Sample viewer

vx.netlux.org/Virus.DOS.HLLO.Holop.6544

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:08:45.403243633Z 53 PC: 1358a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:45.405222673Z 53 PC: 1358a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:08:45.40835531Z 53 PC: 1358a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:08:45.410268647Z 53 PC: 1358a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:45.412112192Z 53 PC: 1358a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:08:45.41552667Z 53 PC: 1358a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:45.419227646Z 53 PC: 1358a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:08:45.421850756Z 53 PC: 1358a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:08:45.430316397Z 53 PC: 1358a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:08:45.43221205Z 53 PC: 1358a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:08:45.433819732Z 53 PC: 1358a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:08:45.435668577Z 53 PC: 1358a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:08:45.437818979Z 53 PC: 1358a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:08:45.439308679Z 53 PC: 1358a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:08:45.44081495Z 53 PC: 1358a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:08:45.443136473Z 53 PC: 1358a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:08:45.444941185Z 53 PC: 1358a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:08:45.446769261Z 53 PC: 1358a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:08:45.449694409Z 53 PC: 1358a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:08:45.451459807Z 37 PC: 1359f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:45.453087586Z 37 PC: 135a7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:08:45.455953734Z 37 PC: 135af | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:45.457881046Z 37 PC: 135b7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:08:45.460148939Z 68 PC: 14078 | I/O control for devices (Set for = '')
2018-12-17T23:08:45.462800372Z 42 PC: 13297 | Get date 0x13297: xor ah, ah
0x13299: les di, ptr [bp + 6]
0x1329c: stosw word ptr es:[di], ax
0x1329d: mov al, dl
0x1329f: les di, ptr [bp + 0xa]
0x132a2: stosw word ptr es:[di], ax
0x132a3: mov al, dh
0x132a5: les di, ptr [bp + 0xe]
0x132a8: stosw word ptr es:[di], ax
0x132a9: xchg ax, cx
0x132aa: les di, ptr [bp + 0x12]
0x132ad: stosw word ptr es:[di], ax
0x132ae: pop bp
0x132af: retf 0x10
0x132b2: push bp
0x132b3: mov bp, sp
0x132b5: mov cx, word ptr [bp + 0xa]
0x132b8: mov dh, byte ptr [bp + 8]
0x132bb: mov dl, byte ptr [bp + 6]
0x132be: mov ah, 0x2b
2018-12-17T23:08:45.465705102Z 48 PC: 13d9e | Get DOS version
2018-12-17T23:08:45.467706113Z 48 PC: 13d9e | Get DOS version
2018-12-17T23:08:45.469788957Z 61 PC: 13c50 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:08:45.478620577Z 63 PC: 13d23 | Read file or device (Read 6544 bytes on handle 5)
2018-12-17T23:08:45.487191707Z 62 PC: 13ca0 | Close file
2018-12-17T23:08:45.489377916Z 26 PC: 13369 | Set disk transfer address
2018-12-17T23:08:45.490993853Z 78 PC: 13375 | Find first file
2018-12-17T23:08:45.498828969Z 61 PC: 13c50 | Open file (Filename = 'TEST.COM')
2018-12-17T23:08:45.505707187Z 60 PC: 13c50 | Create or truncate file
2018-12-17T23:08:45.525445266Z 64 PC: 13d23 | Write file or device (Write 6544 bytes on handle 5)
2018-12-17T23:08:45.538486837Z 67 PC: 13311 | Get or set file attributes
2018-12-17T23:08:45.54509126Z 67 PC: 13338 | Get or set file attributes
2018-12-17T23:08:45.561470957Z 61 PC: 13c50 | Open file (Filename = 'TEST.EXE')
2018-12-17T23:08:45.568860746Z 66 PC: 13d82 | Move file pointer
2018-12-17T23:08:45.57079951Z 63 PC: 13d23 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:08:45.578731779Z 66 PC: 13d82 | Move file pointer
2018-12-17T23:08:45.580619217Z 63 PC: 13d23 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:08:45.583588347Z 66 PC: 13d82 | Move file pointer
2018-12-17T23:08:45.586435709Z 63 PC: 13d23 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:08:45.589163676Z 66 PC: 13d82 | Move file pointer
2018-12-17T23:08:45.590709952Z 63 PC: 13d23 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:08:45.593497652Z 66 PC: 13d82 | Move file pointer
2018-12-17T23:08:45.596054368Z 63 PC: 13d23 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:08:45.598663261Z 66 PC: 13d82 | Move file pointer
2018-12-17T23:08:45.600166376Z 63 PC: 13d23 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:08:45.603826846Z 66 PC: 13d82 | Move file pointer
2018-12-17T23:08:45.605406425Z 63 PC: 13d23 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:08:45.608431611Z 66 PC: 13d82 | Move file pointer
2018-12-17T23:08:45.611506239Z 63 PC: 13d23 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:08:45.61417744Z 66 PC: 13d82 | Move file pointer
2018-12-17T23:08:45.615808225Z 63 PC: 13d23 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:08:45.621044638Z 66 PC: 13d82 | Move file pointer
2018-12-17T23:08:45.623153431Z 63 PC: 13d23 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:08:45.626459164Z 66 PC: 13d82 | Move file pointer
2018-12-17T23:08:45.629023424Z 63 PC: 13d23 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:08:45.631418465Z 66 PC: 13d82 | Move file pointer
2018-12-17T23:08:45.633786626Z 63 PC: 13d23 | Read file or device (Read 2000 bytes on handle 6)
2018-12-17T23:08:45.642055819Z 66 PC: 13d82 | Move file pointer
2018-12-17T23:08:45.644255814Z 64 PC: 13d23 | Write file or device (Write 2000 bytes on handle 6)
2018-12-17T23:08:45.653961015Z 62 PC: 13ca0 | Close file
2018-12-17T23:08:45.66324278Z 67 PC: 13338 | Get or set file attributes
2018-12-17T23:08:45.675070811Z 62 PC: 13ca0 | Close file
2018-12-17T23:08:45.683523338Z 26 PC: 1338d | Set disk transfer address
2018-12-17T23:08:45.684836497Z 79 PC: 13392 | Find next file
2018-12-17T23:08:45.693291478Z 64 PC: 139a8 | Write file or device (Write 0 bytes on handle 1)
2018-12-17T23:08:45.695313568Z 37 PC: 136e1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:45.696713119Z 37 PC: 136e1 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:08:45.698796595Z 37 PC: 136e1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:08:45.700098852Z 37 PC: 136e1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:45.702162711Z 37 PC: 136e1 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:08:45.703628737Z 37 PC: 136e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:45.705594742Z 37 PC: 136e1 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:08:45.706894545Z 37 PC: 136e1 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:08:45.708141709Z 37 PC: 136e1 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:08:45.710954697Z 37 PC: 136e1 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:08:45.712917165Z 37 PC: 136e1 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:08:45.714653989Z 37 PC: 136e1 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:08:45.716801916Z 37 PC: 136e1 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:08:45.718062576Z 37 PC: 136e1 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:08:45.719348002Z 37 PC: 136e1 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:08:45.721802455Z 37 PC: 136e1 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:08:45.723556792Z 37 PC: 136e1 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:08:45.725209268Z 37 PC: 136e1 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:08:45.727643904Z 37 PC: 136e1 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:08:45.729300447Z 76 PC: 13720 | Terminate with return code (Return code = '0')