Sample viewer

vx.netlux.org/Virus.DOS.HLLC.Bolek.8096

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:58:24.094562874Z	53	PC: 137d2 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:24.096610904Z	53	PC: 137d2 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:58:24.097900317Z	53	PC: 137d2 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:58:24.098962143Z	53	PC: 137d2 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:24.100176746Z	53	PC: 137d2 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:24.102059474Z	53	PC: 137d2 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:24.103384575Z	53	PC: 137d2 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:58:24.104560035Z	53	PC: 137d2 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:58:24.112029004Z	53	PC: 137d2 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:58:24.113239659Z	53	PC: 137d2 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:58:24.114444574Z	53	PC: 137d2 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:58:24.120033829Z	53	PC: 137d2 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:58:24.121474668Z	53	PC: 137d2 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:58:24.122622235Z	53	PC: 137d2 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:58:24.125718103Z	53	PC: 137d2 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:58:24.127372754Z	53	PC: 137d2 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:58:24.128973903Z	53	PC: 137d2 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:58:24.131554464Z	53	PC: 137d2 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:24.133162066Z	53	PC: 137d2 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:58:24.134884453Z	37	PC: 137e7 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:24.142057897Z	37	PC: 137ef \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:24.146889237Z	37	PC: 137f7 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:24.148719738Z	37	PC: 137ff \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:24.151797112Z	68	PC: 13dd2 \| I/O control for devices (Set for = '')
2018-12-17T22:58:24.154374216Z	51	PC: 13555 \| Get or set Ctrl-Break
2018-12-17T22:58:24.156951922Z	53	PC: 136bd \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:58:24.159921613Z	53	PC: 136bd \| Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:58:24.162669849Z	37	PC: 136d9 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:58:24.164277942Z	37	PC: 136d9 \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:58:24.165854415Z	48	PC: 145fd \| Get DOS version
2018-12-17T22:58:24.169202228Z	61	PC: 143bd \| Open file (Filename = 'A:\TEST.OVB')
2018-12-17T22:58:24.176521415Z	54	PC: 13586 \| Get free disk space
2018-12-17T22:58:24.187020449Z	25	PC: 1468a \| Get default drive
2018-12-17T22:58:24.189614785Z	71	PC: 1469d \| Get current directory
2018-12-17T22:58:24.194680858Z	14	PC: 146e3 \| Set default drive (Drive = 'A')
2018-12-17T22:58:24.196420868Z	25	PC: 146e7 \| Get default drive
2018-12-17T22:58:24.19880028Z	59	PC: 14751 \| Change current directory
2018-12-17T22:58:24.203966802Z	26	PC: 1365d \| Set disk transfer address
2018-12-17T22:58:24.205520703Z	78	PC: 13669 \| Find first file
2018-12-17T22:58:24.212746565Z	26	PC: 13681 \| Set disk transfer address
2018-12-17T22:58:24.214953112Z	79	PC: 13686 \| Find next file
2018-12-17T22:58:24.218171481Z	26	PC: 13681 \| Set disk transfer address
2018-12-17T22:58:24.219678243Z	79	PC: 13686 \| Find next file
2018-12-17T22:58:24.223606767Z	26	PC: 13681 \| Set disk transfer address
2018-12-17T22:58:24.225022098Z	79	PC: 13686 \| Find next file
2018-12-17T22:58:24.228180735Z	26	PC: 13681 \| Set disk transfer address
2018-12-17T22:58:24.230079514Z	79	PC: 13686 \| Find next file
2018-12-17T22:58:24.23294534Z	26	PC: 13681 \| Set disk transfer address
2018-12-17T22:58:24.234303383Z	79	PC: 13686 \| Find next file
2018-12-17T22:58:24.238238931Z	26	PC: 13681 \| Set disk transfer address
2018-12-17T22:58:24.239752856Z	79	PC: 13686 \| Find next file
2018-12-17T22:58:24.242930579Z	26	PC: 13681 \| Set disk transfer address
2018-12-17T22:58:24.245285135Z	79	PC: 13686 \| Find next file
2018-12-17T22:58:24.248530665Z	26	PC: 13681 \| Set disk transfer address
2018-12-17T22:58:24.250026006Z	79	PC: 13686 \| Find next file
2018-12-17T22:58:24.254143545Z	26	PC: 13681 \| Set disk transfer address
2018-12-17T22:58:24.255461142Z	79	PC: 13686 \| Find next file
2018-12-17T22:58:24.258763479Z	14	PC: 146e3 \| Set default drive (Drive = 'A')
2018-12-17T22:58:24.260781572Z	25	PC: 146e7 \| Get default drive
2018-12-17T22:58:24.262526742Z	59	PC: 14751 \| Change current directory
2018-12-17T22:58:24.267261021Z	26	PC: 1365d \| Set disk transfer address
2018-12-17T22:58:24.270290064Z	78	PC: 13669 \| Find first file
2018-12-17T22:58:24.277718708Z	26	PC: 13681 \| Set disk transfer address
2018-12-17T22:58:24.279075728Z	79	PC: 13686 \| Find next file
2018-12-17T22:58:24.282371804Z	14	PC: 146e3 \| Set default drive (Drive = 'A')
2018-12-17T22:58:24.284765203Z	25	PC: 146e7 \| Get default drive
2018-12-17T22:58:24.28632795Z	59	PC: 14751 \| Change current directory
2018-12-17T22:58:24.291055616Z	26	PC: 1365d \| Set disk transfer address
2018-12-17T22:58:24.293644442Z	78	PC: 13669 \| Find first file
2018-12-17T22:58:24.301058468Z	26	PC: 1365d \| Set disk transfer address
2018-12-17T22:58:24.302556223Z	78	PC: 13669 \| Find first file
2018-12-17T22:58:24.310719206Z	86	PC: 145c8 \| Rename file
2018-12-17T22:58:24.329984398Z	48	PC: 145fd \| Get DOS version
2018-12-17T22:58:24.335399836Z	61	PC: 143bd \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:58:24.343750192Z	60	PC: 143bd \| Create or truncate file
2018-12-17T22:58:24.357391513Z	87	PC: 1362d \| Get or set file date and time
2018-12-17T22:58:24.359515875Z	62	PC: 1440d \| Close file
2018-12-17T22:58:24.370522574Z	14	PC: 146e3 \| Set default drive (Drive = 'A')
2018-12-17T22:58:24.373060665Z	25	PC: 146e7 \| Get default drive
2018-12-17T22:58:24.37461715Z	59	PC: 14751 \| Change current directory
2018-12-17T22:58:24.379513313Z	48	PC: 145fd \| Get DOS version
2018-12-17T22:58:24.383133558Z	37	PC: 136d9 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:58:24.384761387Z	37	PC: 136d9 \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:58:24.386593942Z	64	PC: 13ed5 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:58:24.3895936Z	37	PC: 138e6 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:24.39159381Z	37	PC: 138e6 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:58:24.393182626Z	37	PC: 138e6 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:58:24.395516443Z	37	PC: 138e6 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:24.397430961Z	37	PC: 138e6 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:24.398981135Z	37	PC: 138e6 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:24.400711558Z	37	PC: 138e6 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:58:24.403106129Z	37	PC: 138e6 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:58:24.404618742Z	37	PC: 138e6 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:58:24.406168845Z	37	PC: 138e6 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:58:24.408768311Z	37	PC: 138e6 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:58:24.410318786Z	37	PC: 138e6 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:58:24.411855213Z	37	PC: 138e6 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:58:24.414179993Z	37	PC: 138e6 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:58:24.416070507Z	37	PC: 138e6 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:58:24.417627604Z	37	PC: 138e6 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:58:24.419887261Z	37	PC: 138e6 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:58:24.421755622Z	37	PC: 138e6 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:24.423269788Z	37	PC: 138e6 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:58:24.424996694Z	76	PC: 13925 \| Terminate with return code (Return code = '139')