Sample viewer

vx.netlux.org/Virus.DOS.HLLP.5000.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:05:28.270419207Z 53 PC: 1381a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:05:28.271841134Z 53 PC: 1381a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:05:28.27300871Z 53 PC: 1381a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:05:28.274074422Z 53 PC: 1381a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:28.275642843Z 53 PC: 1381a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:28.276678033Z 53 PC: 1381a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:28.277769142Z 53 PC: 1381a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:05:28.279341425Z 53 PC: 1381a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:05:28.280399986Z 53 PC: 1381a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:05:28.28146551Z 53 PC: 1381a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:05:28.28327829Z 53 PC: 1381a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:05:28.284536912Z 53 PC: 1381a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:05:28.286006722Z 53 PC: 1381a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:05:28.288012168Z 53 PC: 1381a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:05:28.289304919Z 53 PC: 1381a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:05:28.290676511Z 53 PC: 1381a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:05:28.292486618Z 53 PC: 1381a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:05:28.293513585Z 53 PC: 1381a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:05:28.294631643Z 53 PC: 1381a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:05:28.296132053Z 37 PC: 1382f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:05:28.297417262Z 37 PC: 13837 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:28.298519013Z 37 PC: 1383f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:28.30006439Z 37 PC: 13847 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:05:28.302516695Z 68 PC: 14302 | I/O control for devices (Set for = '')
2018-12-17T23:05:28.303885773Z 44 PC: 1345d | Get time 0x1345d: xor ah, ah
0x1345f: mov al, dl
0x13461: les di, ptr [bp + 6]
0x13464: stosw word ptr es:[di], ax
0x13465: mov al, dh
0x13467: les di, ptr [bp + 0xa]
0x1346a: stosw word ptr es:[di], ax
0x1346b: mov al, cl
0x1346d: les di, ptr [bp + 0xe]
0x13470: stosw word ptr es:[di], ax
0x13471: mov al, ch
0x13473: les di, ptr [bp + 0x12]
0x13476: stosw word ptr es:[di], ax
0x13477: pop bp
0x13478: retf 0x10
0x1347b: push bp
0x1347c: mov bp, sp
0x1347e: mov ch, byte ptr [bp + 0xc]
0x13481: mov cl, byte ptr [bp + 0xa]
0x13484: mov dh, byte ptr [bp + 8]
2018-12-17T23:05:28.306059101Z 48 PC: 13e32 | Get DOS version
2018-12-17T23:05:28.308484588Z 25 PC: 13ebf | Get default drive
2018-12-17T23:05:28.309791163Z 71 PC: 13ed2 | Get current directory
2018-12-17T23:05:28.312752595Z 14 PC: 13f18 | Set default drive (Drive = 'A')
2018-12-17T23:05:28.319961407Z 25 PC: 13f1c | Get default drive
2018-12-17T23:05:28.320922977Z 59 PC: 13f86 | Change current directory
2018-12-17T23:05:28.325016117Z 26 PC: 1353f | Set disk transfer address
2018-12-17T23:05:28.326331058Z 78 PC: 1354b | Find first file
2018-12-17T23:05:28.332207941Z 26 PC: 13563 | Set disk transfer address
2018-12-17T23:05:28.333509965Z 79 PC: 13568 | Find next file
2018-12-17T23:05:28.337470141Z 26 PC: 13563 | Set disk transfer address
2018-12-17T23:05:28.338503447Z 79 PC: 13568 | Find next file
2018-12-17T23:05:28.342320149Z 26 PC: 13563 | Set disk transfer address
2018-12-17T23:05:28.345338314Z 79 PC: 13568 | Find next file
2018-12-17T23:05:28.348404683Z 26 PC: 13563 | Set disk transfer address
2018-12-17T23:05:28.349480993Z 79 PC: 13568 | Find next file
2018-12-17T23:05:28.353326085Z 26 PC: 13563 | Set disk transfer address
2018-12-17T23:05:28.354565293Z 79 PC: 13568 | Find next file
2018-12-17T23:05:28.357820173Z 26 PC: 13563 | Set disk transfer address
2018-12-17T23:05:28.359671939Z 79 PC: 13568 | Find next file
2018-12-17T23:05:28.363295538Z 26 PC: 13563 | Set disk transfer address
2018-12-17T23:05:28.364244591Z 79 PC: 13568 | Find next file
2018-12-17T23:05:28.368158533Z 26 PC: 13563 | Set disk transfer address
2018-12-17T23:05:28.369096603Z 79 PC: 13568 | Find next file
2018-12-17T23:05:28.372326092Z 26 PC: 13563 | Set disk transfer address
2018-12-17T23:05:28.374477944Z 79 PC: 13568 | Find next file
2018-12-17T23:05:28.377820956Z 26 PC: 13563 | Set disk transfer address
2018-12-17T23:05:28.379145845Z 79 PC: 13568 | Find next file
2018-12-17T23:05:28.384684585Z 26 PC: 13563 | Set disk transfer address
2018-12-17T23:05:28.386291255Z 79 PC: 13568 | Find next file
2018-12-17T23:05:28.390558956Z 26 PC: 13563 | Set disk transfer address
2018-12-17T23:05:28.392794015Z 79 PC: 13568 | Find next file
2018-12-17T23:05:28.396329271Z 26 PC: 13563 | Set disk transfer address
2018-12-17T23:05:28.397483839Z 79 PC: 13568 | Find next file
2018-12-17T23:05:28.401689095Z 26 PC: 13563 | Set disk transfer address
2018-12-17T23:05:28.402916692Z 79 PC: 13568 | Find next file
2018-12-17T23:05:28.406574037Z 26 PC: 13563 | Set disk transfer address
2018-12-17T23:05:28.407850315Z 79 PC: 13568 | Find next file
2018-12-17T23:05:28.411554378Z 14 PC: 13f18 | Set default drive (Drive = 'A')
2018-12-17T23:05:28.41273348Z 25 PC: 13f1c | Get default drive
2018-12-17T23:05:28.414002511Z 59 PC: 13f86 | Change current directory
2018-12-17T23:05:28.418906427Z 67 PC: 134a1 | Get or set file attributes
2018-12-17T23:05:28.424425713Z 67 PC: 134c8 | Get or set file attributes
2018-12-17T23:05:28.441530451Z 61 PC: 13ce4 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:05:28.449343355Z 87 PC: 134e2 | Get or set file date and time
2018-12-17T23:05:28.451375718Z 63 PC: 13db7 | Read file or device (Read 4990 bytes on handle 5)
2018-12-17T23:05:28.459251574Z 62 PC: 13d34 | Close file
2018-12-17T23:05:28.463341943Z 61 PC: 13ce4 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:05:28.470354669Z 66 PC: 14401 | Move file pointer
2018-12-17T23:05:28.472256999Z 66 PC: 1440f | Move file pointer
2018-12-17T23:05:28.474668242Z 66 PC: 1441d | Move file pointer
2018-12-17T23:05:28.476570294Z 66 PC: 13e16 | Move file pointer
2018-12-17T23:05:28.47850396Z 63 PC: 13db7 | Read file or device (Read 5000 bytes on handle 5)
2018-12-17T23:05:28.487073795Z 62 PC: 13d34 | Close file
2018-12-17T23:05:28.488919077Z 61 PC: 13ce4 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:05:28.495565122Z 64 PC: 13db7 | Write file or device (Write 5000 bytes on handle 5)
2018-12-17T23:05:28.502358658Z 66 PC: 13e16 | Move file pointer
2018-12-17T23:05:28.512056798Z 64 PC: 13d15 | Write file or device (Write 0 bytes on handle 5)
2018-12-17T23:05:28.520048631Z 87 PC: 1350f | Get or set file date and time
2018-12-17T23:05:28.523416942Z 62 PC: 13d34 | Close file
2018-12-17T23:05:28.531046183Z 67 PC: 134c8 | Get or set file attributes
2018-12-17T23:05:28.541380571Z 74 PC: 1341b | Reallocate memory
2018-12-17T23:05:28.544607864Z 53 PC: 1378e | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:05:28.546532245Z 37 PC: 13797 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:05:28.548633735Z 53 PC: 1378e | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:05:28.551507398Z 37 PC: 13797 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:05:28.55256306Z 53 PC: 1378e | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:05:28.553805397Z 37 PC: 13797 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:05:28.55608303Z 53 PC: 1378e | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:28.557247625Z 37 PC: 13797 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:28.558399495Z 53 PC: 1378e | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:28.560744949Z 37 PC: 13797 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:28.561828571Z 53 PC: 1378e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:28.563400427Z 37 PC: 13797 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:28.564726538Z 53 PC: 1378e | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:05:28.566596411Z 37 PC: 13797 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:05:28.567664915Z 53 PC: 1378e | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:05:28.568754132Z 37 PC: 13797 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:05:28.570863757Z 53 PC: 1378e | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:05:28.573498214Z 37 PC: 13797 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:05:28.575032819Z 53 PC: 1378e | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:05:28.577567806Z 37 PC: 13797 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:05:28.579114464Z 53 PC: 1378e | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:05:28.580648931Z 37 PC: 13797 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:05:28.583074328Z 53 PC: 1378e | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:05:28.584640914Z 37 PC: 13797 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:05:28.58616677Z 53 PC: 1378e | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:05:28.588601563Z 37 PC: 13797 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:05:28.590156892Z 53 PC: 1378e | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:05:28.592121068Z 37 PC: 13797 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:05:28.594453432Z 53 PC: 1378e | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:05:28.596025247Z 37 PC: 13797 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:05:28.597461698Z 53 PC: 1378e | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:05:28.599449576Z 37 PC: 13797 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:05:28.60076221Z 53 PC: 1378e | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:05:28.60208764Z 37 PC: 13797 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:05:28.604318501Z 53 PC: 1378e | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:05:28.605999113Z 37 PC: 13797 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:05:28.607323289Z 53 PC: 1378e | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:05:28.609306029Z 37 PC: 13797 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:05:28.61147066Z 41 PC: 13745 | Parse filename
2018-12-17T23:05:28.613012083Z 41 PC: 13753 | Parse filename
2018-12-17T23:05:28.61550679Z 75 PC: 1375e | Execute program
2018-12-17T23:05:28.635875738Z 80 PC: 1a809 | Set current PSP
2018-12-17T23:05:28.636825089Z 48 PC: 1a80e | Get DOS version
2018-12-17T23:05:28.639722609Z 99 PC: 20ff0 | Get DBCS lead byte table pointer
2018-12-17T23:05:28.642302366Z 101 PC: 1a894 | Get extended country info
2018-12-17T23:05:28.643533286Z 99 PC: 1a89a | Get DBCS lead byte table pointer
2018-12-17T23:05:28.645325938Z 74 PC: 1a8fc | Reallocate memory
2018-12-17T23:05:28.646759491Z 25 PC: 1a933 | Get default drive
2018-12-17T23:05:28.647832025Z 37 PC: 1a3f3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:05:28.649899368Z 37 PC: 1a3fa | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:28.650989906Z 37 PC: 1a401 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:28.655075295Z 74 PC: 1959c | Reallocate memory
2018-12-17T23:05:28.657421448Z 72 PC: 195dd | Allocate memory
2018-12-17T23:05:28.658974756Z 72 PC: 19615 | Allocate memory
2018-12-17T23:05:28.660661891Z 72 PC: 1961d | Allocate memory