Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Spice.17456

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:54:47.225983241Z 53 PC: 1529a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:47.227698732Z 53 PC: 1529a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:47.228902861Z 53 PC: 1529a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:47.23007986Z 53 PC: 1529a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:47.2319195Z 53 PC: 1529a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:47.233042267Z 53 PC: 1529a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:47.234713029Z 53 PC: 1529a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:47.236699973Z 53 PC: 1529a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:47.238172312Z 53 PC: 1529a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:47.239514782Z 53 PC: 1529a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:47.242281977Z 53 PC: 1529a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:47.24388368Z 53 PC: 1529a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:47.245359483Z 53 PC: 1529a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:47.247505901Z 53 PC: 1529a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:47.24920301Z 53 PC: 1529a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:47.250917312Z 53 PC: 1529a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:47.253518256Z 53 PC: 1529a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:47.255209584Z 53 PC: 1529a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:47.256757823Z 53 PC: 1529a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:47.258945986Z 37 PC: 152af | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:47.260204994Z 37 PC: 152b7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:47.261296191Z 37 PC: 152bf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:47.263259129Z 37 PC: 152c7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:47.264895764Z 68 PC: 15f0c | I/O control for devices (Set for = '')
2018-12-17T22:54:47.267114865Z 61 PC: 15960 | Open file (Filename = 'c:\windows\msyst3.dll')
2018-12-17T22:54:47.28061356Z 60 PC: 15ef0 | Create or truncate file
2018-12-17T22:54:47.634851919Z 68 PC: 15f0c | I/O control for devices (Set for = '')
2018-12-17T22:54:47.636251231Z 64 PC: 15693 | Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:54:47.638778107Z 62 PC: 156d2 | Close file
2018-12-17T22:54:47.647872602Z 61 PC: 15960 | Open file (Filename = 'c:\windows\msyst3.dll')
2018-12-17T22:54:47.652385305Z 64 PC: 15a33 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:54:47.660756701Z 62 PC: 159b0 | Close file
2018-12-17T22:54:47.665906398Z 61 PC: 15960 | Open file (Filename = 'c:\windows\msyst3.dll')
2018-12-17T22:54:47.670400768Z 63 PC: 15a33 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:54:47.673734886Z 66 PC: 15a92 | Move file pointer
2018-12-17T22:54:47.675200736Z 64 PC: 15a33 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:54:47.677239814Z 62 PC: 159b0 | Close file
2018-12-17T22:54:47.682479812Z 42 PC: 14f87 | Get date 0x14f87: xor ah, ah
0x14f89: les di, ptr [bp + 6]
0x14f8c: stosw word ptr es:[di], ax
0x14f8d: mov al, dl
0x14f8f: les di, ptr [bp + 0xa]
0x14f92: stosw word ptr es:[di], ax
0x14f93: mov al, dh
0x14f95: les di, ptr [bp + 0xe]
0x14f98: stosw word ptr es:[di], ax
0x14f99: xchg ax, cx
0x14f9a: les di, ptr [bp + 0x12]
0x14f9d: stosw word ptr es:[di], ax
0x14f9e: pop bp
0x14f9f: retf 0x10
0x14fa2: push bp
0x14fa3: mov bp, sp
0x14fa5: mov cx, word ptr [bp + 0xa]
0x14fa8: mov dh, byte ptr [bp + 8]
0x14fab: mov dl, byte ptr [bp + 6]
0x14fae: mov ah, 0x2b
2018-12-17T22:54:47.684465456Z 44 PC: 163a4 | Get time 0x163a4: mov word ptr [0x44], cx
0x163a8: mov word ptr [0x46], dx
0x163ac: retf
0x163ad: call 0x163f4
0x163b0: jb 0x163c1
0x163b2: mov cx, word ptr es:[di + 4]
0x163b6: cmp cx, 1
0x163b9: je 0x163c1
0x163bb: xor bx, bx
0x163bd: push cs
0x163be: call 0x25bd4
0x163c1: retf 4
0x163c4: call 0x163f4
0x163c7: jb 0x163dc
0x163c9: mov ax, cx
0x163cb: mov dx, bx
0x163cd: mov cx, word ptr es:[di + 4]
0x163d1: cmp cx, 1
0x163d4: je 0x163dc
0x163d6: xor bx, bx
2018-12-17T22:54:47.685945848Z 61 PC: 15960 | Open file (Filename = 'c:\windows\logos.sys')
2018-12-17T22:54:47.691025196Z 64 PC: 156b8 | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:54:47.692146357Z 37 PC: 153f1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:47.692885914Z 37 PC: 153f1 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:47.69414586Z 37 PC: 153f1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:47.694973309Z 37 PC: 153f1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:47.695845629Z 37 PC: 153f1 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:47.697160141Z 37 PC: 153f1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:47.698013562Z 37 PC: 153f1 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:47.698894105Z 37 PC: 153f1 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:47.700301564Z 37 PC: 153f1 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:47.701203023Z 37 PC: 153f1 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:47.702079052Z 37 PC: 153f1 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:47.703524272Z 37 PC: 153f1 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:47.704376234Z 37 PC: 153f1 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:47.705274487Z 37 PC: 153f1 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:47.706762909Z 37 PC: 153f1 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:47.707678104Z 37 PC: 153f1 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:47.708511994Z 37 PC: 153f1 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:47.709810774Z 37 PC: 153f1 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:47.711024513Z 37 PC: 153f1 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:47.711862016Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.714007382Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.715423119Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.717294095Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.72062999Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.723254878Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.724657294Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.726209856Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.728622931Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.730921263Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.733332746Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.736154651Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.738415741Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.741475239Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.744586828Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.746570133Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.749159566Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.75237264Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.753878503Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.75529226Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.757185964Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.758595807Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.759969677Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.761884092Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.763463258Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.765344313Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.767278632Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.768665221Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.770089204Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.772087889Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.773477545Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.774891147Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.77672956Z 6 PC: 15478 | Direct console I/O
2018-12-17T22:54:47.778910446Z 76 PC: 15430 | Terminate with return code (Return code = '2')