Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Erot.5991

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:58:12.886766941Z 53 PC: 13b4a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:12.889361588Z 53 PC: 13b4a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:58:12.890833565Z 53 PC: 13b4a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:58:12.892200375Z 53 PC: 13b4a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:12.894627848Z 53 PC: 13b4a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:12.896353471Z 53 PC: 13b4a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:12.897976332Z 53 PC: 13b4a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:58:12.903302132Z 53 PC: 13b4a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:58:12.90484406Z 53 PC: 13b4a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:58:12.906287223Z 53 PC: 13b4a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:58:12.907697955Z 53 PC: 13b4a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:58:12.910022244Z 53 PC: 13b4a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:58:12.911662888Z 53 PC: 13b4a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:58:12.913187193Z 53 PC: 13b4a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:58:12.918949715Z 53 PC: 13b4a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:58:12.920712158Z 53 PC: 13b4a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:58:12.922384371Z 53 PC: 13b4a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:58:12.925649338Z 53 PC: 13b4a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:12.928166339Z 53 PC: 13b4a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:58:12.931005456Z 37 PC: 13b5f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:12.934032065Z 37 PC: 13b67 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:12.93631183Z 37 PC: 13b6f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:12.938515352Z 37 PC: 13b77 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:12.941998429Z 68 PC: 148a7 | I/O control for devices (Set for = '')
2018-12-17T22:58:12.943910703Z 25 PC: 1445f | Get default drive
2018-12-17T22:58:12.945549413Z 71 PC: 14472 | Get current directory
2018-12-17T22:58:12.950263094Z 25 PC: 1445f | Get default drive
2018-12-17T22:58:12.954077183Z 71 PC: 14472 | Get current directory
2018-12-17T22:58:12.958297436Z 26 PC: 13959 | Set disk transfer address
2018-12-17T22:58:12.960962605Z 78 PC: 13965 | Find first file
2018-12-17T22:58:12.969638774Z 67 PC: 13928 | Get or set file attributes
2018-12-17T22:58:12.988539702Z 48 PC: 143d2 | Get DOS version
2018-12-17T22:58:12.992680084Z 26 PC: 1397d | Set disk transfer address
2018-12-17T22:58:12.996563674Z 79 PC: 13982 | Find next file
2018-12-17T22:58:13.004022644Z 48 PC: 143d2 | Get DOS version
2018-12-17T22:58:13.008498097Z 25 PC: 1445f | Get default drive
2018-12-17T22:58:13.011082094Z 71 PC: 14472 | Get current directory
2018-12-17T22:58:13.018738165Z 14 PC: 144b8 | Set default drive (Drive = 'A')
2018-12-17T22:58:13.020492302Z 25 PC: 144bc | Get default drive
2018-12-17T22:58:13.023731671Z 59 PC: 14526 | Change current directory
2018-12-17T22:58:13.028130981Z 42 PC: 13887 | Get date 0x13887: xor ah, ah
0x13889: les di, ptr [bp + 6]
0x1388c: stosw word ptr es:[di], ax
0x1388d: mov al, dl
0x1388f: les di, ptr [bp + 0xa]
0x13892: stosw word ptr es:[di], ax
0x13893: mov al, dh
0x13895: les di, ptr [bp + 0xe]
0x13898: stosw word ptr es:[di], ax
0x13899: xchg ax, cx
0x1389a: les di, ptr [bp + 0x12]
0x1389d: stosw word ptr es:[di], ax
0x1389e: pop bp
0x1389f: retf 0x10
0x138a2: push bp
0x138a3: mov bp, sp
0x138a5: mov cx, word ptr [bp + 0xa]
0x138a8: mov dh, byte ptr [bp + 8]
0x138ab: mov dl, byte ptr [bp + 6]
0x138ae: mov ah, 0x2b
2018-12-17T22:58:13.030605011Z 48 PC: 143d2 | Get DOS version
2018-12-17T22:58:13.032452072Z 61 PC: 14210 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:58:13.040395093Z 66 PC: 14b05 | Move file pointer
2018-12-17T22:58:13.042002685Z 66 PC: 14b13 | Move file pointer
2018-12-17T22:58:13.043656163Z 66 PC: 14b21 | Move file pointer
2018-12-17T22:58:13.0461873Z 62 PC: 14260 | Close file
2018-12-17T22:58:13.048606628Z 48 PC: 143d2 | Get DOS version
2018-12-17T22:58:13.050152122Z 61 PC: 14210 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:58:13.058933178Z 61 PC: 14210 | Open file (Filename = 'prg1.exe')
2018-12-17T22:58:13.066385396Z 60 PC: 14210 | Create or truncate file
2018-12-17T22:58:13.078233707Z 66 PC: 14342 | Move file pointer
2018-12-17T22:58:13.080985239Z 63 PC: 142e3 | Read file or device (Read 5988 bytes on handle 5)
2018-12-17T22:58:13.092113376Z 64 PC: 142e3 | Write file or device (Write 5988 bytes on handle 6)
2018-12-17T22:58:13.101638941Z 63 PC: 142e3 | Read file or device (Read 5988 bytes on handle 5)
2018-12-17T22:58:13.111477034Z 64 PC: 142e3 | Write file or device (Write 5988 bytes on handle 6)
2018-12-17T22:58:13.124350311Z 63 PC: 142e3 | Read file or device (Read 5988 bytes on handle 5)
2018-12-17T22:58:13.146063365Z 64 PC: 142e3 | Write file or device (Write 5988 bytes on handle 6)
2018-12-17T22:58:13.155979634Z 63 PC: 142e3 | Read file or device (Read 5988 bytes on handle 5)
2018-12-17T22:58:13.166132288Z 64 PC: 142e3 | Write file or device (Write 3509 bytes on handle 6)
2018-12-17T22:58:13.436810494Z 63 PC: 142e3 | Read file or device (Read 5988 bytes on handle 5)
2018-12-17T22:58:13.439590971Z 66 PC: 14342 | Move file pointer
2018-12-17T22:58:13.442626076Z 63 PC: 142e3 | Read file or device (Read 513 bytes on handle 6)
2018-12-17T22:58:13.450806652Z 66 PC: 14342 | Move file pointer
2018-12-17T22:58:13.452645769Z 64 PC: 142e3 | Write file or device (Write 513 bytes on handle 6)
2018-12-17T22:58:13.492462612Z 66 PC: 14342 | Move file pointer
2018-12-17T22:58:13.49473322Z 62 PC: 14260 | Close file
2018-12-17T22:58:13.512421027Z 62 PC: 14260 | Close file
2018-12-17T22:58:13.515706653Z 53 PC: 13ac8 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:13.517698116Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:13.519263799Z 53 PC: 13ac8 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:58:13.521561649Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:58:13.523811117Z 53 PC: 13ac8 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:58:13.525639965Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:58:13.527162948Z 53 PC: 13ac8 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:13.530809512Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:13.53242601Z 53 PC: 13ac8 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:13.534122659Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:13.536754526Z 53 PC: 13ac8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:13.538301484Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:13.539886874Z 53 PC: 13ac8 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:58:13.542490087Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:58:13.544070448Z 53 PC: 13ac8 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:58:13.545670826Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:58:13.548318042Z 53 PC: 13ac8 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:58:13.550407719Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:58:13.551933027Z 53 PC: 13ac8 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:58:13.553450299Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:58:13.555751564Z 53 PC: 13ac8 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:58:13.557274347Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:58:13.558969764Z 53 PC: 13ac8 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:58:13.561592744Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:58:13.563672844Z 53 PC: 13ac8 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:58:13.565379351Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:58:13.56801758Z 53 PC: 13ac8 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:58:13.569619612Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:58:13.571301273Z 53 PC: 13ac8 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:58:13.573812413Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:58:13.575839203Z 53 PC: 13ac8 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:58:13.577416558Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:58:13.579951523Z 53 PC: 13ac8 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:58:13.581588119Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:58:13.583043004Z 53 PC: 13ac8 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:13.584817429Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:13.586964665Z 53 PC: 13ac8 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:58:13.588612592Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:58:13.59187802Z 41 PC: 13a7f | Parse filename
2018-12-17T22:58:13.594338676Z 41 PC: 13a8d | Parse filename
2018-12-17T22:58:13.596385814Z 75 PC: 13a98 | Execute program
2018-12-17T22:58:13.621188865Z 80 PC: 1c669 | Set current PSP
2018-12-17T22:58:13.623067005Z 48 PC: 1c66e | Get DOS version
2018-12-17T22:58:13.625323196Z 99 PC: 22e50 | Get DBCS lead byte table pointer
2018-12-17T22:58:13.628657344Z 101 PC: 1c6f4 | Get extended country info
2018-12-17T22:58:13.631319087Z 99 PC: 1c6fa | Get DBCS lead byte table pointer
2018-12-17T22:58:13.633067573Z 74 PC: 1c75c | Reallocate memory
2018-12-17T22:58:13.635049027Z 25 PC: 1c793 | Get default drive
2018-12-17T22:58:13.637463626Z 37 PC: 1c253 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:58:13.639126752Z 37 PC: 1c25a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:13.64042336Z 37 PC: 1c261 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:13.646313582Z 74 PC: 1b3fc | Reallocate memory
2018-12-17T22:58:13.648178718Z 72 PC: 1b43d | Allocate memory
2018-12-17T22:58:13.650259369Z 72 PC: 1b475 | Allocate memory
2018-12-17T22:58:13.653369063Z 72 PC: 1b47d | Allocate memory