Sample viewer

vx.netlux.org/Virus.DOS.HLLP.7136

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:02:35.214207478Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:02:35.216340201Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:02:35.218758334Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:02:35.220500413Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:02:35.222272506Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:02:35.234833323Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:35.236541156Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:02:35.238273507Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:02:35.241224978Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:02:35.243104291Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:02:35.244963387Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:02:35.247699129Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:02:35.250403431Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:02:35.252962407Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:02:35.255654775Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:02:35.257913449Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:02:35.260000414Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:02:35.261334028Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:02:35.2627106Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:02:35.278041818Z	37	PC: 1353f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:02:35.279421095Z	37	PC: 13547 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:02:35.280740354Z	37	PC: 1354f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:35.290683002Z	37	PC: 13557 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:02:35.292652216Z	68	PC: 142e2 \| I/O control for devices (Set for = '�$�&,��-��<��')
2018-12-17T23:02:35.294789005Z	25	PC: 13e9f \| Get default drive
2018-12-17T23:02:35.297089757Z	71	PC: 13eb2 \| Get current directory
2018-12-17T23:02:35.301079974Z	48	PC: 13e12 \| Get DOS version
2018-12-17T23:02:35.303116632Z	61	PC: 13c50 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:02:35.312717799Z	63	PC: 13d23 \| Read file or device (Read 7136 bytes on handle 5)
2018-12-17T23:02:35.321671944Z	66	PC: 13d82 \| Move file pointer
2018-12-17T23:02:35.32341353Z	66	PC: 143e1 \| Move file pointer
2018-12-17T23:02:35.32564793Z	66	PC: 143ef \| Move file pointer
2018-12-17T23:02:35.342628852Z	66	PC: 143fd \| Move file pointer
2018-12-17T23:02:35.345898385Z	63	PC: 13d23 \| Read file or device (Read 256 bytes on handle 5)
2018-12-17T23:02:35.350250167Z	60	PC: 13c50 \| Create or truncate file
2018-12-17T23:02:35.370791029Z	64	PC: 13d23 \| Write file or device (Write 256 bytes on handle 6)
2018-12-17T23:02:35.375840128Z	62	PC: 13ca0 \| Close file
2018-12-17T23:02:35.378348386Z	62	PC: 13ca0 \| Close file
2018-12-17T23:02:35.391101995Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:02:35.392531429Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:02:35.393889586Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:02:35.39918969Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:02:35.400843283Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:02:35.402567463Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:02:35.405902132Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:02:35.412392456Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:02:35.413950182Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:02:35.415772178Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:02:35.417144963Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:35.418464454Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:35.420482216Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:02:35.422061838Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:02:35.423642396Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:02:35.425307527Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:02:35.427115926Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:02:35.428477779Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:02:35.429871499Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:02:35.431962445Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:02:35.433218571Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:02:35.434536916Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:02:35.436806612Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:02:35.438324915Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:02:35.439786286Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:02:35.442107755Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:02:35.443522078Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:02:35.444969075Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:02:35.44691896Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:02:35.448329809Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:02:35.449938484Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:02:35.452295575Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:02:35.454245815Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:02:35.455829325Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:02:35.457239347Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:02:35.459427936Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:02:35.461105146Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:02:35.462892986Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:02:35.46790181Z	41	PC: 1345f \| Parse filename
2018-12-17T23:02:35.46965698Z	41	PC: 1346d \| Parse filename
2018-12-17T23:02:35.471538194Z	75	PC: 13478 \| Execute program
2018-12-17T23:02:35.495763338Z	80	PC: 61dd9 \| Set current PSP
2018-12-17T23:02:35.497516725Z	48	PC: 61dde \| Get DOS version
2018-12-17T23:02:35.500838794Z	99	PC: 685c0 \| Get DBCS lead byte table pointer
2018-12-17T23:02:35.50508381Z	101	PC: 61e64 \| Get extended country info
2018-12-17T23:02:35.506994505Z	99	PC: 61e6a \| Get DBCS lead byte table pointer
2018-12-17T23:02:35.50872278Z	74	PC: 61ecc \| Reallocate memory
2018-12-17T23:02:35.511505255Z	25	PC: 61f03 \| Get default drive
2018-12-17T23:02:35.513245827Z	37	PC: 619c3 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:02:35.514852714Z	37	PC: 619ca \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:02:35.517251468Z	37	PC: 619d1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:35.522671703Z	74	PC: 60b6c \| Reallocate memory
2018-12-17T23:02:35.524624708Z	72	PC: 60bad \| Allocate memory
2018-12-17T23:02:35.526969908Z	72	PC: 60be5 \| Allocate memory
2018-12-17T23:02:35.529911283Z	72	PC: 60bed \| Allocate memory