Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Nutmeg.3310

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:08:20.172285625Z	53	PC: 1411a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:20.174396001Z	53	PC: 1411a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:08:20.177118719Z	53	PC: 1411a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:08:20.17900289Z	53	PC: 1411a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:20.180915265Z	53	PC: 1411a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:08:20.184202223Z	53	PC: 1411a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:20.186395916Z	53	PC: 1411a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:08:20.188554233Z	53	PC: 1411a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:08:20.191242837Z	53	PC: 1411a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:08:20.202517529Z	53	PC: 1411a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:08:20.205162961Z	53	PC: 1411a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:08:20.207721881Z	53	PC: 1411a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:08:20.2114935Z	53	PC: 1411a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:08:20.213320164Z	53	PC: 1411a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:08:20.214964715Z	53	PC: 1411a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:08:20.217341592Z	53	PC: 1411a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:08:20.219102923Z	53	PC: 1411a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:08:20.220792759Z	53	PC: 1411a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:08:20.223148687Z	53	PC: 1411a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:08:20.224610054Z	37	PC: 1412f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:20.225961955Z	37	PC: 14137 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:08:20.228299619Z	37	PC: 1413f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:20.229678671Z	37	PC: 14147 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:08:20.231993402Z	68	PC: 147e6 \| I/O control for devices (Set for = '�6��T��t,��\')
2018-12-17T23:08:20.234982801Z	44	PC: 1491d \| Get time 0x1491d: mov word ptr [0x3e], cx 0x14921: mov word ptr [0x40], dx 0x14925: retf 0x14926: mov di, 0x50 0x14929: push ds 0x1492a: pop es 0x1492b: mov cx, 0x122a 0x1492e: sub cx, di 0x14930: shr cx, 1 0x14932: xor ax, ax 0x14934: cld 0x14935: rep stosd dword ptr es:[di], eax 0x14937: ret 0x14938: add byte ptr [bx + si], al 0x1493a: add byte ptr [bx + si], al 0x1493c: add byte ptr [bx + si], al 0x1493e: add byte ptr [bx + si], al 0x14940: add byte ptr [bx + si], al 0x14942: add byte ptr [bx + si], al 0x14944: add byte ptr [bx + si], al
2018-12-17T23:08:20.237530029Z	81	PC: 12a44 \| Get current PSP
2018-12-17T23:08:20.239245022Z	61	PC: 12a91 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:08:20.247331311Z	63	PC: 12a66 \| Read file or device (Read 3310 bytes on handle 5)
2018-12-17T23:08:20.255611445Z	62	PC: 12ab2 \| Close file
2018-12-17T23:08:20.258351364Z	86	PC: 12ada \| Rename file
2018-12-17T23:08:20.278604202Z	60	PC: 12ac2 \| Create or truncate file
2018-12-17T23:08:20.291167666Z	62	PC: 12ab2 \| Close file
2018-12-17T23:08:20.294153198Z	61	PC: 12aed \| Open file (Filename = 'XAJGQIEI.PXJ')
2018-12-17T23:08:20.302265907Z	61	PC: 12af9 \| Open file (Filename = 'þ�')
2018-12-17T23:08:20.319587414Z	66	PC: 12b09 \| Move file pointer
2018-12-17T23:08:20.321579519Z	66	PC: 12b15 \| Move file pointer
2018-12-17T23:08:20.323685688Z	63	PC: 12b24 \| Read file or device (Read 4096 bytes on handle 5)
2018-12-17T23:08:20.328483065Z	64	PC: 12b2d \| Write file or device (Write 0 bytes on handle 6)
2018-12-17T23:08:20.331134298Z	62	PC: 12b39 \| Close file
2018-12-17T23:08:20.333496388Z	62	PC: 12b40 \| Close file
2018-12-17T23:08:20.342938235Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:20.344743598Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:20.346371538Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:08:20.34861774Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:08:20.350961175Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:08:20.352408525Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:08:20.354941446Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:20.356559548Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:20.357982623Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:08:20.359374449Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:08:20.361348639Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:20.362698787Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:20.364021613Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:08:20.366298874Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:08:20.367596272Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:08:20.368920201Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:08:20.371347674Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:08:20.372850839Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:08:20.374329899Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:08:20.376831681Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:08:20.378603462Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:08:20.380158535Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:08:20.381891171Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:08:20.383692457Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:08:20.385181205Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:08:20.386698998Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:08:20.388796711Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:08:20.390096314Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:08:20.391825935Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:08:20.394261793Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:08:20.395795516Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:08:20.397316365Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:08:20.399532149Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:08:20.400920489Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:08:20.402252663Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:08:20.404394639Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:08:20.405726272Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:08:20.407168192Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:08:20.409751287Z	41	PC: 14046 \| Parse filename
2018-12-17T23:08:20.411394907Z	41	PC: 14054 \| Parse filename
2018-12-17T23:08:20.413020923Z	75	PC: 1405f \| Execute program
2018-12-17T23:08:20.423542319Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:20.427028552Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:20.428435967Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:08:20.430594044Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:08:20.432397383Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:08:20.433827361Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:08:20.43504011Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:20.43738597Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:20.438910716Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:08:20.440436403Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:08:20.4429084Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:20.44483965Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:20.446681953Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:08:20.449354516Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:08:20.450958962Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:08:20.452507372Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:08:20.455165639Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:08:20.456519393Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:08:20.457801202Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:08:20.459081248Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:08:20.460878246Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:08:20.462393945Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:08:20.463932657Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:08:20.466469826Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:08:20.468012055Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:08:20.469587907Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:08:20.471545046Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:08:20.473433124Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:08:20.475107021Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:08:20.477726054Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:08:20.479327313Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:08:20.481458048Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:08:20.484266146Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:08:20.486103039Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:08:20.487698167Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:08:20.494042482Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:08:20.495753588Z	53	PC: 1408f \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:08:20.497737547Z	37	PC: 14098 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:08:20.500464834Z	65	PC: 12aa5 \| Delete file (Filename = '��uM�D$')
2018-12-17T23:08:20.512941344Z	86	PC: 12ada \| Rename file
2018-12-17T23:08:20.531308668Z	53	PC: 13faa \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-17T23:08:20.534215181Z	37	PC: 13fc6 \| Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-17T23:08:20.53587975Z	49	PC: 13fe1 \| Terminate and stay resident (Return code = '0' \| Memory size = '1105')