Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Merlin.6064

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:07:29.720276241Z	53	PC: 13c72 \| Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:07:29.723162491Z	53	PC: 13cb6 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:07:29.724721776Z	53	PC: 13cd4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:07:29.727172175Z	53	PC: 13e3e \| Get interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T23:07:29.729216326Z	53	PC: 13e4d \| Get interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T23:07:29.730813618Z	37	PC: 13e60 \| Set interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T23:07:29.732395792Z	37	PC: 13e69 \| Set interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T23:07:29.734928906Z	98	PC: 13ea8 \| Get current PSP
2018-12-17T23:07:29.738324995Z	53	PC: 1682a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:07:29.73992619Z	53	PC: 1682a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:07:29.741368868Z	53	PC: 1682a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:07:29.743026478Z	53	PC: 1682a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:07:29.744287414Z	53	PC: 1682a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:07:29.745418742Z	53	PC: 1682a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:07:29.747111487Z	53	PC: 1682a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:07:29.748364177Z	53	PC: 1682a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:07:29.749614509Z	53	PC: 1682a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:07:29.751802514Z	53	PC: 1682a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:07:29.753609713Z	53	PC: 1682a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:07:29.754688851Z	53	PC: 1682a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:07:29.757212137Z	53	PC: 1682a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:07:29.758918042Z	53	PC: 1682a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:07:29.761506378Z	53	PC: 1682a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:07:29.766837897Z	53	PC: 1682a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:07:29.768573501Z	53	PC: 1682a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:07:29.770130242Z	53	PC: 1682a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:07:29.772205245Z	53	PC: 1682a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:07:29.773909681Z	37	PC: 1683f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:07:29.775177079Z	37	PC: 16847 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:07:29.776753707Z	37	PC: 1684f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:07:29.77843178Z	37	PC: 16857 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:07:29.779895582Z	68	PC: 174b9 \| I/O control for devices (Set for = '')
2018-12-17T23:07:29.782078788Z	44	PC: 15ff0 \| Get time 0x15ff0: mov word ptr cs:[0x920], cx 0x15ff5: mov word ptr cs:[0x923], dx 0x15ffa: ret 0x15ffb: push bx 0x15ffc: push cx 0x15ffd: push dx 0x15ffe: push ax 0x15fff: mov ax, 0 0x16002: mov bx, 0 0x16005: mov cx, ax 0x16007: mov dx, 0x8405 0x1600a: mul dx 0x1600c: shl cx, 3 0x1600f: add ch, cl 0x16011: add dx, cx 0x16013: add dx, bx 0x16015: shl bx, 2 0x16018: add dx, bx 0x1601a: add dh, bl 0x1601c: mov cl, 5
2018-12-17T23:07:29.785364274Z	61	PC: 16f81 \| Open file (Filename = 'c:\mirc\mirc.ini')
2018-12-17T23:07:29.79167344Z	61	PC: 16f81 \| Open file (Filename = 'c:\progra~1\mirc\mirc.ini')
2018-12-17T23:07:29.797865052Z	60	PC: 16f81 \| Create or truncate file
2018-12-17T23:07:29.823518624Z	62	PC: 16fd1 \| Close file
2018-12-17T23:07:29.825832436Z	65	PC: 170ca \| Delete file (Filename = '�')
2018-12-17T23:07:29.837230303Z	26	PC: 16695 \| Set disk transfer address
2018-12-17T23:07:29.839836901Z	78	PC: 166a1 \| Find first file
2018-12-17T23:07:29.846333241Z	61	PC: 16f81 \| Open file (Filename = 'TEST.EXE')
2018-12-17T23:07:29.853311305Z	66	PC: 175b8 \| Move file pointer
2018-12-17T23:07:29.855960138Z	66	PC: 175c6 \| Move file pointer
2018-12-17T23:07:29.858393765Z	66	PC: 175d4 \| Move file pointer
2018-12-17T23:07:29.860559211Z	66	PC: 175b8 \| Move file pointer
2018-12-17T23:07:29.862899886Z	66	PC: 175c6 \| Move file pointer
2018-12-17T23:07:29.864446926Z	66	PC: 175d4 \| Move file pointer
2018-12-17T23:07:29.866062048Z	63	PC: 17054 \| Read file or device (Read 28 bytes on handle 5)
2018-12-17T23:07:29.86969867Z	62	PC: 16fd1 \| Close file
2018-12-17T23:07:29.871362562Z	26	PC: 166b9 \| Set disk transfer address
2018-12-17T23:07:29.872231236Z	79	PC: 166be \| Find next file
2018-12-17T23:07:29.875843432Z	61	PC: 16f81 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T23:07:29.881927509Z	66	PC: 175b8 \| Move file pointer
2018-12-17T23:07:29.883106777Z	66	PC: 175c6 \| Move file pointer
2018-12-17T23:07:29.885432164Z	66	PC: 175d4 \| Move file pointer
2018-12-17T23:07:29.886984528Z	66	PC: 175b8 \| Move file pointer
2018-12-17T23:07:29.888362114Z	66	PC: 175c6 \| Move file pointer
2018-12-17T23:07:29.890281342Z	66	PC: 175d4 \| Move file pointer
2018-12-17T23:07:29.891839336Z	63	PC: 17054 \| Read file or device (Read 28 bytes on handle 5)
2018-12-17T23:07:29.894613404Z	66	PC: 175b8 \| Move file pointer
2018-12-17T23:07:29.896954609Z	66	PC: 175c6 \| Move file pointer
2018-12-17T23:07:29.898444582Z	66	PC: 175d4 \| Move file pointer
2018-12-17T23:07:29.900357487Z	66	PC: 175b8 \| Move file pointer
2018-12-17T23:07:29.902227549Z	66	PC: 175c6 \| Move file pointer
2018-12-17T23:07:29.903515494Z	66	PC: 175d4 \| Move file pointer
2018-12-17T23:07:29.904877506Z	66	PC: 175b8 \| Move file pointer
2018-12-17T23:07:29.906633649Z	66	PC: 175c6 \| Move file pointer
2018-12-17T23:07:29.907889571Z	66	PC: 175d4 \| Move file pointer
2018-12-17T23:07:29.909265643Z	62	PC: 16fd1 \| Close file
2018-12-17T23:07:29.912193626Z	64	PC: 16c48 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T23:07:29.91383011Z	37	PC: 16981 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:07:29.915555986Z	37	PC: 16981 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:07:29.917077861Z	37	PC: 16981 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:07:29.918511102Z	37	PC: 16981 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:07:29.919453223Z	37	PC: 16981 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:07:29.920977655Z	37	PC: 16981 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:07:29.922007424Z	37	PC: 16981 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:07:29.923101541Z	37	PC: 16981 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:07:29.924723925Z	37	PC: 16981 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:07:29.926856075Z	37	PC: 16981 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:07:29.928403908Z	37	PC: 16981 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:07:29.930174738Z	37	PC: 16981 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:07:29.931496159Z	37	PC: 16981 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:07:29.932565053Z	37	PC: 16981 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:07:29.933797449Z	37	PC: 16981 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:07:29.935463277Z	37	PC: 16981 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:07:29.936973267Z	37	PC: 16981 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:07:29.93864967Z	37	PC: 16981 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:07:29.941229907Z	37	PC: 16981 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:07:29.942827902Z	37	PC: 13f00 \| Set interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T23:07:29.944347267Z	37	PC: 13f0a \| Set interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T23:07:29.94613991Z	98	PC: 13f0e \| Get current PSP
2018-12-17T23:07:29.947270298Z	26	PC: 13f19 \| Set disk transfer address
2018-12-17T23:07:29.948730901Z	9	PC: 12a5c \| Display string (Could not find end pointer)
2018-12-17T23:07:29.954349491Z	76	PC: 12a61 \| Terminate with return code (Return code = '0')