Sample viewer

vx.netlux.org/Virus.DOS.HLLO.Gothmod.4184

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:04:25.34320663Z 53 PC: 12e4a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:04:25.345678961Z 53 PC: 12e4a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:04:25.347836389Z 53 PC: 12e4a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:04:25.349973635Z 53 PC: 12e4a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:04:25.351935932Z 53 PC: 12e4a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:04:25.35427856Z 53 PC: 12e4a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:04:25.355554788Z 53 PC: 12e4a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:04:25.356768802Z 53 PC: 12e4a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:04:25.358989292Z 53 PC: 12e4a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:04:25.360209426Z 53 PC: 12e4a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:04:25.361406333Z 53 PC: 12e4a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:04:25.362567433Z 53 PC: 12e4a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:04:25.370271643Z 53 PC: 12e4a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:04:25.371461554Z 53 PC: 12e4a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:04:25.372833669Z 53 PC: 12e4a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:04:25.374736407Z 53 PC: 12e4a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:04:25.376161409Z 53 PC: 12e4a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:04:25.377635352Z 53 PC: 12e4a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:04:25.380115578Z 53 PC: 12e4a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:04:25.381700472Z 37 PC: 12e5f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:04:25.383202841Z 37 PC: 12e67 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:04:25.385193533Z 37 PC: 12e6f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:04:25.386312592Z 37 PC: 12e77 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:04:25.387760411Z 68 PC: 13a5c | I/O control for devices (Set for = '')
2018-12-17T22:04:25.38998526Z 44 PC: 13b93 | Get time 0x13b93: mov word ptr [0x3e], cx
0x13b97: mov word ptr [0x40], dx
0x13b9b: retf
0x13b9c: call 0x13be3
0x13b9f: jb 0x13bb0
0x13ba1: mov cx, word ptr es:[di + 4]
0x13ba5: cmp cx, 1
0x13ba8: je 0x13bb0
0x13baa: xor bx, bx
0x13bac: push cs
0x13bad: call 0x23710
0x13bb0: retf 4
0x13bb3: call 0x13be3
0x13bb6: jb 0x13bcb
0x13bb8: mov ax, cx
0x13bba: mov dx, bx
0x13bbc: mov cx, word ptr es:[di + 4]
0x13bc0: cmp cx, 1
0x13bc3: je 0x13bcb
0x13bc5: xor bx, bx
2018-12-17T22:04:25.39283614Z 26 PC: 12d95 | Set disk transfer address
2018-12-17T22:04:25.394050345Z 78 PC: 12da1 | Find first file
2018-12-17T22:04:25.400004421Z 26 PC: 12db9 | Set disk transfer address
2018-12-17T22:04:25.40262263Z 79 PC: 12dbe | Find next file
2018-12-17T22:04:25.407058627Z 26 PC: 12db9 | Set disk transfer address
2018-12-17T22:04:25.409652254Z 79 PC: 12dbe | Find next file
2018-12-17T22:04:25.413666168Z 26 PC: 12d95 | Set disk transfer address
2018-12-17T22:04:25.414759096Z 78 PC: 12da1 | Find first file
2018-12-17T22:04:25.42392438Z 26 PC: 12db9 | Set disk transfer address
2018-12-17T22:04:25.425767976Z 79 PC: 12dbe | Find next file
2018-12-17T22:04:25.429256232Z 26 PC: 12db9 | Set disk transfer address
2018-12-17T22:04:25.430676886Z 79 PC: 12dbe | Find next file
2018-12-17T22:04:25.43444423Z 48 PC: 1365e | Get DOS version
2018-12-17T22:04:25.436148486Z 61 PC: 13510 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:04:25.442033322Z 61 PC: 13510 | Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T22:04:25.446705717Z 66 PC: 13bfd | Move file pointer
2018-12-17T22:04:25.447781221Z 66 PC: 13c0b | Move file pointer
2018-12-17T22:04:25.448859519Z 66 PC: 13c19 | Move file pointer
2018-12-17T22:04:25.450478555Z 66 PC: 13bfd | Move file pointer
2018-12-17T22:04:25.451532923Z 66 PC: 13c0b | Move file pointer
2018-12-17T22:04:25.452689715Z 66 PC: 13c19 | Move file pointer
2018-12-17T22:04:25.454455316Z 64 PC: 13541 | Write file or device (Write 0 bytes on handle 6)
2018-12-17T22:04:25.796971147Z 63 PC: 135e3 | Read file or device (Read 256 bytes on handle 5)
2018-12-17T22:04:25.800117067Z 64 PC: 135e3 | Write file or device (Write 256 bytes on handle 6)
2018-12-17T22:04:25.804945212Z 63 PC: 135e3 | Read file or device (Read 256 bytes on handle 5)
2018-12-17T22:04:25.807928891Z 64 PC: 135e3 | Write file or device (Write 256 bytes on handle 6)
2018-12-17T22:04:25.811183277Z 63 PC: 135e3 | Read file or device (Read 256 bytes on handle 5)
2018-12-17T22:04:25.820942852Z 64 PC: 135e3 | Write file or device (Write 256 bytes on handle 6)
2018-12-17T22:04:25.824588713Z 63 PC: 135e3 | Read file or device (Read 256 bytes on handle 5)
2018-12-17T22:04:25.827465672Z 64 PC: 135e3 | Write file or device (Write 256 bytes on handle 6)
2018-12-17T22:04:25.831480375Z 63 PC: 135e3 | Read file or device (Read 256 bytes on handle 5)
2018-12-17T22:04:25.840319454Z 64 PC: 135e3 | Write file or device (Write 256 bytes on handle 6)
2018-12-17T22:04:25.843606882Z 63 PC: 135e3 | Read file or device (Read 256 bytes on handle 5)
2018-12-17T22:04:25.8464736Z 64 PC: 135e3 | Write file or device (Write 256 bytes on handle 6)
2018-12-17T22:04:25.850567597Z 63 PC: 135e3 | Read file or device (Read 256 bytes on handle 5)
2018-12-17T22:04:25.859050924Z 64 PC: 135e3 | Write file or device (Write 256 bytes on handle 6)
2018-12-17T22:04:25.862324847Z 63 PC: 135e3 | Read file or device (Read 256 bytes on handle 5)
2018-12-17T22:04:25.866122701Z 64 PC: 135e3 | Write file or device (Write 256 bytes on handle 6)
2018-12-17T22:04:25.869278416Z 63 PC: 135e3 | Read file or device (Read 256 bytes on handle 5)
2018-12-17T22:04:25.877741889Z 64 PC: 135e3 | Write file or device (Write 256 bytes on handle 6)
2018-12-17T22:04:25.883382969Z 63 PC: 135e3 | Read file or device (Read 256 bytes on handle 5)
2018-12-17T22:04:25.886246223Z 64 PC: 135e3 | Write file or device (Write 256 bytes on handle 6)
2018-12-17T22:04:25.889416463Z 63 PC: 135e3 | Read file or device (Read 256 bytes on handle 5)
2018-12-17T22:04:25.898700963Z 64 PC: 135e3 | Write file or device (Write 256 bytes on handle 6)
2018-12-17T22:04:25.902456469Z 63 PC: 135e3 | Read file or device (Read 256 bytes on handle 5)
2018-12-17T22:04:25.905587964Z 64 PC: 135e3 | Write file or device (Write 256 bytes on handle 6)
2018-12-17T22:04:25.909344095Z 63 PC: 135e3 | Read file or device (Read 256 bytes on handle 5)
2018-12-17T22:04:25.918351823Z 64 PC: 135e3 | Write file or device (Write 256 bytes on handle 6)
2018-12-17T22:04:25.921504533Z 63 PC: 135e3 | Read file or device (Read 256 bytes on handle 5)
2018-12-17T22:04:25.925365324Z 64 PC: 135e3 | Write file or device (Write 256 bytes on handle 6)
2018-12-17T22:04:25.928353947Z 63 PC: 135e3 | Read file or device (Read 256 bytes on handle 5)
2018-12-17T22:04:25.936676844Z 64 PC: 135e3 | Write file or device (Write 256 bytes on handle 6)
2018-12-17T22:04:25.940151611Z 63 PC: 135e3 | Read file or device (Read 256 bytes on handle 5)
2018-12-17T22:04:25.943577543Z 64 PC: 135e3 | Write file or device (Write 256 bytes on handle 6)
2018-12-17T22:04:25.946697878Z 63 PC: 135e3 | Read file or device (Read 256 bytes on handle 5)
2018-12-17T22:04:25.9506013Z 64 PC: 135e3 | Write file or device (Write 88 bytes on handle 6)
2018-12-17T22:04:25.958148062Z 63 PC: 135e3 | Read file or device (Read 256 bytes on handle 5)
2018-12-17T22:04:25.960323483Z 62 PC: 13560 | Close file
2018-12-17T22:04:25.962350345Z 62 PC: 13560 | Close file
2018-12-17T22:04:25.970837462Z 64 PC: 13268 | Write file or device (Write 35 bytes on handle 1)
2018-12-17T22:04:25.975754134Z 64 PC: 13268 | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:04:25.97768419Z 37 PC: 12fa1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:04:25.979978199Z 37 PC: 12fa1 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:04:25.981349154Z 37 PC: 12fa1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:04:25.982677065Z 37 PC: 12fa1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:04:25.984916994Z 37 PC: 12fa1 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:04:25.986937247Z 37 PC: 12fa1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:04:25.988597111Z 37 PC: 12fa1 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:04:25.990486593Z 37 PC: 12fa1 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:04:25.992617574Z 37 PC: 12fa1 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:04:25.9944256Z 37 PC: 12fa1 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:04:25.996514366Z 37 PC: 12fa1 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:04:25.998201893Z 37 PC: 12fa1 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:04:25.999533358Z 37 PC: 12fa1 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:04:26.001605278Z 37 PC: 12fa1 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:04:26.003053682Z 37 PC: 12fa1 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:04:26.004396864Z 37 PC: 12fa1 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:04:26.006362256Z 37 PC: 12fa1 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:04:26.007985127Z 37 PC: 12fa1 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:04:26.009340653Z 37 PC: 12fa1 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:04:26.010853705Z 76 PC: 12fe0 | Terminate with return code (Return code = '0')