Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Snooze.9504

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:07:12.988291215Z	53	PC: 13dfa \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:07:12.996734778Z	53	PC: 13dfa \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:07:12.998213768Z	53	PC: 13dfa \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:07:12.999582461Z	53	PC: 13dfa \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:07:13.002039701Z	53	PC: 13dfa \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:07:13.003932188Z	53	PC: 13dfa \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:07:13.005343481Z	53	PC: 13dfa \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:07:13.007105774Z	53	PC: 13dfa \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:07:13.009495346Z	53	PC: 13dfa \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:07:13.010810769Z	53	PC: 13dfa \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:07:13.012156058Z	53	PC: 13dfa \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:07:13.014345153Z	53	PC: 13dfa \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:07:13.015821619Z	53	PC: 13dfa \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:07:13.017247429Z	53	PC: 13dfa \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:07:13.021627543Z	53	PC: 13dfa \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:07:13.022869438Z	53	PC: 13dfa \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:07:13.024093268Z	53	PC: 13dfa \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:07:13.026083028Z	53	PC: 13dfa \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:07:13.027773997Z	53	PC: 13dfa \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:07:13.02961586Z	37	PC: 13e0f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:07:13.032241345Z	37	PC: 13e17 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:07:13.033639403Z	37	PC: 13e1f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:07:13.034992557Z	37	PC: 13e27 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:07:13.037738309Z	68	PC: 14a6c \| I/O control for devices (Set for = '')
2018-12-17T23:07:13.03960597Z	53	PC: 13b70 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:07:13.041262083Z	37	PC: 13b8c \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:07:13.049397155Z	48	PC: 14682 \| Get DOS version
2018-12-17T23:07:13.051581021Z	61	PC: 144c0 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:07:13.059337712Z	63	PC: 14593 \| Read file or device (Read 9504 bytes on handle 5)
2018-12-17T23:07:13.074832621Z	62	PC: 14510 \| Close file
2018-12-17T23:07:13.07842304Z	26	PC: 13b0f \| Set disk transfer address
2018-12-17T23:07:13.079968616Z	78	PC: 13b1b \| Find first file
2018-12-17T23:07:13.087517316Z	26	PC: 13b33 \| Set disk transfer address
2018-12-17T23:07:13.089383875Z	79	PC: 13b38 \| Find next file
2018-12-17T23:07:13.092935251Z	26	PC: 13b33 \| Set disk transfer address
2018-12-17T23:07:13.094476809Z	79	PC: 13b38 \| Find next file
2018-12-17T23:07:13.099662427Z	26	PC: 13b33 \| Set disk transfer address
2018-12-17T23:07:13.101704205Z	79	PC: 13b38 \| Find next file
2018-12-17T23:07:13.105610098Z	26	PC: 13b33 \| Set disk transfer address
2018-12-17T23:07:13.108007354Z	79	PC: 13b38 \| Find next file
2018-12-17T23:07:13.112117571Z	26	PC: 13b33 \| Set disk transfer address
2018-12-17T23:07:13.113709754Z	79	PC: 13b38 \| Find next file
2018-12-17T23:07:13.11769182Z	26	PC: 13b33 \| Set disk transfer address
2018-12-17T23:07:13.119146745Z	79	PC: 13b38 \| Find next file
2018-12-17T23:07:13.123251031Z	26	PC: 13b33 \| Set disk transfer address
2018-12-17T23:07:13.124815502Z	79	PC: 13b38 \| Find next file
2018-12-17T23:07:13.128652595Z	26	PC: 13b33 \| Set disk transfer address
2018-12-17T23:07:13.129892946Z	79	PC: 13b38 \| Find next file
2018-12-17T23:07:13.133652554Z	26	PC: 13b33 \| Set disk transfer address
2018-12-17T23:07:13.135879069Z	79	PC: 13b38 \| Find next file
2018-12-17T23:07:13.13936386Z	26	PC: 13b33 \| Set disk transfer address
2018-12-17T23:07:13.140877305Z	79	PC: 13b38 \| Find next file
2018-12-17T23:07:13.144845094Z	26	PC: 13b33 \| Set disk transfer address
2018-12-17T23:07:13.146247751Z	79	PC: 13b38 \| Find next file
2018-12-17T23:07:13.149773599Z	26	PC: 13b33 \| Set disk transfer address
2018-12-17T23:07:13.152999974Z	79	PC: 13b38 \| Find next file
2018-12-17T23:07:13.156833881Z	26	PC: 13b33 \| Set disk transfer address
2018-12-17T23:07:13.158244223Z	79	PC: 13b38 \| Find next file
2018-12-17T23:07:13.162495224Z	26	PC: 13b33 \| Set disk transfer address
2018-12-17T23:07:13.163916155Z	79	PC: 13b38 \| Find next file
2018-12-17T23:07:13.167852895Z	64	PC: 14218 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T23:07:13.170655995Z	37	PC: 13f51 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:07:13.172250021Z	37	PC: 13f51 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:07:13.17381299Z	37	PC: 13f51 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:07:13.1756218Z	37	PC: 13f51 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:07:13.177490894Z	37	PC: 13f51 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:07:13.18035609Z	37	PC: 13f51 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:07:13.181896425Z	37	PC: 13f51 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:07:13.184269426Z	37	PC: 13f51 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:07:13.185800224Z	37	PC: 13f51 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:07:13.187105398Z	37	PC: 13f51 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:07:13.189712148Z	37	PC: 13f51 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:07:13.191084037Z	37	PC: 13f51 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:07:13.19244777Z	37	PC: 13f51 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:07:13.194204132Z	37	PC: 13f51 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:07:13.195583545Z	37	PC: 13f51 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:07:13.197872778Z	37	PC: 13f51 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:07:13.200408525Z	37	PC: 13f51 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:07:13.201770005Z	37	PC: 13f51 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:07:13.203093693Z	37	PC: 13f51 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:07:13.205366024Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.20892738Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.2114012Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.213770484Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.216769462Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.219186164Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.221655737Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.22459914Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.226961331Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.229505474Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.233351724Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.236486757Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.239103016Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.243113605Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.245748368Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.249295826Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.25407966Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.256745551Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.260371677Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.263641594Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.266681599Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.272476152Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.276642113Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.279448169Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.282161169Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.284729467Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.288739605Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.29136458Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.294695962Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.29865273Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.301904092Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.304494222Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.308090792Z	6	PC: 13fd8 \| Direct console I/O
2018-12-17T23:07:13.312445709Z	76	PC: 13f90 \| Terminate with return code (Return code = '202')