Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Merlin.5786

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:01:30.287637308Z 53 PC: 12a60 | Get interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T23:01:30.28978313Z 53 PC: 12a6f | Get interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T23:01:30.292313635Z 37 PC: 12a82 | Set interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T23:01:30.294028076Z 37 PC: 12a8b | Set interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T23:01:30.295757426Z 98 PC: 12aa9 | Get current PSP
2018-12-17T23:01:30.301559899Z 53 PC: 151da | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:01:30.304100102Z 53 PC: 151da | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:01:30.305872592Z 53 PC: 151da | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:01:30.320364543Z 53 PC: 151da | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:01:30.322206544Z 53 PC: 151da | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:01:30.323978023Z 53 PC: 151da | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:30.326980865Z 53 PC: 151da | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:01:30.328783462Z 53 PC: 151da | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:01:30.330547687Z 53 PC: 151da | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:01:30.332232603Z 53 PC: 151da | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:01:30.334824854Z 53 PC: 151da | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:01:30.336571867Z 53 PC: 151da | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:01:30.338302879Z 53 PC: 151da | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:01:30.35830276Z 53 PC: 151da | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:01:30.362417141Z 53 PC: 151da | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:01:30.364095084Z 53 PC: 151da | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:01:30.366385198Z 53 PC: 151da | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:01:30.368236907Z 53 PC: 151da | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:01:30.369886877Z 53 PC: 151da | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:01:30.372551715Z 37 PC: 151ef | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:01:30.374019232Z 37 PC: 151f7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:01:30.375491959Z 37 PC: 151ff | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:30.376984123Z 37 PC: 15207 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:01:30.386245966Z 68 PC: 15e5a | I/O control for devices (Set for = '��_Y[X�P�ó ��[Ó�SQRVWU��קt��')
2018-12-17T23:01:30.387786751Z 44 PC: 14e30 | Get time 0x14e30: mov word ptr cs:[0xc50], cx
0x14e35: mov word ptr cs:[0xc53], dx
0x14e3a: ret
0x14e3b: push bx
0x14e3c: push cx
0x14e3d: push dx
0x14e3e: push ax
0x14e3f: mov ax, 0
0x14e42: mov bx, 0
0x14e45: mov cx, ax
0x14e47: mov dx, 0x8405
0x14e4a: mul dx
0x14e4c: shl cx, 3
0x14e4f: add ch, cl
0x14e51: add dx, cx
0x14e53: add dx, bx
0x14e55: shl bx, 2
0x14e58: add dx, bx
0x14e5a: add dh, bl
0x14e5c: mov cl, 5
2018-12-17T23:01:30.390987926Z 61 PC: 15931 | Open file (Filename = 'c:\mirc\mirc.ini')
2018-12-17T23:01:30.399894883Z 61 PC: 15931 | Open file (Filename = 'c:\progra~1\mirc\mirc.ini')
2018-12-17T23:01:30.407033516Z 60 PC: 15931 | Create or truncate file
2018-12-17T23:01:30.42850396Z 62 PC: 15981 | Close file
2018-12-17T23:01:30.431956878Z 65 PC: 15a7a | Delete file (Filename = '�')
2018-12-17T23:01:30.444939863Z 26 PC: 15045 | Set disk transfer address
2018-12-17T23:01:30.446830345Z 78 PC: 15051 | Find first file
2018-12-17T23:01:30.455061041Z 61 PC: 15931 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T23:01:30.462500881Z 66 PC: 15f59 | Move file pointer
2018-12-17T23:01:30.46467156Z 66 PC: 15f67 | Move file pointer
2018-12-17T23:01:30.467986729Z 66 PC: 15f75 | Move file pointer
2018-12-17T23:01:30.469790739Z 66 PC: 15f59 | Move file pointer
2018-12-17T23:01:30.471785668Z 66 PC: 15f67 | Move file pointer
2018-12-17T23:01:30.474624672Z 66 PC: 15f75 | Move file pointer
2018-12-17T23:01:30.476818064Z 63 PC: 15a04 | Read file or device (Read 28 bytes on handle 5)
2018-12-17T23:01:30.48030713Z 66 PC: 15f59 | Move file pointer
2018-12-17T23:01:30.482444886Z 66 PC: 15f67 | Move file pointer
2018-12-17T23:01:30.48567167Z 66 PC: 15f75 | Move file pointer
2018-12-17T23:01:30.487898885Z 66 PC: 15f59 | Move file pointer
2018-12-17T23:01:30.490050568Z 66 PC: 15f67 | Move file pointer
2018-12-17T23:01:30.492737857Z 66 PC: 15f75 | Move file pointer
2018-12-17T23:01:30.494474741Z 66 PC: 15f59 | Move file pointer
2018-12-17T23:01:30.496010607Z 66 PC: 15f67 | Move file pointer
2018-12-17T23:01:30.498403683Z 66 PC: 15f75 | Move file pointer
2018-12-17T23:01:30.500135267Z 62 PC: 15981 | Close file
2018-12-17T23:01:30.502408769Z 64 PC: 155f8 | Write file or device (Write 0 bytes on handle 1)
2018-12-17T23:01:30.505194303Z 37 PC: 15331 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:01:30.506871975Z 37 PC: 15331 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:01:30.508495526Z 37 PC: 15331 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:01:30.51076495Z 37 PC: 15331 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:01:30.51242011Z 37 PC: 15331 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:01:30.514035736Z 37 PC: 15331 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:30.516756208Z 37 PC: 15331 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:01:30.51852922Z 37 PC: 15331 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:01:30.520124958Z 37 PC: 15331 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:01:30.521932755Z 37 PC: 15331 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:01:30.523752204Z 37 PC: 15331 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:01:30.525345017Z 37 PC: 15331 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:01:30.526947838Z 37 PC: 15331 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:01:30.528947676Z 37 PC: 15331 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:01:30.530541821Z 37 PC: 15331 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:01:30.532119456Z 37 PC: 15331 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:01:30.534076273Z 37 PC: 15331 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:01:30.535683332Z 37 PC: 15331 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:01:30.537286495Z 37 PC: 15331 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:01:30.539491127Z 37 PC: 12b01 | Set interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T23:01:30.541096714Z 37 PC: 12b0b | Set interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T23:01:30.542680891Z 98 PC: 12b0f | Get current PSP
2018-12-17T23:01:30.54454839Z 26 PC: 12b1a | Set disk transfer address