Sample viewer

vx.netlux.org/Virus.DOS.HLLP.4328

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:55:53.010172848Z	53	PC: 1325a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:55:53.011424426Z	53	PC: 1325a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:55:53.013247058Z	53	PC: 1325a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:55:53.01443351Z	53	PC: 1325a \| Get interrupt vector (Interrupt = '77' AKA 'Get program return code')
2018-12-17T22:55:53.015670912Z	53	PC: 1325a \| Get interrupt vector (Interrupt = '90' AKA 'Create unique file')
2018-12-17T22:55:53.017901417Z	53	PC: 1325a \| Get interrupt vector (Interrupt = '80' AKA 'Set current PSP')
2018-12-17T22:55:53.01915062Z	53	PC: 1325a \| Get interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T22:55:53.02037598Z	53	PC: 1325a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:55:53.022615802Z	53	PC: 1325a \| Get interrupt vector (Interrupt = '128' AKA 'UNKNOWN!')
2018-12-17T22:55:53.023971675Z	53	PC: 1325a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:55:53.025944619Z	53	PC: 1325a \| Get interrupt vector (Interrupt = '171' AKA 'UNKNOWN!')
2018-12-17T22:55:53.027828001Z	53	PC: 1325a \| Get interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break')
2018-12-17T22:55:53.030460815Z	53	PC: 1325a \| Get interrupt vector (Interrupt = '192' AKA 'UNKNOWN!')
2018-12-17T22:55:53.032554807Z	53	PC: 1325a \| Get interrupt vector (Interrupt = '171' AKA 'UNKNOWN!')
2018-12-17T22:55:53.034674958Z	53	PC: 1325a \| Get interrupt vector (Interrupt = '171' AKA 'UNKNOWN!')
2018-12-17T22:55:53.038064872Z	53	PC: 1325a \| Get interrupt vector (Interrupt = '171' AKA 'UNKNOWN!')
2018-12-17T22:55:53.039485576Z	53	PC: 1325a \| Get interrupt vector (Interrupt = '141' AKA 'UNKNOWN!')
2018-12-17T22:55:53.040833032Z	53	PC: 1325a \| Get interrupt vector (Interrupt = '69' AKA 'Duplicate handle')
2018-12-17T22:55:53.043408558Z	53	PC: 1325a \| Get interrupt vector (Interrupt = '116' AKA 'UNKNOWN!')
2018-12-17T22:55:53.044741242Z	37	PC: 1326f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:55:53.045987201Z	37	PC: 13277 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:55:53.04818202Z	37	PC: 1327f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:53.049416752Z	37	PC: 13287 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:55:53.051254585Z	68	PC: 13d54 \| I/O control for devices (Set for = '')
2018-12-17T22:55:53.054702236Z	25	PC: 13911 \| Get default drive
2018-12-17T22:55:53.056716317Z	71	PC: 13924 \| Get current directory
2018-12-17T22:55:53.060243253Z	26	PC: 13107 \| Set disk transfer address
2018-12-17T22:55:53.062999676Z	78	PC: 13113 \| Find first file
2018-12-17T22:55:53.069493527Z	26	PC: 1312b \| Set disk transfer address
2018-12-17T22:55:53.070645744Z	79	PC: 13130 \| Find next file
2018-12-17T22:55:53.073197028Z	26	PC: 1312b \| Set disk transfer address
2018-12-17T22:55:53.07585444Z	79	PC: 13130 \| Find next file
2018-12-17T22:55:53.079877884Z	26	PC: 1312b \| Set disk transfer address
2018-12-17T22:55:53.082081858Z	79	PC: 13130 \| Find next file
2018-12-17T22:55:53.086437342Z	26	PC: 1312b \| Set disk transfer address
2018-12-17T22:55:53.088359105Z	79	PC: 13130 \| Find next file
2018-12-17T22:55:53.092071119Z	26	PC: 1312b \| Set disk transfer address
2018-12-17T22:55:53.093559068Z	79	PC: 13130 \| Find next file
2018-12-17T22:55:53.09747876Z	26	PC: 1312b \| Set disk transfer address
2018-12-17T22:55:53.115733553Z	79	PC: 13130 \| Find next file
2018-12-17T22:55:53.119031484Z	26	PC: 1312b \| Set disk transfer address
2018-12-17T22:55:53.120666646Z	79	PC: 13130 \| Find next file
2018-12-17T22:55:53.125396004Z	26	PC: 1312b \| Set disk transfer address
2018-12-17T22:55:53.126682903Z	79	PC: 13130 \| Find next file
2018-12-17T22:55:53.129960681Z	26	PC: 1312b \| Set disk transfer address
2018-12-17T22:55:53.131803847Z	79	PC: 13130 \| Find next file
2018-12-17T22:55:53.134773074Z	26	PC: 1312b \| Set disk transfer address
2018-12-17T22:55:53.135995506Z	79	PC: 13130 \| Find next file
2018-12-17T22:55:53.139892748Z	26	PC: 1312b \| Set disk transfer address
2018-12-17T22:55:53.141679656Z	79	PC: 13130 \| Find next file
2018-12-17T22:55:53.14512709Z	26	PC: 1312b \| Set disk transfer address
2018-12-17T22:55:53.147146788Z	79	PC: 13130 \| Find next file
2018-12-17T22:55:53.150107329Z	26	PC: 1312b \| Set disk transfer address
2018-12-17T22:55:53.151343481Z	79	PC: 13130 \| Find next file
2018-12-17T22:55:53.156079568Z	26	PC: 1312b \| Set disk transfer address
2018-12-17T22:55:53.157388608Z	79	PC: 13130 \| Find next file
2018-12-17T22:55:53.160421085Z	26	PC: 1312b \| Set disk transfer address
2018-12-17T22:55:53.162077915Z	79	PC: 13130 \| Find next file
2018-12-17T22:55:53.178588866Z	26	PC: 13107 \| Set disk transfer address
2018-12-17T22:55:53.18056396Z	78	PC: 13113 \| Find first file
2018-12-17T22:55:53.188175821Z	67	PC: 130d6 \| Get or set file attributes
2018-12-17T22:55:53.207332323Z	61	PC: 136c2 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:55:53.215008422Z	66	PC: 13e53 \| Move file pointer
2018-12-17T22:55:53.217842474Z	66	PC: 13e61 \| Move file pointer
2018-12-17T22:55:53.219736891Z	66	PC: 13e6f \| Move file pointer
2018-12-17T22:55:53.221580073Z	66	PC: 137f4 \| Move file pointer
2018-12-17T22:55:53.223774104Z	63	PC: 13795 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:55:53.232087891Z	62	PC: 13712 \| Close file
2018-12-17T22:55:53.234284906Z	26	PC: 1312b \| Set disk transfer address
2018-12-17T22:55:53.235627493Z	79	PC: 13130 \| Find next file
2018-12-17T22:55:53.239924953Z	48	PC: 13884 \| Get DOS version
2018-12-17T22:55:53.241625335Z	61	PC: 136c2 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:55:53.252132122Z	66	PC: 137f4 \| Move file pointer
2018-12-17T22:55:53.254973426Z	60	PC: 136c2 \| Create or truncate file
2018-12-17T22:55:53.267832178Z	63	PC: 13795 \| Read file or device (Read 63000 bytes on handle 5)
2018-12-17T22:55:53.277466233Z	64	PC: 13795 \| Write file or device (Write 5120 bytes on handle 6)
2018-12-17T22:55:53.287187723Z	63	PC: 13795 \| Read file or device (Read 63000 bytes on handle 5)
2018-12-17T22:55:53.289674302Z	62	PC: 13712 \| Close file
2018-12-17T22:55:53.291978911Z	62	PC: 13712 \| Close file
2018-12-17T22:55:53.300746303Z	41	PC: 131bf \| Parse filename
2018-12-17T22:55:53.302049755Z	41	PC: 131cd \| Parse filename
2018-12-17T22:55:53.303345641Z	75	PC: 131d8 \| Execute program
2018-12-17T22:55:53.313315824Z	9	PC: 27e1c \| Display string (String= '��8 � ��'�<�#�'��!� ,BT@ A:\TEST.EXE o=��=�#�')
2018-12-17T22:55:53.319739015Z	76	PC: 27e21 \| Terminate with return code (Return code = '0')
2018-12-17T22:55:53.323479738Z	65	PC: 1380b \| Delete file (Filename = '')
2018-12-17T22:55:53.33807255Z	64	PC: 1361d \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:55:53.341541104Z	37	PC: 133b1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:55:53.34326693Z	37	PC: 133b1 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:55:53.344997574Z	37	PC: 133b1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:55:53.347785692Z	37	PC: 133b1 \| Set interrupt vector (Interrupt = '77' AKA 'Get program return code')
2018-12-17T22:55:53.349535331Z	37	PC: 133b1 \| Set interrupt vector (Interrupt = '90' AKA 'Create unique file')
2018-12-17T22:55:53.35120649Z	37	PC: 133b1 \| Set interrupt vector (Interrupt = '80' AKA 'Set current PSP')
2018-12-17T22:55:53.353695489Z	37	PC: 133b1 \| Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T22:55:53.355345262Z	37	PC: 133b1 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:55:53.357027074Z	37	PC: 133b1 \| Set interrupt vector (Interrupt = '128' AKA 'UNKNOWN!')
2018-12-17T22:55:53.359062935Z	37	PC: 133b1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:55:53.36088746Z	37	PC: 133b1 \| Set interrupt vector (Interrupt = '171' AKA 'UNKNOWN!')
2018-12-17T22:55:53.362342723Z	37	PC: 133b1 \| Set interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break')
2018-12-17T22:55:53.364156211Z	37	PC: 133b1 \| Set interrupt vector (Interrupt = '192' AKA 'UNKNOWN!')
2018-12-17T22:55:53.366170305Z	37	PC: 133b1 \| Set interrupt vector (Interrupt = '171' AKA 'UNKNOWN!')
2018-12-17T22:55:53.367709328Z	37	PC: 133b1 \| Set interrupt vector (Interrupt = '171' AKA 'UNKNOWN!')
2018-12-17T22:55:53.369031552Z	37	PC: 133b1 \| Set interrupt vector (Interrupt = '171' AKA 'UNKNOWN!')
2018-12-17T22:55:53.37142616Z	37	PC: 133b1 \| Set interrupt vector (Interrupt = '141' AKA 'UNKNOWN!')
2018-12-17T22:55:53.372764763Z	37	PC: 133b1 \| Set interrupt vector (Interrupt = '69' AKA 'Duplicate handle')
2018-12-17T22:55:53.374085709Z	37	PC: 133b1 \| Set interrupt vector (Interrupt = '116' AKA 'UNKNOWN!')
2018-12-17T22:55:53.376232286Z	76	PC: 133f0 \| Terminate with return code (Return code = '0')