Sample viewer

vx.netlux.org/Virus.DOS.HLLO.KillerFile.17179

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:58:18.107723143Z	53	PC: 17346 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:18.1098974Z	53	PC: 17346 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:58:18.113825013Z	53	PC: 17346 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:58:18.115561086Z	53	PC: 17346 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:18.117295466Z	53	PC: 17346 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:18.120345769Z	53	PC: 17346 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:58:18.122083366Z	53	PC: 17346 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:58:18.123811143Z	53	PC: 17346 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:58:18.126768201Z	53	PC: 17346 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:58:18.131621043Z	53	PC: 17346 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:58:18.133578502Z	53	PC: 17346 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:58:18.135764381Z	53	PC: 17346 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:58:18.139754251Z	53	PC: 17346 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:58:18.148535106Z	53	PC: 17346 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:58:18.154876836Z	53	PC: 17346 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:58:18.156529703Z	53	PC: 17346 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:58:18.157984768Z	53	PC: 17346 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:18.159731451Z	53	PC: 17346 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:58:18.16188002Z	37	PC: 1735b \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:18.163089313Z	37	PC: 17363 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:18.16452962Z	37	PC: 1736b \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:18.166912339Z	37	PC: 17373 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:18.169272945Z	68	PC: 17eae \| I/O control for devices (Set for = '')
2018-12-17T22:58:18.237692541Z	37	PC: 16d77 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:58:18.240728347Z	25	PC: 184b9 \| Get default drive
2018-12-17T22:58:18.241963869Z	71	PC: 184cc \| Get current directory
2018-12-17T22:58:18.245638566Z	54	PC: 1334f \| Get free disk space
2018-12-17T22:58:18.257298122Z	26	PC: 133c7 \| Set disk transfer address
2018-12-17T22:58:18.258607904Z	78	PC: 133d3 \| Find first file
2018-12-17T22:58:18.265005459Z	48	PC: 1842c \| Get DOS version
2018-12-17T22:58:18.267667373Z	61	PC: 17e95 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:58:18.274522388Z	61	PC: 17e95 \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:58:18.28539271Z	67	PC: 1336f \| Get or set file attributes
2018-12-17T22:58:18.293157625Z	67	PC: 1336f \| Get or set file attributes
2018-12-17T22:58:18.305865722Z	67	PC: 13396 \| Get or set file attributes
2018-12-17T22:58:18.325579817Z	67	PC: 13396 \| Get or set file attributes
2018-12-17T22:58:18.337030471Z	63	PC: 17f5a \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:58:18.346136107Z	63	PC: 17f5a \| Read file or device (Read 128 bytes on handle 6)
2018-12-17T22:58:18.349971896Z	62	PC: 17fcb \| Close file
2018-12-17T22:58:18.353203991Z	62	PC: 17fcb \| Close file
2018-12-17T22:58:18.356920918Z	48	PC: 1842c \| Get DOS version
2018-12-17T22:58:18.359219929Z	67	PC: 13396 \| Get or set file attributes
2018-12-17T22:58:18.371351863Z	67	PC: 13396 \| Get or set file attributes
2018-12-17T22:58:18.395319334Z	26	PC: 133eb \| Set disk transfer address
2018-12-17T22:58:18.397517585Z	79	PC: 133f0 \| Find next file
2018-12-17T22:58:18.401089369Z	26	PC: 133c7 \| Set disk transfer address
2018-12-17T22:58:18.404602773Z	78	PC: 133d3 \| Find first file
2018-12-17T22:58:18.415014924Z	48	PC: 1842c \| Get DOS version
2018-12-17T22:58:18.417609642Z	61	PC: 17e95 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:58:18.428922466Z	61	PC: 17e95 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:58:18.443477394Z	67	PC: 1336f \| Get or set file attributes
2018-12-17T22:58:18.453249312Z	67	PC: 1336f \| Get or set file attributes
2018-12-17T22:58:18.46144129Z	67	PC: 13396 \| Get or set file attributes
2018-12-17T22:58:18.478573092Z	67	PC: 13396 \| Get or set file attributes
2018-12-17T22:58:18.493097041Z	63	PC: 17f5a \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:58:18.49800159Z	63	PC: 17f5a \| Read file or device (Read 128 bytes on handle 6)
2018-12-17T22:58:18.508441443Z	62	PC: 17fcb \| Close file
2018-12-17T22:58:18.510935061Z	62	PC: 17fcb \| Close file
2018-12-17T22:58:18.515495082Z	48	PC: 1842c \| Get DOS version
2018-12-17T22:58:18.518034585Z	61	PC: 1821b \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:58:18.528067564Z	61	PC: 1821b \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:58:18.538751075Z	63	PC: 182ee \| Read file or device (Read 17179 bytes on handle 5)
2018-12-17T22:58:18.550110687Z	64	PC: 182ee \| Write file or device (Write 17179 bytes on handle 6)
2018-12-17T22:58:18.567834271Z	62	PC: 1826b \| Close file
2018-12-17T22:58:18.576769716Z	62	PC: 1826b \| Close file
2018-12-17T22:58:18.579138309Z	48	PC: 1842c \| Get DOS version
2018-12-17T22:58:18.5820491Z	67	PC: 13396 \| Get or set file attributes
2018-12-17T22:58:18.59093406Z	67	PC: 13396 \| Get or set file attributes
2018-12-17T22:58:18.602351952Z	26	PC: 133eb \| Set disk transfer address
2018-12-17T22:58:18.606730432Z	79	PC: 133f0 \| Find next file
2018-12-17T22:58:18.610869021Z	26	PC: 133c7 \| Set disk transfer address
2018-12-17T22:58:18.612622136Z	78	PC: 133d3 \| Find first file
2018-12-17T22:58:18.620542925Z	54	PC: 1334f \| Get free disk space
2018-12-17T22:58:18.632025308Z	14	PC: 18512 \| Set default drive (Drive = 'A')
2018-12-17T22:58:18.633364726Z	25	PC: 18516 \| Get default drive
2018-12-17T22:58:18.636057326Z	59	PC: 18580 \| Change current directory
2018-12-17T22:58:18.642117958Z	26	PC: 133c7 \| Set disk transfer address
2018-12-17T22:58:18.643817042Z	78	PC: 133d3 \| Find first file
2018-12-17T22:58:18.651947955Z	48	PC: 1842c \| Get DOS version
2018-12-17T22:58:18.654141609Z	61	PC: 17e95 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:58:18.662334999Z	61	PC: 17e95 \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:58:18.671157683Z	67	PC: 1336f \| Get or set file attributes
2018-12-17T22:58:18.678169683Z	67	PC: 1336f \| Get or set file attributes
2018-12-17T22:58:18.685592745Z	67	PC: 13396 \| Get or set file attributes
2018-12-17T22:58:18.698094825Z	67	PC: 13396 \| Get or set file attributes
2018-12-17T22:58:18.711145806Z	63	PC: 17f5a \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:58:18.714406205Z	63	PC: 17f5a \| Read file or device (Read 128 bytes on handle 6)
2018-12-17T22:58:18.718204885Z	62	PC: 17fcb \| Close file
2018-12-17T22:58:18.721800513Z	62	PC: 17fcb \| Close file
2018-12-17T22:58:18.724538901Z	48	PC: 1842c \| Get DOS version
2018-12-17T22:58:18.726919946Z	67	PC: 13396 \| Get or set file attributes
2018-12-17T22:58:18.739595141Z	67	PC: 13396 \| Get or set file attributes
2018-12-17T22:58:18.751150682Z	26	PC: 133eb \| Set disk transfer address
2018-12-17T22:58:18.752923805Z	79	PC: 133f0 \| Find next file
2018-12-17T22:58:18.757260717Z	26	PC: 133c7 \| Set disk transfer address
2018-12-17T22:58:18.758956124Z	78	PC: 133d3 \| Find first file
2018-12-17T22:58:18.76688106Z	48	PC: 1842c \| Get DOS version
2018-12-17T22:58:18.769908811Z	61	PC: 17e95 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:58:18.779329248Z	61	PC: 17e95 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:58:18.787910698Z	67	PC: 1336f \| Get or set file attributes
2018-12-17T22:58:18.79654671Z	67	PC: 1336f \| Get or set file attributes
2018-12-17T22:58:18.803524757Z	67	PC: 13396 \| Get or set file attributes
2018-12-17T22:58:18.814907973Z	67	PC: 13396 \| Get or set file attributes
2018-12-17T22:58:18.827212472Z	63	PC: 17f5a \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:58:18.830958322Z	63	PC: 17f5a \| Read file or device (Read 128 bytes on handle 6)
2018-12-17T22:58:18.839397375Z	62	PC: 17fcb \| Close file
2018-12-17T22:58:18.841877988Z	62	PC: 17fcb \| Close file
2018-12-17T22:58:18.844912361Z	48	PC: 1842c \| Get DOS version
2018-12-17T22:58:18.859380255Z	67	PC: 13396 \| Get or set file attributes
2018-12-17T22:58:18.871452407Z	67	PC: 13396 \| Get or set file attributes
2018-12-17T22:58:18.885203414Z	26	PC: 133eb \| Set disk transfer address
2018-12-17T22:58:18.886623343Z	79	PC: 133f0 \| Find next file
2018-12-17T22:58:18.890320793Z	48	PC: 1842c \| Get DOS version
2018-12-17T22:58:18.893157926Z	61	PC: 17e95 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:58:18.901945944Z	61	PC: 17e95 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:58:18.909710499Z	67	PC: 1336f \| Get or set file attributes
2018-12-17T22:58:18.916831003Z	67	PC: 1336f \| Get or set file attributes
2018-12-17T22:58:18.923739058Z	67	PC: 13396 \| Get or set file attributes
2018-12-17T22:58:18.934762308Z	67	PC: 13396 \| Get or set file attributes
2018-12-17T22:58:18.946041729Z	63	PC: 17f5a \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:58:18.949206167Z	63	PC: 17f5a \| Read file or device (Read 128 bytes on handle 6)
2018-12-17T22:58:18.957032397Z	62	PC: 17fcb \| Close file
2018-12-17T22:58:18.960003763Z	62	PC: 17fcb \| Close file
2018-12-17T22:58:18.963243192Z	48	PC: 1842c \| Get DOS version
2018-12-17T22:58:18.965256936Z	61	PC: 1821b \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:58:18.973393811Z	61	PC: 1821b \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:58:18.981049952Z	63	PC: 182ee \| Read file or device (Read 17179 bytes on handle 5)
2018-12-17T22:58:18.990652471Z	64	PC: 182ee \| Write file or device (Write 17179 bytes on handle 6)
2018-12-17T22:58:19.001843416Z	62	PC: 1826b \| Close file
2018-12-17T22:58:19.011249857Z	62	PC: 1826b \| Close file
2018-12-17T22:58:19.013845145Z	48	PC: 1842c \| Get DOS version
2018-12-17T22:58:19.0165237Z	67	PC: 13396 \| Get or set file attributes
2018-12-17T22:58:19.028499711Z	67	PC: 13396 \| Get or set file attributes
2018-12-17T22:58:19.039606167Z	26	PC: 133eb \| Set disk transfer address
2018-12-17T22:58:19.042290513Z	79	PC: 133f0 \| Find next file
2018-12-17T22:58:19.046027978Z	26	PC: 133c7 \| Set disk transfer address
2018-12-17T22:58:19.047781624Z	78	PC: 133d3 \| Find first file
2018-12-17T22:58:19.055788514Z	54	PC: 1334f \| Get free disk space
2018-12-17T22:58:19.098470591Z	14	PC: 18512 \| Set default drive (Drive = 'C')
2018-12-17T22:58:19.100152563Z	25	PC: 18516 \| Get default drive
2018-12-17T22:58:19.104090224Z	59	PC: 18580 \| Change current directory
2018-12-17T22:58:19.108050348Z	26	PC: 133c7 \| Set disk transfer address
2018-12-17T22:58:19.109341485Z	78	PC: 133d3 \| Find first file
2018-12-17T22:58:19.122472647Z	26	PC: 133c7 \| Set disk transfer address
2018-12-17T22:58:19.123920949Z	78	PC: 133d3 \| Find first file
2018-12-17T22:58:19.13011405Z	48	PC: 1842c \| Get DOS version
2018-12-17T22:58:19.132349401Z	61	PC: 17e95 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:58:19.143496815Z	61	PC: 17e95 \| Open file (Filename = 'COMMAND.COM')
2018-12-17T22:58:19.150720192Z	67	PC: 1336f \| Get or set file attributes
2018-12-17T22:58:19.159081769Z	67	PC: 1336f \| Get or set file attributes
2018-12-17T22:58:19.165326537Z	67	PC: 13396 \| Get or set file attributes
2018-12-17T22:58:19.504243681Z	67	PC: 13396 \| Get or set file attributes
2018-12-17T22:58:19.516615716Z	63	PC: 17f5a \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:58:19.536649001Z	63	PC: 17f5a \| Read file or device (Read 128 bytes on handle 6)
2018-12-17T22:58:19.553284099Z	62	PC: 17fcb \| Close file
2018-12-17T22:58:19.556386561Z	62	PC: 17fcb \| Close file
2018-12-17T22:58:19.559382071Z	48	PC: 1842c \| Get DOS version
2018-12-17T22:58:19.561480866Z	61	PC: 1821b \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:58:19.571921531Z	61	PC: 1821b \| Open file (Filename = 'COMMAND.COM')
2018-12-17T22:58:19.590997417Z	63	PC: 182ee \| Read file or device (Read 17179 bytes on handle 5)
2018-12-17T22:58:19.60980612Z	64	PC: 182ee \| Write file or device (Write 17179 bytes on handle 6)
2018-12-17T22:58:19.634670537Z	62	PC: 1826b \| Close file
2018-12-17T22:58:19.643435762Z	62	PC: 1826b \| Close file
2018-12-17T22:58:19.646111822Z	48	PC: 1842c \| Get DOS version
2018-12-17T22:58:19.649431523Z	67	PC: 13396 \| Get or set file attributes
2018-12-17T22:58:19.659861227Z	67	PC: 13396 \| Get or set file attributes
2018-12-17T22:58:19.671258038Z	26	PC: 133eb \| Set disk transfer address
2018-12-17T22:58:19.674596343Z	79	PC: 133f0 \| Find next file
2018-12-17T22:58:19.678671884Z	26	PC: 133c7 \| Set disk transfer address
2018-12-17T22:58:19.680386146Z	78	PC: 133d3 \| Find first file
2018-12-17T22:58:19.687760787Z	42	PC: 13305 \| Get date 0x13305: pushf 0x13306: push es 0x13307: push di 0x13308: push bp 0x13309: mov bp, sp 0x1330b: les di, ptr [bp + 0x10] 0x1330e: cld 0x1330f: stosw word ptr es:[di], ax 0x13310: mov ax, bx 0x13312: stosw word ptr es:[di], ax 0x13313: mov ax, cx 0x13315: stosw word ptr es:[di], ax 0x13316: mov ax, dx 0x13318: stosw word ptr es:[di], ax 0x13319: pop ax 0x1331a: stosw word ptr es:[di], ax 0x1331b: mov ax, si 0x1331d: stosw word ptr es:[di], ax 0x1331e: pop ax 0x1331f: stosw word ptr es:[di], ax
2018-12-17T22:58:19.691441025Z	37	PC: 17455 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:19.693250627Z	37	PC: 17455 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:58:19.695026895Z	37	PC: 17455 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:58:19.697980437Z	37	PC: 17455 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:19.699663039Z	37	PC: 17455 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:19.701432916Z	37	PC: 17455 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:58:19.704364537Z	37	PC: 17455 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:58:19.706186602Z	37	PC: 17455 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:58:19.707963121Z	37	PC: 17455 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:58:19.710561364Z	37	PC: 17455 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:58:19.712205054Z	37	PC: 17455 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:58:19.713791686Z	37	PC: 17455 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:58:19.716259475Z	37	PC: 17455 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:58:19.718177921Z	37	PC: 17455 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:58:19.719923672Z	37	PC: 17455 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:58:19.722600904Z	37	PC: 17455 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:58:19.7247052Z	37	PC: 17455 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:19.726346445Z	37	PC: 17455 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:58:19.728773397Z	76	PC: 17494 \| Terminate with return code (Return code = '0')