Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Malomush.8192

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:07:05.983348368Z 53 PC: 1437a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:07:05.98575705Z 53 PC: 1437a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:07:05.987309888Z 53 PC: 1437a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:07:05.988870485Z 53 PC: 1437a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:07:05.992200744Z 53 PC: 1437a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:07:05.994129196Z 53 PC: 1437a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:07:05.995505026Z 53 PC: 1437a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:07:05.996843314Z 53 PC: 1437a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:07:05.999127074Z 53 PC: 1437a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:07:06.000742771Z 53 PC: 1437a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:07:06.002214339Z 53 PC: 1437a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:07:06.006375428Z 53 PC: 1437a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:07:06.007749163Z 53 PC: 1437a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:07:06.009003722Z 53 PC: 1437a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:07:06.012135972Z 53 PC: 1437a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:07:06.013836641Z 53 PC: 1437a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:07:06.015278069Z 53 PC: 1437a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:07:06.034725382Z 53 PC: 1437a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:07:06.036351747Z 53 PC: 1437a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:07:06.039316239Z 37 PC: 1438f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:07:06.041441487Z 37 PC: 14397 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:07:06.043607566Z 37 PC: 1439f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:07:06.045148766Z 37 PC: 143a7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:07:06.048667753Z 68 PC: 14ff1 | I/O control for devices (Set for = '')
2018-12-17T23:07:06.112228047Z 37 PC: 13b01 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:07:06.113755761Z 48 PC: 14c02 | Get DOS version
2018-12-17T23:07:06.115599378Z 26 PC: 14117 | Set disk transfer address
2018-12-17T23:07:06.116969171Z 78 PC: 14123 | Find first file
2018-12-17T23:07:06.121951004Z 26 PC: 1413b | Set disk transfer address
2018-12-17T23:07:06.123097985Z 79 PC: 14140 | Find next file
2018-12-17T23:07:06.125590147Z 26 PC: 1413b | Set disk transfer address
2018-12-17T23:07:06.126699622Z 79 PC: 14140 | Find next file
2018-12-17T23:07:06.129072164Z 26 PC: 1413b | Set disk transfer address
2018-12-17T23:07:06.131188566Z 79 PC: 14140 | Find next file
2018-12-17T23:07:06.133633046Z 26 PC: 1413b | Set disk transfer address
2018-12-17T23:07:06.134603887Z 79 PC: 14140 | Find next file
2018-12-17T23:07:06.137398047Z 26 PC: 1413b | Set disk transfer address
2018-12-17T23:07:06.138585284Z 79 PC: 14140 | Find next file
2018-12-17T23:07:06.14065182Z 26 PC: 1413b | Set disk transfer address
2018-12-17T23:07:06.142249575Z 79 PC: 14140 | Find next file
2018-12-17T23:07:06.144580915Z 26 PC: 1413b | Set disk transfer address
2018-12-17T23:07:06.145985596Z 79 PC: 14140 | Find next file
2018-12-17T23:07:06.148708277Z 26 PC: 1413b | Set disk transfer address
2018-12-17T23:07:06.150042811Z 79 PC: 14140 | Find next file
2018-12-17T23:07:06.152439621Z 26 PC: 1413b | Set disk transfer address
2018-12-17T23:07:06.153764647Z 79 PC: 14140 | Find next file
2018-12-17T23:07:06.1576614Z 44 PC: 140bd | Get time 0x140bd: xor ah, ah
0x140bf: mov al, dl
0x140c1: les di, ptr [bp + 6]
0x140c4: stosw word ptr es:[di], ax
0x140c5: mov al, dh
0x140c7: les di, ptr [bp + 0xa]
0x140ca: stosw word ptr es:[di], ax
0x140cb: mov al, cl
0x140cd: les di, ptr [bp + 0xe]
0x140d0: stosw word ptr es:[di], ax
0x140d1: mov al, ch
0x140d3: les di, ptr [bp + 0x12]
0x140d6: stosw word ptr es:[di], ax
0x140d7: pop bp
0x140d8: retf 0x10
0x140db: push bp
0x140dc: mov bp, sp
0x140de: mov ch, byte ptr [bp + 0xc]
0x140e1: mov cl, byte ptr [bp + 0xa]
0x140e4: mov dh, byte ptr [bp + 8]
2018-12-17T23:07:06.161328412Z 86 PC: 14bcd | Rename file
2018-12-17T23:07:06.181169597Z 61 PC: 14a40 | Open file (Filename = 'A:\TEST.$%$')
2018-12-17T23:07:06.188865505Z 66 PC: 14b72 | Move file pointer
2018-12-17T23:07:06.190792404Z 60 PC: 14a40 | Create or truncate file
2018-12-17T23:07:06.199830387Z 63 PC: 14b13 | Read file or device (Read 8192 bytes on handle 5)
2018-12-17T23:07:06.207027725Z 64 PC: 14b13 | Write file or device (Write 5120 bytes on handle 6)
2018-12-17T23:07:06.214652176Z 63 PC: 14b13 | Read file or device (Read 8192 bytes on handle 5)
2018-12-17T23:07:06.216524005Z 62 PC: 14a90 | Close file
2018-12-17T23:07:06.218723436Z 62 PC: 14a90 | Close file
2018-12-17T23:07:06.226313634Z 53 PC: 142ea | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:07:06.228118989Z 37 PC: 142f3 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:07:06.233240438Z 53 PC: 142ea | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:07:06.234764634Z 37 PC: 142f3 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:07:06.236297761Z 53 PC: 142ea | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:07:06.238716224Z 37 PC: 142f3 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:07:06.24004917Z 53 PC: 142ea | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:07:06.241422378Z 37 PC: 142f3 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:07:06.242970562Z 53 PC: 142ea | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:07:06.244716387Z 37 PC: 142f3 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:07:06.245815109Z 53 PC: 142ea | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:07:06.246977192Z 37 PC: 142f3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:07:06.248571867Z 53 PC: 142ea | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:07:06.249780167Z 37 PC: 142f3 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:07:06.251056572Z 53 PC: 142ea | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:07:06.253147578Z 37 PC: 142f3 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:07:06.254368181Z 53 PC: 142ea | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:07:06.255573741Z 37 PC: 142f3 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:07:06.257422377Z 53 PC: 142ea | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:07:06.258633739Z 37 PC: 142f3 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:07:06.259881533Z 53 PC: 142ea | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:07:06.26170459Z 37 PC: 142f3 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:07:06.262943649Z 53 PC: 142ea | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:07:06.264068031Z 37 PC: 142f3 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:07:06.266267292Z 53 PC: 142ea | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:07:06.267529044Z 37 PC: 142f3 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:07:06.268725839Z 53 PC: 142ea | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:07:06.270088262Z 37 PC: 142f3 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:07:06.271645381Z 53 PC: 142ea | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:07:06.272761632Z 37 PC: 142f3 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:07:06.273975377Z 53 PC: 142ea | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:07:06.275518032Z 37 PC: 142f3 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:07:06.276566268Z 53 PC: 142ea | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:07:06.277944208Z 37 PC: 142f3 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:07:06.279697455Z 53 PC: 142ea | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:07:06.280990709Z 37 PC: 142f3 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:07:06.293990757Z 53 PC: 142ea | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:07:06.296245602Z 37 PC: 142f3 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:07:06.298369165Z 41 PC: 142a1 | Parse filename
2018-12-17T23:07:06.300229541Z 41 PC: 142af | Parse filename
2018-12-17T23:07:06.30277308Z 75 PC: 142ba | Execute program
2018-12-17T23:07:06.329329314Z 80 PC: 1ef49 | Set current PSP
2018-12-17T23:07:06.330612965Z 48 PC: 1ef4e | Get DOS version
2018-12-17T23:07:06.333089462Z 99 PC: 25730 | Get DBCS lead byte table pointer
2018-12-17T23:07:06.335969591Z 101 PC: 1efd4 | Get extended country info
2018-12-17T23:07:06.337558351Z 99 PC: 1efda | Get DBCS lead byte table pointer
2018-12-17T23:07:06.340142097Z 74 PC: 1f03c | Reallocate memory
2018-12-17T23:07:06.342361875Z 25 PC: 1f073 | Get default drive
2018-12-17T23:07:06.34402524Z 37 PC: 1eb33 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:07:06.345927752Z 37 PC: 1eb3a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:07:06.348442608Z 37 PC: 1eb41 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:07:06.352505057Z 74 PC: 1dcdc | Reallocate memory
2018-12-17T23:07:06.35404268Z 72 PC: 1dd1d | Allocate memory
2018-12-17T23:07:06.35627381Z 72 PC: 1dd55 | Allocate memory
2018-12-17T23:07:06.358451645Z 72 PC: 1dd5d | Allocate memory