Sample viewer

vx.netlux.org/Virus.DOS.HLLP.4536

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:57:31.226143371Z 48 PC: 9f8c6 | Get DOS version
2018-12-17T22:57:31.229196055Z 85 PC: 9fad9 | Create program PSP
2018-12-17T22:57:31.230769697Z 74 PC: 9fae9 | Reallocate memory
2018-12-17T22:57:31.232146551Z 74 PC: 9faed | Reallocate memory
2018-12-17T22:57:31.233796582Z 74 PC: 9faf6 | Reallocate memory
2018-12-17T22:57:31.234941374Z 73 PC: 9fafa | Release memory
2018-12-17T22:57:31.236020154Z 74 PC: 9fb14 | Reallocate memory
2018-12-17T22:57:31.237872473Z 53 PC: 14a42 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:31.238868881Z 53 PC: 14a42 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:57:31.239935026Z 53 PC: 14a42 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:57:31.241299117Z 53 PC: 14a42 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:31.242293349Z 53 PC: 14a42 | Get interrupt vector (Interrupt = '77' AKA 'Get program return code')
2018-12-17T22:57:31.243382497Z 53 PC: 14a42 | Get interrupt vector (Interrupt = '66' AKA 'Move file pointer')
2018-12-17T22:57:31.244526103Z 53 PC: 14a42 | Get interrupt vector (Interrupt = '50' AKA 'Get disk parameter block for specified drive')
2018-12-17T22:57:31.245589145Z 53 PC: 14a42 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:31.246449148Z 53 PC: 14a42 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:31.247398824Z 53 PC: 14a42 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:31.248898281Z 53 PC: 14a42 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:31.249869229Z 53 PC: 14a42 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:31.250825279Z 53 PC: 14a42 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:31.25233471Z 53 PC: 14a42 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:31.253333869Z 53 PC: 14a42 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:31.254320481Z 53 PC: 14a42 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:31.284196302Z 53 PC: 14a42 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:31.285711884Z 53 PC: 14a42 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:31.287192836Z 53 PC: 14a42 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:31.288642089Z 37 PC: 14a57 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:31.290035605Z 37 PC: 14a5f | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:57:31.291408332Z 37 PC: 14a67 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:31.292645878Z 37 PC: 14a6f | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:57:31.293993359Z 68 PC: 14d8c | I/O control for devices (Set for = '')
2018-12-17T22:57:31.295358513Z 37 PC: 1497f | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:57:31.296436166Z 48 PC: 15551 | Get DOS version
2018-12-17T22:57:31.297658559Z 67 PC: 14865 | Get or set file attributes
2018-12-17T22:57:31.303707813Z 61 PC: 15377 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:57:31.310324933Z 63 PC: 1544a | Read file or device (Read 4536 bytes on handle 5)
2018-12-17T22:57:31.317835265Z 25 PC: 155de | Get default drive
2018-12-17T22:57:31.319313821Z 71 PC: 155f1 | Get current directory
2018-12-17T22:57:31.32216974Z 48 PC: 15551 | Get DOS version
2018-12-17T22:57:31.323951822Z 66 PC: 15513 | Move file pointer
2018-12-17T22:57:31.333532644Z 66 PC: 15521 | Move file pointer
2018-12-17T22:57:31.335120421Z 66 PC: 1552f | Move file pointer
2018-12-17T22:57:31.336881173Z 62 PC: 153c7 | Close file
2018-12-17T22:57:31.339419458Z 67 PC: 1488c | Get or set file attributes
2018-12-17T22:57:31.362479609Z 42 PC: 147b7 | Get date 0x147b7: xor ah, ah
0x147b9: les di, ptr [bp + 6]
0x147bc: stosw word ptr es:[di], ax
0x147bd: mov al, dl
0x147bf: les di, ptr [bp + 0xa]
0x147c2: stosw word ptr es:[di], ax
0x147c3: mov al, dh
0x147c5: les di, ptr [bp + 0xe]
0x147c8: stosw word ptr es:[di], ax
0x147c9: xchg ax, cx
0x147ca: les di, ptr [bp + 0x12]
0x147cd: stosw word ptr es:[di], ax
0x147ce: pop bp
0x147cf: retf 0x10
0x147d2: push bp
0x147d3: mov bp, sp
0x147d5: mov cx, word ptr [bp + 0xa]
0x147d8: mov dh, byte ptr [bp + 8]
0x147db: mov dl, byte ptr [bp + 6]
0x147de: mov ah, 0x2b
2018-12-17T22:57:31.364981696Z 26 PC: 14903 | Set disk transfer address
2018-12-17T22:57:31.36744982Z 78 PC: 1490f | Find first file
2018-12-17T22:57:31.374474735Z 26 PC: 14927 | Set disk transfer address
2018-12-17T22:57:31.375986171Z 79 PC: 1492c | Find next file
2018-12-17T22:57:31.379665032Z 26 PC: 14927 | Set disk transfer address
2018-12-17T22:57:31.380810914Z 79 PC: 1492c | Find next file
2018-12-17T22:57:31.383482268Z 26 PC: 14927 | Set disk transfer address
2018-12-17T22:57:31.385139307Z 79 PC: 1492c | Find next file
2018-12-17T22:57:31.388593419Z 26 PC: 14903 | Set disk transfer address
2018-12-17T22:57:31.390016Z 78 PC: 1490f | Find first file
2018-12-17T22:57:31.399982735Z 26 PC: 14927 | Set disk transfer address
2018-12-17T22:57:31.401295244Z 79 PC: 1492c | Find next file
2018-12-17T22:57:31.404684777Z 26 PC: 14927 | Set disk transfer address
2018-12-17T22:57:31.406706618Z 79 PC: 1492c | Find next file
2018-12-17T22:57:31.410707844Z 54 PC: 1482c | Get free disk space
2018-12-17T22:57:31.44994992Z 48 PC: 15551 | Get DOS version
2018-12-17T22:57:31.452507819Z 67 PC: 14865 | Get or set file attributes
2018-12-17T22:57:31.461654055Z 61 PC: 15377 | Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T22:57:31.468382608Z 66 PC: 15513 | Move file pointer
2018-12-17T22:57:31.470290879Z 66 PC: 15521 | Move file pointer
2018-12-17T22:57:31.471795225Z 66 PC: 1552f | Move file pointer
2018-12-17T22:57:31.473486522Z 63 PC: 1544a | Read file or device (Read 4536 bytes on handle 5)
2018-12-17T22:57:31.482241255Z 87 PC: 148a6 | Get or set file date and time
2018-12-17T22:57:31.4838664Z 66 PC: 154a9 | Move file pointer
2018-12-17T22:57:31.485547032Z 64 PC: 1544a | Write file or device (Write 4536 bytes on handle 5)
2018-12-17T22:57:31.819333832Z 66 PC: 15513 | Move file pointer
2018-12-17T22:57:31.820783721Z 66 PC: 15521 | Move file pointer
2018-12-17T22:57:31.822157115Z 66 PC: 1552f | Move file pointer
2018-12-17T22:57:31.824342231Z 66 PC: 154a9 | Move file pointer
2018-12-17T22:57:31.825878433Z 64 PC: 1544a | Write file or device (Write 4536 bytes on handle 5)
2018-12-17T22:57:31.836079133Z 87 PC: 148d3 | Get or set file date and time
2018-12-17T22:57:31.838721882Z 62 PC: 153c7 | Close file
2018-12-17T22:57:31.845881386Z 67 PC: 1488c | Get or set file attributes
2018-12-17T22:57:31.855397097Z 26 PC: 14927 | Set disk transfer address
2018-12-17T22:57:31.857048021Z 79 PC: 1492c | Find next file
2018-12-17T22:57:31.860735678Z 54 PC: 1482c | Get free disk space
2018-12-17T22:57:31.863508508Z 48 PC: 15551 | Get DOS version
2018-12-17T22:57:31.865581617Z 67 PC: 14865 | Get or set file attributes
2018-12-17T22:57:31.871525906Z 61 PC: 15377 | Open file (Filename = 'C:\DOS\CHKDSK.EXE')
2018-12-17T22:57:31.878177906Z 66 PC: 15513 | Move file pointer
2018-12-17T22:57:31.880990801Z 66 PC: 15521 | Move file pointer
2018-12-17T22:57:31.88229749Z 66 PC: 1552f | Move file pointer
2018-12-17T22:57:31.883667672Z 63 PC: 1544a | Read file or device (Read 4536 bytes on handle 5)
2018-12-17T22:57:31.891223085Z 87 PC: 148a6 | Get or set file date and time
2018-12-17T22:57:31.892742153Z 66 PC: 154a9 | Move file pointer
2018-12-17T22:57:31.894472901Z 64 PC: 1544a | Write file or device (Write 4536 bytes on handle 5)
2018-12-17T22:57:31.90190201Z 66 PC: 15513 | Move file pointer
2018-12-17T22:57:31.903562694Z 66 PC: 15521 | Move file pointer
2018-12-17T22:57:31.904866441Z 66 PC: 1552f | Move file pointer
2018-12-17T22:57:31.906592514Z 66 PC: 154a9 | Move file pointer
2018-12-17T22:57:31.9082748Z 64 PC: 1544a | Write file or device (Write 4536 bytes on handle 5)
2018-12-17T22:57:31.92081638Z 87 PC: 148d3 | Get or set file date and time
2018-12-17T22:57:31.922489847Z 62 PC: 153c7 | Close file
2018-12-17T22:57:31.929923563Z 67 PC: 1488c | Get or set file attributes
2018-12-17T22:57:31.93917197Z 26 PC: 14927 | Set disk transfer address
2018-12-17T22:57:31.940264338Z 79 PC: 1492c | Find next file
2018-12-17T22:57:31.944069831Z 26 PC: 14927 | Set disk transfer address
2018-12-17T22:57:31.944955909Z 79 PC: 1492c | Find next file
2018-12-17T22:57:31.949331787Z 26 PC: 14927 | Set disk transfer address
2018-12-17T22:57:31.95027371Z 79 PC: 1492c | Find next file
2018-12-17T22:57:31.953766245Z 54 PC: 1482c | Get free disk space
2018-12-17T22:57:31.956338946Z 48 PC: 15551 | Get DOS version
2018-12-17T22:57:31.958042795Z 67 PC: 14865 | Get or set file attributes
2018-12-17T22:57:31.963836008Z 61 PC: 15377 | Open file (Filename = 'C:\DOS\DEBUG.EXE')
2018-12-17T22:57:31.970398046Z 66 PC: 15513 | Move file pointer
2018-12-17T22:57:31.97183859Z 66 PC: 15521 | Move file pointer
2018-12-17T22:57:31.973165637Z 66 PC: 1552f | Move file pointer
2018-12-17T22:57:31.974599545Z 63 PC: 1544a | Read file or device (Read 4536 bytes on handle 5)
2018-12-17T22:57:31.981859029Z 87 PC: 148a6 | Get or set file date and time
2018-12-17T22:57:31.983300279Z 66 PC: 154a9 | Move file pointer
2018-12-17T22:57:31.984679089Z 64 PC: 1544a | Write file or device (Write 4536 bytes on handle 5)
2018-12-17T22:57:31.992585066Z 66 PC: 15513 | Move file pointer
2018-12-17T22:57:31.993936966Z 66 PC: 15521 | Move file pointer
2018-12-17T22:57:31.995316774Z 66 PC: 1552f | Move file pointer
2018-12-17T22:57:31.997769255Z 66 PC: 154a9 | Move file pointer
2018-12-17T22:57:31.999207796Z 64 PC: 1544a | Write file or device (Write 4536 bytes on handle 5)
2018-12-17T22:57:32.00798858Z 87 PC: 148d3 | Get or set file date and time
2018-12-17T22:57:32.010661326Z 62 PC: 153c7 | Close file
2018-12-17T22:57:32.018416268Z 67 PC: 1488c | Get or set file attributes
2018-12-17T22:57:32.027852818Z 26 PC: 14927 | Set disk transfer address
2018-12-17T22:57:32.030369401Z 79 PC: 1492c | Find next file
2018-12-17T22:57:32.034066925Z 26 PC: 14927 | Set disk transfer address
2018-12-17T22:57:32.035209673Z 79 PC: 1492c | Find next file
2018-12-17T22:57:32.040099982Z 26 PC: 14927 | Set disk transfer address
2018-12-17T22:57:32.041327345Z 79 PC: 1492c | Find next file
2018-12-17T22:57:32.045146248Z 26 PC: 14927 | Set disk transfer address
2018-12-17T22:57:32.047466693Z 79 PC: 1492c | Find next file
2018-12-17T22:57:32.051141488Z 54 PC: 1482c | Get free disk space
2018-12-17T22:57:32.053738402Z 48 PC: 15551 | Get DOS version
2018-12-17T22:57:32.056381883Z 67 PC: 14865 | Get or set file attributes
2018-12-17T22:57:32.06234839Z 61 PC: 15377 | Open file (Filename = 'C:\DOS\EXPAND.EXE')
2018-12-17T22:57:32.069011634Z 66 PC: 15513 | Move file pointer
2018-12-17T22:57:32.071321767Z 66 PC: 15521 | Move file pointer
2018-12-17T22:57:32.072649814Z 66 PC: 1552f | Move file pointer
2018-12-17T22:57:32.074084944Z 63 PC: 1544a | Read file or device (Read 4536 bytes on handle 5)
2018-12-17T22:57:32.08199657Z 87 PC: 148a6 | Get or set file date and time
2018-12-17T22:57:32.083503034Z 66 PC: 154a9 | Move file pointer
2018-12-17T22:57:32.084898223Z 64 PC: 1544a | Write file or device (Write 4536 bytes on handle 5)
2018-12-17T22:57:32.093565436Z 66 PC: 15513 | Move file pointer
2018-12-17T22:57:32.095097689Z 66 PC: 15521 | Move file pointer
2018-12-17T22:57:32.096377401Z 66 PC: 1552f | Move file pointer
2018-12-17T22:57:32.098738281Z 66 PC: 154a9 | Move file pointer
2018-12-17T22:57:32.100178315Z 64 PC: 1544a | Write file or device (Write 4536 bytes on handle 5)
2018-12-17T22:57:32.10853847Z 87 PC: 148d3 | Get or set file date and time
2018-12-17T22:57:32.110293552Z 62 PC: 153c7 | Close file
2018-12-17T22:57:32.124254761Z 67 PC: 1488c | Get or set file attributes
2018-12-17T22:57:32.138095224Z 26 PC: 14927 | Set disk transfer address
2018-12-17T22:57:32.13944366Z 79 PC: 1492c | Find next file
2018-12-17T22:57:32.143566331Z 54 PC: 1482c | Get free disk space
2018-12-17T22:57:32.146279862Z 48 PC: 15551 | Get DOS version
2018-12-17T22:57:32.148881905Z 67 PC: 14865 | Get or set file attributes
2018-12-17T22:57:32.155018745Z 61 PC: 15377 | Open file (Filename = 'C:\DOS\FDISK.EXE')
2018-12-17T22:57:32.161928387Z 66 PC: 15513 | Move file pointer
2018-12-17T22:57:32.164512676Z 66 PC: 15521 | Move file pointer
2018-12-17T22:57:32.16665577Z 66 PC: 1552f | Move file pointer
2018-12-17T22:57:32.168641666Z 63 PC: 1544a | Read file or device (Read 4536 bytes on handle 5)
2018-12-17T22:57:32.176324093Z 87 PC: 148a6 | Get or set file date and time
2018-12-17T22:57:32.177719296Z 66 PC: 154a9 | Move file pointer
2018-12-17T22:57:32.179096269Z 64 PC: 1544a | Write file or device (Write 4536 bytes on handle 5)
2018-12-17T22:57:32.18543472Z 66 PC: 15513 | Move file pointer
2018-12-17T22:57:32.187044991Z 66 PC: 15521 | Move file pointer
2018-12-17T22:57:32.188357214Z 66 PC: 1552f | Move file pointer
2018-12-17T22:57:32.193574407Z 66 PC: 154a9 | Move file pointer
2018-12-17T22:57:32.195066538Z 64 PC: 1544a | Write file or device (Write 4536 bytes on handle 5)
2018-12-17T22:57:32.204196438Z 87 PC: 148d3 | Get or set file date and time
2018-12-17T22:57:32.205897828Z 62 PC: 153c7 | Close file
2018-12-17T22:57:32.212906274Z 67 PC: 1488c | Get or set file attributes
2018-12-17T22:57:32.22262807Z 26 PC: 14927 | Set disk transfer address
2018-12-17T22:57:32.223914448Z 79 PC: 1492c | Find next file
2018-12-17T22:57:32.228000403Z 64 PC: 14e8f | Write file or device (Write 25 bytes on handle 1)
2018-12-17T22:57:32.232583564Z 64 PC: 14e8f | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:57:32.234670398Z 37 PC: 14b56 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:32.235861283Z 37 PC: 14b56 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:57:32.238019261Z 37 PC: 14b56 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:57:32.239921344Z 37 PC: 14b56 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:32.241817651Z 37 PC: 14b56 | Set interrupt vector (Interrupt = '77' AKA 'Get program return code')
2018-12-17T22:57:32.24328497Z 37 PC: 14b56 | Set interrupt vector (Interrupt = '66' AKA 'Move file pointer')
2018-12-17T22:57:32.245351247Z 37 PC: 14b56 | Set interrupt vector (Interrupt = '50' AKA 'Get disk parameter block for specified drive')
2018-12-17T22:57:32.246794657Z 37 PC: 14b56 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:32.248923162Z 37 PC: 14b56 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:32.25069566Z 37 PC: 14b56 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:32.252112061Z 37 PC: 14b56 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:32.253548507Z 37 PC: 14b56 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:32.255668258Z 37 PC: 14b56 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:32.256772302Z 37 PC: 14b56 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:32.257865907Z 37 PC: 14b56 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:32.25995045Z 37 PC: 14b56 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:32.261884175Z 37 PC: 14b56 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:32.263273436Z 37 PC: 14b56 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:32.264492466Z 37 PC: 14b56 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:32.265506608Z 76 PC: 14b95 | Terminate with return code (Return code = '0')