Sample viewer

vx.netlux.org/Virus.DOS.HLLW.DPVG.5360

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:09:40.646409892Z 53 PC: 130da | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:09:40.647790978Z 53 PC: 130da | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:09:40.648849642Z 53 PC: 130da | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:09:40.649699441Z 53 PC: 130da | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:09:40.651270539Z 53 PC: 130da | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:09:40.65217543Z 53 PC: 130da | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:40.653012664Z 53 PC: 130da | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:09:40.654026751Z 53 PC: 130da | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:09:40.655047121Z 53 PC: 130da | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:09:40.655843033Z 53 PC: 130da | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:09:40.656808594Z 53 PC: 130da | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:09:40.658407123Z 53 PC: 130da | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:09:40.659555448Z 53 PC: 130da | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:09:40.660509762Z 53 PC: 130da | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:09:40.662197766Z 53 PC: 130da | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:09:40.662987959Z 53 PC: 130da | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:09:40.6641557Z 53 PC: 130da | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:09:40.665843222Z 53 PC: 130da | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:09:40.667200348Z 53 PC: 130da | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:09:40.668144963Z 37 PC: 130ef | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:09:40.669929147Z 37 PC: 130f7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:09:40.670854928Z 37 PC: 130ff | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:40.671562053Z 37 PC: 13107 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:09:40.672971846Z 68 PC: 13c37 | I/O control for devices (Set for = '��^t��Zi������������')
2018-12-17T23:09:40.674257485Z 44 PC: 13d6e | Get time 0x13d6e: mov word ptr [0x3e], cx
0x13d72: mov word ptr [0x40], dx
0x13d76: retf
0x13d77: mov di, 0x52
0x13d7a: push ds
0x13d7b: pop es
0x13d7c: mov cx, 0x7a4
0x13d7f: sub cx, di
0x13d81: shr cx, 1
0x13d83: xor ax, ax
0x13d85: cld
0x13d86: rep stosd dword ptr es:[di], eax
0x13d88: ret
0x13d89: add byte ptr [bx + si], al
0x13d8b: add byte ptr [bx + si], al
0x13d8d: add byte ptr [bx + si], al
0x13d8f: add byte ptr [bx + si], al
0x13d91: add byte ptr [bx + si], al
0x13d93: add byte ptr [bx + si], al
0x13d95: add byte ptr [bx + si], al
2018-12-17T23:09:40.675940239Z 26 PC: 12f17 | Set disk transfer address
2018-12-17T23:09:40.677461275Z 78 PC: 12f23 | Find first file
2018-12-17T23:09:40.681544852Z 26 PC: 12f17 | Set disk transfer address
2018-12-17T23:09:40.682276437Z 78 PC: 12f23 | Find first file
2018-12-17T23:09:40.688589131Z 64 PC: 134f8 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T23:09:40.691311826Z 64 PC: 134f8 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T23:09:40.693866908Z 64 PC: 134f8 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T23:09:40.696545396Z 64 PC: 134f8 | Write file or device (Write 0 bytes on handle 1)
2018-12-17T23:09:40.697988234Z 37 PC: 13231 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:09:40.69882051Z 37 PC: 13231 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:09:40.699949715Z 37 PC: 13231 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:09:40.700810527Z 37 PC: 13231 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:09:40.701563089Z 37 PC: 13231 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:09:40.70243988Z 37 PC: 13231 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:40.703412181Z 37 PC: 13231 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:09:40.704141Z 37 PC: 13231 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:09:40.705043162Z 37 PC: 13231 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:09:40.706522616Z 37 PC: 13231 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:09:40.707476679Z 37 PC: 13231 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:09:40.708434415Z 37 PC: 13231 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:09:40.709795485Z 37 PC: 13231 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:09:40.710767456Z 37 PC: 13231 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:09:40.711716434Z 37 PC: 13231 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:09:40.712913826Z 37 PC: 13231 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:09:40.713918831Z 37 PC: 13231 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:09:40.715140894Z 37 PC: 13231 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:09:40.71651476Z 37 PC: 13231 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:09:40.717432778Z 76 PC: 13270 | Terminate with return code (Return code = '0')