Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Hooters.4676

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:06:59.464996795Z 53 PC: 1354a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:06:59.467215116Z 53 PC: 1354a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:06:59.468524698Z 53 PC: 1354a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:06:59.470141579Z 53 PC: 1354a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:06:59.472148317Z 53 PC: 1354a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:06:59.47437333Z 53 PC: 1354a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:59.476563649Z 53 PC: 1354a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:06:59.478224879Z 53 PC: 1354a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:06:59.48025889Z 53 PC: 1354a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:06:59.481519597Z 53 PC: 1354a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:06:59.483460448Z 53 PC: 1354a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:06:59.486024939Z 53 PC: 1354a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:06:59.487961105Z 53 PC: 1354a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:06:59.489841649Z 53 PC: 1354a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:06:59.491721642Z 53 PC: 1354a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:06:59.493163785Z 53 PC: 1354a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:06:59.494631187Z 53 PC: 1354a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:06:59.496972458Z 53 PC: 1354a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:06:59.498481568Z 53 PC: 1354a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:06:59.500028115Z 37 PC: 1355f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:06:59.502193355Z 37 PC: 13567 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:06:59.504107272Z 37 PC: 1356f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:59.506059017Z 37 PC: 13577 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:06:59.508852098Z 68 PC: 13fb9 | I/O control for devices (Set for = '')
2018-12-17T23:06:59.510536222Z 41 PC: 12f03 | Parse filename
2018-12-17T23:06:59.512300098Z 41 PC: 12f03 | Parse filename
2018-12-17T23:06:59.514648808Z 41 PC: 12f03 | Parse filename
2018-12-17T23:06:59.516698376Z 41 PC: 12f03 | Parse filename
2018-12-17T23:06:59.518782198Z 41 PC: 12f03 | Parse filename
2018-12-17T23:06:59.52113355Z 41 PC: 12f03 | Parse filename
2018-12-17T23:06:59.523656295Z 41 PC: 12f03 | Parse filename
2018-12-17T23:06:59.525825377Z 41 PC: 12f03 | Parse filename
2018-12-17T23:06:59.527966119Z 41 PC: 12f03 | Parse filename
2018-12-17T23:06:59.530605073Z 41 PC: 12f03 | Parse filename
2018-12-17T23:06:59.532879339Z 41 PC: 12f03 | Parse filename
2018-12-17T23:06:59.535104734Z 41 PC: 12f03 | Parse filename
2018-12-17T23:06:59.537762181Z 41 PC: 12f03 | Parse filename
2018-12-17T23:06:59.539493525Z 41 PC: 12f03 | Parse filename
2018-12-17T23:06:59.541154424Z 41 PC: 12f03 | Parse filename
2018-12-17T23:06:59.544090561Z 41 PC: 12f03 | Parse filename
2018-12-17T23:06:59.545759385Z 41 PC: 12f03 | Parse filename
2018-12-17T23:06:59.547805918Z 41 PC: 12f03 | Parse filename
2018-12-17T23:06:59.550800335Z 41 PC: 12f03 | Parse filename
2018-12-17T23:06:59.55289537Z 41 PC: 12f03 | Parse filename
2018-12-17T23:06:59.554970888Z 41 PC: 12f03 | Parse filename
2018-12-17T23:06:59.557672694Z 41 PC: 12f03 | Parse filename
2018-12-17T23:06:59.559964858Z 41 PC: 12f03 | Parse filename
2018-12-17T23:06:59.562209132Z 41 PC: 12f03 | Parse filename
2018-12-17T23:06:59.564929487Z 54 PC: 132ba | Get free disk space
2018-12-17T23:06:59.61643049Z 26 PC: 13391 | Set disk transfer address
2018-12-17T23:06:59.6178303Z 78 PC: 1339d | Find first file
2018-12-17T23:06:59.627120345Z 26 PC: 133b5 | Set disk transfer address
2018-12-17T23:06:59.628732564Z 79 PC: 133ba | Find next file
2018-12-17T23:06:59.632436887Z 26 PC: 133b5 | Set disk transfer address
2018-12-17T23:06:59.634053736Z 79 PC: 133ba | Find next file
2018-12-17T23:06:59.637723066Z 26 PC: 133b5 | Set disk transfer address
2018-12-17T23:06:59.638950976Z 79 PC: 133ba | Find next file
2018-12-17T23:06:59.642231629Z 26 PC: 13391 | Set disk transfer address
2018-12-17T23:06:59.644321578Z 78 PC: 1339d | Find first file
2018-12-17T23:06:59.654020033Z 26 PC: 133b5 | Set disk transfer address
2018-12-17T23:06:59.655354451Z 79 PC: 133ba | Find next file
2018-12-17T23:06:59.659597479Z 26 PC: 133b5 | Set disk transfer address
2018-12-17T23:06:59.660870412Z 79 PC: 133ba | Find next file
2018-12-17T23:06:59.664918372Z 61 PC: 13a0d | Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T23:06:59.673317481Z 63 PC: 13ae0 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:06:59.680180683Z 66 PC: 13b3f | Move file pointer
2018-12-17T23:06:59.682100325Z 60 PC: 13a0d | Create or truncate file
2018-12-17T23:07:00.025883664Z 48 PC: 13bcf | Get DOS version
2018-12-17T23:07:00.027593755Z 61 PC: 13a0d | Open file (Filename = 'A:\TEST.COM')
2018-12-17T23:07:00.038536378Z 63 PC: 13ae0 | Read file or device (Read 4676 bytes on handle 7)
2018-12-17T23:07:00.054153398Z 62 PC: 13a5d | Close file
2018-12-17T23:07:00.056477283Z 64 PC: 13ae0 | Write file or device (Write 4676 bytes on handle 6)
2018-12-17T23:07:00.067944753Z 63 PC: 13ae0 | Read file or device (Read 4676 bytes on handle 5)
2018-12-17T23:07:00.082951545Z 64 PC: 13ae0 | Write file or device (Write 4676 bytes on handle 6)
2018-12-17T23:07:00.096696921Z 66 PC: 1415a | Move file pointer
2018-12-17T23:07:00.098031494Z 66 PC: 14168 | Move file pointer
2018-12-17T23:07:00.099247844Z 66 PC: 14176 | Move file pointer
2018-12-17T23:07:00.10194724Z 63 PC: 13ae0 | Read file or device (Read 4676 bytes on handle 5)
2018-12-17T23:07:00.115687558Z 64 PC: 13ae0 | Write file or device (Write 4676 bytes on handle 6)
2018-12-17T23:07:00.124833218Z 66 PC: 1415a | Move file pointer
2018-12-17T23:07:00.127277793Z 66 PC: 14168 | Move file pointer
2018-12-17T23:07:00.128975087Z 66 PC: 14176 | Move file pointer
2018-12-17T23:07:00.13162347Z 63 PC: 13ae0 | Read file or device (Read 4676 bytes on handle 5)
2018-12-17T23:07:00.146292279Z 64 PC: 13ae0 | Write file or device (Write 1856 bytes on handle 6)
2018-12-17T23:07:00.155500075Z 66 PC: 1415a | Move file pointer
2018-12-17T23:07:00.157436501Z 66 PC: 14168 | Move file pointer
2018-12-17T23:07:00.159669213Z 66 PC: 14176 | Move file pointer
2018-12-17T23:07:00.161322433Z 62 PC: 13a5d | Close file
2018-12-17T23:07:00.163342681Z 65 PC: 13b56 | Delete file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T23:07:00.176971189Z 87 PC: 13361 | Get or set file date and time
2018-12-17T23:07:00.179967555Z 62 PC: 13a5d | Close file
2018-12-17T23:07:00.187578619Z 86 PC: 13b9a | Rename file
2018-12-17T23:07:00.200794556Z 67 PC: 1331a | Get or set file attributes
2018-12-17T23:07:00.212154152Z 60 PC: 13a0d | Create or truncate file
2018-12-17T23:07:00.231642102Z 48 PC: 13bcf | Get DOS version
2018-12-17T23:07:00.233329717Z 61 PC: 13a0d | Open file (Filename = 'A:\TEST.COM')
2018-12-17T23:07:00.242126994Z 66 PC: 13b3f | Move file pointer
2018-12-17T23:07:00.243879508Z 63 PC: 13ae0 | Read file or device (Read 4676 bytes on handle 6)
2018-12-17T23:07:00.258570606Z 64 PC: 13ae0 | Write file or device (Write 4676 bytes on handle 5)
2018-12-17T23:07:00.269002357Z 66 PC: 1415a | Move file pointer
2018-12-17T23:07:00.270600707Z 66 PC: 14168 | Move file pointer
2018-12-17T23:07:00.272425129Z 66 PC: 14176 | Move file pointer
2018-12-17T23:07:00.274894646Z 63 PC: 13ae0 | Read file or device (Read 4676 bytes on handle 6)
2018-12-17T23:07:00.289654966Z 64 PC: 13ae0 | Write file or device (Write 4676 bytes on handle 5)
2018-12-17T23:07:00.299774095Z 66 PC: 1415a | Move file pointer
2018-12-17T23:07:00.302465577Z 66 PC: 14168 | Move file pointer
2018-12-17T23:07:00.304350373Z 66 PC: 14176 | Move file pointer
2018-12-17T23:07:00.306350195Z 63 PC: 13ae0 | Read file or device (Read 4676 bytes on handle 6)
2018-12-17T23:07:00.316567599Z 64 PC: 13ae0 | Write file or device (Write 278 bytes on handle 5)
2018-12-17T23:07:00.320467619Z 66 PC: 1415a | Move file pointer
2018-12-17T23:07:00.322351904Z 66 PC: 14168 | Move file pointer
2018-12-17T23:07:00.324834672Z 66 PC: 14176 | Move file pointer
2018-12-17T23:07:00.326596592Z 62 PC: 13a5d | Close file
2018-12-17T23:07:00.336332432Z 67 PC: 1331a | Get or set file attributes
2018-12-17T23:07:00.348563761Z 41 PC: 134b7 | Parse filename
2018-12-17T23:07:00.351448188Z 41 PC: 134c5 | Parse filename
2018-12-17T23:07:00.353500473Z 75 PC: 134d0 | Execute program
2018-12-17T23:07:00.377725175Z 80 PC: 19039 | Set current PSP
2018-12-17T23:07:00.379795795Z 48 PC: 1903e | Get DOS version
2018-12-17T23:07:00.381589662Z 99 PC: 1f820 | Get DBCS lead byte table pointer
2018-12-17T23:07:00.384539936Z 101 PC: 190c4 | Get extended country info
2018-12-17T23:07:00.387232714Z 99 PC: 190ca | Get DBCS lead byte table pointer
2018-12-17T23:07:00.388874855Z 74 PC: 1912c | Reallocate memory
2018-12-17T23:07:00.390849984Z 25 PC: 19163 | Get default drive
2018-12-17T23:07:00.393052625Z 37 PC: 18c23 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:07:00.394723682Z 37 PC: 18c2a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:07:00.396385612Z 37 PC: 18c31 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:07:00.403383397Z 74 PC: 17dcc | Reallocate memory
2018-12-17T23:07:00.405768222Z 72 PC: 17e0d | Allocate memory
2018-12-17T23:07:00.407969977Z 72 PC: 17e45 | Allocate memory
2018-12-17T23:07:00.411086142Z 72 PC: 17e4d | Allocate memory