Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Uzb.5381

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:03:54.80471111Z	53	PC: 136fa \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:03:54.806922409Z	53	PC: 136fa \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:03:54.809634854Z	53	PC: 136fa \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:03:54.811656944Z	53	PC: 136fa \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:54.813364054Z	53	PC: 136fa \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:03:54.815396946Z	53	PC: 136fa \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:54.817141236Z	53	PC: 136fa \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:03:54.818840683Z	53	PC: 136fa \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:03:54.820908666Z	53	PC: 136fa \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:03:54.823115987Z	53	PC: 136fa \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:03:54.825256644Z	53	PC: 136fa \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:03:54.827851283Z	53	PC: 136fa \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:03:54.830011397Z	53	PC: 136fa \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:03:54.832187995Z	53	PC: 136fa \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:03:54.844277773Z	53	PC: 136fa \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:03:54.846907306Z	53	PC: 136fa \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:03:54.848698789Z	53	PC: 136fa \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:03:54.851857574Z	53	PC: 136fa \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:03:54.85345985Z	53	PC: 136fa \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:03:54.855547279Z	37	PC: 1370f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:03:54.857385674Z	37	PC: 13717 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:03:54.862323198Z	37	PC: 1371f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:54.863610334Z	37	PC: 13727 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:03:54.865383452Z	68	PC: 14371 \| I/O control for devices (Set for = '@�:ø ')
2018-12-17T23:03:54.868528131Z	48	PC: 13f82 \| Get DOS version
2018-12-17T23:03:54.871723006Z	61	PC: 13dc0 \| Open file (Filename = 'TEST.EXE')
2018-12-17T23:03:54.880322436Z	26	PC: 134a5 \| Set disk transfer address
2018-12-17T23:03:54.882311208Z	78	PC: 134b1 \| Find first file
2018-12-17T23:03:54.904252384Z	26	PC: 134a5 \| Set disk transfer address
2018-12-17T23:03:54.906035775Z	78	PC: 134b1 \| Find first file
2018-12-17T23:03:54.91321071Z	26	PC: 134c9 \| Set disk transfer address
2018-12-17T23:03:54.91430301Z	79	PC: 134ce \| Find next file
2018-12-17T23:03:54.917225934Z	26	PC: 134c9 \| Set disk transfer address
2018-12-17T23:03:54.91942922Z	79	PC: 134ce \| Find next file
2018-12-17T23:03:54.922807186Z	26	PC: 134c9 \| Set disk transfer address
2018-12-17T23:03:54.924638088Z	79	PC: 134ce \| Find next file
2018-12-17T23:03:54.929871004Z	26	PC: 134a5 \| Set disk transfer address
2018-12-17T23:03:54.931155003Z	78	PC: 134b1 \| Find first file
2018-12-17T23:03:54.941290916Z	60	PC: 13dc0 \| Create or truncate file
2018-12-17T23:03:54.961045983Z	65	PC: 13f09 \| Delete file (Filename = '�')
2018-12-17T23:03:54.973510892Z	61	PC: 13dc0 \| Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T23:03:54.982087221Z	66	PC: 14470 \| Move file pointer
2018-12-17T23:03:54.985169997Z	66	PC: 1447e \| Move file pointer
2018-12-17T23:03:54.987874466Z	66	PC: 1448c \| Move file pointer
2018-12-17T23:03:54.990089218Z	62	PC: 13e10 \| Close file
2018-12-17T23:03:54.993119854Z	26	PC: 134c9 \| Set disk transfer address
2018-12-17T23:03:54.995010548Z	79	PC: 134ce \| Find next file
2018-12-17T23:03:54.999338393Z	60	PC: 13dc0 \| Create or truncate file
2018-12-17T23:03:55.012953512Z	65	PC: 13f09 \| Delete file (Filename = '�')
2018-12-17T23:03:55.026560642Z	61	PC: 13dc0 \| Open file (Filename = 'C:\DOS\CHKDSK.EXE')
2018-12-17T23:03:55.035552782Z	66	PC: 14470 \| Move file pointer
2018-12-17T23:03:55.038052683Z	66	PC: 1447e \| Move file pointer
2018-12-17T23:03:55.041963644Z	66	PC: 1448c \| Move file pointer
2018-12-17T23:03:55.044301908Z	62	PC: 13e10 \| Close file
2018-12-17T23:03:55.046502316Z	26	PC: 134c9 \| Set disk transfer address
2018-12-17T23:03:55.048885875Z	79	PC: 134ce \| Find next file
2018-12-17T23:03:55.052963457Z	60	PC: 13dc0 \| Create or truncate file
2018-12-17T23:03:55.065530881Z	65	PC: 13f09 \| Delete file (Filename = '�')
2018-12-17T23:03:55.079006552Z	61	PC: 13dc0 \| Open file (Filename = 'C:\DOS\DEBUG.EXE')
2018-12-17T23:03:55.087263112Z	66	PC: 14470 \| Move file pointer
2018-12-17T23:03:55.089465766Z	66	PC: 1447e \| Move file pointer
2018-12-17T23:03:55.092554199Z	66	PC: 1448c \| Move file pointer
2018-12-17T23:03:55.094365969Z	62	PC: 13e10 \| Close file
2018-12-17T23:03:55.096782389Z	26	PC: 134c9 \| Set disk transfer address
2018-12-17T23:03:55.098352583Z	79	PC: 134ce \| Find next file
2018-12-17T23:03:55.102857411Z	60	PC: 13dc0 \| Create or truncate file
2018-12-17T23:03:55.115221379Z	65	PC: 13f09 \| Delete file (Filename = '�')
2018-12-17T23:03:55.126890897Z	61	PC: 13dc0 \| Open file (Filename = 'C:\DOS\EXPAND.EXE')
2018-12-17T23:03:55.135711141Z	66	PC: 14470 \| Move file pointer
2018-12-17T23:03:55.138666877Z	66	PC: 1447e \| Move file pointer
2018-12-17T23:03:55.140637108Z	66	PC: 1448c \| Move file pointer
2018-12-17T23:03:55.143721472Z	62	PC: 13e10 \| Close file
2018-12-17T23:03:55.14619787Z	26	PC: 134c9 \| Set disk transfer address
2018-12-17T23:03:55.147804504Z	79	PC: 134ce \| Find next file
2018-12-17T23:03:55.15356832Z	60	PC: 13dc0 \| Create or truncate file
2018-12-17T23:03:55.165886331Z	65	PC: 13f09 \| Delete file (Filename = '�')
2018-12-17T23:03:55.177785022Z	61	PC: 13dc0 \| Open file (Filename = 'C:\DOS\FDISK.EXE')
2018-12-17T23:03:55.186463499Z	66	PC: 14470 \| Move file pointer
2018-12-17T23:03:55.188123624Z	66	PC: 1447e \| Move file pointer
2018-12-17T23:03:55.189968792Z	66	PC: 1448c \| Move file pointer
2018-12-17T23:03:55.19272597Z	66	PC: 14470 \| Move file pointer
2018-12-17T23:03:55.194685937Z	66	PC: 1447e \| Move file pointer
2018-12-17T23:03:55.196379734Z	66	PC: 1448c \| Move file pointer
2018-12-17T23:03:55.199290868Z	66	PC: 14470 \| Move file pointer
2018-12-17T23:03:55.201096569Z	66	PC: 1447e \| Move file pointer
2018-12-17T23:03:55.203007086Z	66	PC: 1448c \| Move file pointer
2018-12-17T23:03:55.206631935Z	66	PC: 13ef2 \| Move file pointer
2018-12-17T23:03:55.20851302Z	63	PC: 13e52 \| Read file or device (Read 1 bytes on handle 11)
2018-12-17T23:03:55.216421131Z	63	PC: 13e52 \| Read file or device (Read 1 bytes on handle 11)
2018-12-17T23:03:55.221273755Z	63	PC: 13e52 \| Read file or device (Read 1 bytes on handle 11)
2018-12-17T23:03:55.224499621Z	63	PC: 13e52 \| Read file or device (Read 1 bytes on handle 11)
2018-12-17T23:03:55.229054054Z	62	PC: 13e10 \| Close file
2018-12-17T23:03:55.232526147Z	26	PC: 13635 \| Set disk transfer address
2018-12-17T23:03:55.235470605Z	61	PC: 13dc0 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:03:55.243243183Z	63	PC: 13e93 \| Read file or device (Read 5377 bytes on handle 11)
2018-12-17T23:03:55.252285701Z	62	PC: 13e10 \| Close file
2018-12-17T23:03:55.255625053Z	60	PC: 13dc0 \| Create or truncate file
2018-12-17T23:03:55.268380945Z	61	PC: 13dc0 \| Open file (Filename = 'C:\DOS\FDISK.EXE')
2018-12-17T23:03:55.276613675Z	64	PC: 13e93 \| Write file or device (Write 5377 bytes on handle 11)
2018-12-17T23:03:55.288455425Z	63	PC: 13e93 \| Read file or device (Read 5377 bytes on handle 12)
2018-12-17T23:03:55.297105385Z	64	PC: 13e93 \| Write file or device (Write 5377 bytes on handle 11)
2018-12-17T23:03:55.307475871Z	63	PC: 13e93 \| Read file or device (Read 5377 bytes on handle 12)
2018-12-17T23:03:55.317600891Z	64	PC: 13e93 \| Write file or device (Write 5377 bytes on handle 11)
2018-12-17T23:03:55.327652377Z	63	PC: 13e93 \| Read file or device (Read 5377 bytes on handle 12)
2018-12-17T23:03:55.336226203Z	64	PC: 13e93 \| Write file or device (Write 5377 bytes on handle 11)
2018-12-17T23:03:55.347862047Z	63	PC: 13e93 \| Read file or device (Read 5377 bytes on handle 12)
2018-12-17T23:03:55.35657929Z	64	PC: 13e93 \| Write file or device (Write 5377 bytes on handle 11)
2018-12-17T23:03:55.367020613Z	63	PC: 13e93 \| Read file or device (Read 5377 bytes on handle 12)
2018-12-17T23:03:55.377543349Z	64	PC: 13e93 \| Write file or device (Write 5377 bytes on handle 11)
2018-12-17T23:03:55.387742836Z	63	PC: 13e93 \| Read file or device (Read 5377 bytes on handle 12)
2018-12-17T23:03:55.395493724Z	64	PC: 13e93 \| Write file or device (Write 2451 bytes on handle 11)
2018-12-17T23:03:55.406857133Z	63	PC: 13e93 \| Read file or device (Read 5377 bytes on handle 12)
2018-12-17T23:03:55.409541747Z	64	PC: 13e93 \| Write file or device (Write 4 bytes on handle 11)
2018-12-17T23:03:55.413725595Z	62	PC: 13e10 \| Close file
2018-12-17T23:03:55.425382596Z	62	PC: 13e10 \| Close file
2018-12-17T23:03:55.428028291Z	65	PC: 13f09 \| Delete file (Filename = 'C:\DOS\FDISK.EXE')
2018-12-17T23:03:55.770594234Z	86	PC: 13f4d \| Rename file
2018-12-17T23:03:55.777810422Z	64	PC: 13b18 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T23:03:55.780368815Z	37	PC: 13851 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:03:55.782359164Z	37	PC: 13851 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:03:55.785189037Z	37	PC: 13851 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:03:55.787114044Z	37	PC: 13851 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:55.788994056Z	37	PC: 13851 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:03:55.791824726Z	37	PC: 13851 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:55.79372913Z	37	PC: 13851 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:03:55.795644907Z	37	PC: 13851 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:03:55.798542878Z	37	PC: 13851 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:03:55.800108821Z	37	PC: 13851 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:03:55.801662271Z	37	PC: 13851 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:03:55.804039139Z	37	PC: 13851 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:03:55.805572609Z	37	PC: 13851 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:03:55.807051057Z	37	PC: 13851 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:03:55.809529234Z	37	PC: 13851 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:03:55.811274981Z	37	PC: 13851 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:03:55.813044265Z	37	PC: 13851 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:03:55.815005053Z	37	PC: 13851 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:03:55.817222184Z	37	PC: 13851 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:03:55.818752969Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.821254451Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.824985419Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.827956601Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.831891065Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.836085997Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.839043449Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.841904255Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.845051286Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.847950387Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.850994935Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.854481597Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.857539327Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.860525239Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.864366073Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.867371976Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.870376747Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.873938491Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.876773482Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.879526522Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.882979387Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.88499084Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.886674154Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.888965349Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.891284047Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.893143334Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.895529148Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.897214584Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.89889415Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.901196824Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.903264713Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.905868972Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.909153121Z	6	PC: 138d8 \| Direct console I/O
2018-12-17T23:03:55.913814252Z	76	PC: 13890 \| Terminate with return code (Return code = '17')