Sample viewer

vx.netlux.org/Virus.DOS.HLLO.3855

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:08:06.267700612Z	53	PC: 132a2 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:06.269503236Z	53	PC: 132a2 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:08:06.271655752Z	53	PC: 132a2 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:08:06.27329721Z	53	PC: 132a2 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:06.274902875Z	53	PC: 132a2 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:08:06.276892601Z	53	PC: 132a2 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:06.278339801Z	53	PC: 132a2 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:08:06.280414143Z	53	PC: 132a2 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:08:06.282116035Z	53	PC: 132a2 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:08:06.283368716Z	53	PC: 132a2 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:08:06.284591715Z	53	PC: 132a2 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:08:06.286944662Z	53	PC: 132a2 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:08:06.288263373Z	53	PC: 132a2 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:08:06.289557698Z	53	PC: 132a2 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:08:06.29130614Z	53	PC: 132a2 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:08:06.292518788Z	53	PC: 132a2 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:08:06.294026622Z	53	PC: 132a2 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:08:06.295380519Z	53	PC: 132a2 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:08:06.29691636Z	53	PC: 132a2 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:08:06.298809995Z	37	PC: 132b7 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:06.299783653Z	37	PC: 132bf \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:08:06.301315384Z	37	PC: 132c7 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:06.3032561Z	37	PC: 132cf \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:08:06.305021804Z	68	PC: 13641 \| I/O control for devices (Set for = '')
2018-12-17T23:08:06.307230426Z	44	PC: 13ba5 \| Get time 0x13ba5: mov word ptr [0x3e], cx 0x13ba9: mov word ptr [0x40], dx 0x13bad: retf 0x13bae: mov bx, sp 0x13bb0: push ds 0x13bb1: les di, ptr ss:[bx + 8] 0x13bb5: lds si, ptr ss:[bx + 4] 0x13bb9: cld 0x13bba: xor ax, ax 0x13bbc: stosw word ptr es:[di], ax 0x13bbd: mov ax, 0xd7b0 0x13bc0: stosw word ptr es:[di], ax 0x13bc1: xor ax, ax 0x13bc3: mov cx, 0x16 0x13bc6: rep stosd dword ptr es:[di], eax 0x13bc8: lodsb al, byte ptr [si] 0x13bc9: cmp al, 0x4f 0x13bcb: jbe 0x13bcf 0x13bcd: mov al, 0x4f 0x13bcf: mov cl, al
2018-12-17T23:08:06.310271487Z	26	PC: 131f5 \| Set disk transfer address
2018-12-17T23:08:06.311304732Z	78	PC: 13201 \| Find first file
2018-12-17T23:08:06.31630351Z	61	PC: 13c24 \| Open file (Filename = 'TEST.EXE')
2018-12-17T23:08:06.320664905Z	48	PC: 13d72 \| Get DOS version
2018-12-17T23:08:06.322135219Z	61	PC: 13c24 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:08:06.330075552Z	63	PC: 13cb6 \| Read file or device (Read 3855 bytes on handle 5)
2018-12-17T23:08:06.338771818Z	63	PC: 13cb6 \| Read file or device (Read 3855 bytes on handle 6)
2018-12-17T23:08:06.346940193Z	26	PC: 13219 \| Set disk transfer address
2018-12-17T23:08:06.349213705Z	79	PC: 1321e \| Find next file
2018-12-17T23:08:06.352238653Z	61	PC: 13c24 \| Open file (Filename = 'TEST.EXE')
2018-12-17T23:08:06.359518261Z	48	PC: 13d72 \| Get DOS version
2018-12-17T23:08:06.361368622Z	61	PC: 13c24 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:08:06.369745693Z	63	PC: 13cb6 \| Read file or device (Read 3855 bytes on handle 7)
2018-12-17T23:08:06.377935152Z	63	PC: 13cb6 \| Read file or device (Read 3855 bytes on handle 8)
2018-12-17T23:08:06.387036801Z	64	PC: 13744 \| Write file or device (Write 26 bytes on handle 1)
2018-12-17T23:08:06.392820574Z	64	PC: 13744 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T23:08:06.394875412Z	37	PC: 133b6 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:06.396322807Z	37	PC: 133b6 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:08:06.39825589Z	37	PC: 133b6 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:08:06.399541357Z	37	PC: 133b6 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:06.400817492Z	37	PC: 133b6 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:08:06.402771757Z	37	PC: 133b6 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:06.404082523Z	37	PC: 133b6 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:08:06.405400011Z	37	PC: 133b6 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:08:06.407408917Z	37	PC: 133b6 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:08:06.408739619Z	37	PC: 133b6 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:08:06.410089062Z	37	PC: 133b6 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:08:06.41236888Z	37	PC: 133b6 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:08:06.413697949Z	37	PC: 133b6 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:08:06.415329145Z	37	PC: 133b6 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:08:06.417875397Z	37	PC: 133b6 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:08:06.419075872Z	37	PC: 133b6 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:08:06.420599482Z	37	PC: 133b6 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:08:06.422304774Z	37	PC: 133b6 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:08:06.424385336Z	37	PC: 133b6 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:08:06.426111698Z	76	PC: 133f5 \| Terminate with return code (Return code = '0')