Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Aha.6555

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:56:20.15762365Z	53	PC: 13dea \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:56:20.160053098Z	53	PC: 13dea \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:56:20.161775737Z	53	PC: 13dea \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:56:20.163273063Z	53	PC: 13dea \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:56:20.165083537Z	53	PC: 13dea \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:56:20.169534235Z	53	PC: 13dea \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:20.171792612Z	53	PC: 13dea \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:56:20.174197124Z	53	PC: 13dea \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:56:20.185067243Z	53	PC: 13dea \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:56:20.186420899Z	53	PC: 13dea \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:56:20.187795343Z	53	PC: 13dea \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:56:20.189829467Z	53	PC: 13dea \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:56:20.191257473Z	53	PC: 13dea \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:56:20.192580571Z	53	PC: 13dea \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:56:20.194945588Z	53	PC: 13dea \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:56:20.196593336Z	53	PC: 13dea \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:56:20.198236707Z	53	PC: 13dea \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:56:20.201828199Z	53	PC: 13dea \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:56:20.204043415Z	53	PC: 13dea \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:56:20.206074244Z	37	PC: 13dff \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:56:20.209930725Z	37	PC: 13e07 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:56:20.211516717Z	37	PC: 13e0f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:20.213052074Z	37	PC: 13e17 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:56:20.215362038Z	68	PC: 149ed \| I/O control for devices (Set for = '')
2018-12-17T22:56:20.287261253Z	37	PC: 13491 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:56:20.289231768Z	48	PC: 145fe \| Get DOS version
2018-12-17T22:56:20.29108331Z	67	PC: 13a91 \| Get or set file attributes
2018-12-17T22:56:20.298160477Z	87	PC: 13ad2 \| Get or set file date and time
2018-12-17T22:56:20.30000225Z	67	PC: 13ab8 \| Get or set file attributes
2018-12-17T22:56:20.318445119Z	61	PC: 144b0 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:56:20.3270292Z	63	PC: 14583 \| Read file or device (Read 6555 bytes on handle 5)
2018-12-17T22:56:20.335708159Z	62	PC: 14500 \| Close file
2018-12-17T22:56:20.338064761Z	67	PC: 13ab8 \| Get or set file attributes
2018-12-17T22:56:20.349913821Z	87	PC: 13aff \| Get or set file date and time
2018-12-17T22:56:20.351771404Z	26	PC: 13b2f \| Set disk transfer address
2018-12-17T22:56:20.353184601Z	78	PC: 13b3b \| Find first file
2018-12-17T22:56:20.361106217Z	25	PC: 13bb5 \| Get default drive
2018-12-17T22:56:20.36323508Z	71	PC: 13bd4 \| Get current directory
2018-12-17T22:56:20.366730342Z	26	PC: 13b53 \| Set disk transfer address
2018-12-17T22:56:20.368581092Z	79	PC: 13b58 \| Find next file
2018-12-17T22:56:20.371748398Z	25	PC: 13bb5 \| Get default drive
2018-12-17T22:56:20.373487918Z	71	PC: 13bd4 \| Get current directory
2018-12-17T22:56:20.389648947Z	26	PC: 13b53 \| Set disk transfer address
2018-12-17T22:56:20.391106337Z	79	PC: 13b58 \| Find next file
2018-12-17T22:56:20.398644952Z	25	PC: 13bb5 \| Get default drive
2018-12-17T22:56:20.401043392Z	71	PC: 13bd4 \| Get current directory
2018-12-17T22:56:20.404733741Z	26	PC: 13b53 \| Set disk transfer address
2018-12-17T22:56:20.406013067Z	79	PC: 13b58 \| Find next file
2018-12-17T22:56:20.409120019Z	25	PC: 13bb5 \| Get default drive
2018-12-17T22:56:20.411631522Z	71	PC: 13bd4 \| Get current directory
2018-12-17T22:56:20.415141722Z	26	PC: 13b53 \| Set disk transfer address
2018-12-17T22:56:20.416403565Z	79	PC: 13b58 \| Find next file
2018-12-17T22:56:20.420769213Z	25	PC: 13bb5 \| Get default drive
2018-12-17T22:56:20.422336941Z	71	PC: 13bd4 \| Get current directory
2018-12-17T22:56:20.427111189Z	26	PC: 13b53 \| Set disk transfer address
2018-12-17T22:56:20.429630866Z	79	PC: 13b58 \| Find next file
2018-12-17T22:56:20.433053572Z	25	PC: 13bb5 \| Get default drive
2018-12-17T22:56:20.43482871Z	71	PC: 13bd4 \| Get current directory
2018-12-17T22:56:20.439729505Z	26	PC: 13b53 \| Set disk transfer address
2018-12-17T22:56:20.441358849Z	79	PC: 13b58 \| Find next file
2018-12-17T22:56:20.446125402Z	25	PC: 13bb5 \| Get default drive
2018-12-17T22:56:20.448859773Z	71	PC: 13bd4 \| Get current directory
2018-12-17T22:56:20.457851481Z	26	PC: 13b53 \| Set disk transfer address
2018-12-17T22:56:20.459415522Z	79	PC: 13b58 \| Find next file
2018-12-17T22:56:20.468246427Z	25	PC: 13bb5 \| Get default drive
2018-12-17T22:56:20.470924112Z	71	PC: 13bd4 \| Get current directory
2018-12-17T22:56:20.474815689Z	26	PC: 13b53 \| Set disk transfer address
2018-12-17T22:56:20.476400369Z	79	PC: 13b58 \| Find next file
2018-12-17T22:56:20.480653747Z	25	PC: 13bb5 \| Get default drive
2018-12-17T22:56:20.482307537Z	71	PC: 13bd4 \| Get current directory
2018-12-17T22:56:20.486252375Z	26	PC: 13b53 \| Set disk transfer address
2018-12-17T22:56:20.48885098Z	79	PC: 13b58 \| Find next file
2018-12-17T22:56:20.492435561Z	25	PC: 13bb5 \| Get default drive
2018-12-17T22:56:20.493946622Z	71	PC: 13bd4 \| Get current directory
2018-12-17T22:56:20.498820286Z	26	PC: 13b53 \| Set disk transfer address
2018-12-17T22:56:20.500342148Z	79	PC: 13b58 \| Find next file
2018-12-17T22:56:20.503546854Z	25	PC: 13bb5 \| Get default drive
2018-12-17T22:56:20.505499316Z	71	PC: 13bd4 \| Get current directory
2018-12-17T22:56:20.508357369Z	26	PC: 13b53 \| Set disk transfer address
2018-12-17T22:56:20.509617579Z	79	PC: 13b58 \| Find next file
2018-12-17T22:56:20.512494228Z	25	PC: 13bb5 \| Get default drive
2018-12-17T22:56:20.513943844Z	71	PC: 13bd4 \| Get current directory
2018-12-17T22:56:20.516864145Z	26	PC: 13b53 \| Set disk transfer address
2018-12-17T22:56:20.518253176Z	79	PC: 13b58 \| Find next file
2018-12-17T22:56:20.521307981Z	25	PC: 13bb5 \| Get default drive
2018-12-17T22:56:20.522422437Z	71	PC: 13bd4 \| Get current directory
2018-12-17T22:56:20.525994433Z	26	PC: 13b53 \| Set disk transfer address
2018-12-17T22:56:20.528233393Z	79	PC: 13b58 \| Find next file
2018-12-17T22:56:20.531207045Z	25	PC: 13bb5 \| Get default drive
2018-12-17T22:56:20.532738625Z	71	PC: 13bd4 \| Get current directory
2018-12-17T22:56:20.537527198Z	26	PC: 13b53 \| Set disk transfer address
2018-12-17T22:56:20.538924075Z	79	PC: 13b58 \| Find next file
2018-12-17T22:56:20.541488788Z	25	PC: 13bb5 \| Get default drive
2018-12-17T22:56:20.543372189Z	71	PC: 13bd4 \| Get current directory
2018-12-17T22:56:20.547284535Z	67	PC: 13a91 \| Get or set file attributes
2018-12-17T22:56:20.55381183Z	87	PC: 13ad2 \| Get or set file date and time
2018-12-17T22:56:20.556028157Z	67	PC: 13ab8 \| Get or set file attributes
2018-12-17T22:56:20.564514764Z	61	PC: 144b0 \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:56:20.570360947Z	66	PC: 145e2 \| Move file pointer
2018-12-17T22:56:20.572795646Z	63	PC: 14583 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:56:20.578599599Z	62	PC: 14500 \| Close file
2018-12-17T22:56:20.58038714Z	48	PC: 145fe \| Get DOS version
2018-12-17T22:56:20.583203065Z	42	PC: 13a17 \| Get date 0x13a17: xor ah, ah 0x13a19: les di, ptr [bp + 6] 0x13a1c: stosw word ptr es:[di], ax 0x13a1d: mov al, dl 0x13a1f: les di, ptr [bp + 0xa] 0x13a22: stosw word ptr es:[di], ax 0x13a23: mov al, dh 0x13a25: les di, ptr [bp + 0xe] 0x13a28: stosw word ptr es:[di], ax 0x13a29: xchg ax, cx 0x13a2a: les di, ptr [bp + 0x12] 0x13a2d: stosw word ptr es:[di], ax 0x13a2e: pop bp 0x13a2f: retf 0x10 0x13a32: push bp 0x13a33: mov bp, sp 0x13a35: mov cx, word ptr [bp + 0xa] 0x13a38: mov dh, byte ptr [bp + 8] 0x13a3b: mov dl, byte ptr [bp + 6] 0x13a3e: mov ah, 0x2b
2018-12-17T22:56:20.58616307Z	26	PC: 13b53 \| Set disk transfer address
2018-12-17T22:56:20.587416377Z	79	PC: 13b58 \| Find next file
2018-12-17T22:56:20.590272037Z	48	PC: 145fe \| Get DOS version
2018-12-17T22:56:20.593373859Z	26	PC: 13b2f \| Set disk transfer address
2018-12-17T22:56:20.594894759Z	78	PC: 13b3b \| Find first file
2018-12-17T22:56:20.601925079Z	48	PC: 145fe \| Get DOS version
2018-12-17T22:56:20.605450908Z	67	PC: 13a91 \| Get or set file attributes
2018-12-17T22:56:20.611964005Z	87	PC: 13ad2 \| Get or set file date and time
2018-12-17T22:56:20.614086165Z	67	PC: 13ab8 \| Get or set file attributes
2018-12-17T22:56:20.62670847Z	61	PC: 144b0 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:56:20.635315494Z	66	PC: 145e2 \| Move file pointer
2018-12-17T22:56:20.637287352Z	63	PC: 14583 \| Read file or device (Read 6555 bytes on handle 5)
2018-12-17T22:56:20.647692046Z	66	PC: 145e2 \| Move file pointer
2018-12-17T22:56:20.65005505Z	64	PC: 144e1 \| Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:56:20.658633209Z	66	PC: 145e2 \| Move file pointer
2018-12-17T22:56:20.660827114Z	64	PC: 14583 \| Write file or device (Write 6555 bytes on handle 5)
2018-12-17T22:56:20.672617034Z	87	PC: 13aff \| Get or set file date and time
2018-12-17T22:56:20.675512779Z	67	PC: 13ab8 \| Get or set file attributes
2018-12-17T22:56:20.688184807Z	62	PC: 14500 \| Close file
2018-12-17T22:56:20.697445089Z	53	PC: 13d67 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:56:20.699419191Z	37	PC: 13d70 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:56:20.701181575Z	53	PC: 13d67 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:56:20.704344121Z	37	PC: 13d70 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:56:20.706446244Z	53	PC: 13d67 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:56:20.708293467Z	37	PC: 13d70 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:56:20.710899387Z	53	PC: 13d67 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:56:20.713740009Z	37	PC: 13d70 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:56:20.715945476Z	53	PC: 13d67 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:56:20.718376227Z	37	PC: 13d70 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:56:20.719864295Z	53	PC: 13d67 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:20.721350018Z	37	PC: 13d70 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:20.723530659Z	53	PC: 13d67 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:56:20.725344149Z	37	PC: 13d70 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:56:20.726835763Z	53	PC: 13d67 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:56:20.729364678Z	37	PC: 13d70 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:56:20.730850322Z	53	PC: 13d67 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:56:20.732314445Z	37	PC: 13d70 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:56:20.734654335Z	53	PC: 13d67 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:56:20.736220049Z	37	PC: 13d70 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:56:20.737676478Z	53	PC: 13d67 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:56:20.739152373Z	37	PC: 13d70 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:56:20.741499546Z	53	PC: 13d67 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:56:20.742984779Z	37	PC: 13d70 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:56:20.744412414Z	53	PC: 13d67 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:56:20.747312627Z	37	PC: 13d70 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:56:20.748773063Z	53	PC: 13d67 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:56:20.750259338Z	37	PC: 13d70 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:56:20.752184708Z	53	PC: 13d67 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:56:20.753357233Z	37	PC: 13d70 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:56:20.754708253Z	53	PC: 13d67 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:56:20.75660008Z	37	PC: 13d70 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:56:20.757946752Z	53	PC: 13d67 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:56:20.759308142Z	37	PC: 13d70 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:56:20.76144487Z	53	PC: 13d67 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:56:20.762840675Z	37	PC: 13d70 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:56:20.764189682Z	53	PC: 13d67 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:56:20.76631071Z	37	PC: 13d70 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:56:20.768021837Z	48	PC: 145fe \| Get DOS version
2018-12-17T22:56:20.769853401Z	41	PC: 13d1e \| Parse filename
2018-12-17T22:56:20.772221324Z	41	PC: 13d2c \| Parse filename
2018-12-17T22:56:20.774030436Z	75	PC: 13d37 \| Execute program
2018-12-17T22:56:20.79417284Z	80	PC: 1ae99 \| Set current PSP
2018-12-17T22:56:20.795860383Z	48	PC: 1ae9e \| Get DOS version
2018-12-17T22:56:20.79746994Z	99	PC: 21680 \| Get DBCS lead byte table pointer
2018-12-17T22:56:20.800224399Z	101	PC: 1af24 \| Get extended country info
2018-12-17T22:56:20.802058117Z	99	PC: 1af2a \| Get DBCS lead byte table pointer
2018-12-17T22:56:20.803407003Z	74	PC: 1af8c \| Reallocate memory
2018-12-17T22:56:20.804847722Z	25	PC: 1afc3 \| Get default drive
2018-12-17T22:56:20.806678274Z	37	PC: 1aa83 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:56:20.807928405Z	37	PC: 1aa8a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:56:20.80896806Z	37	PC: 1aa91 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:20.813523496Z	74	PC: 19c2c \| Reallocate memory
2018-12-17T22:56:20.815725817Z	72	PC: 19c6d \| Allocate memory
2018-12-17T22:56:20.817469095Z	72	PC: 19ca5 \| Allocate memory
2018-12-17T22:56:20.819345834Z	72	PC: 19cad \| Allocate memory