Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Merlin.6256

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:01:56.061583901Z 53 PC: 12a60 | Get interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T23:01:56.064055094Z 53 PC: 12a6f | Get interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T23:01:56.070266635Z 37 PC: 12a82 | Set interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T23:01:56.072884885Z 37 PC: 12a8b | Set interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T23:01:56.076180257Z 98 PC: 12ac9 | Get current PSP
2018-12-17T23:01:56.08198296Z 53 PC: 1551a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:01:56.083745652Z 53 PC: 1551a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:01:56.085449373Z 53 PC: 1551a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:01:56.088726771Z 53 PC: 1551a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:01:56.092316015Z 53 PC: 1551a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:01:56.094449163Z 53 PC: 1551a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:56.099084633Z 53 PC: 1551a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:01:56.100804255Z 53 PC: 1551a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:01:56.10251534Z 53 PC: 1551a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:01:56.105259686Z 53 PC: 1551a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:01:56.107618038Z 53 PC: 1551a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:01:56.109169563Z 53 PC: 1551a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:01:56.125667121Z 53 PC: 1551a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:01:56.128101265Z 53 PC: 1551a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:01:56.130512205Z 53 PC: 1551a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:01:56.132875455Z 53 PC: 1551a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:01:56.135556683Z 53 PC: 1551a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:01:56.13790206Z 53 PC: 1551a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:01:56.140212241Z 53 PC: 1551a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:01:56.143169618Z 37 PC: 1552f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:01:56.145853331Z 37 PC: 15537 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:01:56.148496697Z 37 PC: 1553f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:56.150760842Z 37 PC: 15547 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:01:56.153854545Z 68 PC: 16231 | I/O control for devices (Set for = '�Z�>%�u�%�')
2018-12-17T23:01:56.156255466Z 44 PC: 14cf7 | Get time 0x14cf7: mov word ptr cs:[0x947], cx
0x14cfc: mov word ptr cs:[0x94a], dx
0x14d01: ret
0x14d02: push bx
0x14d03: push cx
0x14d04: push dx
0x14d05: push ax
0x14d06: mov ax, 0
0x14d09: mov bx, 0
0x14d0c: mov cx, ax
0x14d0e: mov dx, 0x8405
0x14d11: mul dx
0x14d13: shl cx, 3
0x14d16: add ch, cl
0x14d18: add dx, cx
0x14d1a: add dx, bx
0x14d1c: shl bx, 2
0x14d1f: add dx, bx
0x14d21: add dh, bl
0x14d23: mov cl, 5
2018-12-17T23:01:56.160396316Z 61 PC: 15c71 | Open file (Filename = 'c:\mirc\mirc.ini')
2018-12-17T23:01:56.169619406Z 61 PC: 15c71 | Open file (Filename = 'c:\progra~1\mirc\mirc.ini')
2018-12-17T23:01:56.1766415Z 60 PC: 15c71 | Create or truncate file
2018-12-17T23:01:56.221414708Z 62 PC: 15cc1 | Close file
2018-12-17T23:01:56.22462515Z 65 PC: 15dba | Delete file (Filename = '�')
2018-12-17T23:01:56.242094555Z 26 PC: 15385 | Set disk transfer address
2018-12-17T23:01:56.249501733Z 78 PC: 15391 | Find first file
2018-12-17T23:01:56.256906717Z 61 PC: 15c71 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T23:01:56.265601143Z 66 PC: 16330 | Move file pointer
2018-12-17T23:01:56.267482288Z 66 PC: 1633e | Move file pointer
2018-12-17T23:01:56.269302658Z 66 PC: 1634c | Move file pointer
2018-12-17T23:01:56.272472534Z 66 PC: 16330 | Move file pointer
2018-12-17T23:01:56.274467623Z 66 PC: 1633e | Move file pointer
2018-12-17T23:01:56.276191633Z 66 PC: 1634c | Move file pointer
2018-12-17T23:01:56.289587402Z 63 PC: 15d44 | Read file or device (Read 28 bytes on handle 5)
2018-12-17T23:01:56.294534508Z 66 PC: 16330 | Move file pointer
2018-12-17T23:01:56.29653644Z 66 PC: 1633e | Move file pointer
2018-12-17T23:01:56.299589497Z 66 PC: 1634c | Move file pointer
2018-12-17T23:01:56.301817483Z 66 PC: 16330 | Move file pointer
2018-12-17T23:01:56.303781063Z 66 PC: 1633e | Move file pointer
2018-12-17T23:01:56.306331154Z 66 PC: 1634c | Move file pointer
2018-12-17T23:01:56.309460173Z 66 PC: 16330 | Move file pointer
2018-12-17T23:01:56.31141169Z 66 PC: 1633e | Move file pointer
2018-12-17T23:01:56.313253891Z 66 PC: 1634c | Move file pointer
2018-12-17T23:01:56.316333788Z 62 PC: 15cc1 | Close file
2018-12-17T23:01:56.319385372Z 66 PC: 16330 | Move file pointer
2018-12-17T23:01:56.321278269Z 66 PC: 1633e | Move file pointer
2018-12-17T23:01:56.32406729Z 66 PC: 1634c | Move file pointer
2018-12-17T23:01:56.326807609Z 64 PC: 15938 | Write file or device (Write 0 bytes on handle 1)
2018-12-17T23:01:56.329824236Z 37 PC: 15671 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:01:56.332121012Z 37 PC: 15671 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:01:56.350188952Z 37 PC: 15671 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:01:56.351511016Z 37 PC: 15671 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:01:56.352834402Z 37 PC: 15671 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:01:56.355197572Z 37 PC: 15671 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:56.356775828Z 37 PC: 15671 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:01:56.358415058Z 37 PC: 15671 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:01:56.361090996Z 37 PC: 15671 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:01:56.362666366Z 37 PC: 15671 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:01:56.373209897Z 37 PC: 15671 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:01:56.375573909Z 37 PC: 15671 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:01:56.377782699Z 37 PC: 15671 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:01:56.379313656Z 37 PC: 15671 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:01:56.382681774Z 37 PC: 15671 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:01:56.384406375Z 37 PC: 15671 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:01:56.386937631Z 37 PC: 15671 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:01:56.388236843Z 37 PC: 15671 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:01:56.390057634Z 37 PC: 15671 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:01:56.391720819Z 37 PC: 12b20 | Set interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T23:01:56.393242298Z 37 PC: 12b2a | Set interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T23:01:56.395362361Z 98 PC: 12b2e | Get current PSP
2018-12-17T23:01:56.407626575Z 26 PC: 12b39 | Set disk transfer address