Sample viewer

vx.netlux.org/Virus.DOS.HLLP.RedArc.44136

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:00:17.526214464Z	48	PC: 1998c \| Get DOS version
2018-12-17T23:00:17.527405595Z	74	PC: 199dc \| Reallocate memory
2018-12-17T23:00:17.529197805Z	48	PC: 19a40 \| Get DOS version
2018-12-17T23:00:17.531198605Z	53	PC: 19a48 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:00:17.532259136Z	37	PC: 19a5a \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:00:17.533594842Z	53	PC: 1c6a2 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:00:17.535276287Z	37	PC: 1c6b2 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:00:17.536635525Z	53	PC: 1c6b7 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:00:17.538020118Z	37	PC: 1c6c7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:00:17.540329346Z	53	PC: 1a3f6 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:00:17.541460183Z	53	PC: 1a3f6 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:00:17.542544419Z	53	PC: 1a3f6 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:00:17.543998961Z	53	PC: 1a3f6 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:00:17.545392616Z	53	PC: 1a3f6 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:00:17.546518928Z	53	PC: 1a3f6 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:00:17.548058513Z	53	PC: 1a3f6 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:00:17.549251728Z	53	PC: 1a3f6 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:00:17.550363471Z	53	PC: 1a3f6 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:00:17.569459471Z	53	PC: 1a3f6 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:00:17.572340805Z	53	PC: 1a3f6 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:00:17.573482663Z	37	PC: 1a425 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:00:17.575112116Z	37	PC: 1a425 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:00:17.576210749Z	37	PC: 1a425 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:00:17.577269356Z	37	PC: 1a425 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:00:17.579040565Z	37	PC: 1a425 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:00:17.580130855Z	37	PC: 1a425 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:00:17.581170593Z	37	PC: 1a425 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:00:17.582758809Z	37	PC: 1a425 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:00:17.58391564Z	37	PC: 1a42c \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:00:17.585033678Z	37	PC: 1a431 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:00:17.586862049Z	68	PC: 19aeb \| I/O control for devices (Set for = 'U�=SCu �')
2018-12-17T23:00:17.5881591Z	68	PC: 19aeb \| I/O control for devices (Set for = 'r')
2018-12-17T23:00:17.589428852Z	68	PC: 19aeb \| I/O control for devices (Set for = ' ��> ')
2018-12-17T23:00:17.591518785Z	68	PC: 19aeb \| I/O control for devices (Set for = '��.')
2018-12-17T23:00:17.592809449Z	68	PC: 19aeb \| I/O control for devices (Set for = '��.')
2018-12-17T23:00:17.59445506Z	53	PC: 16c8e \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:00:17.596459438Z	53	PC: 16c9b \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:00:17.597529055Z	53	PC: 16ca8 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:17.598588331Z	37	PC: 16cbd \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:00:17.60144967Z	37	PC: 16cc5 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:00:17.602844453Z	37	PC: 16ccd \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:17.604262063Z	53	PC: 1774c \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:00:17.606302714Z	53	PC: 17759 \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:00:17.607321017Z	53	PC: 17768 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:00:17.608299806Z	37	PC: 17775 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:00:17.609669102Z	53	PC: 1777c \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:00:17.610666964Z	37	PC: 17789 \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:00:17.611642659Z	53	PC: 17795 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:00:17.615924338Z	48	PC: 17857 \| Get DOS version
2018-12-17T23:00:17.616829508Z	74	PC: 15959 \| Reallocate memory
2018-12-17T23:00:17.617855472Z	74	PC: 15959 \| Reallocate memory
2018-12-17T23:00:17.619731403Z	68	PC: 16c04 \| I/O control for devices (Set for = 'VIR�')
2018-12-17T23:00:17.620811968Z	68	PC: 16c04 \| I/O control for devices (Set for = '')
2018-12-17T23:00:17.62218521Z	51	PC: 16c22 \| Get or set Ctrl-Break
2018-12-17T23:00:17.623186079Z	51	PC: 16c2e \| Get or set Ctrl-Break
2018-12-17T23:00:17.625766892Z	74	PC: 15959 \| Reallocate memory
2018-12-17T23:00:17.626909569Z	51	PC: 16c39 \| Get or set Ctrl-Break
2018-12-17T23:00:17.628097649Z	37	PC: 16ebb \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:00:17.629042561Z	37	PC: 16ec5 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:00:17.630485971Z	37	PC: 16ecf \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:17.631486819Z	53	PC: 15386 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:00:17.632372878Z	53	PC: 15393 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:00:17.633873802Z	53	PC: 153a0 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:00:17.634962905Z	37	PC: 153bb \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:00:17.635874016Z	53	PC: 153c3 \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:00:17.637458654Z	37	PC: 153d0 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:00:17.638431702Z	53	PC: 153d7 \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:00:17.639501463Z	37	PC: 153e4 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:00:17.640963041Z	37	PC: 153ee \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:00:17.641990407Z	37	PC: 153f9 \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:00:17.64310409Z	37	PC: 1a441 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:00:17.64451904Z	37	PC: 1a441 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:00:17.645902003Z	37	PC: 1a441 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:00:17.647347269Z	37	PC: 1a441 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:00:17.649205277Z	37	PC: 1a441 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:00:17.6509219Z	37	PC: 1a441 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:00:17.652616233Z	37	PC: 1a441 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:00:17.653717636Z	37	PC: 1a441 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:00:17.655721344Z	37	PC: 1a441 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:00:17.656768268Z	37	PC: 1a441 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:00:17.657823056Z	37	PC: 1a441 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:00:17.662324907Z	37	PC: 1c6d6 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:00:17.663411662Z	37	PC: 19b9c \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:00:17.667864944Z	41	PC: 1973d \| Parse filename
2018-12-17T23:00:17.669767287Z	41	PC: 1973f \| Parse filename
2018-12-17T23:00:17.67118375Z	41	PC: 19744 \| Parse filename
2018-12-17T23:00:17.672591726Z	75	PC: 1975a \| Execute program
2018-12-17T23:00:17.694030413Z	80	PC: 1f739 \| Set current PSP
2018-12-17T23:00:17.694628642Z	48	PC: 1f73e \| Get DOS version
2018-12-17T23:00:17.695593316Z	99	PC: 25f20 \| Get DBCS lead byte table pointer
2018-12-17T23:00:17.698356426Z	101	PC: 1f7c4 \| Get extended country info
2018-12-17T23:00:17.699380332Z	99	PC: 1f7ca \| Get DBCS lead byte table pointer
2018-12-17T23:00:17.700707701Z	74	PC: 1f82c \| Reallocate memory
2018-12-17T23:00:17.702678463Z	25	PC: 1f863 \| Get default drive
2018-12-17T23:00:17.704357286Z	37	PC: 1f323 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:00:17.705510846Z	37	PC: 1f32a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:00:17.706991839Z	37	PC: 1f331 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:17.711165395Z	74	PC: 1e4cc \| Reallocate memory
2018-12-17T23:00:17.712853153Z	72	PC: 1e50d \| Allocate memory
2018-12-17T23:00:17.715719096Z	72	PC: 1e545 \| Allocate memory
2018-12-17T23:00:17.717531334Z	72	PC: 1e54d \| Allocate memory