Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Nutmeg.3327

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:03:31.342273819Z	53	PC: 1415a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:03:31.344429644Z	53	PC: 1415a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:03:31.346249572Z	53	PC: 1415a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:03:31.348225673Z	53	PC: 1415a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:31.36639391Z	53	PC: 1415a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:03:31.368024812Z	53	PC: 1415a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:31.369629189Z	53	PC: 1415a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:03:31.371920253Z	53	PC: 1415a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:03:31.374098874Z	53	PC: 1415a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:03:31.375780178Z	53	PC: 1415a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:03:31.384765986Z	53	PC: 1415a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:03:31.390284201Z	53	PC: 1415a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:03:31.392476855Z	53	PC: 1415a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:03:31.394659921Z	53	PC: 1415a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:03:31.397231879Z	53	PC: 1415a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:03:31.398792906Z	53	PC: 1415a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:03:31.400290461Z	53	PC: 1415a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:03:31.402236998Z	53	PC: 1415a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:03:31.403818163Z	53	PC: 1415a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:03:31.405248162Z	37	PC: 1416f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:03:31.406818393Z	37	PC: 14177 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:03:31.408696658Z	37	PC: 1417f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:31.410055444Z	37	PC: 14187 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:03:31.411796009Z	68	PC: 14826 \| I/O control for devices (Set for = '��=')
2018-12-17T23:03:31.422184119Z	44	PC: 1495d \| Get time 0x1495d: mov word ptr [0x3e], cx 0x14961: mov word ptr [0x40], dx 0x14965: retf 0x14966: mov di, 0x50 0x14969: push ds 0x1496a: pop es 0x1496b: mov cx, 0x123c 0x1496e: sub cx, di 0x14970: shr cx, 1 0x14972: xor ax, ax 0x14974: cld 0x14975: rep stosd dword ptr es:[di], eax 0x14977: ret 0x14978: add byte ptr [bx + si], al 0x1497a: add byte ptr [bx + si], al 0x1497c: add byte ptr [bx + si], al 0x1497e: add byte ptr [bx + si], al 0x14980: add byte ptr [bx + si], al 0x14982: add byte ptr [bx + si], al 0x14984: add byte ptr [bx + si], al
2018-12-17T23:03:31.424409462Z	81	PC: 12a44 \| Get current PSP
2018-12-17T23:03:31.425700802Z	61	PC: 12a91 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:03:31.432758041Z	63	PC: 12a66 \| Read file or device (Read 3327 bytes on handle 5)
2018-12-17T23:03:31.439703148Z	62	PC: 12ab2 \| Close file
2018-12-17T23:03:31.442927181Z	86	PC: 12ada \| Rename file
2018-12-17T23:03:31.461331682Z	60	PC: 12ac2 \| Create or truncate file
2018-12-17T23:03:31.472479125Z	62	PC: 12ab2 \| Close file
2018-12-17T23:03:31.474868547Z	61	PC: 12aef \| Open file (Filename = 'JUIAHAEV.CUK')
2018-12-17T23:03:31.48229743Z	61	PC: 12afb \| Open file (Filename = '�5��s��=')
2018-12-17T23:03:31.489049802Z	66	PC: 12b0b \| Move file pointer
2018-12-17T23:03:31.490775966Z	66	PC: 12b17 \| Move file pointer
2018-12-17T23:03:31.493194122Z	63	PC: 12b26 \| Read file or device (Read 4096 bytes on handle 5)
2018-12-17T23:03:31.495043649Z	64	PC: 12b2f \| Write file or device (Write 0 bytes on handle 6)
2018-12-17T23:03:31.497295853Z	62	PC: 12b3b \| Close file
2018-12-17T23:03:31.499822975Z	62	PC: 12b42 \| Close file
2018-12-17T23:03:31.507338025Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:03:31.508829677Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:03:31.513504637Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:03:31.51478967Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:03:31.515967475Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:03:31.517686563Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:03:31.52423438Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:31.526122131Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:31.534641349Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:03:31.546165453Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:03:31.547816782Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:31.549486589Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:31.551944431Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:03:31.553454529Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:03:31.554991119Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:03:31.557426273Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:03:31.558969869Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:03:31.560558786Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:03:31.563044769Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:03:31.564606824Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:03:31.566168201Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:03:31.568516209Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:03:31.570334761Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:03:31.57206881Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:03:31.574489357Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:03:31.576423363Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:03:31.578072388Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:03:31.580417557Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:03:31.582295822Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:03:31.58390012Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:03:31.586478148Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:03:31.58791822Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:03:31.589285944Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:03:31.591572515Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:03:31.593131496Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:03:31.594574787Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:03:31.596918282Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:03:31.59848734Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:03:31.600033256Z	41	PC: 14086 \| Parse filename
2018-12-17T23:03:31.601706044Z	41	PC: 14094 \| Parse filename
2018-12-17T23:03:31.604201489Z	75	PC: 1409f \| Execute program
2018-12-17T23:03:31.613583514Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:03:31.614953276Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:03:31.617235258Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:03:31.61860173Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:03:31.619908165Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:03:31.622156718Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:03:31.623483783Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:31.624821044Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:31.626917273Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:03:31.628523046Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:03:31.629359279Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:31.630833168Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:31.631743653Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:03:31.632647162Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:03:31.63417732Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:03:31.635109303Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:03:31.635993423Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:03:31.637488496Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:03:31.638434461Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:03:31.639390898Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:03:31.640519307Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:03:31.64197646Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:03:31.642944689Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:03:31.644274314Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:03:31.645518113Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:03:31.646473489Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:03:31.647439866Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:03:31.648868891Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:03:31.649811681Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:03:31.650690311Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:03:31.65210126Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:03:31.653113448Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:03:31.654064572Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:03:31.655665424Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:03:31.656535673Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:03:31.657422802Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:03:31.658849137Z	53	PC: 140cf \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:03:31.659915297Z	37	PC: 140d8 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:03:31.660911612Z	65	PC: 12aa5 \| Delete file (Filename = '��uM�D$')
2018-12-17T23:03:31.680179669Z	86	PC: 12ada \| Rename file
2018-12-17T23:03:31.691017812Z	53	PC: 13fea \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-17T23:03:31.693196206Z	37	PC: 14006 \| Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-17T23:03:31.695375325Z	49	PC: 14021 \| Terminate and stay resident (Return code = '0' \| Memory size = '1105')