Sample viewer

vx.netlux.org/Virus.DOS.HLLP.DPVG.3552

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:58:11.276365305Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:11.27772404Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:58:11.28651795Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:58:11.287711758Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:11.289039881Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:11.290771125Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:11.292048385Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:58:11.293066271Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:58:11.294962682Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:58:11.296711602Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:58:11.298175557Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:58:11.299887728Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:58:11.301180392Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:58:11.302392128Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:58:11.303830994Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:58:11.305259224Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:58:11.306520424Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:58:11.307754259Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:11.312442211Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:58:11.313594595Z	37	PC: 12b7f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:11.314540694Z	37	PC: 12b87 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:11.316272583Z	37	PC: 12b8f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:11.317366328Z	37	PC: 12b97 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:11.318784285Z	68	PC: 135f8 \| I/O control for devices (Set for = '')
2018-12-17T22:58:11.32101995Z	48	PC: 13323 \| Get DOS version
2018-12-17T22:58:11.323255935Z	61	PC: 131d5 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:58:11.331299877Z	63	PC: 132a8 \| Read file or device (Read 4000 bytes on handle 5)
2018-12-17T22:58:11.340470099Z	62	PC: 13225 \| Close file
2018-12-17T22:58:11.342868422Z	44	PC: 1372f \| Get time 0x1372f: mov word ptr [0x3e], cx 0x13733: mov word ptr [0x40], dx 0x13737: retf 0x13738: mov di, 0x52 0x1373b: push ds 0x1373c: pop es 0x1373d: mov cx, 0x1894 0x13740: sub cx, di 0x13742: shr cx, 1 0x13744: xor ax, ax 0x13746: cld 0x13747: rep stosd dword ptr es:[di], eax 0x13749: ret 0x1374a: add byte ptr [bx + si], al 0x1374c: add byte ptr [bx + si], al 0x1374e: add byte ptr [bx + si], al 0x13750: add byte ptr [bx + si], al 0x13752: add byte ptr [bx + si], al 0x13754: add byte ptr [bx + si], al 0x13756: add byte ptr [bx + si], al
2018-12-17T22:58:11.346217168Z	64	PC: 12f2d \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:58:11.349281672Z	37	PC: 12cc1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:11.350916875Z	37	PC: 12cc1 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:58:11.352332246Z	37	PC: 12cc1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:58:11.354002386Z	37	PC: 12cc1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:11.356151116Z	37	PC: 12cc1 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:11.357342953Z	37	PC: 12cc1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:11.359058651Z	37	PC: 12cc1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:58:11.361123289Z	37	PC: 12cc1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:58:11.362301956Z	37	PC: 12cc1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:58:11.363766943Z	37	PC: 12cc1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:58:11.366500072Z	37	PC: 12cc1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:58:11.367743126Z	37	PC: 12cc1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:58:11.369017705Z	37	PC: 12cc1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:58:11.371227628Z	37	PC: 12cc1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:58:11.372483584Z	37	PC: 12cc1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:58:11.373753914Z	37	PC: 12cc1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:58:11.37620695Z	37	PC: 12cc1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:58:11.378185967Z	37	PC: 12cc1 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:11.379797664Z	37	PC: 12cc1 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:58:11.382636153Z	76	PC: 12d00 \| Terminate with return code (Return code = '0')