Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Merlin.4323

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:07:07.164920955Z	53	PC: 12a60 \| Get interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T23:07:07.166648412Z	53	PC: 12a6f \| Get interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T23:07:07.167861221Z	37	PC: 12a82 \| Set interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T23:07:07.168944182Z	37	PC: 12a8b \| Set interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T23:07:07.171938669Z	53	PC: 1442a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:07:07.173775391Z	53	PC: 1442a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:07:07.175200063Z	53	PC: 1442a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:07:07.176621458Z	53	PC: 1442a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:07:07.178812382Z	53	PC: 1442a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:07:07.179907442Z	53	PC: 1442a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:07:07.181014736Z	53	PC: 1442a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:07:07.182688532Z	53	PC: 1442a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:07:07.18399122Z	53	PC: 1442a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:07:07.185395806Z	53	PC: 1442a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:07:07.187330442Z	53	PC: 1442a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:07:07.188488091Z	53	PC: 1442a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:07:07.189542836Z	53	PC: 1442a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:07:07.191146859Z	53	PC: 1442a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:07:07.201936134Z	53	PC: 1442a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:07:07.203053931Z	53	PC: 1442a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:07:07.204931148Z	53	PC: 1442a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:07:07.20615443Z	53	PC: 1442a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:07:07.207266738Z	53	PC: 1442a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:07:07.208952577Z	37	PC: 1443f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:07:07.210220482Z	37	PC: 14447 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:07:07.211251604Z	37	PC: 1444f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:07:07.212901671Z	37	PC: 14457 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:07:07.214512314Z	68	PC: 14dfd \| I/O control for devices (Set for = '��f��!��0��')
2018-12-17T23:07:07.215783268Z	44	PC: 14274 \| Get time 0x14274: mov word ptr cs:[0x754], cx 0x14279: mov word ptr cs:[0x757], dx 0x1427e: ret 0x1427f: push bx 0x14280: push cx 0x14281: push dx 0x14282: push ax 0x14283: mov ax, 0 0x14286: mov bx, 0 0x14289: mov cx, ax 0x1428b: mov dx, 0x8405 0x1428e: mul dx 0x14290: shl cx, 3 0x14293: add ch, cl 0x14295: add dx, cx 0x14297: add dx, bx 0x14299: shl bx, 2 0x1429c: add dx, bx 0x1429e: add dh, bl 0x142a0: mov cl, 5
2018-12-17T23:07:07.219154504Z	60	PC: 14af0 \| Create or truncate file
2018-12-17T23:07:07.23653322Z	62	PC: 14b40 \| Close file
2018-12-17T23:07:07.238157239Z	65	PC: 14c39 \| Delete file (Filename = '�')
2018-12-17T23:07:07.246636263Z	26	PC: 14305 \| Set disk transfer address
2018-12-17T23:07:07.247663035Z	78	PC: 14311 \| Find first file
2018-12-17T23:07:07.253880631Z	64	PC: 14848 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T23:07:07.255932365Z	37	PC: 14581 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:07:07.256879881Z	37	PC: 14581 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:07:07.257868572Z	37	PC: 14581 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:07:07.259259791Z	37	PC: 14581 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:07:07.260510546Z	37	PC: 14581 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:07:07.261636208Z	37	PC: 14581 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:07:07.262925192Z	37	PC: 14581 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:07:07.264221275Z	37	PC: 14581 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:07:07.26523234Z	37	PC: 14581 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:07:07.266501763Z	37	PC: 14581 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:07:07.267579031Z	37	PC: 14581 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:07:07.268588688Z	37	PC: 14581 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:07:07.269647425Z	37	PC: 14581 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:07:07.271137793Z	37	PC: 14581 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:07:07.272146134Z	37	PC: 14581 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:07:07.273286595Z	37	PC: 14581 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:07:07.274734006Z	37	PC: 14581 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:07:07.275697155Z	37	PC: 14581 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:07:07.276612934Z	37	PC: 14581 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:07:07.278170643Z	37	PC: 12af4 \| Set interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T23:07:07.279153046Z	37	PC: 12afe \| Set interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T23:07:07.280126073Z	98	PC: 12b02 \| Get current PSP
2018-12-17T23:07:07.281360384Z	26	PC: 12b0d \| Set disk transfer address