Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Merlin.6061

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:58:22.639179607Z	53	PC: 12a60 \| Get interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T22:58:22.640989959Z	53	PC: 12a6f \| Get interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T22:58:22.642455579Z	37	PC: 12a82 \| Set interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T22:58:22.643816433Z	37	PC: 12a8b \| Set interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T22:58:22.646253335Z	98	PC: 12ac9 \| Get current PSP
2018-12-17T22:58:22.653058846Z	53	PC: 153ea \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:22.654613498Z	53	PC: 153ea \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:58:22.65707792Z	53	PC: 153ea \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:58:22.65875038Z	53	PC: 153ea \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:22.66022008Z	53	PC: 153ea \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:22.661939841Z	53	PC: 153ea \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:22.664109194Z	53	PC: 153ea \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:58:22.666340013Z	53	PC: 153ea \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:58:22.668250916Z	53	PC: 153ea \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:58:22.670131077Z	53	PC: 153ea \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:58:22.672119266Z	53	PC: 153ea \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:58:22.68603033Z	53	PC: 153ea \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:58:22.687804238Z	53	PC: 153ea \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:58:22.689279877Z	53	PC: 153ea \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:58:22.690722817Z	53	PC: 153ea \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:58:22.694369246Z	53	PC: 153ea \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:58:22.695531241Z	53	PC: 153ea \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:58:22.69670974Z	53	PC: 153ea \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:22.698934669Z	53	PC: 153ea \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:58:22.700080096Z	37	PC: 153ff \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:22.701213824Z	37	PC: 15407 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:22.702759502Z	37	PC: 1540f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:22.704263382Z	37	PC: 15417 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:22.706086455Z	68	PC: 16079 \| I/O control for devices (Set for = '')
2018-12-17T22:58:22.708727469Z	44	PC: 14c38 \| Get time 0x14c38: mov word ptr cs:[0x948], cx 0x14c3d: mov word ptr cs:[0x94b], dx 0x14c42: ret 0x14c43: push bx 0x14c44: push cx 0x14c45: push dx 0x14c46: push ax 0x14c47: mov ax, 0 0x14c4a: mov bx, 0 0x14c4d: mov cx, ax 0x14c4f: mov dx, 0x8405 0x14c52: mul dx 0x14c54: shl cx, 3 0x14c57: add ch, cl 0x14c59: add dx, cx 0x14c5b: add dx, bx 0x14c5d: shl bx, 2 0x14c60: add dx, bx 0x14c62: add dh, bl 0x14c64: mov cl, 5
2018-12-17T22:58:22.711444955Z	61	PC: 15b41 \| Open file (Filename = 'c:\mirc\mirc.ini')
2018-12-17T22:58:22.717292051Z	61	PC: 15b41 \| Open file (Filename = 'c:\progra~1\mirc\mirc.ini')
2018-12-17T22:58:22.723616084Z	60	PC: 15b41 \| Create or truncate file
2018-12-17T22:58:23.503687358Z	62	PC: 15b91 \| Close file
2018-12-17T22:58:23.505662231Z	65	PC: 15c8a \| Delete file (Filename = '�')
2018-12-17T22:58:23.517763642Z	26	PC: 15255 \| Set disk transfer address
2018-12-17T22:58:23.519589039Z	78	PC: 15261 \| Find first file
2018-12-17T22:58:23.526339858Z	61	PC: 15b41 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:58:23.532796532Z	66	PC: 16178 \| Move file pointer
2018-12-17T22:58:23.535046687Z	66	PC: 16186 \| Move file pointer
2018-12-17T22:58:23.53676859Z	66	PC: 16194 \| Move file pointer
2018-12-17T22:58:23.538783197Z	66	PC: 16178 \| Move file pointer
2018-12-17T22:58:23.541434229Z	66	PC: 16186 \| Move file pointer
2018-12-17T22:58:23.543116717Z	66	PC: 16194 \| Move file pointer
2018-12-17T22:58:23.544958668Z	63	PC: 15c14 \| Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:58:23.549032112Z	66	PC: 16178 \| Move file pointer
2018-12-17T22:58:23.550742822Z	66	PC: 16186 \| Move file pointer
2018-12-17T22:58:23.552399561Z	66	PC: 16194 \| Move file pointer
2018-12-17T22:58:23.554940143Z	66	PC: 16178 \| Move file pointer
2018-12-17T22:58:23.556977923Z	66	PC: 16186 \| Move file pointer
2018-12-17T22:58:23.558660739Z	66	PC: 16194 \| Move file pointer
2018-12-17T22:58:23.561110868Z	66	PC: 16178 \| Move file pointer
2018-12-17T22:58:23.565783367Z	66	PC: 16186 \| Move file pointer
2018-12-17T22:58:23.566931576Z	66	PC: 16194 \| Move file pointer
2018-12-17T22:58:23.568657677Z	62	PC: 15b91 \| Close file
2018-12-17T22:58:23.570168308Z	64	PC: 15808 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:58:23.571458388Z	37	PC: 15541 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:23.572915195Z	37	PC: 15541 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:58:23.573875306Z	37	PC: 15541 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:58:23.574826049Z	37	PC: 15541 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:23.576261697Z	37	PC: 15541 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:23.577298473Z	37	PC: 15541 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:23.578236375Z	37	PC: 15541 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:58:23.57963685Z	37	PC: 15541 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:58:23.580611097Z	37	PC: 15541 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:58:23.581554146Z	37	PC: 15541 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:58:23.582983251Z	37	PC: 15541 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:58:23.584012153Z	37	PC: 15541 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:58:23.584944383Z	37	PC: 15541 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:58:23.586434887Z	37	PC: 15541 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:58:23.587452636Z	37	PC: 15541 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:58:23.588443234Z	37	PC: 15541 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:58:23.589543652Z	37	PC: 15541 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:58:23.590847112Z	37	PC: 15541 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:23.591778666Z	37	PC: 15541 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:58:23.592899179Z	37	PC: 12b20 \| Set interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T22:58:23.594260104Z	37	PC: 12b2a \| Set interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T22:58:23.595166185Z	98	PC: 12b2e \| Get current PSP
2018-12-17T22:58:23.596126619Z	26	PC: 12b39 \| Set disk transfer address