Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Shadow.6427

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:56:37.713330188Z	48	PC: 141e2 \| Get DOS version
2018-12-17T22:56:37.723271891Z	53	PC: 1388a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:56:37.724788632Z	53	PC: 1388a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:56:37.726303711Z	53	PC: 1388a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:56:37.728522994Z	53	PC: 1388a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:56:37.730096223Z	53	PC: 1388a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:56:37.731670513Z	53	PC: 1388a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:37.734720638Z	53	PC: 1388a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:56:37.73608342Z	53	PC: 1388a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:56:37.737183659Z	53	PC: 1388a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:56:37.738808383Z	53	PC: 1388a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:56:37.74023198Z	53	PC: 1388a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:56:37.744017147Z	53	PC: 1388a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:56:37.748016647Z	53	PC: 1388a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:56:37.750189552Z	53	PC: 1388a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:56:37.751504004Z	53	PC: 1388a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:56:37.753052235Z	53	PC: 1388a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:56:37.754663534Z	53	PC: 1388a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:56:37.755997522Z	53	PC: 1388a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:56:37.757486422Z	53	PC: 1388a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:56:37.759335909Z	37	PC: 1389f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:56:37.760732746Z	37	PC: 138a7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:56:37.762469681Z	37	PC: 138af \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:37.770717599Z	37	PC: 138b7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:56:37.77394636Z	68	PC: 14492 \| I/O control for devices (Set for = '2��ǳ �')
2018-12-17T22:56:37.887052956Z	37	PC: 132b1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:56:37.889690275Z	48	PC: 140a3 \| Get DOS version
2018-12-17T22:56:37.891235851Z	61	PC: 13f55 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:56:37.903798301Z	63	PC: 14028 \| Read file or device (Read 6427 bytes on handle 5)
2018-12-17T22:56:37.913241686Z	66	PC: 14087 \| Move file pointer
2018-12-17T22:56:37.914944788Z	66	PC: 14591 \| Move file pointer
2018-12-17T22:56:37.916560076Z	66	PC: 1459f \| Move file pointer
2018-12-17T22:56:37.919063603Z	66	PC: 145ad \| Move file pointer
2018-12-17T22:56:37.92143976Z	66	PC: 14087 \| Move file pointer
2018-12-17T22:56:37.923470969Z	63	PC: 14028 \| Read file or device (Read 6427 bytes on handle 5)
2018-12-17T22:56:37.933021486Z	66	PC: 14087 \| Move file pointer
2018-12-17T22:56:37.935320018Z	66	PC: 14591 \| Move file pointer
2018-12-17T22:56:37.937576141Z	66	PC: 1459f \| Move file pointer
2018-12-17T22:56:37.939728798Z	66	PC: 145ad \| Move file pointer
2018-12-17T22:56:37.941816434Z	66	PC: 14087 \| Move file pointer
2018-12-17T22:56:37.943521219Z	64	PC: 13f86 \| Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:56:37.958923839Z	66	PC: 14087 \| Move file pointer
2018-12-17T22:56:37.961230676Z	64	PC: 14028 \| Write file or device (Write 6427 bytes on handle 5)
2018-12-17T22:56:37.970986159Z	62	PC: 13fa5 \| Close file
2018-12-17T22:56:37.981918263Z	53	PC: 131e5 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:56:37.983801464Z	37	PC: 131ee \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:56:37.985466065Z	53	PC: 131e5 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:56:37.987230993Z	37	PC: 131ee \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:56:37.989954604Z	53	PC: 131e5 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:56:37.99170765Z	37	PC: 131ee \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:56:37.993432664Z	53	PC: 131e5 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:56:37.996430751Z	37	PC: 131ee \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:56:37.998288934Z	53	PC: 131e5 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:56:38.000056969Z	37	PC: 131ee \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:56:38.002744722Z	53	PC: 131e5 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:38.004069663Z	37	PC: 131ee \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:38.005819103Z	53	PC: 131e5 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:56:38.008109459Z	37	PC: 131ee \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:56:38.009499683Z	53	PC: 131e5 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:56:38.010900256Z	37	PC: 131ee \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:56:38.013219717Z	53	PC: 131e5 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:56:38.014905206Z	37	PC: 131ee \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:56:38.016523429Z	53	PC: 131e5 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:56:38.019313074Z	37	PC: 131ee \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:56:38.020903875Z	53	PC: 131e5 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:56:38.022517609Z	37	PC: 131ee \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:56:38.024867307Z	53	PC: 131e5 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:56:38.026833754Z	37	PC: 131ee \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:56:38.028400831Z	53	PC: 131e5 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:56:38.030758514Z	37	PC: 131ee \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:56:38.032671971Z	53	PC: 131e5 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:56:38.03428824Z	37	PC: 131ee \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:56:38.036545074Z	53	PC: 131e5 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:56:38.038511852Z	37	PC: 131ee \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:56:38.040087775Z	53	PC: 131e5 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:56:38.041918517Z	37	PC: 131ee \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:56:38.044311496Z	53	PC: 131e5 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:56:38.045968031Z	37	PC: 131ee \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:56:38.04755283Z	53	PC: 131e5 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:56:38.050001635Z	37	PC: 131ee \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:56:38.051322198Z	53	PC: 131e5 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:56:38.05257847Z	37	PC: 131ee \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:56:38.055772586Z	48	PC: 140a3 \| Get DOS version
2018-12-17T22:56:38.05735428Z	41	PC: 13134 \| Parse filename
2018-12-17T22:56:38.058815057Z	41	PC: 13142 \| Parse filename
2018-12-17T22:56:38.061350975Z	75	PC: 1314d \| Execute program
2018-12-17T22:56:38.082305644Z	80	PC: 1af79 \| Set current PSP
2018-12-17T22:56:38.083587293Z	48	PC: 1af7e \| Get DOS version
2018-12-17T22:56:38.086223791Z	99	PC: 21760 \| Get DBCS lead byte table pointer
2018-12-17T22:56:38.089211388Z	101	PC: 1b004 \| Get extended country info
2018-12-17T22:56:38.090806397Z	99	PC: 1b00a \| Get DBCS lead byte table pointer
2018-12-17T22:56:38.093231346Z	74	PC: 1b06c \| Reallocate memory
2018-12-17T22:56:38.094996235Z	25	PC: 1b0a3 \| Get default drive
2018-12-17T22:56:38.096257506Z	37	PC: 1ab63 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:56:38.098262826Z	37	PC: 1ab6a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:56:38.099652139Z	37	PC: 1ab71 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:38.104342998Z	74	PC: 19d0c \| Reallocate memory
2018-12-17T22:56:38.10678502Z	72	PC: 19d4d \| Allocate memory
2018-12-17T22:56:38.108477502Z	72	PC: 19d85 \| Allocate memory
2018-12-17T22:56:38.110682668Z	72	PC: 19d8d \| Allocate memory