Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Grab.5728

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:54:54.145822647Z 53 PC: 138da | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:54.147915671Z 53 PC: 138da | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:54.162727437Z 53 PC: 138da | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:54.164424797Z 53 PC: 138da | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:54.16612142Z 53 PC: 138da | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:54.173396621Z 53 PC: 138da | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:54.174776973Z 53 PC: 138da | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:54.176123857Z 53 PC: 138da | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:54.178559517Z 53 PC: 138da | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:54.180905284Z 53 PC: 138da | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:54.183239677Z 53 PC: 138da | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:54.186366328Z 53 PC: 138da | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:54.188145657Z 53 PC: 138da | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:54.189864019Z 53 PC: 138da | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:54.191822404Z 53 PC: 138da | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:54.193501793Z 53 PC: 138da | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:54.194881252Z 53 PC: 138da | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:54.196217707Z 53 PC: 138da | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:54.198464192Z 53 PC: 138da | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:54.199758098Z 37 PC: 138ef | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:54.200979844Z 37 PC: 138f7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:54.202751885Z 37 PC: 138ff | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:54.204312814Z 37 PC: 13907 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:54.206360466Z 68 PC: 143a7 | I/O control for devices (Set for = '')
2018-12-17T22:54:54.34932812Z 37 PC: 13301 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:54.351642852Z 44 PC: 12fcd | Get time 0x12fcd: xor ah, ah
0x12fcf: mov al, dl
0x12fd1: les di, ptr [bp + 6]
0x12fd4: stosw word ptr es:[di], ax
0x12fd5: mov al, dh
0x12fd7: les di, ptr [bp + 0xa]
0x12fda: stosw word ptr es:[di], ax
0x12fdb: mov al, cl
0x12fdd: les di, ptr [bp + 0xe]
0x12fe0: stosw word ptr es:[di], ax
0x12fe1: mov al, ch
0x12fe3: les di, ptr [bp + 0x12]
0x12fe6: stosw word ptr es:[di], ax
0x12fe7: pop bp
0x12fe8: retf 0x10
0x12feb: push bp
0x12fec: mov bp, sp
0x12fee: mov ch, byte ptr [bp + 0xc]
0x12ff1: mov cl, byte ptr [bp + 0xa]
0x12ff4: mov dh, byte ptr [bp + 8]
2018-12-17T22:54:54.35477999Z 42 PC: 12f97 | Get date 0x12f97: xor ah, ah
0x12f99: les di, ptr [bp + 6]
0x12f9c: stosw word ptr es:[di], ax
0x12f9d: mov al, dl
0x12f9f: les di, ptr [bp + 0xa]
0x12fa2: stosw word ptr es:[di], ax
0x12fa3: mov al, dh
0x12fa5: les di, ptr [bp + 0xe]
0x12fa8: stosw word ptr es:[di], ax
0x12fa9: xchg ax, cx
0x12faa: les di, ptr [bp + 0x12]
0x12fad: stosw word ptr es:[di], ax
0x12fae: pop bp
0x12faf: retf 0x10
0x12fb2: push bp
0x12fb3: mov bp, sp
0x12fb5: mov cx, word ptr [bp + 0xa]
0x12fb8: mov dh, byte ptr [bp + 8]
0x12fbb: mov dl, byte ptr [bp + 6]
0x12fbe: mov ah, 0x2b
2018-12-17T22:54:54.358534891Z 59 PC: 14242 | Change current directory
2018-12-17T22:54:54.364531557Z 48 PC: 140ee | Get DOS version
2018-12-17T22:54:54.366515104Z 61 PC: 13fa0 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:54:54.375740847Z 63 PC: 14073 | Read file or device (Read 5728 bytes on handle 5)
2018-12-17T22:54:54.385091371Z 66 PC: 144a6 | Move file pointer
2018-12-17T22:54:54.386730295Z 66 PC: 144b4 | Move file pointer
2018-12-17T22:54:54.388570974Z 66 PC: 144c2 | Move file pointer
2018-12-17T22:54:54.391559352Z 62 PC: 13ff0 | Close file
2018-12-17T22:54:54.394125599Z 26 PC: 130af | Set disk transfer address
2018-12-17T22:54:54.395711011Z 78 PC: 130bb | Find first file
2018-12-17T22:54:54.40468807Z 26 PC: 130d3 | Set disk transfer address
2018-12-17T22:54:54.406028139Z 79 PC: 130d8 | Find next file
2018-12-17T22:54:54.409224813Z 26 PC: 130d3 | Set disk transfer address
2018-12-17T22:54:54.411545953Z 79 PC: 130d8 | Find next file
2018-12-17T22:54:54.414964652Z 26 PC: 130d3 | Set disk transfer address
2018-12-17T22:54:54.416301967Z 79 PC: 130d8 | Find next file
2018-12-17T22:54:54.420850099Z 26 PC: 130d3 | Set disk transfer address
2018-12-17T22:54:54.422160164Z 79 PC: 130d8 | Find next file
2018-12-17T22:54:54.425383624Z 26 PC: 130d3 | Set disk transfer address
2018-12-17T22:54:54.433705303Z 79 PC: 130d8 | Find next file
2018-12-17T22:54:54.437979594Z 26 PC: 130d3 | Set disk transfer address
2018-12-17T22:54:54.440535117Z 79 PC: 130d8 | Find next file
2018-12-17T22:54:54.448712103Z 26 PC: 130d3 | Set disk transfer address
2018-12-17T22:54:54.450602394Z 79 PC: 130d8 | Find next file
2018-12-17T22:54:54.453740869Z 26 PC: 130d3 | Set disk transfer address
2018-12-17T22:54:54.455079524Z 79 PC: 130d8 | Find next file
2018-12-17T22:54:54.459009935Z 26 PC: 130d3 | Set disk transfer address
2018-12-17T22:54:54.460392645Z 79 PC: 130d8 | Find next file
2018-12-17T22:54:54.463468762Z 37 PC: 13a31 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:54.465489469Z 37 PC: 13a31 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:54.467875653Z 37 PC: 13a31 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:54.470249172Z 37 PC: 13a31 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:54.472359008Z 37 PC: 13a31 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:54.475213104Z 37 PC: 13a31 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:54.47718058Z 37 PC: 13a31 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:54.479174122Z 37 PC: 13a31 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:54.48175005Z 37 PC: 13a31 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:54.483825984Z 37 PC: 13a31 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:54.485541184Z 37 PC: 13a31 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:54.488347157Z 37 PC: 13a31 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:54.490201563Z 37 PC: 13a31 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:54.491808235Z 37 PC: 13a31 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:54.493357314Z 37 PC: 13a31 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:54.49569331Z 37 PC: 13a31 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:54.497116542Z 37 PC: 13a31 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:54.498478516Z 37 PC: 13a31 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:54.500882426Z 37 PC: 13a31 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:54.5022119Z 76 PC: 13a70 | Terminate with return code (Return code = '0')