Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Loulou

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:08:13.26775154Z 53 PC: 1318a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:13.270438123Z 53 PC: 1318a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:08:13.271906012Z 53 PC: 1318a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:08:13.273040215Z 53 PC: 1318a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:13.274824019Z 53 PC: 1318a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:08:13.27622377Z 53 PC: 1318a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:13.277843003Z 53 PC: 1318a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:08:13.279638108Z 53 PC: 1318a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:08:13.281320218Z 53 PC: 1318a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:08:13.282754977Z 53 PC: 1318a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:08:13.284549743Z 53 PC: 1318a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:08:13.287053183Z 53 PC: 1318a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:08:13.288163029Z 53 PC: 1318a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:08:13.289326476Z 53 PC: 1318a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:08:13.291318079Z 53 PC: 1318a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:08:13.29282783Z 53 PC: 1318a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:08:13.294274166Z 53 PC: 1318a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:08:13.296162609Z 53 PC: 1318a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:08:13.297592505Z 53 PC: 1318a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:08:13.299077515Z 37 PC: 1319f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:13.30119572Z 37 PC: 131a7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:08:13.303058897Z 37 PC: 131af | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:13.304443981Z 37 PC: 131b7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:08:13.307516959Z 68 PC: 1405f | I/O control for devices (Set for = '')
2018-12-17T23:08:13.309218565Z 42 PC: 12fa7 | Get date 0x12fa7: xor ah, ah
0x12fa9: les di, ptr [bp + 6]
0x12fac: stosw word ptr es:[di], ax
0x12fad: mov al, dl
0x12faf: les di, ptr [bp + 0xa]
0x12fb2: stosw word ptr es:[di], ax
0x12fb3: mov al, dh
0x12fb5: les di, ptr [bp + 0xe]
0x12fb8: stosw word ptr es:[di], ax
0x12fb9: xchg ax, cx
0x12fba: les di, ptr [bp + 0x12]
0x12fbd: stosw word ptr es:[di], ax
0x12fbe: pop bp
0x12fbf: retf 0x10
0x12fc2: push bp
0x12fc3: mov bp, sp
0x12fc5: mov cx, word ptr [bp + 0xa]
0x12fc8: mov dh, byte ptr [bp + 8]
0x12fcb: mov dl, byte ptr [bp + 6]
0x12fce: mov ah, 0x2b
2018-12-17T23:08:13.311865163Z 26 PC: 13037 | Set disk transfer address
2018-12-17T23:08:13.313836646Z 78 PC: 13043 | Find first file
2018-12-17T23:08:13.320696093Z 26 PC: 1305b | Set disk transfer address
2018-12-17T23:08:13.322148997Z 79 PC: 13060 | Find next file
2018-12-17T23:08:13.326727827Z 61 PC: 13ab3 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:08:13.333624941Z 63 PC: 13b86 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:08:13.340773Z 66 PC: 1415e | Move file pointer
2018-12-17T23:08:13.342283741Z 66 PC: 1416c | Move file pointer
2018-12-17T23:08:13.344462072Z 66 PC: 1417a | Move file pointer
2018-12-17T23:08:13.346253869Z 62 PC: 13b03 | Close file
2018-12-17T23:08:13.348263464Z 26 PC: 1305b | Set disk transfer address
2018-12-17T23:08:13.35007585Z 79 PC: 13060 | Find next file
2018-12-17T23:08:13.353421075Z 61 PC: 13ab3 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:08:13.360940086Z 63 PC: 13b86 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:08:13.369325652Z 66 PC: 1415e | Move file pointer
2018-12-17T23:08:13.371306401Z 66 PC: 1416c | Move file pointer
2018-12-17T23:08:13.373289884Z 66 PC: 1417a | Move file pointer
2018-12-17T23:08:13.375852497Z 62 PC: 13b03 | Close file
2018-12-17T23:08:13.37808611Z 26 PC: 1305b | Set disk transfer address
2018-12-17T23:08:13.379579204Z 79 PC: 13060 | Find next file
2018-12-17T23:08:13.383530549Z 61 PC: 13ab3 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:08:13.390461014Z 63 PC: 13b86 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:08:13.397332477Z 66 PC: 1415e | Move file pointer
2018-12-17T23:08:13.399483131Z 66 PC: 1416c | Move file pointer
2018-12-17T23:08:13.400660573Z 66 PC: 1417a | Move file pointer
2018-12-17T23:08:13.401934314Z 62 PC: 13b03 | Close file
2018-12-17T23:08:13.404451079Z 26 PC: 1305b | Set disk transfer address
2018-12-17T23:08:13.405550697Z 79 PC: 13060 | Find next file
2018-12-17T23:08:13.40828282Z 61 PC: 13ab3 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:08:13.41630839Z 63 PC: 13b86 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:08:13.422774907Z 66 PC: 1415e | Move file pointer
2018-12-17T23:08:13.424589794Z 66 PC: 1416c | Move file pointer
2018-12-17T23:08:13.426634312Z 66 PC: 1417a | Move file pointer
2018-12-17T23:08:13.428460908Z 62 PC: 13b03 | Close file
2018-12-17T23:08:13.430803643Z 26 PC: 1305b | Set disk transfer address
2018-12-17T23:08:13.433067093Z 79 PC: 13060 | Find next file
2018-12-17T23:08:13.436681099Z 61 PC: 13ab3 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:08:13.444747425Z 63 PC: 13b86 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:08:13.45209022Z 66 PC: 1415e | Move file pointer
2018-12-17T23:08:13.453903598Z 66 PC: 1416c | Move file pointer
2018-12-17T23:08:13.455600334Z 66 PC: 1417a | Move file pointer
2018-12-17T23:08:13.458209007Z 62 PC: 13b03 | Close file
2018-12-17T23:08:13.460684298Z 26 PC: 1305b | Set disk transfer address
2018-12-17T23:08:13.461942672Z 79 PC: 13060 | Find next file
2018-12-17T23:08:13.465920042Z 61 PC: 13ab3 | Open file (Filename = 'PAH.COM')
2018-12-17T23:08:13.472766182Z 63 PC: 13b86 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:08:13.479479301Z 66 PC: 1415e | Move file pointer
2018-12-17T23:08:13.482159773Z 66 PC: 1416c | Move file pointer
2018-12-17T23:08:13.483898316Z 66 PC: 1417a | Move file pointer
2018-12-17T23:08:13.485773181Z 62 PC: 13b03 | Close file
2018-12-17T23:08:13.489101699Z 26 PC: 1305b | Set disk transfer address
2018-12-17T23:08:13.490169387Z 79 PC: 13060 | Find next file
2018-12-17T23:08:13.492959754Z 61 PC: 13ab3 | Open file (Filename = 'PAH.COM')
2018-12-17T23:08:13.500072717Z 63 PC: 13b86 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:08:13.502688117Z 66 PC: 1415e | Move file pointer
2018-12-17T23:08:13.503926816Z 66 PC: 1416c | Move file pointer
2018-12-17T23:08:13.506057836Z 66 PC: 1417a | Move file pointer
2018-12-17T23:08:13.507458922Z 62 PC: 13b03 | Close file
2018-12-17T23:08:13.50923675Z 26 PC: 13037 | Set disk transfer address
2018-12-17T23:08:13.510475604Z 78 PC: 13043 | Find first file
2018-12-17T23:08:13.517116974Z 26 PC: 1305b | Set disk transfer address
2018-12-17T23:08:13.518449836Z 79 PC: 13060 | Find next file
2018-12-17T23:08:13.52251642Z 61 PC: 13ab3 | Open file (Filename = 'TEST.EXE')
2018-12-17T23:08:13.529930129Z 63 PC: 13b86 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:08:13.536435298Z 62 PC: 13b03 | Close file
2018-12-17T23:08:13.539134483Z 48 PC: 13c75 | Get DOS version
2018-12-17T23:08:13.541610292Z 61 PC: 13ab3 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:08:13.548502648Z 63 PC: 13b86 | Read file or device (Read 4745 bytes on handle 5)
2018-12-17T23:08:13.556210235Z 62 PC: 13b03 | Close file
2018-12-17T23:08:13.559243471Z 61 PC: 13ab3 | Open file (Filename = 'TEST.EXE')
2018-12-17T23:08:13.566127193Z 66 PC: 1415e | Move file pointer
2018-12-17T23:08:13.567745211Z 66 PC: 1416c | Move file pointer
2018-12-17T23:08:13.570403028Z 66 PC: 1417a | Move file pointer
2018-12-17T23:08:13.572178605Z 63 PC: 13b86 | Read file or device (Read 6544 bytes on handle 5)
2018-12-17T23:08:13.579629978Z 66 PC: 13be5 | Move file pointer
2018-12-17T23:08:13.582357213Z 64 PC: 13b86 | Write file or device (Write 4745 bytes on handle 5)
2018-12-17T23:08:13.596886945Z 64 PC: 13b86 | Write file or device (Write 6544 bytes on handle 5)
2018-12-17T23:08:13.608380339Z 62 PC: 13b03 | Close file
2018-12-17T23:08:13.618324178Z 48 PC: 13c75 | Get DOS version
2018-12-17T23:08:13.619792223Z 61 PC: 13ab3 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:08:13.626786643Z 66 PC: 1415e | Move file pointer
2018-12-17T23:08:13.628601087Z 66 PC: 1416c | Move file pointer
2018-12-17T23:08:13.629974495Z 66 PC: 1417a | Move file pointer
2018-12-17T23:08:13.631434869Z 63 PC: 13b86 | Read file or device (Read 4745 bytes on handle 5)
2018-12-17T23:08:13.638883391Z 63 PC: 13b86 | Read file or device (Read 6544 bytes on handle 5)
2018-12-17T23:08:13.646119966Z 62 PC: 13b03 | Close file
2018-12-17T23:08:13.648034606Z 60 PC: 13ab3 | Create or truncate file
2018-12-17T23:08:13.661278012Z 64 PC: 13b86 | Write file or device (Write 6544 bytes on handle 5)
2018-12-17T23:08:13.669928316Z 62 PC: 13b03 | Close file
2018-12-17T23:08:13.678415105Z 41 PC: 130ef | Parse filename
2018-12-17T23:08:13.680488027Z 41 PC: 130fd | Parse filename
2018-12-17T23:08:13.681858547Z 75 PC: 13108 | Execute program
2018-12-17T23:08:13.689750136Z 65 PC: 13bfc | Delete file (Filename = 'temp.com')
2018-12-17T23:08:13.702277095Z 64 PC: 1380b | Write file or device (Write 0 bytes on handle 1)
2018-12-17T23:08:13.703971106Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:13.704996986Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:08:13.706781113Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:08:13.708082301Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:13.709255569Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:08:13.710925791Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:13.712009705Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:08:13.713410159Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:08:13.714894037Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:08:13.715887398Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:08:13.716917021Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:08:13.718209261Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:08:13.719223576Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:08:13.720325214Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:08:13.72282984Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:08:13.724003047Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:08:13.725087831Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:08:13.727008574Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:08:13.72813931Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:08:13.730040244Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.732565017Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.734759576Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.737012111Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.740013372Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.742097813Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.74411741Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.747110796Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.749317536Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.751756138Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.754589338Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.756589113Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.758859449Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.761297413Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.763272529Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.765158289Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.767525493Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.769434231Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.771252436Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.77364984Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.775491624Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.777397086Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.779815462Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.781773145Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.783599808Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.786182214Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.787991538Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.79004891Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.792171545Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.794023683Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.795880338Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.798338565Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.800629526Z 6 PC: 13368 | Direct console I/O
2018-12-17T23:08:13.805547546Z 76 PC: 13320 | Terminate with return code (Return code = '103')