Sample viewer

vx.netlux.org/Virus.DOS.HLLP.4665

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:08:21.285404716Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:21.287908185Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:08:21.28928108Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:08:21.290407547Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:21.292385636Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:08:21.294084402Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:21.295671877Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:08:21.297482003Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:08:21.298752634Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:08:21.299829828Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:08:21.301739415Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:08:21.302931068Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:08:21.30455243Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:08:21.306508812Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:08:21.308006441Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:08:21.309246339Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:08:21.311032688Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:08:21.313143435Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:08:21.314663303Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:08:21.316171915Z	37	PC: 133df \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:21.330076884Z	37	PC: 133e7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:08:21.331241758Z	37	PC: 133ef \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:21.332389579Z	37	PC: 133f7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:08:21.334539955Z	68	PC: 13f24 \| I/O control for devices (Set for = '')
2018-12-17T23:08:21.336564337Z	25	PC: 13adc \| Get default drive
2018-12-17T23:08:21.338095644Z	71	PC: 13aef \| Get current directory
2018-12-17T23:08:21.344353788Z	44	PC: 1405b \| Get time 0x1405b: mov word ptr [0x3e], cx 0x1405f: mov word ptr [0x40], dx 0x14063: retf 0x14064: call 0x140ab 0x14067: jb 0x14078 0x14069: mov cx, word ptr es:[di + 4] 0x1406d: cmp cx, 1 0x14070: je 0x14078 0x14072: xor bx, bx 0x14074: push cs 0x14075: call 0x23be7 0x14078: retf 4 0x1407b: call 0x140ab 0x1407e: jb 0x14093 0x14080: mov ax, cx 0x14082: mov dx, bx 0x14084: mov cx, word ptr es:[di + 4] 0x14088: cmp cx, 1 0x1408b: je 0x14093 0x1408d: xor bx, bx
2018-12-17T23:08:21.360368124Z	14	PC: 13b35 \| Set default drive (Drive = 'A')
2018-12-17T23:08:21.363038052Z	25	PC: 13b39 \| Get default drive
2018-12-17T23:08:21.365319437Z	59	PC: 13ba3 \| Change current directory
2018-12-17T23:08:21.369961733Z	26	PC: 13147 \| Set disk transfer address
2018-12-17T23:08:21.371208864Z	78	PC: 13153 \| Find first file
2018-12-17T23:08:21.380094897Z	67	PC: 13116 \| Get or set file attributes
2018-12-17T23:08:21.397768692Z	61	PC: 1388d \| Open file (Filename = 'TEST.EXE')
2018-12-17T23:08:21.405221631Z	66	PC: 139bf \| Move file pointer
2018-12-17T23:08:21.407425329Z	63	PC: 1391f \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:08:21.414751112Z	62	PC: 138dd \| Close file
2018-12-17T23:08:21.416839943Z	48	PC: 13a4f \| Get DOS version
2018-12-17T23:08:21.418688234Z	67	PC: 13116 \| Get or set file attributes
2018-12-17T23:08:21.431733285Z	61	PC: 1388d \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:08:21.439447311Z	60	PC: 1388d \| Create or truncate file
2018-12-17T23:08:21.451699227Z	63	PC: 13960 \| Read file or device (Read 4665 bytes on handle 5)
2018-12-17T23:08:21.462395702Z	64	PC: 13960 \| Write file or device (Write 4665 bytes on handle 6)
2018-12-17T23:08:21.472639387Z	67	PC: 13116 \| Get or set file attributes
2018-12-17T23:08:21.484488668Z	61	PC: 1388d \| Open file (Filename = 'TEST.EXE')
2018-12-17T23:08:21.493650519Z	66	PC: 139bf \| Move file pointer
2018-12-17T23:08:21.496290741Z	63	PC: 13960 \| Read file or device (Read 44500 bytes on handle 7)
2018-12-17T23:08:21.505019802Z	64	PC: 13960 \| Write file or device (Write 6432 bytes on handle 6)
2018-12-17T23:08:21.516094021Z	63	PC: 13960 \| Read file or device (Read 44500 bytes on handle 7)
2018-12-17T23:08:21.518787752Z	62	PC: 138dd \| Close file
2018-12-17T23:08:21.521206075Z	62	PC: 138dd \| Close file
2018-12-17T23:08:21.53112141Z	65	PC: 139d6 \| Delete file (Filename = 'TEST.EXE')
2018-12-17T23:08:21.544415583Z	86	PC: 13a1a \| Rename file
2018-12-17T23:08:21.554557072Z	26	PC: 1316b \| Set disk transfer address
2018-12-17T23:08:21.555782194Z	79	PC: 13170 \| Find next file
2018-12-17T23:08:21.558475105Z	67	PC: 13116 \| Get or set file attributes
2018-12-17T23:08:21.567097302Z	61	PC: 1388d \| Open file (Filename = 'TEST.EXE')
2018-12-17T23:08:21.57515888Z	66	PC: 139bf \| Move file pointer
2018-12-17T23:08:21.577568372Z	63	PC: 1391f \| Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:08:21.585091262Z	62	PC: 138dd \| Close file
2018-12-17T23:08:21.587491613Z	48	PC: 13a4f \| Get DOS version
2018-12-17T23:08:21.590775058Z	67	PC: 13116 \| Get or set file attributes
2018-12-17T23:08:21.602925631Z	61	PC: 1388d \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:08:21.611025328Z	60	PC: 1388d \| Create or truncate file
2018-12-17T23:08:21.62749438Z	63	PC: 13960 \| Read file or device (Read 4665 bytes on handle 6)
2018-12-17T23:08:21.637095669Z	64	PC: 13960 \| Write file or device (Write 4665 bytes on handle 7)
2018-12-17T23:08:21.647920188Z	67	PC: 13116 \| Get or set file attributes
2018-12-17T23:08:21.660878501Z	61	PC: 1388d \| Open file (Filename = 'TEST.EXE')
2018-12-17T23:08:21.668867936Z	66	PC: 139bf \| Move file pointer
2018-12-17T23:08:21.670667147Z	63	PC: 13960 \| Read file or device (Read 44500 bytes on handle 8)
2018-12-17T23:08:21.680753697Z	64	PC: 13960 \| Write file or device (Write 11097 bytes on handle 7)
2018-12-17T23:08:21.692142091Z	63	PC: 13960 \| Read file or device (Read 44500 bytes on handle 8)
2018-12-17T23:08:21.694219542Z	62	PC: 138dd \| Close file
2018-12-17T23:08:21.69767307Z	62	PC: 138dd \| Close file
2018-12-17T23:08:21.707061134Z	65	PC: 139d6 \| Delete file (Filename = 'TEST.EXE')
2018-12-17T23:08:21.720211967Z	86	PC: 13a1a \| Rename file
2018-12-17T23:08:21.733363955Z	26	PC: 1316b \| Set disk transfer address
2018-12-17T23:08:21.734678274Z	79	PC: 13170 \| Find next file
2018-12-17T23:08:21.737513134Z	44	PC: 1405b \| Get time 0x1405b: mov word ptr [0x3e], cx 0x1405f: mov word ptr [0x40], dx 0x14063: retf 0x14064: call 0x140ab 0x14067: jb 0x14078 0x14069: mov cx, word ptr es:[di + 4] 0x1406d: cmp cx, 1 0x14070: je 0x14078 0x14072: xor bx, bx 0x14074: push cs 0x14075: call 0x23be7 0x14078: retf 4 0x1407b: call 0x140ab 0x1407e: jb 0x14093 0x14080: mov ax, cx 0x14082: mov dx, bx 0x14084: mov cx, word ptr es:[di + 4] 0x14088: cmp cx, 1 0x1408b: je 0x14093 0x1408d: xor bx, bx
2018-12-17T23:08:21.740208766Z	14	PC: 13b35 \| Set default drive (Drive = 'A')
2018-12-17T23:08:21.75278311Z	25	PC: 13b39 \| Get default drive
2018-12-17T23:08:21.755215726Z	59	PC: 13ba3 \| Change current directory
2018-12-17T23:08:21.760745505Z	26	PC: 13147 \| Set disk transfer address
2018-12-17T23:08:21.762957047Z	78	PC: 13153 \| Find first file
2018-12-17T23:08:21.770430747Z	67	PC: 13116 \| Get or set file attributes
2018-12-17T23:08:21.781817537Z	61	PC: 1388d \| Open file (Filename = 'TEST.EXE')
2018-12-17T23:08:21.790088311Z	66	PC: 139bf \| Move file pointer
2018-12-17T23:08:21.791802988Z	63	PC: 1391f \| Read file or device (Read 1 bytes on handle 7)
2018-12-17T23:08:21.799107857Z	62	PC: 138dd \| Close file
2018-12-17T23:08:21.802295055Z	48	PC: 13a4f \| Get DOS version
2018-12-17T23:08:21.804088094Z	67	PC: 13116 \| Get or set file attributes
2018-12-17T23:08:21.816546849Z	61	PC: 1388d \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:08:21.824990048Z	60	PC: 1388d \| Create or truncate file
2018-12-17T23:08:21.921468823Z	63	PC: 13960 \| Read file or device (Read 4665 bytes on handle 7)
2018-12-17T23:08:21.931250784Z	64	PC: 13960 \| Write file or device (Write 4665 bytes on handle 8)
2018-12-17T23:08:22.09698349Z	67	PC: 13116 \| Get or set file attributes
2018-12-17T23:08:22.118010812Z	61	PC: 1388d \| Open file (Filename = 'TEST.EXE')
2018-12-17T23:08:22.125984595Z	66	PC: 139bf \| Move file pointer
2018-12-17T23:08:22.127556635Z	63	PC: 13960 \| Read file or device (Read 44500 bytes on handle 9)
2018-12-17T23:08:22.137129148Z	64	PC: 13960 \| Write file or device (Write 15762 bytes on handle 8)
2018-12-17T23:08:22.15444333Z	63	PC: 13960 \| Read file or device (Read 44500 bytes on handle 9)
2018-12-17T23:08:22.157018017Z	62	PC: 138dd \| Close file
2018-12-17T23:08:22.160012131Z	62	PC: 138dd \| Close file
2018-12-17T23:08:22.170758385Z	65	PC: 139d6 \| Delete file (Filename = 'TEST.EXE')
2018-12-17T23:08:22.182990171Z	86	PC: 13a1a \| Rename file
2018-12-17T23:08:22.197260342Z	14	PC: 13b35 \| Set default drive (Drive = 'A')
2018-12-17T23:08:22.19868643Z	25	PC: 13b39 \| Get default drive
2018-12-17T23:08:22.200513355Z	59	PC: 13ba3 \| Change current directory
2018-12-17T23:08:22.205912066Z	48	PC: 13a4f \| Get DOS version
2018-12-17T23:08:22.207877081Z	67	PC: 13116 \| Get or set file attributes
2018-12-17T23:08:22.219090596Z	61	PC: 1388d \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:08:22.226772181Z	66	PC: 140c5 \| Move file pointer
2018-12-17T23:08:22.228645326Z	66	PC: 140d3 \| Move file pointer
2018-12-17T23:08:22.230306563Z	66	PC: 140e1 \| Move file pointer
2018-12-17T23:08:22.232135091Z	66	PC: 139bf \| Move file pointer
2018-12-17T23:08:22.234063569Z	60	PC: 1388d \| Create or truncate file
2018-12-17T23:08:22.246944053Z	63	PC: 13960 \| Read file or device (Read 44500 bytes on handle 8)
2018-12-17T23:08:22.256960024Z	64	PC: 13960 \| Write file or device (Write 15762 bytes on handle 9)
2018-12-17T23:08:22.269388841Z	63	PC: 13960 \| Read file or device (Read 44500 bytes on handle 8)
2018-12-17T23:08:22.271605363Z	62	PC: 138dd \| Close file
2018-12-17T23:08:22.280758272Z	62	PC: 138dd \| Close file
2018-12-17T23:08:22.28344357Z	61	PC: 1388d \| Open file (Filename = 'temp.exe')
2018-12-17T23:08:22.290885054Z	62	PC: 138dd \| Close file
2018-12-17T23:08:22.29300659Z	41	PC: 13336 \| Parse filename
2018-12-17T23:08:22.294969149Z	41	PC: 13344 \| Parse filename
2018-12-17T23:08:22.299286051Z	75	PC: 1334f \| Execute program