Sample viewer

vx.netlux.org/Virus.DOS.HLLP.5904.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:00:19.421316129Z 53 PC: 132da | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:00:19.423348628Z 53 PC: 132da | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:00:19.424602494Z 53 PC: 132da | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:00:19.425832756Z 53 PC: 132da | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:00:19.427840148Z 53 PC: 132da | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:00:19.428983016Z 53 PC: 132da | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:19.430161741Z 53 PC: 132da | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:00:19.431968006Z 53 PC: 132da | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:00:19.433010144Z 53 PC: 132da | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:00:19.434164273Z 53 PC: 132da | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:00:19.435766484Z 53 PC: 132da | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:00:19.437107825Z 53 PC: 132da | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:00:19.438826154Z 53 PC: 132da | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:00:19.449655364Z 53 PC: 132da | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:00:19.451215776Z 53 PC: 132da | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:00:19.452618663Z 53 PC: 132da | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:00:19.454203892Z 53 PC: 132da | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:00:19.455774603Z 53 PC: 132da | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:00:19.456960873Z 53 PC: 132da | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:00:19.458150428Z 37 PC: 132ef | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:00:19.461090824Z 37 PC: 132f7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:00:19.462643672Z 37 PC: 132ff | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:19.464204845Z 37 PC: 13307 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:00:19.467136965Z 68 PC: 13dc0 | I/O control for devices (Set for = '')
2018-12-17T23:00:19.46934241Z 25 PC: 13978 | Get default drive
2018-12-17T23:00:19.470835335Z 71 PC: 1398b | Get current directory
2018-12-17T23:00:19.475329521Z 14 PC: 139d1 | Set default drive (Drive = 'A')
2018-12-17T23:00:19.476812518Z 25 PC: 139d5 | Get default drive
2018-12-17T23:00:19.478088205Z 59 PC: 13a3f | Change current directory
2018-12-17T23:00:19.483622856Z 26 PC: 130e5 | Set disk transfer address
2018-12-17T23:00:19.485222221Z 78 PC: 130f1 | Find first file
2018-12-17T23:00:19.493398627Z 26 PC: 13109 | Set disk transfer address
2018-12-17T23:00:19.495276165Z 79 PC: 1310e | Find next file
2018-12-17T23:00:19.498499442Z 26 PC: 13109 | Set disk transfer address
2018-12-17T23:00:19.499686242Z 79 PC: 1310e | Find next file
2018-12-17T23:00:19.503669187Z 26 PC: 13109 | Set disk transfer address
2018-12-17T23:00:19.505015416Z 79 PC: 1310e | Find next file
2018-12-17T23:00:19.509090665Z 26 PC: 13109 | Set disk transfer address
2018-12-17T23:00:19.510669332Z 79 PC: 1310e | Find next file
2018-12-17T23:00:19.51446808Z 26 PC: 13109 | Set disk transfer address
2018-12-17T23:00:19.515392417Z 79 PC: 1310e | Find next file
2018-12-17T23:00:19.517635673Z 26 PC: 13109 | Set disk transfer address
2018-12-17T23:00:19.519504966Z 79 PC: 1310e | Find next file
2018-12-17T23:00:19.521843991Z 26 PC: 13109 | Set disk transfer address
2018-12-17T23:00:19.522840574Z 79 PC: 1310e | Find next file
2018-12-17T23:00:19.526032983Z 26 PC: 13109 | Set disk transfer address
2018-12-17T23:00:19.527051397Z 79 PC: 1310e | Find next file
2018-12-17T23:00:19.529572825Z 61 PC: 1379d | Open file (Filename = 'TEST.EXE')
2018-12-17T23:00:19.535025622Z 66 PC: 13ebf | Move file pointer
2018-12-17T23:00:19.536168049Z 66 PC: 13ecd | Move file pointer
2018-12-17T23:00:19.537288505Z 66 PC: 13edb | Move file pointer
2018-12-17T23:00:19.539513896Z 66 PC: 138cf | Move file pointer
2018-12-17T23:00:19.540805303Z 63 PC: 13870 | Read file or device (Read 7 bytes on handle 5)
2018-12-17T23:00:19.54796076Z 62 PC: 137ed | Close file
2018-12-17T23:00:19.553004027Z 26 PC: 13109 | Set disk transfer address
2018-12-17T23:00:19.554681089Z 79 PC: 1310e | Find next file
2018-12-17T23:00:19.557899968Z 14 PC: 139d1 | Set default drive (Drive = 'A')
2018-12-17T23:00:19.560457954Z 25 PC: 139d5 | Get default drive
2018-12-17T23:00:19.561870368Z 59 PC: 13a3f | Change current directory
2018-12-17T23:00:19.566324759Z 48 PC: 138eb | Get DOS version
2018-12-17T23:00:19.568351929Z 61 PC: 1379d | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:00:19.576085031Z 63 PC: 13870 | Read file or device (Read 5904 bytes on handle 5)
2018-12-17T23:00:19.584419764Z 62 PC: 137ed | Close file
2018-12-17T23:00:19.586631079Z 61 PC: 1379d | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:00:19.597872555Z 66 PC: 13ebf | Move file pointer
2018-12-17T23:00:19.59944026Z 66 PC: 13ecd | Move file pointer
2018-12-17T23:00:19.601043242Z 66 PC: 13edb | Move file pointer
2018-12-17T23:00:19.603222147Z 66 PC: 138cf | Move file pointer
2018-12-17T23:00:19.604729259Z 63 PC: 13870 | Read file or device (Read 5904 bytes on handle 5)
2018-12-17T23:00:19.613039536Z 66 PC: 138cf | Move file pointer
2018-12-17T23:00:19.615120046Z 64 PC: 13870 | Write file or device (Write 5904 bytes on handle 5)
2018-12-17T23:00:19.631861697Z 62 PC: 137ed | Close file
2018-12-17T23:00:19.639916574Z 53 PC: 13254 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:00:19.642133239Z 37 PC: 1325d | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:00:19.643509806Z 53 PC: 13254 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:00:19.644921759Z 37 PC: 1325d | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:00:19.647404786Z 53 PC: 13254 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:00:19.648948547Z 37 PC: 1325d | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:00:19.650396297Z 53 PC: 13254 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:00:19.653239661Z 37 PC: 1325d | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:00:19.654845899Z 53 PC: 13254 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:00:19.656622177Z 37 PC: 1325d | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:00:19.659393044Z 53 PC: 13254 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:19.661035871Z 37 PC: 1325d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:19.662526332Z 53 PC: 13254 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:00:19.664854136Z 37 PC: 1325d | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:00:19.666283533Z 53 PC: 13254 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:00:19.667602161Z 37 PC: 1325d | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:00:19.670088273Z 53 PC: 13254 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:00:19.671659756Z 37 PC: 1325d | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:00:19.673229616Z 53 PC: 13254 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:00:19.675397309Z 37 PC: 1325d | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:00:19.677135044Z 53 PC: 13254 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:00:19.678708391Z 37 PC: 1325d | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:00:19.680462397Z 53 PC: 13254 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:00:19.682276757Z 37 PC: 1325d | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:00:19.683664094Z 53 PC: 13254 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:00:19.68591835Z 37 PC: 1325d | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:00:19.68733378Z 53 PC: 13254 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:00:19.689482909Z 37 PC: 1325d | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:00:19.690968571Z 53 PC: 13254 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:00:19.693009476Z 37 PC: 1325d | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:00:19.694328735Z 53 PC: 13254 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:00:19.695647243Z 37 PC: 1325d | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:00:19.698022687Z 53 PC: 13254 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:00:19.699656928Z 37 PC: 1325d | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:00:19.701411425Z 53 PC: 13254 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:00:19.70419716Z 37 PC: 1325d | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:00:19.705789112Z 53 PC: 13254 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:00:19.707380172Z 37 PC: 1325d | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:00:19.710426777Z 41 PC: 1320b | Parse filename
2018-12-17T23:00:19.711969406Z 41 PC: 13219 | Parse filename
2018-12-17T23:00:19.713528826Z 75 PC: 13224 | Execute program
2018-12-17T23:00:19.739310745Z 80 PC: 1b239 | Set current PSP
2018-12-17T23:00:19.740200397Z 48 PC: 1b23e | Get DOS version
2018-12-17T23:00:19.741765378Z 99 PC: 21a20 | Get DBCS lead byte table pointer
2018-12-17T23:00:19.745189413Z 101 PC: 1b2c4 | Get extended country info
2018-12-17T23:00:19.747054899Z 99 PC: 1b2ca | Get DBCS lead byte table pointer
2018-12-17T23:00:19.748782886Z 74 PC: 1b32c | Reallocate memory
2018-12-17T23:00:19.751355591Z 25 PC: 1b363 | Get default drive
2018-12-17T23:00:19.752892018Z 37 PC: 1ae23 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:00:19.754034926Z 37 PC: 1ae2a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:00:19.756108111Z 37 PC: 1ae31 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:19.761112786Z 74 PC: 19fcc | Reallocate memory
2018-12-17T23:00:19.763341534Z 72 PC: 1a00d | Allocate memory
2018-12-17T23:00:19.766779114Z 72 PC: 1a045 | Allocate memory
2018-12-17T23:00:19.768951457Z 72 PC: 1a04d | Allocate memory