: 13236 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:00.682899217Z 37 PC: 1323f | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:00.684204545Z 53 PC: 13236 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:00.685494283Z 37 PC: 1323f | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:00.68771729Z 53 PC: 13236 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:00.689038564Z 37 PC: 1323f | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:00.690322134Z 53 PC: 13236 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:00.692584709Z 37 PC: 1323f | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:00.693943697Z 53 PC: 13236 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:00.695665017Z 37 PC: 1323f | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:00.697475097Z 53 PC: 13236 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:00.69985059Z 37 PC: 1323f | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:00.701396577Z 53 PC: 13236 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:00.702969553Z 37 PC: 1323f | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:00.705425257Z 53 PC: 13236 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:00.707035738Z 37 PC: 1323f | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:00.708586146Z 53 PC: 13236 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:00.711144302Z 37 PC: 1323f | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:00.712714718Z 53 PC: 13236 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:00.714317815Z 37 PC: 1323f | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:00.716606914Z 53 PC: 13236 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:00.718507049Z 37 PC: 1323f | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:00.720041309Z 53 PC: 13236 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:00.721822839Z 37 PC: 1323f | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:00.724164968Z 53 PC: 13236 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:00.725727184Z 37 PC: 1323f | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:00.72734859Z 48 PC: 13870 | Get DOS version
2018-12-17T22:54:00.730245539Z 61 PC: 13722 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:54:00.738005272Z 64 PC: 137f5 | Write file or device (Write 4944 bytes on handle 5)
2018-12-17T22:54:00.747665391Z 66 PC: 13854 | Move file pointer
2018-12-17T22:54:00.750571116Z 64 PC: 137f5 | Write file or device (Write 4944 bytes on handle 5)
2018-12-17T22:54:00.753638093Z 66 PC: 13854 | Move file pointer
2018-12-17T22:54:00.755545291Z 64 PC: 137f5 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:54:00.759580859Z 62 PC: 13772 | Close file
2018-12-17T22:54:00.768901581Z 64 PC: 1367d | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:54:00.771185079Z 37 PC: 13411 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:00.773631097Z 37 PC: 13411 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:00.775003716Z 37 PC: 13411 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:00.776303186Z 37 PC: 13411 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:00.778134362Z 37 PC: 13411 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:00.779450122Z 37 PC: 13411 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:00.780719076Z 37 PC: 13411 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:00.782197657Z 37 PC: 13411 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:00.784180465Z 37 PC: 13411 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:00.785453091Z 37 PC: 13411 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:00.786729416Z 37 PC: 13411 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:00.788655082Z 37 PC: 13411 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:00.789845883Z 37 PC: 13411 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:00.791142304Z 37 PC: 13411 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:00.793646507Z 37 PC: 13411 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:00.794953326Z 37 PC: 13411 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:00.796242821Z 37 PC: 13411 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:00.799016524Z 37 PC: 13411 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:00.800594431Z 37 PC: 13411 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:00.802199402Z 76 PC: 13450 | Terminate with return code (Return code = '0')