Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Hello.10000.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:51:21.029807865Z	53	PC: 13c7a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:51:21.032522421Z	53	PC: 13c7a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:51:21.033703028Z	53	PC: 13c7a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:51:21.034806454Z	53	PC: 13c7a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:51:21.036309621Z	53	PC: 13c7a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:51:21.03740918Z	53	PC: 13c7a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:51:21.038428756Z	53	PC: 13c7a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:51:21.039870076Z	53	PC: 13c7a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:51:21.041927643Z	53	PC: 13c7a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:51:21.043033556Z	53	PC: 13c7a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:51:21.044545433Z	53	PC: 13c7a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:51:21.045996805Z	53	PC: 13c7a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:51:21.047373774Z	53	PC: 13c7a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:51:21.049199341Z	53	PC: 13c7a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:51:21.050318779Z	53	PC: 13c7a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:51:21.051429179Z	53	PC: 13c7a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:51:21.052791435Z	53	PC: 13c7a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:51:21.054736292Z	53	PC: 13c7a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:51:21.055820911Z	53	PC: 13c7a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:51:21.056933209Z	37	PC: 13c8f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:51:21.05880155Z	37	PC: 13c97 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:51:21.069588344Z	37	PC: 13c9f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:51:21.070780677Z	37	PC: 13ca7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:51:21.073248482Z	68	PC: 14963 \| I/O control for devices (Set for = '')
2018-12-17T21:51:21.112180586Z	37	PC: 136a1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:51:21.11402858Z	25	PC: 1451b \| Get default drive
2018-12-17T21:51:21.116345748Z	71	PC: 1452e \| Get current directory
2018-12-17T21:51:21.119280056Z	44	PC: 14a9a \| Get time 0x14a9a: mov word ptr [0x44], cx 0x14a9e: mov word ptr [0x46], dx 0x14aa2: retf 0x14aa3: call 0x14aea 0x14aa6: jb 0x14ab7 0x14aa8: mov cx, word ptr es:[di + 4] 0x14aac: cmp cx, 1 0x14aaf: je 0x14ab7 0x14ab1: xor bx, bx 0x14ab3: push cs 0x14ab4: call 0x24626 0x14ab7: retf 4 0x14aba: call 0x14aea 0x14abd: jb 0x14ad2 0x14abf: mov ax, cx 0x14ac1: mov dx, bx 0x14ac3: mov cx, word ptr es:[di + 4] 0x14ac7: cmp cx, 1 0x14aca: je 0x14ad2 0x14acc: xor bx, bx
2018-12-17T21:51:21.122025854Z	26	PC: 1339d \| Set disk transfer address
2018-12-17T21:51:21.124141405Z	78	PC: 133a9 \| Find first file
2018-12-17T21:51:21.131014123Z	67	PC: 132ff \| Get or set file attributes
2018-12-17T21:51:21.137151513Z	61	PC: 14340 \| Open file (Filename = 'TEST.EXE')
2018-12-17T21:51:21.144329429Z	66	PC: 14b04 \| Move file pointer
2018-12-17T21:51:21.14573049Z	66	PC: 14b12 \| Move file pointer
2018-12-17T21:51:21.146974221Z	66	PC: 14b20 \| Move file pointer
2018-12-17T21:51:21.148833269Z	87	PC: 13340 \| Get or set file date and time
2018-12-17T21:51:21.150435119Z	48	PC: 1448e \| Get DOS version
2018-12-17T21:51:21.151740264Z	61	PC: 14340 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:51:21.158773237Z	63	PC: 14413 \| Read file or device (Read 10000 bytes on handle 5)
2018-12-17T21:51:21.168155285Z	66	PC: 14b04 \| Move file pointer
2018-12-17T21:51:21.169498229Z	66	PC: 14b12 \| Move file pointer
2018-12-17T21:51:21.171761352Z	66	PC: 14b20 \| Move file pointer
2018-12-17T21:51:21.173179908Z	66	PC: 14472 \| Move file pointer
2018-12-17T21:51:21.174595723Z	64	PC: 14413 \| Write file or device (Write 10000 bytes on handle 5)
2018-12-17T21:51:21.281518055Z	66	PC: 14472 \| Move file pointer
2018-12-17T21:51:21.28337599Z	63	PC: 14413 \| Read file or device (Read 10000 bytes on handle 6)
2018-12-17T21:51:21.291376793Z	66	PC: 14472 \| Move file pointer
2018-12-17T21:51:21.293778051Z	64	PC: 14413 \| Write file or device (Write 10000 bytes on handle 5)
2018-12-17T21:51:21.302346309Z	87	PC: 1336d \| Get or set file date and time
2018-12-17T21:51:21.304178008Z	62	PC: 14390 \| Close file
2018-12-17T21:51:21.313903896Z	14	PC: 14574 \| Set default drive (Drive = 'A')
2018-12-17T21:51:21.315228316Z	25	PC: 14578 \| Get default drive
2018-12-17T21:51:21.316380989Z	59	PC: 145e2 \| Change current directory
2018-12-17T21:51:21.321395281Z	66	PC: 14472 \| Move file pointer
2018-12-17T21:51:21.323556672Z	63	PC: 14413 \| Read file or device (Read 10000 bytes on handle 6)
2018-12-17T21:51:21.334245816Z	66	PC: 14b04 \| Move file pointer
2018-12-17T21:51:21.336832913Z	66	PC: 14b12 \| Move file pointer
2018-12-17T21:51:21.338523278Z	66	PC: 14b20 \| Move file pointer
2018-12-17T21:51:21.340521993Z	66	PC: 14472 \| Move file pointer
2018-12-17T21:51:21.34362621Z	63	PC: 14413 \| Read file or device (Read 10000 bytes on handle 6)
2018-12-17T21:51:21.353233856Z	66	PC: 14472 \| Move file pointer
2018-12-17T21:51:21.355072693Z	64	PC: 14413 \| Write file or device (Write 10000 bytes on handle 6)
2018-12-17T21:51:21.363865974Z	66	PC: 14b04 \| Move file pointer
2018-12-17T21:51:21.366196079Z	66	PC: 14b12 \| Move file pointer
2018-12-17T21:51:21.367580556Z	66	PC: 14b20 \| Move file pointer
2018-12-17T21:51:21.369052816Z	66	PC: 14472 \| Move file pointer
2018-12-17T21:51:21.371205964Z	64	PC: 14371 \| Write file or device (Write 0 bytes on handle 6)
2018-12-17T21:51:21.379525855Z	62	PC: 14390 \| Close file
2018-12-17T21:51:21.387109267Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:51:21.389642808Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:51:21.391147135Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:51:21.392669943Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:51:21.394853784Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:51:21.396383159Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:51:21.397896883Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:51:21.399993828Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:51:21.401189139Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:51:21.402669026Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:51:21.405081314Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:51:21.407178726Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:51:21.40915612Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:51:21.41142241Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:51:21.412778453Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:51:21.41431716Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:51:21.416705634Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:51:21.418286164Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:51:21.419765696Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:51:21.421709197Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:51:21.423068547Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:51:21.42466131Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:51:21.426671385Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:51:21.428308306Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:51:21.429950842Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:51:21.43205715Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:51:21.433530453Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:51:21.435164383Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:51:21.438056379Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:51:21.439529278Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:51:21.440942599Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:51:21.443234876Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:51:21.444608474Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:51:21.446076455Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:51:21.448594061Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:51:21.450125212Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:51:21.451533343Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:51:21.453931263Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:51:21.455412145Z	48	PC: 1448e \| Get DOS version
2018-12-17T21:51:21.457361791Z	41	PC: 13584 \| Parse filename
2018-12-17T21:51:21.459476902Z	41	PC: 13592 \| Parse filename
2018-12-17T21:51:21.461398017Z	75	PC: 1359d \| Execute program
2018-12-17T21:51:21.477148376Z	9	PC: 1b722 \| Display string (String= 'Goat file (EXE). Size=00002968h/0000010600d bytes. ')
2018-12-17T21:51:21.482185061Z	76	PC: 1b726 \| Terminate with return code (Return code = '36')
2018-12-17T21:51:21.485422434Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:51:21.486882947Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:51:21.489098481Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:51:21.490775138Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:51:21.492250711Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:51:21.494432164Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:51:21.496036245Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:51:21.498233368Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:51:21.499877946Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:51:21.501589508Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:51:21.502995127Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:51:21.504647666Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:51:21.506963207Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:51:21.508389297Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:51:21.50981965Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:51:21.512257915Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:51:21.513773362Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:51:21.515166433Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:51:21.517234438Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:51:21.518605444Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:51:21.520724884Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:51:21.521952196Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:51:21.523645499Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:51:21.525493083Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:51:21.528410758Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:51:21.529902101Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:51:21.53132373Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:51:21.533799301Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:51:21.535183323Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:51:21.536608229Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:51:21.538918351Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:51:21.540232301Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:51:21.542231365Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:51:21.543591298Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:51:21.544783426Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:51:21.546273614Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:51:21.548559936Z	53	PC: 135cd \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:51:21.549619299Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:51:21.550905181Z	61	PC: 14340 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:51:21.558532868Z	66	PC: 14b04 \| Move file pointer
2018-12-17T21:51:21.560257738Z	66	PC: 14b12 \| Move file pointer
2018-12-17T21:51:21.562209337Z	66	PC: 14b20 \| Move file pointer
2018-12-17T21:51:21.579519442Z	66	PC: 14472 \| Move file pointer
2018-12-17T21:51:21.581163706Z	64	PC: 14413 \| Write file or device (Write 10000 bytes on handle 5)
2018-12-17T21:51:21.592878163Z	66	PC: 14472 \| Move file pointer
2018-12-17T21:51:21.594956133Z	64	PC: 14413 \| Write file or device (Write 10000 bytes on handle 5)
2018-12-17T21:51:21.619776943Z	62	PC: 14390 \| Close file
2018-12-17T21:51:21.628892823Z	61	PC: 14340 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:51:21.636360694Z	87	PC: 1336d \| Get or set file date and time
2018-12-17T21:51:21.638247256Z	62	PC: 14390 \| Close file
2018-12-17T21:51:21.646250158Z	53	PC: 1347a \| Get interrupt vector (Interrupt = '214' AKA 'UNKNOWN!')
2018-12-17T21:51:21.648231306Z	53	PC: 1347a \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T21:51:21.649772336Z	37	PC: 13496 \| Set interrupt vector (Interrupt = '214' AKA 'UNKNOWN!')
2018-12-17T21:51:21.652028785Z	37	PC: 13496 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T21:51:21.654594328Z	49	PC: 1351f \| Terminate and stay resident (Return code = '0' \| Memory size = '2244')