Sample viewer

vx.netlux.org/Virus.DOS.HLLO.Bormut.5744

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:57:48.521130249Z	53	PC: 130da \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:48.523603839Z	53	PC: 130da \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:57:48.524957149Z	53	PC: 130da \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:57:48.52639081Z	53	PC: 130da \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:48.528179531Z	53	PC: 130da \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:57:48.52954204Z	53	PC: 130da \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:48.530887779Z	53	PC: 130da \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:57:48.532932076Z	53	PC: 130da \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:57:48.534179066Z	53	PC: 130da \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:57:48.53542977Z	53	PC: 130da \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:57:48.53752508Z	53	PC: 130da \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:57:48.53997212Z	53	PC: 130da \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:57:48.541130724Z	53	PC: 130da \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:57:48.543919821Z	53	PC: 130da \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:57:48.558161556Z	53	PC: 130da \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:57:48.559562802Z	53	PC: 130da \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:57:48.5609621Z	53	PC: 130da \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:57:48.563101786Z	53	PC: 130da \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:57:48.56522383Z	53	PC: 130da \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:57:48.567336449Z	37	PC: 130ef \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:48.569431983Z	37	PC: 130f7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:57:48.571618948Z	37	PC: 130ff \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:48.573149958Z	37	PC: 13107 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:57:48.574785002Z	68	PC: 13e2b \| I/O control for devices (Set for = '')
2018-12-17T22:57:48.576206104Z	48	PC: 13b51 \| Get DOS version
2018-12-17T22:57:48.577633146Z	61	PC: 13a03 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:57:48.592721886Z	63	PC: 13ad6 \| Read file or device (Read 5744 bytes on handle 5)
2018-12-17T22:57:48.599824833Z	26	PC: 12edd \| Set disk transfer address
2018-12-17T22:57:48.600836828Z	78	PC: 12ee9 \| Find first file
2018-12-17T22:57:48.608441243Z	67	PC: 12e66 \| Get or set file attributes
2018-12-17T22:57:48.625299912Z	60	PC: 13a03 \| Create or truncate file
2018-12-17T22:57:48.637153717Z	62	PC: 13a53 \| Close file
2018-12-17T22:57:48.640127708Z	61	PC: 13a03 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:57:48.646882673Z	64	PC: 13ad6 \| Write file or device (Write 5744 bytes on handle 6)
2018-12-17T22:57:48.655610938Z	87	PC: 12ead \| Get or set file date and time
2018-12-17T22:57:48.658231305Z	67	PC: 12e66 \| Get or set file attributes
2018-12-17T22:57:48.669049475Z	62	PC: 13a53 \| Close file
2018-12-17T22:57:48.676539071Z	26	PC: 12f01 \| Set disk transfer address
2018-12-17T22:57:48.678449612Z	79	PC: 12f06 \| Find next file
2018-12-17T22:57:48.681519451Z	62	PC: 13a53 \| Close file
2018-12-17T22:57:48.683830487Z	67	PC: 12e66 \| Get or set file attributes
2018-12-17T22:57:48.694398872Z	60	PC: 13a03 \| Create or truncate file
2018-12-17T22:57:48.706523917Z	62	PC: 13a53 \| Close file
2018-12-17T22:57:48.708498591Z	61	PC: 13a03 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:57:48.71559242Z	64	PC: 13ad6 \| Write file or device (Write 5744 bytes on handle 5)
2018-12-17T22:57:48.725054633Z	87	PC: 12ead \| Get or set file date and time
2018-12-17T22:57:48.726694162Z	67	PC: 12e66 \| Get or set file attributes
2018-12-17T22:57:48.737374406Z	62	PC: 13a53 \| Close file
2018-12-17T22:57:48.745163183Z	26	PC: 12f01 \| Set disk transfer address
2018-12-17T22:57:48.746620881Z	79	PC: 12f06 \| Find next file
2018-12-17T22:57:48.75017062Z	64	PC: 1375b \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:57:48.752348711Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:48.75369301Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:57:48.755226426Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:57:48.757184914Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:48.758486531Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:57:48.759777894Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:48.761568732Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:57:48.762787352Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:57:48.763996869Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:57:48.765496341Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:57:48.766794773Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:57:48.768078753Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:57:48.769907924Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:57:48.771270378Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:57:48.772620635Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:57:48.774512633Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:57:48.77579308Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:57:48.777118366Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:57:48.779181573Z	37	PC: 13231 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:57:48.780459803Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.782636168Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.78536839Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.787615667Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.78985758Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.79253389Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.794688774Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.796830778Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.799903953Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.802111593Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.804302148Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.806943537Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.809049044Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.811247064Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.814493017Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.816764985Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.819018743Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.821998393Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.825084011Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.827306834Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.830179888Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.832485206Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.834747745Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.839260442Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.841622702Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.843876528Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.846370188Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.848804417Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.85095416Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.853981849Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.856260666Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.858536573Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.860891302Z	6	PC: 132b8 \| Direct console I/O
2018-12-17T22:57:48.864814771Z	76	PC: 13270 \| Terminate with return code (Return code = '103')