Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Sara.6672.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:59:38.055207721Z	53	PC: 1339a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:59:38.057060433Z	53	PC: 1339a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:59:38.058655751Z	53	PC: 1339a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:59:38.060315089Z	53	PC: 1339a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:59:38.061930235Z	53	PC: 1339a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:59:38.064478514Z	53	PC: 1339a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:59:38.066277444Z	53	PC: 1339a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:59:38.068484503Z	53	PC: 1339a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:59:38.070905172Z	53	PC: 1339a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:59:38.072860597Z	53	PC: 1339a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:59:38.074411591Z	53	PC: 1339a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:59:38.076625973Z	53	PC: 1339a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:59:38.078216452Z	53	PC: 1339a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:59:38.079670024Z	53	PC: 1339a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:59:38.082448065Z	53	PC: 1339a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:59:38.084032162Z	53	PC: 1339a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:59:38.085586423Z	53	PC: 1339a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:59:38.087821713Z	53	PC: 1339a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:59:38.089416751Z	53	PC: 1339a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:59:38.090862428Z	37	PC: 133af \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:59:38.092203629Z	37	PC: 133b7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:59:38.094222633Z	37	PC: 133bf \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:59:38.095906447Z	37	PC: 133c7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:59:38.098495353Z	68	PC: 14011 \| I/O control for devices (Set for = '')
2018-12-17T22:59:38.100993327Z	44	PC: 14148 \| Get time 0x14148: mov word ptr [0x62], cx 0x1414c: mov word ptr [0x64], dx 0x14150: retf 0x14151: call 0x14198 0x14154: jb 0x14165 0x14156: mov cx, word ptr es:[di + 4] 0x1415a: cmp cx, 1 0x1415d: je 0x14165 0x1415f: xor bx, bx 0x14161: push cs 0x14162: call 0x23cd4 0x14165: retf 4 0x14168: call 0x14198 0x1416b: jb 0x14180 0x1416d: mov ax, cx 0x1416f: mov dx, bx 0x14171: mov cx, word ptr es:[di + 4] 0x14175: cmp cx, 1 0x14178: je 0x14180 0x1417a: xor bx, bx
2018-12-17T22:59:38.103862169Z	48	PC: 13c22 \| Get DOS version
2018-12-17T22:59:38.106225491Z	67	PC: 1310f \| Get or set file attributes
2018-12-17T22:59:38.114096272Z	67	PC: 13136 \| Get or set file attributes
2018-12-17T22:59:38.130885906Z	61	PC: 13a60 \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:59:38.139358919Z	63	PC: 13b33 \| Read file or device (Read 6672 bytes on handle 5)
2018-12-17T22:59:38.156284418Z	66	PC: 141b2 \| Move file pointer
2018-12-17T22:59:38.158189468Z	66	PC: 141c0 \| Move file pointer
2018-12-17T22:59:38.160283373Z	66	PC: 141ce \| Move file pointer
2018-12-17T22:59:38.166035614Z	26	PC: 131ad \| Set disk transfer address
2018-12-17T22:59:38.167765304Z	78	PC: 131b9 \| Find first file
2018-12-17T22:59:38.175272292Z	26	PC: 131d1 \| Set disk transfer address
2018-12-17T22:59:38.177739299Z	79	PC: 131d6 \| Find next file
2018-12-17T22:59:38.181457136Z	64	PC: 137b8 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:59:38.183757068Z	37	PC: 134f1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:59:38.185667358Z	37	PC: 134f1 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:59:38.187768316Z	37	PC: 134f1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:59:38.189229543Z	37	PC: 134f1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:59:38.190658127Z	37	PC: 134f1 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:59:38.192895532Z	37	PC: 134f1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:59:38.194623339Z	37	PC: 134f1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:59:38.196261027Z	37	PC: 134f1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:59:38.199219126Z	37	PC: 134f1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:59:38.201048555Z	37	PC: 134f1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:59:38.202831896Z	37	PC: 134f1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:59:38.205262364Z	37	PC: 134f1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:59:38.206869273Z	37	PC: 134f1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:59:38.208323466Z	37	PC: 134f1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:59:38.210362168Z	37	PC: 134f1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:59:38.211825177Z	37	PC: 134f1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:59:38.21342798Z	37	PC: 134f1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:59:38.21582246Z	37	PC: 134f1 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:59:38.217821787Z	37	PC: 134f1 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:59:38.21945189Z	76	PC: 13530 \| Terminate with return code (Return code = '0')