Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Tomsk.8506

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:01:47.458611977Z	53	PC: 146ba \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:01:47.462000447Z	53	PC: 146ba \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:01:47.463191521Z	53	PC: 146ba \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:01:47.464533366Z	53	PC: 146ba \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:01:47.466256951Z	53	PC: 146ba \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:01:47.468215528Z	53	PC: 146ba \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:01:47.469404433Z	53	PC: 146ba \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:01:47.475484685Z	53	PC: 146ba \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:01:47.477078985Z	53	PC: 146ba \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:01:47.478584015Z	53	PC: 146ba \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:01:47.481099663Z	53	PC: 146ba \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:01:47.482980037Z	53	PC: 146ba \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:01:47.4849379Z	53	PC: 146ba \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:01:47.48770654Z	53	PC: 146ba \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:01:47.489088172Z	53	PC: 146ba \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:01:47.490521924Z	53	PC: 146ba \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:01:47.492131958Z	53	PC: 146ba \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:01:47.497732578Z	53	PC: 146ba \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:01:47.499432862Z	53	PC: 146ba \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:01:47.501052332Z	37	PC: 146cf \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:01:47.502706222Z	37	PC: 146d7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:01:47.504026835Z	37	PC: 146df \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:01:47.505063176Z	37	PC: 146e7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:01:47.507269147Z	68	PC: 156b5 \| I/O control for devices (Set for = 'u=&�>�')
2018-12-17T22:01:47.560767668Z	37	PC: 13e71 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:01:47.562836037Z	60	PC: 15104 \| Create or truncate file
2018-12-17T22:01:47.581487401Z	65	PC: 1524d \| Delete file (Filename = '$$$')
2018-12-17T22:01:47.592652179Z	62	PC: 15154 \| Close file
2018-12-17T22:01:47.594752762Z	48	PC: 152c6 \| Get DOS version
2018-12-17T22:01:47.59765876Z	67	PC: 14498 \| Get or set file attributes
2018-12-17T22:01:47.60816181Z	61	PC: 15104 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:01:47.615674013Z	66	PC: 15897 \| Move file pointer
2018-12-17T22:01:47.618462071Z	66	PC: 158a5 \| Move file pointer
2018-12-17T22:01:47.619947922Z	66	PC: 158b3 \| Move file pointer
2018-12-17T22:01:47.62177433Z	66	PC: 15236 \| Move file pointer
2018-12-17T22:01:47.6242543Z	63	PC: 151d7 \| Read file or device (Read 8506 bytes on handle 5)
2018-12-17T22:01:47.632366365Z	66	PC: 15236 \| Move file pointer
2018-12-17T22:01:47.634236727Z	63	PC: 151d7 \| Read file or device (Read 8506 bytes on handle 5)
2018-12-17T22:01:47.642929277Z	66	PC: 15236 \| Move file pointer
2018-12-17T22:01:47.644946864Z	64	PC: 15135 \| Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:01:47.653297991Z	66	PC: 15236 \| Move file pointer
2018-12-17T22:01:47.655977173Z	64	PC: 151d7 \| Write file or device (Write 8506 bytes on handle 5)
2018-12-17T22:01:47.665059156Z	62	PC: 15154 \| Close file
2018-12-17T22:01:47.673529128Z	53	PC: 14638 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:01:47.67577695Z	37	PC: 14641 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:01:47.677548827Z	53	PC: 14638 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:01:47.679018774Z	37	PC: 14641 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:01:47.681153678Z	53	PC: 14638 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:01:47.682914657Z	37	PC: 14641 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:01:47.684360738Z	53	PC: 14638 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:01:47.685962901Z	37	PC: 14641 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:01:47.68812596Z	53	PC: 14638 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:01:47.689558857Z	37	PC: 14641 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:01:47.690993548Z	53	PC: 14638 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:01:47.693359461Z	37	PC: 14641 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:01:47.694735417Z	53	PC: 14638 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:01:47.696134586Z	37	PC: 14641 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:01:47.698445036Z	53	PC: 14638 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:01:47.699868985Z	37	PC: 14641 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:01:47.701263326Z	53	PC: 14638 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:01:47.703618396Z	37	PC: 14641 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:01:47.70500756Z	53	PC: 14638 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:01:47.706436382Z	37	PC: 14641 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:01:47.708593517Z	53	PC: 14638 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:01:47.710319685Z	37	PC: 14641 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:01:47.711695891Z	53	PC: 14638 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:01:47.713916727Z	37	PC: 14641 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:01:47.715261905Z	53	PC: 14638 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:01:47.716621743Z	37	PC: 14641 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:01:47.718569618Z	53	PC: 14638 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:01:47.719911484Z	37	PC: 14641 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:01:47.721244333Z	53	PC: 14638 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:01:47.723545169Z	37	PC: 14641 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:01:47.724951357Z	53	PC: 14638 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:01:47.726045635Z	37	PC: 14641 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:01:47.728334458Z	53	PC: 14638 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:01:47.729540502Z	37	PC: 14641 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:01:47.730596414Z	53	PC: 14638 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:01:47.732685151Z	37	PC: 14641 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:01:47.733776137Z	53	PC: 14638 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:01:47.734850626Z	37	PC: 14641 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:01:47.736680366Z	41	PC: 145ef \| Parse filename
2018-12-17T22:01:47.738766835Z	41	PC: 145fd \| Parse filename
2018-12-17T22:01:47.740196689Z	75	PC: 14608 \| Execute program
2018-12-17T22:01:47.762272936Z	80	PC: 29319 \| Set current PSP
2018-12-17T22:01:47.764308088Z	48	PC: 2931e \| Get DOS version
2018-12-17T22:01:47.76602612Z	99	PC: 2fb00 \| Get DBCS lead byte table pointer
2018-12-17T22:01:47.768610557Z	101	PC: 293a4 \| Get extended country info
2018-12-17T22:01:47.770739055Z	99	PC: 293aa \| Get DBCS lead byte table pointer
2018-12-17T22:01:47.772406426Z	74	PC: 2940c \| Reallocate memory
2018-12-17T22:01:47.774111772Z	25	PC: 29443 \| Get default drive
2018-12-17T22:01:47.776090788Z	37	PC: 28f03 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:01:47.777507373Z	37	PC: 28f0a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:01:47.778927173Z	37	PC: 28f11 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:01:47.784329684Z	74	PC: 280ac \| Reallocate memory
2018-12-17T22:01:47.786095444Z	72	PC: 280ed \| Allocate memory
2018-12-17T22:01:47.788025621Z	72	PC: 28125 \| Allocate memory
2018-12-17T22:01:47.790795449Z	72	PC: 2812d \| Allocate memory