Sample viewer

vx.netlux.org/Virus.DOS.HLLO.2673

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:57:53.051340962Z 53 PC: 12f7a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:53.054192453Z 53 PC: 12f7a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:57:53.05553751Z 53 PC: 12f7a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:57:53.057031184Z 53 PC: 12f7a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:53.05864969Z 53 PC: 12f7a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:57:53.061098857Z 53 PC: 12f7a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:53.062547783Z 53 PC: 12f7a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:57:53.063955882Z 53 PC: 12f7a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:57:53.066351482Z 53 PC: 12f7a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:57:53.067945604Z 53 PC: 12f7a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:57:53.069528054Z 53 PC: 12f7a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:57:53.071835584Z 53 PC: 12f7a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:57:53.07400345Z 53 PC: 12f7a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:57:53.076205161Z 53 PC: 12f7a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:57:53.097619439Z 53 PC: 12f7a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:57:53.100257646Z 53 PC: 12f7a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:57:53.101907237Z 53 PC: 12f7a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:57:53.103365442Z 53 PC: 12f7a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:57:53.104908634Z 53 PC: 12f7a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:57:53.105971904Z 37 PC: 12f8f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:53.106864102Z 37 PC: 12f97 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:57:53.108203581Z 37 PC: 12f9f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:53.112267523Z 37 PC: 12fa7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:57:53.113883573Z 68 PC: 135ee | I/O control for devices (Set for = '���')
2018-12-17T22:57:53.115883826Z 2 PC: 12a58 | Character output (Char = '4e')
2018-12-17T22:57:53.122289282Z 2 PC: 12a5e | Character output (Char = '6f')
2018-12-17T22:57:53.12568333Z 2 PC: 12a64 | Character output (Char = '74')
2018-12-17T22:57:53.131813256Z 2 PC: 12a6a | Character output (Char = '20')
2018-12-17T22:57:53.133928342Z 2 PC: 12a70 | Character output (Char = '65')
2018-12-17T22:57:53.135645016Z 2 PC: 12a76 | Character output (Char = '6e')
2018-12-17T22:57:53.138533039Z 2 PC: 12a7c | Character output (Char = '6f')
2018-12-17T22:57:53.140540024Z 2 PC: 12a82 | Character output (Char = '75')
2018-12-17T22:57:53.142794614Z 2 PC: 12a88 | Character output (Char = '67')
2018-12-17T22:57:53.145311865Z 2 PC: 12a8e | Character output (Char = '68')
2018-12-17T22:57:53.147829848Z 2 PC: 12a94 | Character output (Char = '20')
2018-12-17T22:57:53.150226704Z 2 PC: 12a9a | Character output (Char = '6d')
2018-12-17T22:57:53.15307769Z 2 PC: 12aa0 | Character output (Char = '65')
2018-12-17T22:57:53.155174126Z 2 PC: 12aa6 | Character output (Char = '6d')
2018-12-17T22:57:53.157323475Z 2 PC: 12aac | Character output (Char = '6f')
2018-12-17T22:57:53.160120358Z 2 PC: 12ab2 | Character output (Char = '72')
2018-12-17T22:57:53.162487948Z 2 PC: 12ab8 | Character output (Char = '79')
2018-12-17T22:57:53.164966663Z 42 PC: 12de7 | Get date 0x12de7: xor ah, ah
0x12de9: les di, ptr [bp + 6]
0x12dec: stosw word ptr es:[di], ax
0x12ded: mov al, dl
0x12def: les di, ptr [bp + 0xa]
0x12df2: stosw word ptr es:[di], ax
0x12df3: mov al, dh
0x12df5: les di, ptr [bp + 0xe]
0x12df8: stosw word ptr es:[di], ax
0x12df9: xchg ax, cx
0x12dfa: les di, ptr [bp + 0x12]
0x12dfd: stosw word ptr es:[di], ax
0x12dfe: pop bp
0x12dff: retf 0x10
0x12e02: push bp
0x12e03: mov bp, sp
0x12e05: mov cx, word ptr [bp + 0xa]
0x12e08: mov dh, byte ptr [bp + 8]
0x12e0b: mov dl, byte ptr [bp + 6]
0x12e0e: mov ah, 0x2b
2018-12-17T22:57:53.167815648Z 26 PC: 12ebd | Set disk transfer address
2018-12-17T22:57:53.170118277Z 78 PC: 12ec9 | Find first file
2018-12-17T22:57:53.177515672Z 61 PC: 133e2 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:57:53.191549603Z 66 PC: 13514 | Move file pointer
2018-12-17T22:57:53.201962604Z 63 PC: 134b5 | Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:57:53.212696891Z 62 PC: 13432 | Close file
2018-12-17T22:57:53.214501714Z 48 PC: 13530 | Get DOS version
2018-12-17T22:57:53.217648212Z 61 PC: 133e2 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:57:53.225132179Z 63 PC: 134b5 | Read file or device (Read 2673 bytes on handle 5)
2018-12-17T22:57:53.233560094Z 62 PC: 13432 | Close file
2018-12-17T22:57:53.236930664Z 61 PC: 133e2 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:57:53.244014286Z 87 PC: 12e60 | Get or set file date and time
2018-12-17T22:57:53.246359607Z 64 PC: 134b5 | Write file or device (Write 2673 bytes on handle 5)
2018-12-17T22:57:53.587166666Z 87 PC: 12e8d | Get or set file date and time
2018-12-17T22:57:53.589344933Z 62 PC: 13432 | Close file
2018-12-17T22:57:53.597036195Z 64 PC: 1333d | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:57:53.599817026Z 37 PC: 130d1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:53.601652014Z 37 PC: 130d1 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:57:53.603086838Z 37 PC: 130d1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:57:53.605238386Z 37 PC: 130d1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:53.606996034Z 37 PC: 130d1 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:57:53.608400483Z 37 PC: 130d1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:53.610020024Z 37 PC: 130d1 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:57:53.612162118Z 37 PC: 130d1 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:57:53.613539366Z 37 PC: 130d1 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:57:53.615678232Z 37 PC: 130d1 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:57:53.618011398Z 37 PC: 130d1 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:57:53.619380412Z 37 PC: 130d1 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:57:53.621271719Z 37 PC: 130d1 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:57:53.623604983Z 37 PC: 130d1 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:57:53.62499181Z 37 PC: 130d1 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:57:53.627512978Z 37 PC: 130d1 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:57:53.629933845Z 37 PC: 130d1 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:57:53.631378405Z 37 PC: 130d1 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:57:53.632740354Z 37 PC: 130d1 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:57:53.63492665Z 76 PC: 13110 | Terminate with return code (Return code = '0')