Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Ilse.7616

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:54:32.531060001Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:32.532663262Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:32.535557108Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:32.537480781Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:32.539577009Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:32.541685669Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:32.543117068Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:32.544607829Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:32.546757837Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:32.548667044Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:32.550583393Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:32.55287658Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:32.554689716Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:32.5562836Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:32.558697104Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:32.560318499Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:32.561992384Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:32.564138074Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:32.566030338Z	53	PC: 1364a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:32.567714271Z	37	PC: 1365f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:32.569672289Z	37	PC: 13667 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:32.571876259Z	37	PC: 1366f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:32.573092644Z	37	PC: 13677 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:32.574799109Z	68	PC: 14402 \| I/O control for devices (Set for = 'u(�&蘿�� &o��&`��a� �&}��~��&��@��o�@�`�@�a��}�@�~� ø��Q��\')
2018-12-17T22:54:32.581807052Z	53	PC: 132c8 \| Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:54:32.583685221Z	37	PC: 132cf \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:54:32.585350178Z	37	PC: 132d3 \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:54:32.588179142Z	48	PC: 13f32 \| Get DOS version
2018-12-17T22:54:32.590693615Z	61	PC: 13d70 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:54:32.598470233Z	87	PC: 133d0 \| Get or set file date and time
2018-12-17T22:54:32.601725487Z	60	PC: 13d70 \| Create or truncate file
2018-12-17T22:54:32.62224983Z	66	PC: 13ea2 \| Move file pointer
2018-12-17T22:54:32.625445442Z	63	PC: 13e43 \| Read file or device (Read 8192 bytes on handle 5)
2018-12-17T22:54:32.629999336Z	66	PC: 14501 \| Move file pointer
2018-12-17T22:54:32.632448256Z	66	PC: 1450f \| Move file pointer
2018-12-17T22:54:32.634282793Z	66	PC: 1451d \| Move file pointer
2018-12-17T22:54:32.637876152Z	62	PC: 13dc0 \| Close file
2018-12-17T22:54:32.639831725Z	87	PC: 133fd \| Get or set file date and time
2018-12-17T22:54:32.641466456Z	62	PC: 13dc0 \| Close file
2018-12-17T22:54:32.650308434Z	67	PC: 1338f \| Get or set file attributes
2018-12-17T22:54:32.65783928Z	61	PC: 13d70 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:54:32.666425679Z	87	PC: 133d0 \| Get or set file date and time
2018-12-17T22:54:32.669035961Z	63	PC: 13e43 \| Read file or device (Read 7616 bytes on handle 5)
2018-12-17T22:54:32.678758895Z	66	PC: 13ea2 \| Move file pointer
2018-12-17T22:54:32.680526936Z	64	PC: 13e43 \| Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:54:32.684095069Z	87	PC: 133fd \| Get or set file date and time
2018-12-17T22:54:32.687036854Z	62	PC: 13dc0 \| Close file
2018-12-17T22:54:32.695502025Z	67	PC: 133b6 \| Get or set file attributes
2018-12-17T22:54:32.707745292Z	26	PC: 1342d \| Set disk transfer address
2018-12-17T22:54:32.709926078Z	78	PC: 13439 \| Find first file
2018-12-17T22:54:32.723775754Z	61	PC: 13d70 \| Open file (Filename = 'C:\DOS\EDIT.COM')
2018-12-17T22:54:32.733562126Z	63	PC: 13e43 \| Read file or device (Read 27 bytes on handle 5)
2018-12-17T22:54:32.742271556Z	62	PC: 13dc0 \| Close file
2018-12-17T22:54:32.745877379Z	60	PC: 13d70 \| Create or truncate file
2018-12-17T22:54:33.090012574Z	67	PC: 1338f \| Get or set file attributes
2018-12-17T22:54:33.097910981Z	61	PC: 13d70 \| Open file (Filename = 'C:\DOS\EDIT.COM')
2018-12-17T22:54:33.10576845Z	87	PC: 133d0 \| Get or set file date and time
2018-12-17T22:54:33.107773386Z	64	PC: 13e43 \| Write file or device (Write 7616 bytes on handle 5)
2018-12-17T22:54:33.119267336Z	63	PC: 13e43 \| Read file or device (Read 8192 bytes on handle 6)
2018-12-17T22:54:33.123557204Z	64	PC: 13e43 \| Write file or device (Write 413 bytes on handle 5)
2018-12-17T22:54:33.131758179Z	66	PC: 14501 \| Move file pointer
2018-12-17T22:54:33.133618303Z	66	PC: 1450f \| Move file pointer
2018-12-17T22:54:33.136412231Z	66	PC: 1451d \| Move file pointer
2018-12-17T22:54:33.138294366Z	62	PC: 13dc0 \| Close file
2018-12-17T22:54:33.140549953Z	87	PC: 133fd \| Get or set file date and time
2018-12-17T22:54:33.143566439Z	62	PC: 13dc0 \| Close file
2018-12-17T22:54:33.151342315Z	65	PC: 13eb9 \| Delete file (Filename = 'C:\DOS\EDIT.COM')
2018-12-17T22:54:33.163587927Z	86	PC: 13efd \| Rename file
2018-12-17T22:54:33.176534706Z	67	PC: 133b6 \| Get or set file attributes
2018-12-17T22:54:33.187970767Z	26	PC: 13451 \| Set disk transfer address
2018-12-17T22:54:33.189253156Z	79	PC: 13456 \| Find next file
2018-12-17T22:54:33.19425444Z	61	PC: 13d70 \| Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-17T22:54:33.203259014Z	63	PC: 13e43 \| Read file or device (Read 27 bytes on handle 5)
2018-12-17T22:54:33.209485008Z	62	PC: 13dc0 \| Close file
2018-12-17T22:54:33.212498509Z	60	PC: 13d70 \| Create or truncate file
2018-12-17T22:54:33.22855538Z	67	PC: 1338f \| Get or set file attributes
2018-12-17T22:54:33.236345253Z	61	PC: 13d70 \| Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-17T22:54:33.244209565Z	87	PC: 133d0 \| Get or set file date and time
2018-12-17T22:54:33.247608149Z	64	PC: 13e43 \| Write file or device (Write 7616 bytes on handle 5)
2018-12-17T22:54:33.262378332Z	63	PC: 13e43 \| Read file or device (Read 8192 bytes on handle 6)
2018-12-17T22:54:33.272171407Z	64	PC: 13e43 \| Write file or device (Write 8192 bytes on handle 5)
2018-12-17T22:54:33.283681127Z	66	PC: 14501 \| Move file pointer
2018-12-17T22:54:33.28644586Z	66	PC: 1450f \| Move file pointer
2018-12-17T22:54:33.290586719Z	66	PC: 1451d \| Move file pointer
2018-12-17T22:54:33.293605669Z	63	PC: 13e43 \| Read file or device (Read 8192 bytes on handle 6)
2018-12-17T22:54:33.306432533Z	64	PC: 13e43 \| Write file or device (Write 8192 bytes on handle 5)
2018-12-17T22:54:33.316791411Z	66	PC: 14501 \| Move file pointer
2018-12-17T22:54:33.319186931Z	66	PC: 1450f \| Move file pointer
2018-12-17T22:54:33.322448767Z	66	PC: 1451d \| Move file pointer
2018-12-17T22:54:33.324865006Z	63	PC: 13e43 \| Read file or device (Read 8192 bytes on handle 6)
2018-12-17T22:54:33.335138724Z	64	PC: 13e43 \| Write file or device (Write 6590 bytes on handle 5)
2018-12-17T22:54:33.345908985Z	66	PC: 14501 \| Move file pointer
2018-12-17T22:54:33.348287202Z	66	PC: 1450f \| Move file pointer
2018-12-17T22:54:33.350415319Z	66	PC: 1451d \| Move file pointer
2018-12-17T22:54:33.353296982Z	62	PC: 13dc0 \| Close file
2018-12-17T22:54:33.356294062Z	87	PC: 133fd \| Get or set file date and time
2018-12-17T22:54:33.358571119Z	62	PC: 13dc0 \| Close file
2018-12-17T22:54:33.36776033Z	65	PC: 13eb9 \| Delete file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-17T22:54:33.381513203Z	86	PC: 13efd \| Rename file
2018-12-17T22:54:33.394251841Z	67	PC: 133b6 \| Get or set file attributes
2018-12-17T22:54:33.405838505Z	26	PC: 13451 \| Set disk transfer address
2018-12-17T22:54:33.409202674Z	79	PC: 13456 \| Find next file
2018-12-17T22:54:33.413721432Z	26	PC: 1342d \| Set disk transfer address
2018-12-17T22:54:33.416022885Z	78	PC: 13439 \| Find first file
2018-12-17T22:54:33.424829827Z	41	PC: 135b7 \| Parse filename
2018-12-17T22:54:33.427412509Z	41	PC: 135c5 \| Parse filename
2018-12-17T22:54:33.429619886Z	75	PC: 135d0 \| Execute program
2018-12-17T22:54:33.440697893Z	65	PC: 13eb9 \| Delete file (Filename = 'A:\mslse.fer')
2018-12-17T22:54:33.454400342Z	64	PC: 13ccb \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:54:33.457218736Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:33.459066317Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:33.461524314Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:33.463128848Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:33.464708855Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:33.467223599Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:33.468747061Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:33.471668799Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:33.474071993Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:33.475984024Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:33.477564834Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:33.479937681Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:33.481916558Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:33.483500233Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:33.485300995Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:33.487482773Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:33.489132292Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:33.491313429Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:33.494072742Z	37	PC: 137a1 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:33.495641659Z	76	PC: 137e0 \| Terminate with return code (Return code = '0')