Sample viewer

vx.netlux.org/Virus.DOS.HLLO.2229

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:00:22.824967607Z	53	PC: 12bea \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:00:22.826822635Z	53	PC: 12bea \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:00:22.828978782Z	53	PC: 12bea \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:00:22.831786681Z	53	PC: 12bea \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:00:22.833198235Z	53	PC: 12bea \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:00:22.835663887Z	53	PC: 12bea \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:22.837107818Z	53	PC: 12bea \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:00:22.8385505Z	53	PC: 12bea \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:00:22.841080358Z	53	PC: 12bea \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:00:22.842581046Z	53	PC: 12bea \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:00:22.844445006Z	53	PC: 12bea \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:00:22.84692887Z	53	PC: 12bea \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:00:22.848354124Z	53	PC: 12bea \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:00:22.849743643Z	53	PC: 12bea \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:00:22.853273444Z	53	PC: 12bea \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:00:22.855710513Z	53	PC: 12bea \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:00:22.856996495Z	53	PC: 12bea \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:00:22.858268167Z	53	PC: 12bea \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:00:22.860575897Z	53	PC: 12bea \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:00:22.86333059Z	37	PC: 12bff \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:00:22.865035568Z	37	PC: 12c07 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:00:22.867381492Z	37	PC: 12c0f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:22.869173636Z	37	PC: 12c17 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:00:22.871321734Z	68	PC: 1325e \| I/O control for devices (Set for = '��f�� ')
2018-12-17T23:00:22.8736889Z	48	PC: 131a0 \| Get DOS version
2018-12-17T23:00:22.875841574Z	61	PC: 13052 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:00:22.883764412Z	63	PC: 13125 \| Read file or device (Read 2229 bytes on handle 5)
2018-12-17T23:00:22.892316213Z	62	PC: 130a2 \| Close file
2018-12-17T23:00:22.895414705Z	26	PC: 12b35 \| Set disk transfer address
2018-12-17T23:00:22.897025285Z	78	PC: 12b41 \| Find first file
2018-12-17T23:00:22.905186448Z	61	PC: 13052 \| Open file (Filename = 'TEST.EXE')
2018-12-17T23:00:22.91862811Z	64	PC: 13125 \| Write file or device (Write 2229 bytes on handle 5)
2018-12-17T23:00:22.936099707Z	62	PC: 130a2 \| Close file
2018-12-17T23:00:22.944991429Z	26	PC: 12b59 \| Set disk transfer address
2018-12-17T23:00:22.947916371Z	79	PC: 12b5e \| Find next file
2018-12-17T23:00:22.950987473Z	64	PC: 12fad \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T23:00:22.952967181Z	37	PC: 12d41 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:00:22.955148184Z	37	PC: 12d41 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:00:22.95664583Z	37	PC: 12d41 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:00:22.957993468Z	37	PC: 12d41 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:00:22.959977753Z	37	PC: 12d41 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:00:22.96128327Z	37	PC: 12d41 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:22.962629402Z	37	PC: 12d41 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:00:22.97808532Z	37	PC: 12d41 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:00:22.979499051Z	37	PC: 12d41 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:00:22.980886664Z	37	PC: 12d41 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:00:22.982829696Z	37	PC: 12d41 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:00:22.984535246Z	37	PC: 12d41 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:00:22.986235156Z	37	PC: 12d41 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:00:22.988105934Z	37	PC: 12d41 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:00:22.990051651Z	37	PC: 12d41 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:00:22.991412278Z	37	PC: 12d41 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:00:22.992800336Z	37	PC: 12d41 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:00:22.994985504Z	37	PC: 12d41 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:00:22.996647866Z	37	PC: 12d41 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:00:22.998316023Z	76	PC: 12d80 \| Terminate with return code (Return code = '0')