Sample viewer

vx.netlux.org/Virus.DOS.HLLP.PPZ.8515

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:59:43.069282452Z 53 PC: 14f9a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:59:43.071894601Z 53 PC: 14f9a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:59:43.080603044Z 53 PC: 14f9a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:59:43.081777842Z 53 PC: 14f9a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:59:43.083954995Z 53 PC: 14f9a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:59:43.085158427Z 53 PC: 14f9a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:59:43.086331404Z 53 PC: 14f9a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:59:43.089238157Z 53 PC: 14f9a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:59:43.091134316Z 53 PC: 14f9a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:59:43.093068691Z 53 PC: 14f9a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:59:43.095039284Z 53 PC: 14f9a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:59:43.110524576Z 53 PC: 14f9a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:59:43.11208821Z 53 PC: 14f9a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:59:43.113653815Z 53 PC: 14f9a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:59:43.116195967Z 53 PC: 14f9a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:59:43.117762368Z 53 PC: 14f9a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:59:43.119295805Z 53 PC: 14f9a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:59:43.133666008Z 53 PC: 14f9a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:59:43.135373125Z 53 PC: 14f9a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:59:43.136938703Z 37 PC: 14faf | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:59:43.139211382Z 37 PC: 14fb7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:59:43.140672963Z 37 PC: 14fbf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:59:43.142104942Z 37 PC: 14fc7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:59:43.145226267Z 68 PC: 15afc | I/O control for devices (Set for = '')
2018-12-17T22:59:43.247163822Z 37 PC: 146b1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:59:43.2491342Z 48 PC: 15822 | Get DOS version
2018-12-17T22:59:43.251557049Z 53 PC: 14dd1 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:59:43.253669103Z 37 PC: 14ded | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:59:43.255222618Z 53 PC: 14dd1 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:59:43.257100539Z 37 PC: 14ded | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:59:43.270374461Z 53 PC: 14dd1 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:59:43.271567451Z 37 PC: 14ded | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:59:43.272694683Z 51 PC: 14cbf | Get or set Ctrl-Break
2018-12-17T22:59:43.274988102Z 60 PC: 15660 | Create or truncate file
2018-12-17T22:59:43.299981329Z 65 PC: 157a9 | Delete file (Filename = '/�')
2018-12-17T22:59:43.310606108Z 48 PC: 15822 | Get DOS version
2018-12-17T22:59:43.312648788Z 61 PC: 15660 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:59:43.319271519Z 66 PC: 15792 | Move file pointer
2018-12-17T22:59:43.320781073Z 63 PC: 15733 | Read file or device (Read 4 bytes on handle 6)
2018-12-17T22:59:43.324321107Z 62 PC: 156b0 | Close file
2018-12-17T22:59:43.326396762Z 48 PC: 15822 | Get DOS version
2018-12-17T22:59:43.328194926Z 61 PC: 15660 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:59:43.336712524Z 63 PC: 15733 | Read file or device (Read 8515 bytes on handle 6)
2018-12-17T22:59:43.344922464Z 62 PC: 156b0 | Close file
2018-12-17T22:59:43.347496882Z 26 PC: 14d70 | Set disk transfer address
2018-12-17T22:59:43.349756591Z 78 PC: 14d7c | Find first file
2018-12-17T22:59:43.356713127Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.358043712Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.362516975Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.3641843Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.36765773Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.370065005Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.373535846Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.374927999Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.379609321Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.381118312Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.384557604Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.3859594Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.390660512Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.391967373Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.395381779Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.4016211Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.406107928Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.407479289Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.411806257Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.413163555Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.416551072Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.418619889Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.422658829Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.424013122Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.428429267Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.430042673Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.433790111Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.435855584Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.440296202Z 61 PC: 15660 | Open file (Filename = '\TEST.EXE')
2018-12-17T22:59:43.446987477Z 66 PC: 15792 | Move file pointer
2018-12-17T22:59:43.449431492Z 63 PC: 15733 | Read file or device (Read 4 bytes on handle 6)
2018-12-17T22:59:43.452441297Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.453695109Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.456768774Z 26 PC: 14d70 | Set disk transfer address
2018-12-17T22:59:43.458662133Z 78 PC: 14d7c | Find first file
2018-12-17T22:59:43.46462985Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.465880769Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.469575768Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.470816084Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.473597944Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.475223332Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.478722792Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.479965281Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.483136825Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.484423862Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.487172423Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.489264003Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.49203831Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.493285037Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.496821397Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.498078163Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.500853754Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.502867983Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.505777117Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.507017456Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.510484422Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.51187151Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.514635886Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.516504921Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.519309106Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.520549325Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.5240576Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.525385732Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.528222194Z 26 PC: 14d94 | Set disk transfer address
2018-12-17T22:59:43.530127909Z 79 PC: 14d99 | Find next file
2018-12-17T22:59:43.532889482Z 44 PC: 14c6d | Get time 0x14c6d: xor ah, ah
0x14c6f: mov al, dl
0x14c71: les di, ptr [bp + 6]
0x14c74: stosw word ptr es:[di], ax
0x14c75: mov al, dh
0x14c77: les di, ptr [bp + 0xa]
0x14c7a: stosw word ptr es:[di], ax
0x14c7b: mov al, cl
0x14c7d: les di, ptr [bp + 0xe]
0x14c80: stosw word ptr es:[di], ax
0x14c81: mov al, ch
0x14c83: les di, ptr [bp + 0x12]
0x14c86: stosw word ptr es:[di], ax
0x14c87: pop bp
0x14c88: retf 0x10
0x14c8b: push bp
0x14c8c: mov bp, sp
0x14c8e: mov ch, byte ptr [bp + 0xc]
0x14c91: mov cl, byte ptr [bp + 0xa]
0x14c94: mov dh, byte ptr [bp + 8]
2018-12-17T22:59:43.53526661Z 42 PC: 14c37 | Get date 0x14c37: xor ah, ah
0x14c39: les di, ptr [bp + 6]
0x14c3c: stosw word ptr es:[di], ax
0x14c3d: mov al, dl
0x14c3f: les di, ptr [bp + 0xa]
0x14c42: stosw word ptr es:[di], ax
0x14c43: mov al, dh
0x14c45: les di, ptr [bp + 0xe]
0x14c48: stosw word ptr es:[di], ax
0x14c49: xchg ax, cx
0x14c4a: les di, ptr [bp + 0x12]
0x14c4d: stosw word ptr es:[di], ax
0x14c4e: pop bp
0x14c4f: retf 0x10
0x14c52: push bp
0x14c53: mov bp, sp
0x14c55: mov cx, word ptr [bp + 0xa]
0x14c58: mov dh, byte ptr [bp + 8]
0x14c5b: mov dl, byte ptr [bp + 6]
0x14c5e: mov ah, 0x2b
2018-12-17T22:59:43.538215435Z 48 PC: 15822 | Get DOS version
2018-12-17T22:59:43.539521943Z 26 PC: 14d70 | Set disk transfer address
2018-12-17T22:59:43.540715738Z 78 PC: 14d7c | Find first file
2018-12-17T22:59:43.547584881Z 48 PC: 15822 | Get DOS version
2018-12-17T22:59:43.549251324Z 67 PC: 14cf9 | Get or set file attributes
2018-12-17T22:59:43.559647438Z 61 PC: 15660 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:59:43.566761895Z 66 PC: 15792 | Move file pointer
2018-12-17T22:59:43.568672255Z 63 PC: 15733 | Read file or device (Read 8515 bytes on handle 7)
2018-12-17T22:59:43.577024986Z 66 PC: 15792 | Move file pointer
2018-12-17T22:59:43.579061644Z 64 PC: 15691 | Write file or device (Write 0 bytes on handle 7)
2018-12-17T22:59:43.589190951Z 66 PC: 15792 | Move file pointer
2018-12-17T22:59:43.590657983Z 64 PC: 15733 | Write file or device (Write 8515 bytes on handle 7)
2018-12-17T22:59:43.607944785Z 87 PC: 14d40 | Get or set file date and time
2018-12-17T22:59:43.61157155Z 67 PC: 14cf9 | Get or set file attributes
2018-12-17T22:59:43.641640046Z 62 PC: 156b0 | Close file
2018-12-17T22:59:43.648923736Z 37 PC: 14ded | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:59:43.650436852Z 37 PC: 14ded | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:59:43.651513511Z 37 PC: 14ded | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:59:43.653585574Z 53 PC: 14f0a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:59:43.654780281Z 37 PC: 14f13 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:59:43.656045773Z 53 PC: 14f0a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:59:43.65791968Z 37 PC: 14f13 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:59:43.659113014Z 53 PC: 14f0a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:59:43.660361123Z 37 PC: 14f13 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:59:43.662153683Z 53 PC: 14f0a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:59:43.663517192Z 37 PC: 14f13 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:59:43.664519684Z 53 PC: 14f0a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:59:43.666046277Z 37 PC: 14f13 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:59:43.667063492Z 53 PC: 14f0a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:59:43.668254763Z 37 PC: 14f13 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:59:43.670559056Z 53 PC: 14f0a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:59:43.672243661Z 37 PC: 14f13 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:59:43.673245109Z 53 PC: 14f0a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:59:43.674879139Z 37 PC: 14f13 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:59:43.675938889Z 53 PC: 14f0a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:59:43.67694104Z 37 PC: 14f13 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:59:43.678628313Z 53 PC: 14f0a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:59:43.679676433Z 37 PC: 14f13 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:59:43.680664942Z 53 PC: 14f0a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:59:43.683024859Z 37 PC: 14f13 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:59:43.684733321Z 53 PC: 14f0a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:59:43.686652736Z 37 PC: 14f13 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:59:43.689063869Z 53 PC: 14f0a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:59:43.690876277Z 37 PC: 14f13 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:59:43.692542709Z 53 PC: 14f0a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:59:43.694444518Z 37 PC: 14f13 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:59:43.695523194Z 53 PC: 14f0a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:59:43.696509215Z 37 PC: 14f13 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:59:43.698257203Z 53 PC: 14f0a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:59:43.699289888Z 37 PC: 14f13 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:59:43.700221179Z 53 PC: 14f0a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:59:43.702543653Z 37 PC: 14f13 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:59:43.703486071Z 53 PC: 14f0a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:59:43.705200414Z 37 PC: 14f13 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:59:43.706852298Z 53 PC: 14f0a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:59:43.70808858Z 37 PC: 14f13 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:59:43.709993857Z 41 PC: 14ec1 | Parse filename
2018-12-17T22:59:43.711617425Z 41 PC: 14ecf | Parse filename
2018-12-17T22:59:43.712977204Z 75 PC: 14eda | Execute program
2018-12-17T22:59:43.755214713Z 80 PC: 1c3f9 | Set current PSP
2018-12-17T22:59:43.756173084Z 48 PC: 1c3fe | Get DOS version
2018-12-17T22:59:43.757740574Z 99 PC: 22be0 | Get DBCS lead byte table pointer
2018-12-17T22:59:43.76073668Z 101 PC: 1c484 | Get extended country info
2018-12-17T22:59:43.763169274Z 99 PC: 1c48a | Get DBCS lead byte table pointer
2018-12-17T22:59:43.764309236Z 74 PC: 1c4ec | Reallocate memory
2018-12-17T22:59:43.766181259Z 25 PC: 1c523 | Get default drive
2018-12-17T22:59:43.767995234Z 37 PC: 1bfe3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:59:43.769293882Z 37 PC: 1bfea | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:59:43.771338917Z 37 PC: 1bff1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:59:43.775629017Z 74 PC: 1b18c | Reallocate memory
2018-12-17T22:59:43.777168826Z 72 PC: 1b1cd | Allocate memory
2018-12-17T22:59:43.779595579Z 72 PC: 1b205 | Allocate memory
2018-12-17T22:59:43.78163391Z 72 PC: 1b20d | Allocate memory