Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Ceib.5000

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:57:23.698972183Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:23.701247759Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:57:23.702730551Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:57:23.704194865Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:23.706273987Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:57:23.707649444Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:23.708876695Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:57:23.71007299Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:57:23.717184165Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:57:23.718507304Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:57:23.719811501Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:57:23.72192471Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:57:23.723694148Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:57:23.725489532Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:57:23.732218291Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:57:23.734427645Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:57:23.736498448Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:57:23.742508722Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:57:23.743967298Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:57:23.745029952Z	37	PC: 137ff \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:23.74661386Z	37	PC: 13807 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:57:23.747693411Z	37	PC: 1380f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:23.748744565Z	37	PC: 13817 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:57:23.750816125Z	68	PC: 14344 \| I/O control for devices (Set for = '')
2018-12-17T22:57:23.752141849Z	44	PC: 1447b \| Get time 0x1447b: mov word ptr [0x4a], cx 0x1447f: mov word ptr [0x4c], dx 0x14483: retf 0x14484: call 0x144cb 0x14487: jb 0x14498 0x14489: mov cx, word ptr es:[di + 4] 0x1448d: cmp cx, 1 0x14490: je 0x14498 0x14492: xor bx, bx 0x14494: push cs 0x14495: call 0x24007 0x14498: retf 4 0x1449b: call 0x144cb 0x1449e: jb 0x144b3 0x144a0: mov ax, cx 0x144a2: mov dx, bx 0x144a4: mov cx, word ptr es:[di + 4] 0x144a8: cmp cx, 1 0x144ab: je 0x144b3 0x144ad: xor bx, bx
2018-12-17T22:57:23.754103459Z	45	PC: 13590 \| Set time
2018-12-17T22:57:23.768547769Z	43	PC: 13579 \| Set date
2018-12-17T22:57:23.772110271Z	60	PC: 13cad \| Create or truncate file
2018-12-17T22:57:23.791529606Z	62	PC: 13cfd \| Close file
2018-12-17T22:57:23.793706564Z	65	PC: 13df6 \| Delete file (Filename = 'CMIBYHTP.TMP')
2018-12-17T22:57:23.806015685Z	25	PC: 13efc \| Get default drive
2018-12-17T22:57:23.80713226Z	71	PC: 13f0f \| Get current directory
2018-12-17T22:57:23.810447888Z	48	PC: 13e6f \| Get DOS version
2018-12-17T22:57:23.812365291Z	67	PC: 135bc \| Get or set file attributes
2018-12-17T22:57:23.817592783Z	67	PC: 135e3 \| Get or set file attributes
2018-12-17T22:57:23.826405686Z	61	PC: 13cad \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:57:23.832783434Z	63	PC: 13d80 \| Read file or device (Read 5000 bytes on handle 5)
2018-12-17T22:57:23.841314274Z	62	PC: 13cfd \| Close file
2018-12-17T22:57:23.843860168Z	67	PC: 135e3 \| Get or set file attributes
2018-12-17T22:57:23.856188696Z	14	PC: 13f55 \| Set default drive (Drive = 'A')
2018-12-17T22:57:23.857617586Z	25	PC: 13f59 \| Get default drive
2018-12-17T22:57:23.859262842Z	26	PC: 13640 \| Set disk transfer address
2018-12-17T22:57:23.860993795Z	78	PC: 13567 \| Find first file
2018-12-17T22:57:23.868202755Z	67	PC: 135bc \| Get or set file attributes
2018-12-17T22:57:23.875195296Z	67	PC: 135e3 \| Get or set file attributes
2018-12-17T22:57:23.886607461Z	61	PC: 13cad \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:57:23.894070568Z	66	PC: 13ddf \| Move file pointer
2018-12-17T22:57:23.895643343Z	63	PC: 13d80 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:23.903281784Z	62	PC: 13cfd \| Close file
2018-12-17T22:57:23.905649798Z	67	PC: 135e3 \| Get or set file attributes
2018-12-17T22:57:23.916975057Z	26	PC: 13662 \| Set disk transfer address
2018-12-17T22:57:23.919467273Z	79	PC: 13667 \| Find next file
2018-12-17T22:57:23.922590973Z	26	PC: 13640 \| Set disk transfer address
2018-12-17T22:57:23.923947179Z	78	PC: 13567 \| Find first file
2018-12-17T22:57:23.931627774Z	67	PC: 135bc \| Get or set file attributes
2018-12-17T22:57:23.939421745Z	67	PC: 135e3 \| Get or set file attributes
2018-12-17T22:57:23.950369295Z	61	PC: 13cad \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:57:23.957904135Z	66	PC: 13ddf \| Move file pointer
2018-12-17T22:57:23.960575631Z	63	PC: 13d80 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:23.967900994Z	62	PC: 13cfd \| Close file
2018-12-17T22:57:23.970370869Z	61	PC: 13cad \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:57:23.978217596Z	87	PC: 135fd \| Get or set file date and time
2018-12-17T22:57:23.979471478Z	66	PC: 144e5 \| Move file pointer
2018-12-17T22:57:23.981391575Z	66	PC: 144f3 \| Move file pointer
2018-12-17T22:57:23.983371036Z	66	PC: 14501 \| Move file pointer
2018-12-17T22:57:23.984975989Z	62	PC: 13cfd \| Close file
2018-12-17T22:57:23.986889863Z	54	PC: 1359e \| Get free disk space
2018-12-17T22:57:23.997491353Z	60	PC: 13cad \| Create or truncate file
2018-12-17T22:57:24.010395543Z	64	PC: 13d80 \| Write file or device (Write 5000 bytes on handle 5)
2018-12-17T22:57:24.022888506Z	61	PC: 13cad \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:57:24.031048455Z	63	PC: 13d80 \| Read file or device (Read 59226 bytes on handle 6)
2018-12-17T22:57:24.034128623Z	64	PC: 13d80 \| Write file or device (Write 407 bytes on handle 5)
2018-12-17T22:57:24.05520085Z	63	PC: 13d80 \| Read file or device (Read 59226 bytes on handle 6)
2018-12-17T22:57:24.05817596Z	62	PC: 13cfd \| Close file
2018-12-17T22:57:24.06072213Z	65	PC: 13df6 \| Delete file (Filename = 'SLEEP.COM')
2018-12-17T22:57:24.074844225Z	87	PC: 1362a \| Get or set file date and time
2018-12-17T22:57:24.077919536Z	62	PC: 13cfd \| Close file
2018-12-17T22:57:24.085991789Z	86	PC: 13e3a \| Rename file
2018-12-17T22:57:24.099810883Z	67	PC: 135e3 \| Get or set file attributes
2018-12-17T22:57:24.111641405Z	14	PC: 13f55 \| Set default drive (Drive = 'A')
2018-12-17T22:57:24.113916485Z	25	PC: 13f59 \| Get default drive
2018-12-17T22:57:24.115527802Z	59	PC: 13fc3 \| Change current directory
2018-12-17T22:57:24.126332045Z	48	PC: 13e6f \| Get DOS version
2018-12-17T22:57:24.128922874Z	67	PC: 135bc \| Get or set file attributes
2018-12-17T22:57:24.142320059Z	67	PC: 135e3 \| Get or set file attributes
2018-12-17T22:57:24.153586461Z	61	PC: 13cad \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:57:24.162741448Z	66	PC: 144e5 \| Move file pointer
2018-12-17T22:57:24.164705925Z	66	PC: 144f3 \| Move file pointer
2018-12-17T22:57:24.16666062Z	66	PC: 14501 \| Move file pointer
2018-12-17T22:57:24.16974277Z	54	PC: 1359e \| Get free disk space
2018-12-17T22:57:24.179957781Z	87	PC: 135fd \| Get or set file date and time
2018-12-17T22:57:24.182089973Z	60	PC: 13cad \| Create or truncate file
2018-12-17T22:57:24.196198037Z	63	PC: 13d80 \| Read file or device (Read 5000 bytes on handle 5)
2018-12-17T22:57:24.20676076Z	63	PC: 13d80 \| Read file or device (Read 59226 bytes on handle 5)
2018-12-17T22:57:24.215875869Z	64	PC: 13d80 \| Write file or device (Write 3059 bytes on handle 6)
2018-12-17T22:57:24.227139181Z	63	PC: 13d80 \| Read file or device (Read 59226 bytes on handle 5)
2018-12-17T22:57:24.230117349Z	62	PC: 13cfd \| Close file
2018-12-17T22:57:24.232216427Z	65	PC: 13df6 \| Delete file (Filename = 'A:\TEST.EXE')
2018-12-17T22:57:24.246393516Z	87	PC: 1362a \| Get or set file date and time
2018-12-17T22:57:24.249408407Z	62	PC: 13cfd \| Close file
2018-12-17T22:57:24.262184313Z	67	PC: 135e3 \| Get or set file attributes
2018-12-17T22:57:24.275017907Z	48	PC: 13e6f \| Get DOS version
2018-12-17T22:57:24.277754515Z	86	PC: 13e3a \| Rename file
2018-12-17T22:57:24.291934515Z	48	PC: 13e6f \| Get DOS version
2018-12-17T22:57:24.293824616Z	41	PC: 13751 \| Parse filename
2018-12-17T22:57:24.296600533Z	41	PC: 1375f \| Parse filename
2018-12-17T22:57:24.29844031Z	75	PC: 1376a \| Execute program