Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Merlin.6113

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:56:03.705713071Z 53 PC: 12a60 | Get interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T22:56:03.708339158Z 53 PC: 12a6f | Get interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T22:56:03.71018735Z 37 PC: 12a82 | Set interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T22:56:03.711527875Z 37 PC: 12a8b | Set interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T22:56:03.713584032Z 98 PC: 12ac9 | Get current PSP
2018-12-17T22:56:03.718293865Z 53 PC: 1543a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:56:03.720025228Z 53 PC: 1543a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:56:03.721706455Z 53 PC: 1543a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:56:03.724356483Z 53 PC: 1543a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:56:03.726026092Z 53 PC: 1543a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:56:03.727672789Z 53 PC: 1543a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:03.729922393Z 53 PC: 1543a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:56:03.732181364Z 53 PC: 1543a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:56:03.733548267Z 53 PC: 1543a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:56:03.735285415Z 53 PC: 1543a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:56:03.736753352Z 53 PC: 1543a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:56:03.738290603Z 53 PC: 1543a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:56:03.740294395Z 53 PC: 1543a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:56:03.742000579Z 53 PC: 1543a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:56:03.743357225Z 53 PC: 1543a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:56:03.74469978Z 53 PC: 1543a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:56:03.74680993Z 53 PC: 1543a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:56:03.748519007Z 53 PC: 1543a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:56:03.750253209Z 53 PC: 1543a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:56:03.752416756Z 37 PC: 1544f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:56:03.754137776Z 37 PC: 15457 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:56:03.755787564Z 37 PC: 1545f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:03.758406087Z 37 PC: 15467 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:56:03.760205494Z 68 PC: 160c9 | I/O control for devices (Set for = '�u6������ǧu�u�')
2018-12-17T22:56:03.761851559Z 44 PC: 14c15 | Get time 0x14c15: mov word ptr cs:[0x8f5], cx
0x14c1a: mov word ptr cs:[0x8f8], dx
0x14c1f: ret
0x14c20: push bx
0x14c21: push cx
0x14c22: push dx
0x14c23: push ax
0x14c24: mov ax, 0
0x14c27: mov bx, 0
0x14c2a: mov cx, ax
0x14c2c: mov dx, 0x8405
0x14c2f: mul dx
0x14c31: shl cx, 3
0x14c34: add ch, cl
0x14c36: add dx, cx
0x14c38: add dx, bx
0x14c3a: shl bx, 2
0x14c3d: add dx, bx
0x14c3f: add dh, bl
0x14c41: mov cl, 5
2018-12-17T22:56:03.765924301Z 61 PC: 15b91 | Open file (Filename = 'c:\mirc\mirc.ini')
2018-12-17T22:56:03.772457241Z 61 PC: 15b91 | Open file (Filename = 'c:\progra~1\mirc\mirc.ini')
2018-12-17T22:56:03.778895236Z 60 PC: 15b91 | Create or truncate file
2018-12-17T22:56:03.798595768Z 62 PC: 15be1 | Close file
2018-12-17T22:56:03.800965876Z 65 PC: 15cda | Delete file (Filename = '�')
2018-12-17T22:56:03.812593682Z 26 PC: 152a5 | Set disk transfer address
2018-12-17T22:56:03.814174283Z 78 PC: 152b1 | Find first file
2018-12-17T22:56:03.822419582Z 61 PC: 15b91 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:56:03.829270777Z 66 PC: 161c8 | Move file pointer
2018-12-17T22:56:03.830602507Z 66 PC: 161d6 | Move file pointer
2018-12-17T22:56:03.83272094Z 66 PC: 161e4 | Move file pointer
2018-12-17T22:56:03.834276436Z 66 PC: 161c8 | Move file pointer
2018-12-17T22:56:03.835660784Z 66 PC: 161d6 | Move file pointer
2018-12-17T22:56:03.837723543Z 66 PC: 161e4 | Move file pointer
2018-12-17T22:56:03.839533475Z 63 PC: 15c64 | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:56:03.842736721Z 66 PC: 161c8 | Move file pointer
2018-12-17T22:56:03.854308444Z 66 PC: 161d6 | Move file pointer
2018-12-17T22:56:03.856195157Z 66 PC: 161e4 | Move file pointer
2018-12-17T22:56:03.858021319Z 66 PC: 161c8 | Move file pointer
2018-12-17T22:56:03.860862657Z 66 PC: 161d6 | Move file pointer
2018-12-17T22:56:03.862442623Z 66 PC: 161e4 | Move file pointer
2018-12-17T22:56:03.864017779Z 66 PC: 161c8 | Move file pointer
2018-12-17T22:56:03.865595102Z 66 PC: 161d6 | Move file pointer
2018-12-17T22:56:03.867966334Z 66 PC: 161e4 | Move file pointer
2018-12-17T22:56:03.869730776Z 62 PC: 15be1 | Close file
2018-12-17T22:56:03.873939313Z 64 PC: 15858 | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:56:03.880401952Z 37 PC: 15591 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:56:03.881735545Z 37 PC: 15591 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:56:03.883061994Z 37 PC: 15591 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:56:03.885075423Z 37 PC: 15591 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:56:03.886758266Z 37 PC: 15591 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:56:03.888272745Z 37 PC: 15591 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:03.891028571Z 37 PC: 15591 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:56:03.892674817Z 37 PC: 15591 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:56:03.901923695Z 37 PC: 15591 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:56:03.90384591Z 37 PC: 15591 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:56:03.906298384Z 37 PC: 15591 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:56:03.907815084Z 37 PC: 15591 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:56:03.909238532Z 37 PC: 15591 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:56:03.911477723Z 37 PC: 15591 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:56:03.913189397Z 37 PC: 15591 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:56:03.914903576Z 37 PC: 15591 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:56:03.917092656Z 37 PC: 15591 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:56:03.918422708Z 37 PC: 15591 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:56:03.919726718Z 37 PC: 15591 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:56:03.921768554Z 37 PC: 12b20 | Set interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T22:56:03.923080674Z 37 PC: 12b2a | Set interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T22:56:03.924355036Z 98 PC: 12b2e | Get current PSP
2018-12-17T22:56:03.926503256Z 26 PC: 12b39 | Set disk transfer address