Sample viewer

vx.netlux.org/Virus.DOS.HLLO.Harakiri.5488

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:05:40.811851624Z 53 PC: 131b6 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:05:40.813787915Z 53 PC: 131b6 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:05:40.816121262Z 53 PC: 131b6 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:05:40.817736469Z 53 PC: 131b6 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:40.819366755Z 53 PC: 131b6 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:40.822813185Z 53 PC: 131b6 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:05:40.825088593Z 53 PC: 131b6 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:05:40.827722797Z 53 PC: 131b6 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:05:40.83228245Z 53 PC: 131b6 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:05:40.834282962Z 53 PC: 131b6 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:05:40.836376098Z 53 PC: 131b6 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:05:40.839179209Z 53 PC: 131b6 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:05:40.841935982Z 53 PC: 131b6 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:05:40.8444132Z 53 PC: 131b6 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:05:40.847301351Z 53 PC: 131b6 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:05:40.850510896Z 53 PC: 131b6 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:05:40.852178051Z 53 PC: 131b6 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:05:40.854324457Z 53 PC: 131b6 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:05:40.85695388Z 37 PC: 131cb | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:05:40.858572123Z 37 PC: 131d3 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:40.860183033Z 37 PC: 131db | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:40.862854927Z 37 PC: 131e3 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:05:40.865871188Z 68 PC: 13841 | I/O control for devices (Set for = '')
2018-12-17T23:05:40.869050767Z 64 PC: 13944 | Write file or device (Write 10 bytes on handle 1)
2018-12-17T23:05:40.880976451Z 26 PC: 13115 | Set disk transfer address
2018-12-17T23:05:40.883319096Z 78 PC: 13121 | Find first file
2018-12-17T23:05:40.896495662Z 64 PC: 13944 | Write file or device (Write 10 bytes on handle 1)
2018-12-17T23:05:40.903428348Z 48 PC: 13d52 | Get DOS version
2018-12-17T23:05:40.905245634Z 61 PC: 13c04 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:05:40.912700823Z 61 PC: 13c04 | Open file (Filename = '\TEST.EXE')
2018-12-17T23:05:40.920779894Z 64 PC: 13944 | Write file or device (Write 4 bytes on handle 1)
2018-12-17T23:05:40.924430148Z 64 PC: 13944 | Write file or device (Write 11 bytes on handle 1)
2018-12-17T23:05:40.930204906Z 63 PC: 13cd7 | Read file or device (Read 25 bytes on handle 5)
2018-12-17T23:05:40.934607334Z 63 PC: 13cd7 | Read file or device (Read 25 bytes on handle 6)
2018-12-17T23:05:40.938002698Z 62 PC: 13c54 | Close file
2018-12-17T23:05:40.941272757Z 62 PC: 13c54 | Close file
2018-12-17T23:05:40.944935534Z 64 PC: 13944 | Write file or device (Write 23 bytes on handle 1)
2018-12-17T23:05:40.954509337Z 26 PC: 13139 | Set disk transfer address
2018-12-17T23:05:40.956736735Z 79 PC: 1313e | Find next file
2018-12-17T23:05:40.961624225Z 26 PC: 13115 | Set disk transfer address
2018-12-17T23:05:40.964501916Z 78 PC: 13121 | Find first file
2018-12-17T23:05:40.97133255Z 26 PC: 13139 | Set disk transfer address
2018-12-17T23:05:40.972951684Z 79 PC: 1313e | Find next file
2018-12-17T23:05:40.976869852Z 26 PC: 13139 | Set disk transfer address
2018-12-17T23:05:40.978718097Z 79 PC: 1313e | Find next file
2018-12-17T23:05:40.982088755Z 26 PC: 13139 | Set disk transfer address
2018-12-17T23:05:40.98453779Z 79 PC: 1313e | Find next file
2018-12-17T23:05:40.987727778Z 26 PC: 13139 | Set disk transfer address
2018-12-17T23:05:40.989191039Z 79 PC: 1313e | Find next file
2018-12-17T23:05:40.993092876Z 26 PC: 13139 | Set disk transfer address
2018-12-17T23:05:40.996144354Z 79 PC: 1313e | Find next file
2018-12-17T23:05:40.999325335Z 26 PC: 13139 | Set disk transfer address
2018-12-17T23:05:41.00077453Z 79 PC: 1313e | Find next file
2018-12-17T23:05:41.004434081Z 26 PC: 13139 | Set disk transfer address
2018-12-17T23:05:41.005652542Z 79 PC: 1313e | Find next file
2018-12-17T23:05:41.008527538Z 26 PC: 13139 | Set disk transfer address
2018-12-17T23:05:41.010935176Z 79 PC: 1313e | Find next file
2018-12-17T23:05:41.01431482Z 26 PC: 13139 | Set disk transfer address
2018-12-17T23:05:41.015764787Z 79 PC: 1313e | Find next file
2018-12-17T23:05:41.020787982Z 64 PC: 13944 | Write file or device (Write 10 bytes on handle 1)
2018-12-17T23:05:41.026127903Z 26 PC: 13115 | Set disk transfer address
2018-12-17T23:05:41.027534167Z 78 PC: 13121 | Find first file
2018-12-17T23:05:41.035263511Z 64 PC: 13944 | Write file or device (Write 11 bytes on handle 1)
2018-12-17T23:05:41.041226573Z 48 PC: 13d52 | Get DOS version
2018-12-17T23:05:41.043095507Z 61 PC: 13c04 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:05:41.051130796Z 61 PC: 13c04 | Open file (Filename = '\SLEEP.COM')
2018-12-17T23:05:41.058993801Z 64 PC: 13944 | Write file or device (Write 4 bytes on handle 1)
2018-12-17T23:05:41.062628495Z 64 PC: 13944 | Write file or device (Write 12 bytes on handle 1)
2018-12-17T23:05:41.068064537Z 63 PC: 13cd7 | Read file or device (Read 25 bytes on handle 5)
2018-12-17T23:05:41.071007821Z 63 PC: 13cd7 | Read file or device (Read 25 bytes on handle 6)
2018-12-17T23:05:41.079220354Z 64 PC: 13944 | Write file or device (Write 20 bytes on handle 1)
2018-12-17T23:05:41.087850431Z 62 PC: 13c54 | Close file
2018-12-17T23:05:41.090518358Z 62 PC: 13c54 | Close file
2018-12-17T23:05:41.093076297Z 64 PC: 13944 | Write file or device (Write 16 bytes on handle 1)
2018-12-17T23:05:41.100057424Z 48 PC: 13d52 | Get DOS version
2018-12-17T23:05:41.102556583Z 61 PC: 13c04 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:05:41.116705448Z 64 PC: 13944 | Write file or device (Write 12 bytes on handle 1)
2018-12-17T23:05:41.12217888Z 61 PC: 13c04 | Open file (Filename = '\SLEEP.COM')
2018-12-17T23:05:41.130744716Z 63 PC: 13cd7 | Read file or device (Read 5488 bytes on handle 5)
2018-12-17T23:05:41.140227677Z 64 PC: 13cd7 | Write file or device (Write 5488 bytes on handle 6)
2018-12-17T23:05:41.158005886Z 62 PC: 13c54 | Close file
2018-12-17T23:05:41.161415337Z 62 PC: 13c54 | Close file
2018-12-17T23:05:41.172077305Z 64 PC: 13944 | Write file or device (Write 3 bytes on handle 1)
2018-12-17T23:05:41.177281029Z 26 PC: 13139 | Set disk transfer address
2018-12-17T23:05:41.180310025Z 79 PC: 1313e | Find next file
2018-12-17T23:05:41.184081987Z 64 PC: 13944 | Write file or device (Write 11 bytes on handle 1)
2018-12-17T23:05:41.189500596Z 48 PC: 13d52 | Get DOS version
2018-12-17T23:05:41.192731281Z 61 PC: 13c04 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:05:41.200464061Z 61 PC: 13c04 | Open file (Filename = '\PRINT.COM')
2018-12-17T23:05:41.208056507Z 64 PC: 13944 | Write file or device (Write 4 bytes on handle 1)
2018-12-17T23:05:41.21178059Z 64 PC: 13944 | Write file or device (Write 12 bytes on handle 1)
2018-12-17T23:05:41.218644416Z 63 PC: 13cd7 | Read file or device (Read 25 bytes on handle 5)
2018-12-17T23:05:41.222059577Z 63 PC: 13cd7 | Read file or device (Read 25 bytes on handle 6)
2018-12-17T23:05:41.230504837Z 64 PC: 13944 | Write file or device (Write 20 bytes on handle 1)
2018-12-17T23:05:41.239189227Z 62 PC: 13c54 | Close file
2018-12-17T23:05:41.241319412Z 62 PC: 13c54 | Close file
2018-12-17T23:05:41.244091755Z 64 PC: 13944 | Write file or device (Write 16 bytes on handle 1)
2018-12-17T23:05:41.251560929Z 48 PC: 13d52 | Get DOS version
2018-12-17T23:05:41.253682839Z 61 PC: 13c04 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:05:41.261659027Z 64 PC: 13944 | Write file or device (Write 12 bytes on handle 1)
2018-12-17T23:05:41.267601Z 61 PC: 13c04 | Open file (Filename = '\PRINT.COM')
2018-12-17T23:05:41.275661586Z 63 PC: 13cd7 | Read file or device (Read 5488 bytes on handle 5)
2018-12-17T23:05:41.283962114Z 64 PC: 13cd7 | Write file or device (Write 5488 bytes on handle 6)
2018-12-17T23:05:41.294789493Z 62 PC: 13c54 | Close file
2018-12-17T23:05:41.298301126Z 62 PC: 13c54 | Close file
2018-12-17T23:05:41.30895045Z 64 PC: 13944 | Write file or device (Write 3 bytes on handle 1)
2018-12-17T23:05:41.313949099Z 26 PC: 13139 | Set disk transfer address
2018-12-17T23:05:41.316603961Z 79 PC: 1313e | Find next file
2018-12-17T23:05:41.32081547Z 64 PC: 13944 | Write file or device (Write 11 bytes on handle 1)
2018-12-17T23:05:41.326297899Z 48 PC: 13d52 | Get DOS version
2018-12-17T23:05:41.329162936Z 61 PC: 13c04 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:05:41.337210477Z 61 PC: 13c04 | Open file (Filename = '\HELLO.COM')
2018-12-17T23:05:41.348043738Z 64 PC: 13944 | Write file or device (Write 4 bytes on handle 1)
2018-12-17T23:05:41.360157145Z 64 PC: 13944 | Write file or device (Write 12 bytes on handle 1)
2018-12-17T23:05:41.367182715Z 63 PC: 13cd7 | Read file or device (Read 25 bytes on handle 5)
2018-12-17T23:05:41.371377913Z 63 PC: 13cd7 | Read file or device (Read 25 bytes on handle 6)
2018-12-17T23:05:41.379822232Z 64 PC: 13944 | Write file or device (Write 20 bytes on handle 1)
2018-12-17T23:05:41.385992503Z 62 PC: 13c54 | Close file
2018-12-17T23:05:41.388258294Z 62 PC: 13c54 | Close file
2018-12-17T23:05:41.39080872Z 64 PC: 13944 | Write file or device (Write 16 bytes on handle 1)
2018-12-17T23:05:41.397248198Z 48 PC: 13d52 | Get DOS version
2018-12-17T23:05:41.399141378Z 61 PC: 13c04 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:05:41.406860202Z 64 PC: 13944 | Write file or device (Write 12 bytes on handle 1)
2018-12-17T23:05:41.413311923Z 61 PC: 13c04 | Open file (Filename = '\HELLO.COM')
2018-12-17T23:05:41.421030386Z 63 PC: 13cd7 | Read file or device (Read 5488 bytes on handle 5)
2018-12-17T23:05:41.42991938Z 64 PC: 13cd7 | Write file or device (Write 5488 bytes on handle 6)
2018-12-17T23:05:41.44281084Z 62 PC: 13c54 | Close file
2018-12-17T23:05:41.446109573Z 62 PC: 13c54 | Close file
2018-12-17T23:05:41.457560655Z 64 PC: 13944 | Write file or device (Write 3 bytes on handle 1)
2018-12-17T23:05:41.463438186Z 26 PC: 13139 | Set disk transfer address
2018-12-17T23:05:41.466169622Z 79 PC: 1313e | Find next file
2018-12-17T23:05:41.471398394Z 64 PC: 13944 | Write file or device (Write 11 bytes on handle 1)
2018-12-17T23:05:41.479959552Z 48 PC: 13d52 | Get DOS version
2018-12-17T23:05:41.482681049Z 61 PC: 13c04 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:05:41.490849839Z 61 PC: 13c04 | Open file (Filename = '\PHANG.COM')
2018-12-17T23:05:41.498585815Z 64 PC: 13944 | Write file or device (Write 4 bytes on handle 1)
2018-12-17T23:05:41.503847378Z 64 PC: 13944 | Write file or device (Write 12 bytes on handle 1)
2018-12-17T23:05:41.50891156Z 63 PC: 13cd7 | Read file or device (Read 25 bytes on handle 5)
2018-12-17T23:05:41.512427632Z 63 PC: 13cd7 | Read file or device (Read 25 bytes on handle 6)
2018-12-17T23:05:41.5209993Z 64 PC: 13944 | Write file or device (Write 20 bytes on handle 1)
2018-12-17T23:05:41.526056929Z 62 PC: 13c54 | Close file
2018-12-17T23:05:41.528315516Z 62 PC: 13c54 | Close file
2018-12-17T23:05:41.5327422Z 64 PC: 13944 | Write file or device (Write 16 bytes on handle 1)
2018-12-17T23:05:41.538158514Z 48 PC: 13d52 | Get DOS version
2018-12-17T23:05:41.540085658Z 61 PC: 13c04 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:05:41.554082046Z 64 PC: 13944 | Write file or device (Write 12 bytes on handle 1)
2018-12-17T23:05:41.572226052Z 61 PC: 13c04 | Open file (Filename = '\PHANG.COM')
2018-12-17T23:05:41.580306957Z 63 PC: 13cd7 | Read file or device (Read 5488 bytes on handle 5)
2018-12-17T23:05:41.590746567Z 64 PC: 13cd7 | Write file or device (Write 5488 bytes on handle 6)
2018-12-17T23:05:41.601173283Z 62 PC: 13c54 | Close file
2018-12-17T23:05:41.603701406Z 62 PC: 13c54 | Close file
2018-12-17T23:05:41.614031029Z 64 PC: 13944 | Write file or device (Write 34 bytes on handle 1)
2018-12-17T23:05:41.620420844Z 64 PC: 13944 | Write file or device (Write 0 bytes on handle 1)
2018-12-17T23:05:41.623018909Z 37 PC: 132c5 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:05:41.625717433Z 37 PC: 132c5 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:05:41.62785393Z 37 PC: 132c5 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:05:41.629622897Z 37 PC: 132c5 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:41.632138317Z 37 PC: 132c5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:41.634229559Z 37 PC: 132c5 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:05:41.635989668Z 37 PC: 132c5 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:05:41.638877698Z 37 PC: 132c5 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:05:41.641418976Z 37 PC: 132c5 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:05:41.643177363Z 37 PC: 132c5 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:05:41.645955016Z 37 PC: 132c5 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:05:41.64779216Z 37 PC: 132c5 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:05:41.649508718Z 37 PC: 132c5 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:05:41.651277183Z 37 PC: 132c5 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:05:41.654037864Z 37 PC: 132c5 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:05:41.655772165Z 37 PC: 132c5 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:05:41.657483293Z 37 PC: 132c5 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:05:41.660299188Z 37 PC: 132c5 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:05:41.662053046Z 76 PC: 13304 | Terminate with return code (Return code = '0')