Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Nover.9312.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:03:56.973827077Z	53	PC: 13e1a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:03:56.976086684Z	53	PC: 13e1a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:03:56.977403928Z	53	PC: 13e1a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:03:56.978663772Z	53	PC: 13e1a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:56.980306064Z	53	PC: 13e1a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:03:56.981999251Z	53	PC: 13e1a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:56.983482857Z	53	PC: 13e1a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:03:56.997177438Z	53	PC: 13e1a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:03:56.998879897Z	53	PC: 13e1a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:03:57.000089716Z	53	PC: 13e1a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:03:57.001371172Z	53	PC: 13e1a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:03:57.003140002Z	53	PC: 13e1a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:03:57.004783321Z	53	PC: 13e1a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:03:57.006274407Z	53	PC: 13e1a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:03:57.012139882Z	53	PC: 13e1a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:03:57.013611227Z	53	PC: 13e1a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:03:57.015117428Z	53	PC: 13e1a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:03:57.017248383Z	53	PC: 13e1a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:03:57.018891226Z	53	PC: 13e1a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:03:57.020494754Z	37	PC: 13e2f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:03:57.022642195Z	37	PC: 13e37 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:03:57.023999604Z	37	PC: 13e3f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:57.02512166Z	37	PC: 13e47 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:03:57.027505016Z	68	PC: 1498f \| I/O control for devices (Set for = '')
2018-12-17T23:03:57.03001273Z	53	PC: 13c5f \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:03:57.032544043Z	37	PC: 13c7b \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:03:57.035010789Z	53	PC: 13c5f \| Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:03:57.0370194Z	37	PC: 13c7b \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:03:57.038322878Z	53	PC: 13c5f \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:03:57.039802149Z	37	PC: 13c7b \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:03:57.042090318Z	51	PC: 13b4d \| Get or set Ctrl-Break
2018-12-17T23:03:57.043978859Z	48	PC: 146a2 \| Get DOS version
2018-12-17T23:03:57.046656292Z	48	PC: 146a2 \| Get DOS version
2018-12-17T23:03:57.049453087Z	26	PC: 13bfe \| Set disk transfer address
2018-12-17T23:03:57.052614543Z	78	PC: 13c0a \| Find first file
2018-12-17T23:03:57.06047904Z	67	PC: 13b87 \| Get or set file attributes
2018-12-17T23:03:57.078097305Z	60	PC: 144e0 \| Create or truncate file
2018-12-17T23:03:57.095871669Z	65	PC: 14629 \| Delete file (Filename = 'A:\�')
2018-12-17T23:03:57.107073228Z	61	PC: 144e0 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:03:57.119578559Z	66	PC: 14612 \| Move file pointer
2018-12-17T23:03:57.121394555Z	63	PC: 145b3 \| Read file or device (Read 5 bytes on handle 6)
2018-12-17T23:03:57.124520527Z	62	PC: 14530 \| Close file
2018-12-17T23:03:57.127366871Z	61	PC: 144e0 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:03:57.134855646Z	63	PC: 145b3 \| Read file or device (Read 9312 bytes on handle 6)
2018-12-17T23:03:57.142588579Z	62	PC: 14530 \| Close file
2018-12-17T23:03:57.145938944Z	26	PC: 13bfe \| Set disk transfer address
2018-12-17T23:03:57.147255412Z	78	PC: 13c0a \| Find first file
2018-12-17T23:03:57.153714434Z	67	PC: 13b87 \| Get or set file attributes
2018-12-17T23:03:57.16456677Z	61	PC: 144e0 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:03:57.17140788Z	62	PC: 14530 \| Close file
2018-12-17T23:03:57.174337228Z	67	PC: 13b87 \| Get or set file attributes
2018-12-17T23:03:57.18488367Z	26	PC: 13c22 \| Set disk transfer address
2018-12-17T23:03:57.186500324Z	79	PC: 13c27 \| Find next file
2018-12-17T23:03:57.189742628Z	67	PC: 13b87 \| Get or set file attributes
2018-12-17T23:03:57.203203648Z	61	PC: 144e0 \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:03:57.210317912Z	62	PC: 14530 \| Close file
2018-12-17T23:03:57.213225631Z	67	PC: 13b87 \| Get or set file attributes
2018-12-17T23:03:57.220282668Z	26	PC: 13c22 \| Set disk transfer address
2018-12-17T23:03:57.221296948Z	79	PC: 13c27 \| Find next file
2018-12-17T23:03:57.224223826Z	67	PC: 13b87 \| Get or set file attributes
2018-12-17T23:03:57.233876114Z	61	PC: 144e0 \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:03:57.238289203Z	62	PC: 14530 \| Close file
2018-12-17T23:03:57.240135027Z	67	PC: 13b87 \| Get or set file attributes
2018-12-17T23:03:57.249985745Z	26	PC: 13c22 \| Set disk transfer address
2018-12-17T23:03:57.251344621Z	79	PC: 13c27 \| Find next file
2018-12-17T23:03:57.254579373Z	67	PC: 13b87 \| Get or set file attributes
2018-12-17T23:03:57.267425533Z	61	PC: 144e0 \| Open file (Filename = 'PHANG.COM')
2018-12-17T23:03:57.275449277Z	62	PC: 14530 \| Close file
2018-12-17T23:03:57.278466118Z	67	PC: 13b87 \| Get or set file attributes
2018-12-17T23:03:57.288326701Z	26	PC: 13c22 \| Set disk transfer address
2018-12-17T23:03:57.290341106Z	79	PC: 13c27 \| Find next file
2018-12-17T23:03:57.293554309Z	67	PC: 13b87 \| Get or set file attributes
2018-12-17T23:03:57.303396564Z	61	PC: 144e0 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:03:57.311264259Z	62	PC: 14530 \| Close file
2018-12-17T23:03:57.314302544Z	67	PC: 13b87 \| Get or set file attributes
2018-12-17T23:03:57.326904872Z	26	PC: 13c22 \| Set disk transfer address
2018-12-17T23:03:57.329032068Z	79	PC: 13c27 \| Find next file
2018-12-17T23:03:57.332275401Z	67	PC: 13b87 \| Get or set file attributes
2018-12-17T23:03:57.342139357Z	61	PC: 144e0 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T23:03:57.349807563Z	62	PC: 14530 \| Close file
2018-12-17T23:03:57.353371Z	67	PC: 13b87 \| Get or set file attributes
2018-12-17T23:03:57.36309943Z	26	PC: 13c22 \| Set disk transfer address
2018-12-17T23:03:57.365051553Z	79	PC: 13c27 \| Find next file
2018-12-17T23:03:57.36821081Z	67	PC: 13b87 \| Get or set file attributes
2018-12-17T23:03:57.378201123Z	61	PC: 144e0 \| Open file (Filename = 'PAH.COM')
2018-12-17T23:03:57.391054517Z	62	PC: 14530 \| Close file
2018-12-17T23:03:57.394142026Z	67	PC: 13b87 \| Get or set file attributes
2018-12-17T23:03:57.404371531Z	26	PC: 13c22 \| Set disk transfer address
2018-12-17T23:03:57.406631374Z	79	PC: 13c27 \| Find next file
2018-12-17T23:03:57.413535215Z	26	PC: 13bfe \| Set disk transfer address
2018-12-17T23:03:57.414760852Z	78	PC: 13c0a \| Find first file
2018-12-17T23:03:57.422254856Z	67	PC: 13b87 \| Get or set file attributes
2018-12-17T23:03:57.429422722Z	61	PC: 144e0 \| Open file (Filename = 'TEST.EXE')
2018-12-17T23:03:57.433655948Z	62	PC: 14530 \| Close file
2018-12-17T23:03:57.436223396Z	67	PC: 13b87 \| Get or set file attributes
2018-12-17T23:03:57.444138873Z	26	PC: 13c22 \| Set disk transfer address
2018-12-17T23:03:57.445574694Z	79	PC: 13c27 \| Find next file
2018-12-17T23:03:57.452011716Z	26	PC: 13bfe \| Set disk transfer address
2018-12-17T23:03:57.45397165Z	78	PC: 13c0a \| Find first file
2018-12-17T23:03:57.459323422Z	67	PC: 13b87 \| Get or set file attributes
2018-12-17T23:03:57.789061915Z	61	PC: 144e0 \| Open file (Filename = 'c:COMMAND.COM')
2018-12-17T23:03:57.79582577Z	66	PC: 14612 \| Move file pointer
2018-12-17T23:03:57.797581449Z	63	PC: 145b3 \| Read file or device (Read 5 bytes on handle 6)
2018-12-17T23:03:57.803613324Z	66	PC: 14612 \| Move file pointer
2018-12-17T23:03:57.805890001Z	63	PC: 145b3 \| Read file or device (Read 2 bytes on handle 6)
2018-12-17T23:03:57.809337992Z	66	PC: 14612 \| Move file pointer
2018-12-17T23:03:57.811690742Z	63	PC: 145b3 \| Read file or device (Read 2 bytes on handle 6)
2018-12-17T23:03:57.814753753Z	66	PC: 14612 \| Move file pointer
2018-12-17T23:03:57.817187661Z	63	PC: 145b3 \| Read file or device (Read 2 bytes on handle 6)
2018-12-17T23:03:57.82167602Z	62	PC: 14530 \| Close file
2018-12-17T23:03:57.82521806Z	67	PC: 13b87 \| Get or set file attributes
2018-12-17T23:03:57.837025224Z	26	PC: 13c22 \| Set disk transfer address
2018-12-17T23:03:57.839334434Z	79	PC: 13c27 \| Find next file
2018-12-17T23:03:57.843181185Z	26	PC: 13bfe \| Set disk transfer address
2018-12-17T23:03:57.845876163Z	78	PC: 13c0a \| Find first file
2018-12-17T23:03:57.85374399Z	26	PC: 13bfe \| Set disk transfer address
2018-12-17T23:03:57.855855585Z	78	PC: 13c0a \| Find first file
2018-12-17T23:03:57.859336761Z	26	PC: 13bfe \| Set disk transfer address
2018-12-17T23:03:57.86060527Z	78	PC: 13c0a \| Find first file
2018-12-17T23:03:57.865206614Z	37	PC: 13c7b \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:03:57.866562329Z	37	PC: 13c7b \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:03:57.867906442Z	37	PC: 13c7b \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:03:57.87020417Z	26	PC: 13bfe \| Set disk transfer address
2018-12-17T23:03:57.871472549Z	78	PC: 13c0a \| Find first file
2018-12-17T23:03:57.878027371Z	61	PC: 144e0 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:03:57.886185127Z	66	PC: 14612 \| Move file pointer
2018-12-17T23:03:57.887905839Z	63	PC: 145b3 \| Read file or device (Read 9312 bytes on handle 6)
2018-12-17T23:03:57.896060719Z	66	PC: 14612 \| Move file pointer
2018-12-17T23:03:57.898276382Z	64	PC: 14511 \| Write file or device (Write 0 bytes on handle 6)
2018-12-17T23:03:57.906479583Z	66	PC: 14612 \| Move file pointer
2018-12-17T23:03:57.907907962Z	64	PC: 145b3 \| Write file or device (Write 9312 bytes on handle 6)
2018-12-17T23:03:57.918550102Z	66	PC: 14612 \| Move file pointer
2018-12-17T23:03:57.92062017Z	63	PC: 145b3 \| Read file or device (Read 111 bytes on handle 6)
2018-12-17T23:03:57.927760522Z	66	PC: 14612 \| Move file pointer
2018-12-17T23:03:57.930230303Z	63	PC: 145b3 \| Read file or device (Read 111 bytes on handle 6)
2018-12-17T23:03:57.937091639Z	66	PC: 14612 \| Move file pointer
2018-12-17T23:03:57.938831691Z	64	PC: 145b3 \| Write file or device (Write 111 bytes on handle 6)
2018-12-17T23:03:57.947894291Z	66	PC: 14612 \| Move file pointer
2018-12-17T23:03:57.949457394Z	64	PC: 145b3 \| Write file or device (Write 111 bytes on handle 6)
2018-12-17T23:03:57.952282787Z	66	PC: 14612 \| Move file pointer
2018-12-17T23:03:57.954097903Z	66	PC: 14612 \| Move file pointer
2018-12-17T23:03:57.956177487Z	63	PC: 145b3 \| Read file or device (Read 111 bytes on handle 6)
2018-12-17T23:03:57.958711668Z	66	PC: 14612 \| Move file pointer
2018-12-17T23:03:57.960186641Z	64	PC: 145b3 \| Write file or device (Write 111 bytes on handle 6)
2018-12-17T23:03:57.964048329Z	66	PC: 14612 \| Move file pointer
2018-12-17T23:03:57.965480185Z	87	PC: 13bce \| Get or set file date and time
2018-12-17T23:03:57.967073322Z	67	PC: 13b87 \| Get or set file attributes
2018-12-17T23:03:57.978537845Z	62	PC: 14530 \| Close file
2018-12-17T23:03:57.986803002Z	53	PC: 13d98 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:03:57.987958915Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:03:57.989441801Z	53	PC: 13d98 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:03:57.990463138Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:03:57.991736633Z	53	PC: 13d98 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:03:57.993425188Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:03:57.994510546Z	53	PC: 13d98 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:57.995640632Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:57.997130726Z	53	PC: 13d98 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:03:57.998154839Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:03:57.999166154Z	53	PC: 13d98 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:58.00241348Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:58.00364819Z	53	PC: 13d98 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:03:58.004809438Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:03:58.007172874Z	53	PC: 13d98 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:03:58.00830726Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:03:58.009348212Z	53	PC: 13d98 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:03:58.010984674Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:03:58.012093619Z	53	PC: 13d98 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:03:58.013256375Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:03:58.015947647Z	53	PC: 13d98 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:03:58.017079801Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:03:58.018748148Z	53	PC: 13d98 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:03:58.021386454Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:03:58.022902258Z	53	PC: 13d98 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:03:58.024647922Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:03:58.02690209Z	53	PC: 13d98 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:03:58.028515931Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:03:58.031341699Z	53	PC: 13d98 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:03:58.032786811Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:03:58.034298927Z	53	PC: 13d98 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:03:58.03701094Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:03:58.038440555Z	53	PC: 13d98 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:03:58.039715806Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:03:58.041489283Z	53	PC: 13d98 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:03:58.042940959Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:03:58.044495736Z	53	PC: 13d98 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:03:58.046367769Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:03:58.047389409Z	41	PC: 13d4f \| Parse filename
2018-12-17T23:03:58.048514839Z	41	PC: 13d5d \| Parse filename
2018-12-17T23:03:58.050006358Z	75	PC: 13d68 \| Execute program