Sample viewer

vx.netlux.org/Virus.DOS.HLLP.UPI.4482

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:00:03.530940648Z 53 PC: 13722 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:00:03.533027479Z 53 PC: 13722 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:00:03.535392379Z 53 PC: 13722 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:00:03.537218678Z 53 PC: 13722 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:00:03.539302728Z 53 PC: 13722 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:00:03.541666909Z 53 PC: 13722 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:03.543204779Z 53 PC: 13722 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:00:03.544734906Z 53 PC: 13722 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:00:03.548119433Z 53 PC: 13722 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:00:03.549866961Z 53 PC: 13722 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:00:03.551614595Z 53 PC: 13722 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:00:03.554221269Z 53 PC: 13722 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:00:03.555880078Z 53 PC: 13722 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:00:03.557537458Z 53 PC: 13722 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:00:03.55980571Z 53 PC: 13722 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:00:03.561476454Z 53 PC: 13722 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:00:03.563128541Z 53 PC: 13722 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:00:03.566052632Z 53 PC: 13722 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:00:03.56762894Z 53 PC: 13722 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:00:03.56912785Z 37 PC: 13737 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:00:03.570822852Z 37 PC: 1373f | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:00:03.574907217Z 37 PC: 13747 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:03.576198376Z 37 PC: 1374f | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:00:03.577783606Z 61 PC: 13a53 | Open file (Filename = ',UPI ��6�6�w�3')
2018-12-17T23:00:03.583585423Z 60 PC: 13a53 | Create or truncate file
2018-12-17T23:00:03.588856206Z 42 PC: 13465 | Get date 0x13465: pushf
0x13466: push es
0x13467: push di
0x13468: push bp
0x13469: mov bp, sp
0x1346b: les di, ptr [bp + 0x10]
0x1346e: cld
0x1346f: stosw word ptr es:[di], ax
0x13470: mov ax, bx
0x13472: stosw word ptr es:[di], ax
0x13473: mov ax, cx
0x13475: stosw word ptr es:[di], ax
0x13476: mov ax, dx
0x13478: stosw word ptr es:[di], ax
0x13479: pop ax
0x1347a: stosw word ptr es:[di], ax
0x1347b: mov ax, si
0x1347d: stosw word ptr es:[di], ax
0x1347e: pop ax
0x1347f: stosw word ptr es:[di], ax
2018-12-17T23:00:03.591850248Z 53 PC: 13599 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:00:03.594066099Z 53 PC: 13599 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:03.595869197Z 37 PC: 135b5 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:00:03.59756916Z 37 PC: 135b5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:03.599423799Z 48 PC: 14138 | Get DOS version
2018-12-17T23:00:03.601045197Z 61 PC: 13ec1 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:00:03.605467412Z 87 PC: 134dc | Get or set file date and time
2018-12-17T23:00:03.607339508Z 63 PC: 13f94 | Read file or device (Read 4482 bytes on handle 5)
2018-12-17T23:00:03.616644107Z 66 PC: 1405d | Move file pointer
2018-12-17T23:00:03.618324855Z 66 PC: 1406b | Move file pointer
2018-12-17T23:00:03.620377193Z 66 PC: 14079 | Move file pointer
2018-12-17T23:00:03.622065976Z 66 PC: 13ff3 | Move file pointer
2018-12-17T23:00:03.62370667Z 63 PC: 13f94 | Read file or device (Read 4482 bytes on handle 5)
2018-12-17T23:00:03.634206759Z 54 PC: 13465 | Get free disk space
2018-12-17T23:00:03.679765158Z 26 PC: 13539 | Set disk transfer address
2018-12-17T23:00:03.680978589Z 78 PC: 13545 | Find first file
2018-12-17T23:00:03.692066426Z 26 PC: 1355d | Set disk transfer address
2018-12-17T23:00:03.694103686Z 79 PC: 13562 | Find next file
2018-12-17T23:00:03.698015452Z 26 PC: 1355d | Set disk transfer address
2018-12-17T23:00:03.699182867Z 79 PC: 13562 | Find next file
2018-12-17T23:00:03.703454536Z 67 PC: 1349b | Get or set file attributes
2018-12-17T23:00:03.709381566Z 67 PC: 134c2 | Get or set file attributes
2018-12-17T23:00:04.091112181Z 61 PC: 13ec1 | Open file (Filename = 'C:COMMAND.COM')
2018-12-17T23:00:04.098609136Z 66 PC: 13ff3 | Move file pointer
2018-12-17T23:00:04.100418539Z 63 PC: 13f94 | Read file or device (Read 2 bytes on handle 6)
2018-12-17T23:00:04.106844505Z 66 PC: 1405d | Move file pointer
2018-12-17T23:00:04.108988545Z 66 PC: 1406b | Move file pointer
2018-12-17T23:00:04.110468212Z 66 PC: 14079 | Move file pointer
2018-12-17T23:00:04.112022192Z 66 PC: 13ff3 | Move file pointer
2018-12-17T23:00:04.114078328Z 63 PC: 13f94 | Read file or device (Read 2 bytes on handle 6)
2018-12-17T23:00:04.121593855Z 66 PC: 1405d | Move file pointer
2018-12-17T23:00:04.123031601Z 66 PC: 1406b | Move file pointer
2018-12-17T23:00:04.126041578Z 66 PC: 14079 | Move file pointer
2018-12-17T23:00:04.12805691Z 87 PC: 13509 | Get or set file date and time
2018-12-17T23:00:04.131658462Z 62 PC: 13f11 | Close file
2018-12-17T23:00:04.138903944Z 67 PC: 134c2 | Get or set file attributes
2018-12-17T23:00:04.14932039Z 26 PC: 1355d | Set disk transfer address
2018-12-17T23:00:04.150667416Z 79 PC: 13562 | Find next file
2018-12-17T23:00:04.154696539Z 26 PC: 1355d | Set disk transfer address
2018-12-17T23:00:04.156480553Z 79 PC: 13562 | Find next file
2018-12-17T23:00:04.160440375Z 26 PC: 1355d | Set disk transfer address
2018-12-17T23:00:04.161722419Z 79 PC: 13562 | Find next file
2018-12-17T23:00:04.165844349Z 54 PC: 13465 | Get free disk space
2018-12-17T23:00:04.167880004Z 26 PC: 13539 | Set disk transfer address
2018-12-17T23:00:04.169123846Z 78 PC: 13545 | Find first file
2018-12-17T23:00:04.172245998Z 66 PC: 13ff3 | Move file pointer
2018-12-17T23:00:04.174031611Z 64 PC: 13f94 | Write file or device (Write 4482 bytes on handle 5)
2018-12-17T23:00:04.190036821Z 66 PC: 1405d | Move file pointer
2018-12-17T23:00:04.19255625Z 66 PC: 1406b | Move file pointer
2018-12-17T23:00:04.194049798Z 66 PC: 14079 | Move file pointer
2018-12-17T23:00:04.19620923Z 66 PC: 13ff3 | Move file pointer
2018-12-17T23:00:04.198305356Z 64 PC: 13ef2 | Write file or device (Write 0 bytes on handle 5)
2018-12-17T23:00:04.208349554Z 87 PC: 13509 | Get or set file date and time
2018-12-17T23:00:04.210149602Z 37 PC: 135b5 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:00:04.212215921Z 37 PC: 135b5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:04.214286004Z 41 PC: 1361b | Parse filename
2018-12-17T23:00:04.215858891Z 41 PC: 13629 | Parse filename
2018-12-17T23:00:04.217559265Z 75 PC: 13634 | Execute program
2018-12-17T23:00:04.240923897Z 80 PC: 19c79 | Set current PSP
2018-12-17T23:00:04.241790295Z 48 PC: 19c7e | Get DOS version
2018-12-17T23:00:04.244301358Z 99 PC: 20460 | Get DBCS lead byte table pointer
2018-12-17T23:00:04.247763745Z 101 PC: 19d04 | Get extended country info
2018-12-17T23:00:04.249080928Z 99 PC: 19d0a | Get DBCS lead byte table pointer
2018-12-17T23:00:04.251339288Z 74 PC: 19d6c | Reallocate memory
2018-12-17T23:00:04.257058233Z 25 PC: 19da3 | Get default drive
2018-12-17T23:00:04.258596909Z 37 PC: 19863 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:00:04.260126639Z 37 PC: 1986a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:00:04.262893731Z 37 PC: 19871 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:04.268356938Z 74 PC: 18a0c | Reallocate memory
2018-12-17T23:00:04.270604484Z 72 PC: 18a4d | Allocate memory
2018-12-17T23:00:04.274371091Z 72 PC: 18a85 | Allocate memory
2018-12-17T23:00:04.276464133Z 72 PC: 18a8d | Allocate memory