Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Inna.6648

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:54:21.86656299Z 53 PC: 135f2 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:21.874988705Z 53 PC: 135f2 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:21.876373847Z 53 PC: 135f2 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:21.877684615Z 53 PC: 135f2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:21.882041037Z 53 PC: 135f2 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:21.883429956Z 53 PC: 135f2 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:21.88487692Z 53 PC: 135f2 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:21.887311095Z 53 PC: 135f2 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:21.888826417Z 53 PC: 135f2 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:21.890785412Z 53 PC: 135f2 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:21.892528973Z 53 PC: 135f2 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:21.894894219Z 53 PC: 135f2 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:21.897191478Z 53 PC: 135f2 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:21.899483393Z 53 PC: 135f2 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:21.901873693Z 53 PC: 135f2 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:21.903487188Z 53 PC: 135f2 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:21.905628075Z 53 PC: 135f2 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:21.917331534Z 53 PC: 135f2 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:21.919886337Z 53 PC: 135f2 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:21.922544134Z 37 PC: 13607 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:21.925258186Z 37 PC: 1360f | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:21.927931277Z 37 PC: 13617 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:21.930433638Z 37 PC: 1361f | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:21.933886397Z 68 PC: 1398f | I/O control for devices (Set for = '')
2018-12-17T22:54:21.936552486Z 53 PC: 133db | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:54:21.938156961Z 37 PC: 133f7 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:54:21.940255252Z 48 PC: 141ba | Get DOS version
2018-12-17T22:54:21.942392734Z 61 PC: 13f7a | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:54:21.950215756Z 63 PC: 1404d | Read file or device (Read 6640 bytes on handle 5)
2018-12-17T22:54:21.960028791Z 62 PC: 13fca | Close file
2018-12-17T22:54:21.962556708Z 26 PC: 1337b | Set disk transfer address
2018-12-17T22:54:21.963911657Z 78 PC: 13387 | Find first file
2018-12-17T22:54:21.970518799Z 26 PC: 1339f | Set disk transfer address
2018-12-17T22:54:21.971836981Z 79 PC: 133a4 | Find next file
2018-12-17T22:54:21.975508693Z 26 PC: 1339f | Set disk transfer address
2018-12-17T22:54:21.97691025Z 79 PC: 133a4 | Find next file
2018-12-17T22:54:21.981361669Z 26 PC: 1339f | Set disk transfer address
2018-12-17T22:54:21.983140156Z 79 PC: 133a4 | Find next file
2018-12-17T22:54:21.987227255Z 26 PC: 1339f | Set disk transfer address
2018-12-17T22:54:21.989613818Z 79 PC: 133a4 | Find next file
2018-12-17T22:54:21.993631637Z 26 PC: 1339f | Set disk transfer address
2018-12-17T22:54:21.995283595Z 79 PC: 133a4 | Find next file
2018-12-17T22:54:21.999551127Z 26 PC: 1339f | Set disk transfer address
2018-12-17T22:54:22.001014258Z 79 PC: 133a4 | Find next file
2018-12-17T22:54:22.005583258Z 26 PC: 1339f | Set disk transfer address
2018-12-17T22:54:22.007317533Z 79 PC: 133a4 | Find next file
2018-12-17T22:54:22.011022819Z 26 PC: 1339f | Set disk transfer address
2018-12-17T22:54:22.013416112Z 79 PC: 133a4 | Find next file
2018-12-17T22:54:22.017677576Z 26 PC: 1339f | Set disk transfer address
2018-12-17T22:54:22.018928183Z 79 PC: 133a4 | Find next file
2018-12-17T22:54:22.022635824Z 26 PC: 1339f | Set disk transfer address
2018-12-17T22:54:22.024620481Z 79 PC: 133a4 | Find next file
2018-12-17T22:54:22.028557999Z 26 PC: 1339f | Set disk transfer address
2018-12-17T22:54:22.030152305Z 79 PC: 133a4 | Find next file
2018-12-17T22:54:22.035159485Z 26 PC: 1339f | Set disk transfer address
2018-12-17T22:54:22.037163441Z 79 PC: 133a4 | Find next file
2018-12-17T22:54:22.041301423Z 26 PC: 1339f | Set disk transfer address
2018-12-17T22:54:22.04361205Z 79 PC: 133a4 | Find next file
2018-12-17T22:54:22.047282448Z 26 PC: 1339f | Set disk transfer address
2018-12-17T22:54:22.048576191Z 79 PC: 133a4 | Find next file
2018-12-17T22:54:22.05381125Z 67 PC: 13304 | Get or set file attributes
2018-12-17T22:54:22.07431705Z 61 PC: 13f7a | Open file (Filename = '\TEST.EXE')
2018-12-17T22:54:22.09500365Z 66 PC: 140ac | Move file pointer
2018-12-17T22:54:22.097807012Z 63 PC: 1404d | Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:54:22.10706101Z 87 PC: 1334b | Get or set file date and time
2018-12-17T22:54:22.10953965Z 67 PC: 13304 | Get or set file attributes
2018-12-17T22:54:22.121816262Z 62 PC: 13fca | Close file
2018-12-17T22:54:22.130510658Z 26 PC: 1339f | Set disk transfer address
2018-12-17T22:54:22.132400868Z 79 PC: 133a4 | Find next file
2018-12-17T22:54:22.136233864Z 44 PC: 13299 | Get time 0x13299: xor ah, ah
0x1329b: mov al, dl
0x1329d: les di, ptr [bp + 6]
0x132a0: stosw word ptr es:[di], ax
0x132a1: mov al, dh
0x132a3: les di, ptr [bp + 0xa]
0x132a6: stosw word ptr es:[di], ax
0x132a7: mov al, cl
0x132a9: les di, ptr [bp + 0xe]
0x132ac: stosw word ptr es:[di], ax
0x132ad: mov al, ch
0x132af: les di, ptr [bp + 0x12]
0x132b2: stosw word ptr es:[di], ax
0x132b3: pop bp
0x132b4: retf 0x10
0x132b7: push bp
0x132b8: mov bp, sp
0x132ba: mov ch, byte ptr [bp + 0xc]
0x132bd: mov cl, byte ptr [bp + 0xa]
0x132c0: mov dh, byte ptr [bp + 8]
2018-12-17T22:54:22.139826889Z 42 PC: 13263 | Get date 0x13263: xor ah, ah
0x13265: les di, ptr [bp + 6]
0x13268: stosw word ptr es:[di], ax
0x13269: mov al, dl
0x1326b: les di, ptr [bp + 0xa]
0x1326e: stosw word ptr es:[di], ax
0x1326f: mov al, dh
0x13271: les di, ptr [bp + 0xe]
0x13274: stosw word ptr es:[di], ax
0x13275: xchg ax, cx
0x13276: les di, ptr [bp + 0x12]
0x13279: stosw word ptr es:[di], ax
0x1327a: pop bp
0x1327b: retf 0x10
0x1327e: push bp
0x1327f: mov bp, sp
0x13281: mov cx, word ptr [bp + 0xa]
0x13284: mov dh, byte ptr [bp + 8]
0x13287: mov dl, byte ptr [bp + 6]
0x1328a: mov ah, 0x2b
2018-12-17T22:54:22.142842222Z 37 PC: 133f7 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:54:22.144718235Z 26 PC: 1337b | Set disk transfer address
2018-12-17T22:54:22.147315872Z 78 PC: 13387 | Find first file
2018-12-17T22:54:22.15473582Z 67 PC: 13304 | Get or set file attributes
2018-12-17T22:54:22.16699979Z 61 PC: 13f7a | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:54:22.175484937Z 66 PC: 14116 | Move file pointer
2018-12-17T22:54:22.177337545Z 66 PC: 14124 | Move file pointer
2018-12-17T22:54:22.179316355Z 66 PC: 14132 | Move file pointer
2018-12-17T22:54:22.182217366Z 66 PC: 140ac | Move file pointer
2018-12-17T22:54:22.184158479Z 63 PC: 1404d | Read file or device (Read 6640 bytes on handle 5)
2018-12-17T22:54:22.193001756Z 66 PC: 140ac | Move file pointer
2018-12-17T22:54:22.195799358Z 64 PC: 13fab | Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:54:22.204874396Z 66 PC: 140ac | Move file pointer
2018-12-17T22:54:22.206910333Z 64 PC: 1404d | Write file or device (Write 6640 bytes on handle 5)
2018-12-17T22:54:22.216921057Z 87 PC: 1334b | Get or set file date and time
2018-12-17T22:54:22.219440655Z 67 PC: 13304 | Get or set file attributes
2018-12-17T22:54:22.231898945Z 62 PC: 13fca | Close file
2018-12-17T22:54:22.240587705Z 53 PC: 1340d | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:22.242462022Z 37 PC: 13416 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:22.244126031Z 53 PC: 1340d | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:22.246605228Z 37 PC: 13416 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:22.248559458Z 53 PC: 1340d | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:22.250217701Z 37 PC: 13416 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:22.252028541Z 53 PC: 1340d | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:22.254461336Z 37 PC: 13416 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:22.256069036Z 53 PC: 1340d | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:22.257698226Z 37 PC: 13416 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:22.26023469Z 53 PC: 1340d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:22.261882836Z 37 PC: 13416 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:22.26350569Z 53 PC: 1340d | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:22.266164778Z 37 PC: 13416 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:22.267818508Z 53 PC: 1340d | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:22.269508516Z 37 PC: 13416 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:22.272101611Z 53 PC: 1340d | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:22.273775317Z 37 PC: 13416 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:22.27542056Z 53 PC: 1340d | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:22.277943291Z 37 PC: 13416 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:22.279809712Z 53 PC: 1340d | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:22.281417354Z 37 PC: 13416 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:22.283512926Z 53 PC: 1340d | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:22.285119321Z 37 PC: 13416 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:22.286698958Z 53 PC: 1340d | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:22.28883171Z 37 PC: 13416 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:22.290364692Z 53 PC: 1340d | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:22.292013978Z 37 PC: 13416 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:22.294387906Z 53 PC: 1340d | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:22.295857683Z 37 PC: 13416 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:22.297413883Z 53 PC: 1340d | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:22.300029773Z 37 PC: 13416 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:22.301667171Z 53 PC: 1340d | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:22.303316822Z 37 PC: 13416 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:22.305636247Z 53 PC: 1340d | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:22.307337233Z 37 PC: 13416 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:22.309005659Z 53 PC: 1340d | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:22.311295763Z 37 PC: 13416 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:22.313665913Z 41 PC: 13496 | Parse filename
2018-12-17T22:54:22.315557296Z 41 PC: 134a4 | Parse filename
2018-12-17T22:54:22.31821234Z 75 PC: 134af | Execute program
2018-12-17T22:54:22.342130887Z 80 PC: 19959 | Set current PSP
2018-12-17T22:54:22.343539425Z 48 PC: 1995e | Get DOS version
2018-12-17T22:54:22.346477411Z 99 PC: 20140 | Get DBCS lead byte table pointer
2018-12-17T22:54:22.350062266Z 101 PC: 199e4 | Get extended country info
2018-12-17T22:54:22.351878074Z 99 PC: 199ea | Get DBCS lead byte table pointer
2018-12-17T22:54:22.354470854Z 74 PC: 19a4c | Reallocate memory
2018-12-17T22:54:22.356627393Z 25 PC: 19a83 | Get default drive
2018-12-17T22:54:22.358284525Z 37 PC: 19543 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:54:22.360093588Z 37 PC: 1954a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:22.361948833Z 37 PC: 19551 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:22.366984827Z 74 PC: 186ec | Reallocate memory
2018-12-17T22:54:22.369169312Z 72 PC: 1872d | Allocate memory
2018-12-17T22:54:22.371785447Z 72 PC: 18765 | Allocate memory
2018-12-17T22:54:22.373877568Z 72 PC: 1876d | Allocate memory