Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Inna.5260

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:04:35.113659572Z 53 PC: 138b2 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:35.115493995Z 53 PC: 138b2 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:35.117299938Z 53 PC: 138b2 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:35.118953997Z 53 PC: 138b2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:35.120507628Z 53 PC: 138b2 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:35.122946926Z 53 PC: 138b2 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:35.124271248Z 53 PC: 138b2 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:35.125715045Z 53 PC: 138b2 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:35.127496889Z 53 PC: 138b2 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:35.129003168Z 53 PC: 138b2 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:35.130708091Z 53 PC: 138b2 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:35.132566586Z 53 PC: 138b2 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:35.134032891Z 53 PC: 138b2 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:35.135493057Z 53 PC: 138b2 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:35.144781737Z 53 PC: 138b2 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:35.150752641Z 53 PC: 138b2 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:35.152235812Z 53 PC: 138b2 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:35.154620045Z 53 PC: 138b2 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:35.155863878Z 53 PC: 138b2 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:35.157769337Z 37 PC: 138c7 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:35.159711994Z 37 PC: 138cf | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:35.16122425Z 37 PC: 138d7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:35.162512431Z 37 PC: 138df | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:35.165085534Z 68 PC: 13c4f | I/O control for devices (Set for = '')
2018-12-17T23:04:35.168170763Z 53 PC: 1369b | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:04:35.170012895Z 37 PC: 136b7 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:04:35.174331281Z 48 PC: 1447a | Get DOS version
2018-12-17T23:04:35.182019856Z 61 PC: 1423a | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:04:35.188924175Z 63 PC: 1430d | Read file or device (Read 5252 bytes on handle 5)
2018-12-17T23:04:35.19750118Z 62 PC: 1428a | Close file
2018-12-17T23:04:35.200066046Z 26 PC: 1363b | Set disk transfer address
2018-12-17T23:04:35.204565246Z 78 PC: 13647 | Find first file
2018-12-17T23:04:35.218425779Z 26 PC: 1365f | Set disk transfer address
2018-12-17T23:04:35.219520401Z 79 PC: 13664 | Find next file
2018-12-17T23:04:35.222702567Z 26 PC: 1365f | Set disk transfer address
2018-12-17T23:04:35.232420693Z 79 PC: 13664 | Find next file
2018-12-17T23:04:35.235774757Z 26 PC: 1365f | Set disk transfer address
2018-12-17T23:04:35.237562411Z 79 PC: 13664 | Find next file
2018-12-17T23:04:35.241733536Z 26 PC: 1365f | Set disk transfer address
2018-12-17T23:04:35.243574067Z 79 PC: 13664 | Find next file
2018-12-17T23:04:35.247000395Z 26 PC: 1365f | Set disk transfer address
2018-12-17T23:04:35.248470638Z 79 PC: 13664 | Find next file
2018-12-17T23:04:35.251695207Z 26 PC: 1365f | Set disk transfer address
2018-12-17T23:04:35.25274985Z 79 PC: 13664 | Find next file
2018-12-17T23:04:35.256574644Z 26 PC: 1365f | Set disk transfer address
2018-12-17T23:04:35.258047306Z 79 PC: 13664 | Find next file
2018-12-17T23:04:35.261578506Z 26 PC: 1365f | Set disk transfer address
2018-12-17T23:04:35.264940644Z 79 PC: 13664 | Find next file
2018-12-17T23:04:35.268209602Z 26 PC: 1365f | Set disk transfer address
2018-12-17T23:04:35.269252139Z 79 PC: 13664 | Find next file
2018-12-17T23:04:35.272371337Z 26 PC: 1365f | Set disk transfer address
2018-12-17T23:04:35.274331036Z 79 PC: 13664 | Find next file
2018-12-17T23:04:35.277994896Z 26 PC: 1365f | Set disk transfer address
2018-12-17T23:04:35.279576352Z 79 PC: 13664 | Find next file
2018-12-17T23:04:35.283318442Z 26 PC: 1365f | Set disk transfer address
2018-12-17T23:04:35.284544301Z 79 PC: 13664 | Find next file
2018-12-17T23:04:35.286977641Z 26 PC: 1365f | Set disk transfer address
2018-12-17T23:04:35.288874275Z 79 PC: 13664 | Find next file
2018-12-17T23:04:35.291093071Z 26 PC: 1365f | Set disk transfer address
2018-12-17T23:04:35.291945836Z 79 PC: 13664 | Find next file
2018-12-17T23:04:35.294643203Z 67 PC: 135c4 | Get or set file attributes
2018-12-17T23:04:35.307130677Z 61 PC: 1423a | Open file (Filename = '\TEST.EXE')
2018-12-17T23:04:35.329888943Z 66 PC: 1436c | Move file pointer
2018-12-17T23:04:35.332652376Z 63 PC: 1430d | Read file or device (Read 8 bytes on handle 5)
2018-12-17T23:04:35.340169253Z 87 PC: 1360b | Get or set file date and time
2018-12-17T23:04:35.341982231Z 67 PC: 135c4 | Get or set file attributes
2018-12-17T23:04:35.352558411Z 62 PC: 1428a | Close file
2018-12-17T23:04:35.368184278Z 26 PC: 1365f | Set disk transfer address
2018-12-17T23:04:35.372634191Z 79 PC: 13664 | Find next file
2018-12-17T23:04:35.375943692Z 44 PC: 13559 | Get time 0x13559: xor ah, ah
0x1355b: mov al, dl
0x1355d: les di, ptr [bp + 6]
0x13560: stosw word ptr es:[di], ax
0x13561: mov al, dh
0x13563: les di, ptr [bp + 0xa]
0x13566: stosw word ptr es:[di], ax
0x13567: mov al, cl
0x13569: les di, ptr [bp + 0xe]
0x1356c: stosw word ptr es:[di], ax
0x1356d: mov al, ch
0x1356f: les di, ptr [bp + 0x12]
0x13572: stosw word ptr es:[di], ax
0x13573: pop bp
0x13574: retf 0x10
0x13577: push bp
0x13578: mov bp, sp
0x1357a: mov ch, byte ptr [bp + 0xc]
0x1357d: mov cl, byte ptr [bp + 0xa]
0x13580: mov dh, byte ptr [bp + 8]
2018-12-17T23:04:35.380425151Z 42 PC: 13523 | Get date 0x13523: xor ah, ah
0x13525: les di, ptr [bp + 6]
0x13528: stosw word ptr es:[di], ax
0x13529: mov al, dl
0x1352b: les di, ptr [bp + 0xa]
0x1352e: stosw word ptr es:[di], ax
0x1352f: mov al, dh
0x13531: les di, ptr [bp + 0xe]
0x13534: stosw word ptr es:[di], ax
0x13535: xchg ax, cx
0x13536: les di, ptr [bp + 0x12]
0x13539: stosw word ptr es:[di], ax
0x1353a: pop bp
0x1353b: retf 0x10
0x1353e: push bp
0x1353f: mov bp, sp
0x13541: mov cx, word ptr [bp + 0xa]
0x13544: mov dh, byte ptr [bp + 8]
0x13547: mov dl, byte ptr [bp + 6]
0x1354a: mov ah, 0x2b
2018-12-17T23:04:35.385717328Z 37 PC: 136b7 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:04:35.388513736Z 26 PC: 1363b | Set disk transfer address
2018-12-17T23:04:35.390045507Z 78 PC: 13647 | Find first file
2018-12-17T23:04:35.399748701Z 67 PC: 135c4 | Get or set file attributes
2018-12-17T23:04:35.410807616Z 61 PC: 1423a | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:04:35.418262454Z 66 PC: 143d6 | Move file pointer
2018-12-17T23:04:35.419976265Z 66 PC: 143e4 | Move file pointer
2018-12-17T23:04:35.422470474Z 66 PC: 143f2 | Move file pointer
2018-12-17T23:04:35.424560065Z 66 PC: 1436c | Move file pointer
2018-12-17T23:04:35.426420098Z 63 PC: 1430d | Read file or device (Read 5252 bytes on handle 5)
2018-12-17T23:04:35.435290603Z 66 PC: 1436c | Move file pointer
2018-12-17T23:04:35.437270646Z 64 PC: 1426b | Write file or device (Write 0 bytes on handle 5)
2018-12-17T23:04:35.445347177Z 66 PC: 1436c | Move file pointer
2018-12-17T23:04:35.448162601Z 64 PC: 1430d | Write file or device (Write 5252 bytes on handle 5)
2018-12-17T23:04:35.45692151Z 87 PC: 1360b | Get or set file date and time
2018-12-17T23:04:35.459032454Z 67 PC: 135c4 | Get or set file attributes
2018-12-17T23:04:35.47119636Z 62 PC: 1428a | Close file
2018-12-17T23:04:35.479051844Z 53 PC: 136cd | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:35.480437736Z 37 PC: 136d6 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:35.481990627Z 53 PC: 136cd | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:35.4839455Z 37 PC: 136d6 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:35.485326966Z 53 PC: 136cd | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:35.487031446Z 37 PC: 136d6 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:35.489247189Z 53 PC: 136cd | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:35.490638655Z 37 PC: 136d6 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:35.492028679Z 53 PC: 136cd | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:35.494401685Z 37 PC: 136d6 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:35.495736964Z 53 PC: 136cd | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:35.497102561Z 37 PC: 136d6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:35.499452476Z 53 PC: 136cd | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:35.500811926Z 37 PC: 136d6 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:35.502124618Z 53 PC: 136cd | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:35.504494749Z 37 PC: 136d6 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:35.505832009Z 53 PC: 136cd | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:35.507177387Z 37 PC: 136d6 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:35.509303468Z 53 PC: 136cd | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:35.511015817Z 37 PC: 136d6 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:35.513357409Z 53 PC: 136cd | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:35.515409479Z 37 PC: 136d6 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:35.517063318Z 53 PC: 136cd | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:35.518421806Z 37 PC: 136d6 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:35.520420981Z 53 PC: 136cd | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:35.521618792Z 37 PC: 136d6 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:35.522667103Z 53 PC: 136cd | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:35.524394172Z 37 PC: 136d6 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:35.52546944Z 53 PC: 136cd | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:35.526517791Z 37 PC: 136d6 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:35.527714863Z 53 PC: 136cd | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:35.529463765Z 37 PC: 136d6 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:35.530483504Z 53 PC: 136cd | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:35.531856477Z 37 PC: 136d6 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:35.533776435Z 53 PC: 136cd | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:35.536182117Z 37 PC: 136d6 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:35.537419401Z 53 PC: 136cd | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:35.539508112Z 37 PC: 136d6 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:35.541401743Z 41 PC: 13756 | Parse filename
2018-12-17T23:04:35.543164912Z 41 PC: 13764 | Parse filename
2018-12-17T23:04:35.545471473Z 75 PC: 1376f | Execute program
2018-12-17T23:04:35.566376679Z 80 PC: 19959 | Set current PSP
2018-12-17T23:04:35.567397189Z 48 PC: 1995e | Get DOS version
2018-12-17T23:04:35.569458197Z 99 PC: 20140 | Get DBCS lead byte table pointer
2018-12-17T23:04:35.572148152Z 101 PC: 199e4 | Get extended country info
2018-12-17T23:04:35.575034959Z 99 PC: 199ea | Get DBCS lead byte table pointer
2018-12-17T23:04:35.576647138Z 74 PC: 19a4c | Reallocate memory
2018-12-17T23:04:35.578221471Z 25 PC: 19a83 | Get default drive
2018-12-17T23:04:35.580077336Z 37 PC: 19543 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:04:35.581400011Z 37 PC: 1954a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:35.582738154Z 37 PC: 19551 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:35.587786498Z 74 PC: 186ec | Reallocate memory
2018-12-17T23:04:35.589573449Z 72 PC: 1872d | Allocate memory
2018-12-17T23:04:35.591326858Z 72 PC: 18765 | Allocate memory
2018-12-17T23:04:35.594507065Z 72 PC: 1876d | Allocate memory