Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Spawn.5230.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:50:33.696450698Z 53 PC: 138c2 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:50:33.698803308Z 53 PC: 138c2 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:50:33.699619455Z 53 PC: 138c2 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:50:33.70071616Z 53 PC: 138c2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:50:33.702161504Z 53 PC: 138c2 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:50:33.703142122Z 53 PC: 138c2 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:50:33.7041714Z 53 PC: 138c2 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:50:33.705665588Z 53 PC: 138c2 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:50:33.706927838Z 53 PC: 138c2 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:50:33.70805595Z 53 PC: 138c2 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:50:33.709513056Z 53 PC: 138c2 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:50:33.710542626Z 53 PC: 138c2 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:50:33.711524337Z 53 PC: 138c2 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:50:33.712698165Z 53 PC: 138c2 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:50:33.713768849Z 53 PC: 138c2 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:50:33.7147281Z 53 PC: 138c2 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:50:33.715655043Z 53 PC: 138c2 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:50:33.716680566Z 53 PC: 138c2 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:50:33.717611955Z 53 PC: 138c2 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:50:33.718542277Z 37 PC: 138d7 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:50:33.719924658Z 37 PC: 138df | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:50:33.720836969Z 37 PC: 138e7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:50:33.721757454Z 37 PC: 138ef | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:50:33.723507243Z 68 PC: 13c5f | I/O control for devices (Set for = '')
2018-12-17T21:50:33.724518236Z 53 PC: 13773 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:50:33.72528492Z 37 PC: 1378f | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:50:33.726532912Z 53 PC: 13773 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:50:33.727318762Z 37 PC: 1378f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:50:33.728155264Z 65 PC: 144fc | Delete file (Filename = 'temp0666.$$$')
2018-12-17T21:50:33.732148302Z 48 PC: 14567 | Get DOS version
2018-12-17T21:50:33.733097205Z 61 PC: 14327 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:50:33.73739226Z 66 PC: 14459 | Move file pointer
2018-12-17T21:50:33.738746372Z 63 PC: 143fa | Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:50:33.739954002Z 62 PC: 14377 | Close file
2018-12-17T21:50:33.741062558Z 25 PC: 145f4 | Get default drive
2018-12-17T21:50:33.742318745Z 71 PC: 14607 | Get current directory
2018-12-17T21:50:33.744605901Z 48 PC: 14567 | Get DOS version
2018-12-17T21:50:33.74599377Z 14 PC: 1464d | Set default drive (Drive = 'C')
2018-12-17T21:50:33.747262629Z 25 PC: 14651 | Get default drive
2018-12-17T21:50:33.748662658Z 26 PC: 13713 | Set disk transfer address
2018-12-17T21:50:33.749560098Z 78 PC: 1371f | Find first file
2018-12-17T21:50:33.75474224Z 26 PC: 13713 | Set disk transfer address
2018-12-17T21:50:33.756016528Z 78 PC: 1371f | Find first file
2018-12-17T21:50:33.759319657Z 67 PC: 136bb | Get or set file attributes
2018-12-17T21:50:33.762312462Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:33.76337112Z 79 PC: 1373c | Find next file
2018-12-17T21:50:33.765089919Z 67 PC: 136bb | Get or set file attributes
2018-12-17T21:50:33.768151913Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:33.769216582Z 79 PC: 1373c | Find next file
2018-12-17T21:50:33.771784133Z 67 PC: 136bb | Get or set file attributes
2018-12-17T21:50:33.776725463Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:33.778230294Z 79 PC: 1373c | Find next file
2018-12-17T21:50:33.779974086Z 67 PC: 136bb | Get or set file attributes
2018-12-17T21:50:33.783183262Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:33.784315625Z 79 PC: 1373c | Find next file
2018-12-17T21:50:33.786165008Z 67 PC: 136bb | Get or set file attributes
2018-12-17T21:50:33.789226773Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:33.790344922Z 79 PC: 1373c | Find next file
2018-12-17T21:50:33.792032921Z 67 PC: 136bb | Get or set file attributes
2018-12-17T21:50:33.795260491Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:33.796380556Z 79 PC: 1373c | Find next file
2018-12-17T21:50:33.798101596Z 67 PC: 136bb | Get or set file attributes
2018-12-17T21:50:33.801165814Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:33.802345181Z 79 PC: 1373c | Find next file
2018-12-17T21:50:33.804894344Z 67 PC: 136bb | Get or set file attributes
2018-12-17T21:50:33.810413651Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:33.811612238Z 79 PC: 1373c | Find next file
2018-12-17T21:50:33.814297033Z 59 PC: 146bb | Change current directory
2018-12-17T21:50:33.819610069Z 26 PC: 13713 | Set disk transfer address
2018-12-17T21:50:33.82075353Z 78 PC: 1371f | Find first file
2018-12-17T21:50:33.82899216Z 61 PC: 14327 | Open file (Filename = 'ATTRIB.EXE')
2018-12-17T21:50:33.835265213Z 62 PC: 14377 | Close file
2018-12-17T21:50:33.837139161Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:33.83789369Z 79 PC: 1373c | Find next file
2018-12-17T21:50:33.839877552Z 61 PC: 14327 | Open file (Filename = 'CHKDSK.EXE')
2018-12-17T21:50:33.844215968Z 62 PC: 14377 | Close file
2018-12-17T21:50:33.845351584Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:33.846020216Z 79 PC: 1373c | Find next file
2018-12-17T21:50:33.848359117Z 61 PC: 14327 | Open file (Filename = 'DEBUG.EXE')
2018-12-17T21:50:33.852331435Z 62 PC: 14377 | Close file
2018-12-17T21:50:33.853436401Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:33.854521502Z 79 PC: 1373c | Find next file
2018-12-17T21:50:33.856566871Z 61 PC: 14327 | Open file (Filename = 'EXPAND.EXE')
2018-12-17T21:50:33.860576134Z 62 PC: 14377 | Close file
2018-12-17T21:50:33.86208644Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:33.862806627Z 79 PC: 1373c | Find next file
2018-12-17T21:50:33.864792745Z 61 PC: 14327 | Open file (Filename = 'FDISK.EXE')
2018-12-17T21:50:33.869049012Z 62 PC: 14377 | Close file
2018-12-17T21:50:33.870214065Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:33.870874875Z 79 PC: 1373c | Find next file
2018-12-17T21:50:33.873269998Z 61 PC: 14327 | Open file (Filename = 'MEM.EXE')
2018-12-17T21:50:33.877683158Z 62 PC: 14377 | Close file
2018-12-17T21:50:33.878772293Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:33.879773336Z 79 PC: 1373c | Find next file
2018-12-17T21:50:33.883575531Z 61 PC: 14327 | Open file (Filename = 'NLSFUNC.EXE')
2018-12-17T21:50:33.887550093Z 62 PC: 14377 | Close file
2018-12-17T21:50:33.888957098Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:33.889671107Z 79 PC: 1373c | Find next file
2018-12-17T21:50:33.891697656Z 61 PC: 14327 | Open file (Filename = 'QBASIC.EXE')
2018-12-17T21:50:33.896089736Z 62 PC: 14377 | Close file
2018-12-17T21:50:33.897206529Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:33.897877388Z 79 PC: 1373c | Find next file
2018-12-17T21:50:33.900158987Z 61 PC: 14327 | Open file (Filename = 'REPLACE.EXE')
2018-12-17T21:50:33.904180203Z 62 PC: 14377 | Close file
2018-12-17T21:50:33.905266795Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:33.906181343Z 79 PC: 1373c | Find next file
2018-12-17T21:50:33.908169384Z 61 PC: 14327 | Open file (Filename = 'RESTORE.EXE')
2018-12-17T21:50:33.912153788Z 62 PC: 14377 | Close file
2018-12-17T21:50:33.913672383Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:33.91458806Z 79 PC: 1373c | Find next file
2018-12-17T21:50:33.917617737Z 61 PC: 14327 | Open file (Filename = 'SCANDISK.EXE')
2018-12-17T21:50:33.924283265Z 62 PC: 14377 | Close file
2018-12-17T21:50:33.925397562Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:33.926060274Z 79 PC: 1373c | Find next file
2018-12-17T21:50:33.928248558Z 61 PC: 14327 | Open file (Filename = 'SETUP.EXE')
2018-12-17T21:50:33.93223076Z 62 PC: 14377 | Close file
2018-12-17T21:50:33.933281102Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:33.934285366Z 79 PC: 1373c | Find next file
2018-12-17T21:50:33.936325842Z 61 PC: 14327 | Open file (Filename = 'XCOPY.EXE')
2018-12-17T21:50:33.940718704Z 62 PC: 14377 | Close file
2018-12-17T21:50:33.942101331Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:33.942765881Z 79 PC: 1373c | Find next file
2018-12-17T21:50:33.944691649Z 61 PC: 14327 | Open file (Filename = 'DEFRAG.EXE')
2018-12-17T21:50:33.949023886Z 62 PC: 14377 | Close file
2018-12-17T21:50:33.950639774Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:33.951510404Z 79 PC: 1373c | Find next file
2018-12-17T21:50:33.957790917Z 61 PC: 14327 | Open file (Filename = 'EMM386.EXE')
2018-12-17T21:50:33.964231899Z 62 PC: 14377 | Close file
2018-12-17T21:50:33.965694116Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:33.966745624Z 79 PC: 1373c | Find next file
2018-12-17T21:50:33.969780387Z 61 PC: 14327 | Open file (Filename = 'MSCDEX.EXE')
2018-12-17T21:50:33.976206579Z 62 PC: 14377 | Close file
2018-12-17T21:50:33.978175634Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:33.978897578Z 79 PC: 1373c | Find next file
2018-12-17T21:50:33.980753713Z 14 PC: 1464d | Set default drive (Drive = 'A')
2018-12-17T21:50:33.982108801Z 25 PC: 14651 | Get default drive
2018-12-17T21:50:33.982885128Z 59 PC: 146bb | Change current directory
2018-12-17T21:50:33.985730304Z 59 PC: 146bb | Change current directory
2018-12-17T21:50:33.989475849Z 26 PC: 13713 | Set disk transfer address
2018-12-17T21:50:33.990195525Z 78 PC: 1371f | Find first file
2018-12-17T21:50:33.993906564Z 61 PC: 14327 | Open file (Filename = 'TEST.EXE')
2018-12-17T21:50:33.998153641Z 62 PC: 14377 | Close file
2018-12-17T21:50:33.99975368Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:34.001007151Z 79 PC: 1373c | Find next file
2018-12-17T21:50:34.003475154Z 14 PC: 1464d | Set default drive (Drive = 'A')
2018-12-17T21:50:34.004590861Z 25 PC: 14651 | Get default drive
2018-12-17T21:50:34.013067084Z 59 PC: 146bb | Change current directory
2018-12-17T21:50:34.01699024Z 59 PC: 146bb | Change current directory
2018-12-17T21:50:34.020803487Z 26 PC: 13713 | Set disk transfer address
2018-12-17T21:50:34.022136965Z 78 PC: 1371f | Find first file
2018-12-17T21:50:34.028081706Z 61 PC: 14327 | Open file (Filename = 'TEST.EXE')
2018-12-17T21:50:34.034315298Z 62 PC: 14377 | Close file
2018-12-17T21:50:34.036313901Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:34.037258782Z 79 PC: 1373c | Find next file
2018-12-17T21:50:34.039535338Z 26 PC: 13713 | Set disk transfer address
2018-12-17T21:50:34.040901493Z 78 PC: 1371f | Find first file
2018-12-17T21:50:34.046496Z 67 PC: 136bb | Get or set file attributes
2018-12-17T21:50:34.051910487Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:34.053260947Z 79 PC: 1373c | Find next file
2018-12-17T21:50:34.055774944Z 67 PC: 136bb | Get or set file attributes
2018-12-17T21:50:34.061289605Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:34.062446141Z 79 PC: 1373c | Find next file
2018-12-17T21:50:34.064923125Z 67 PC: 136bb | Get or set file attributes
2018-12-17T21:50:34.070557452Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:34.071714842Z 79 PC: 1373c | Find next file
2018-12-17T21:50:34.074243775Z 67 PC: 136bb | Get or set file attributes
2018-12-17T21:50:34.080641449Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:34.081666194Z 79 PC: 1373c | Find next file
2018-12-17T21:50:34.084226272Z 67 PC: 136bb | Get or set file attributes
2018-12-17T21:50:34.08993037Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:34.091156478Z 79 PC: 1373c | Find next file
2018-12-17T21:50:34.09376059Z 67 PC: 136bb | Get or set file attributes
2018-12-17T21:50:34.100481444Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:34.101429584Z 79 PC: 1373c | Find next file
2018-12-17T21:50:34.103947993Z 67 PC: 136bb | Get or set file attributes
2018-12-17T21:50:34.109904854Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:34.111195672Z 79 PC: 1373c | Find next file
2018-12-17T21:50:34.113778362Z 67 PC: 136bb | Get or set file attributes
2018-12-17T21:50:34.119660005Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:34.120785606Z 79 PC: 1373c | Find next file
2018-12-17T21:50:34.123628466Z 67 PC: 136bb | Get or set file attributes
2018-12-17T21:50:34.130011651Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:34.131265295Z 79 PC: 1373c | Find next file
2018-12-17T21:50:34.133938199Z 67 PC: 136bb | Get or set file attributes
2018-12-17T21:50:34.140056395Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:34.140994715Z 79 PC: 1373c | Find next file
2018-12-17T21:50:34.143517111Z 67 PC: 136bb | Get or set file attributes
2018-12-17T21:50:34.147983358Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:34.148878833Z 79 PC: 1373c | Find next file
2018-12-17T21:50:34.151580036Z 67 PC: 136bb | Get or set file attributes
2018-12-17T21:50:34.157291886Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:34.160437024Z 79 PC: 1373c | Find next file
2018-12-17T21:50:34.163967389Z 67 PC: 136bb | Get or set file attributes
2018-12-17T21:50:34.169466718Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:34.170329518Z 79 PC: 1373c | Find next file
2018-12-17T21:50:34.173341185Z 67 PC: 136bb | Get or set file attributes
2018-12-17T21:50:34.179560182Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:34.18054339Z 79 PC: 1373c | Find next file
2018-12-17T21:50:34.183503948Z 67 PC: 136bb | Get or set file attributes
2018-12-17T21:50:34.189002452Z 26 PC: 13737 | Set disk transfer address
2018-12-17T21:50:34.189914938Z 79 PC: 1373c | Find next file
2018-12-17T21:50:34.192760906Z 14 PC: 1464d | Set default drive (Drive = 'A')
2018-12-17T21:50:34.19382806Z 25 PC: 14651 | Get default drive
2018-12-17T21:50:34.194740333Z 59 PC: 146bb | Change current directory
2018-12-17T21:50:34.199429124Z 64 PC: 13d62 | Write file or device (Write 0 bytes on handle 1)
2018-12-17T21:50:34.201189789Z 37 PC: 139d6 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:50:34.202164997Z 37 PC: 139d6 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:50:34.20353721Z 37 PC: 139d6 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:50:34.204513618Z 37 PC: 139d6 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:50:34.205465796Z 37 PC: 139d6 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:50:34.20647414Z 37 PC: 139d6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:50:34.207429013Z 37 PC: 139d6 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:50:34.208554412Z 37 PC: 139d6 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:50:34.209571286Z 37 PC: 139d6 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:50:34.210379188Z 37 PC: 139d6 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:50:34.211388684Z 37 PC: 139d6 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:50:34.212355898Z 37 PC: 139d6 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:50:34.213169086Z 37 PC: 139d6 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:50:34.214305328Z 37 PC: 139d6 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:50:34.216207408Z 37 PC: 139d6 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:50:34.217153452Z 37 PC: 139d6 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:50:34.218412748Z 37 PC: 139d6 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:50:34.219367972Z 37 PC: 139d6 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:50:34.220312212Z 37 PC: 139d6 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:50:34.221493449Z 76 PC: 13a15 | Terminate with return code (Return code = '8')