Sample viewer

vx.netlux.org/Virus.DOS.HLLW.Mrweb.4173

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:08:24.725731576Z	53	PC: 135da \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:24.727176966Z	53	PC: 135da \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:08:24.730419859Z	53	PC: 135da \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:08:24.732276972Z	53	PC: 135da \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:24.733966274Z	53	PC: 135da \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:08:24.736819105Z	53	PC: 135da \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:24.738710131Z	53	PC: 135da \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:08:24.740155199Z	53	PC: 135da \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:08:24.744001982Z	53	PC: 135da \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:08:24.745495469Z	53	PC: 135da \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:08:24.746889785Z	53	PC: 135da \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:08:24.748641302Z	53	PC: 135da \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:08:24.750445675Z	53	PC: 135da \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:08:24.752150749Z	53	PC: 135da \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:08:24.758781295Z	53	PC: 135da \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:08:24.775486457Z	53	PC: 135da \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:08:24.777782652Z	53	PC: 135da \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:08:24.779820351Z	53	PC: 135da \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:08:24.781708965Z	53	PC: 135da \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:08:24.783448751Z	37	PC: 135ef \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:24.785072557Z	37	PC: 135f7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:08:24.787092241Z	37	PC: 135ff \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:24.788277441Z	37	PC: 13607 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:08:24.789988797Z	68	PC: 1413c \| I/O control for devices (Set for = '')
2018-12-17T23:08:24.796510088Z	44	PC: 14273 \| Get time 0x14273: mov word ptr [0x3e], cx 0x14277: mov word ptr [0x40], dx 0x1427b: retf 0x1427c: mov di, 0x52 0x1427f: push ds 0x14280: pop es 0x14281: mov cx, 0x1da4 0x14284: sub cx, di 0x14286: shr cx, 1 0x14288: xor ax, ax 0x1428a: cld 0x1428b: rep stosd dword ptr es:[di], eax 0x1428d: ret 0x1428e: add byte ptr [bx + si], al 0x14290: add byte ptr [bx + si], al 0x14292: add byte ptr [bx + si], al 0x14294: add byte ptr [bx + si], al 0x14296: add byte ptr [bx + si], al 0x14298: add byte ptr [bx + si], al 0x1429a: test byte ptr [0x1684], dl
2018-12-17T23:08:24.79927924Z	48	PC: 13e62 \| Get DOS version
2018-12-17T23:08:24.80123678Z	26	PC: 133e7 \| Set disk transfer address
2018-12-17T23:08:24.803322969Z	78	PC: 133f3 \| Find first file
2018-12-17T23:08:24.810282763Z	48	PC: 13e62 \| Get DOS version
2018-12-17T23:08:24.812181562Z	67	PC: 133b6 \| Get or set file attributes
2018-12-17T23:08:24.830661237Z	61	PC: 13ca0 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:08:24.841988344Z	63	PC: 13d73 \| Read file or device (Read 4173 bytes on handle 5)
2018-12-17T23:08:24.850351493Z	67	PC: 133b6 \| Get or set file attributes
2018-12-17T23:08:24.865390251Z	62	PC: 13cf0 \| Close file
2018-12-17T23:08:24.868219056Z	60	PC: 14120 \| Create or truncate file
2018-12-17T23:08:24.875144288Z	64	PC: 139f8 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T23:08:24.877988606Z	37	PC: 13731 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:24.8794523Z	37	PC: 13731 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:08:24.881769864Z	37	PC: 13731 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:08:24.883301568Z	37	PC: 13731 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:24.885181284Z	37	PC: 13731 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:08:24.886546191Z	37	PC: 13731 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:24.887863813Z	37	PC: 13731 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:08:24.890172454Z	37	PC: 13731 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:08:24.891479621Z	37	PC: 13731 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:08:24.892797599Z	37	PC: 13731 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:08:24.895063752Z	37	PC: 13731 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:08:24.896361946Z	37	PC: 13731 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:08:24.897754461Z	37	PC: 13731 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:08:24.899941215Z	37	PC: 13731 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:08:24.901687298Z	37	PC: 13731 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:08:24.903331533Z	37	PC: 13731 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:08:24.905600868Z	37	PC: 13731 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:08:24.90698991Z	37	PC: 13731 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:08:24.908189019Z	37	PC: 13731 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:08:24.910275527Z	76	PC: 13770 \| Terminate with return code (Return code = '0')