Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Archiver.c

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:05:15.618459103Z 53 PC: 1407a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:05:15.620626282Z 53 PC: 1407a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:05:15.622207359Z 53 PC: 1407a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:05:15.623492038Z 53 PC: 1407a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:05:15.628678595Z 53 PC: 1407a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:05:15.630040862Z 53 PC: 1407a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:05:15.631209338Z 53 PC: 1407a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:05:15.634856477Z 53 PC: 1407a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:05:15.636307199Z 53 PC: 1407a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:05:15.638017565Z 53 PC: 1407a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:05:15.639747699Z 53 PC: 1407a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:05:15.641841702Z 53 PC: 1407a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:05:15.643430846Z 53 PC: 1407a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:05:15.645010358Z 53 PC: 1407a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:05:15.646982148Z 53 PC: 1407a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:05:15.648202095Z 53 PC: 1407a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:05:15.649456657Z 53 PC: 1407a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:05:15.65128478Z 53 PC: 1407a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:05:15.652682929Z 53 PC: 1407a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:05:15.654102798Z 37 PC: 1408f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:05:15.656102663Z 37 PC: 14097 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:05:15.658111025Z 37 PC: 1409f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:05:15.659571422Z 37 PC: 140a7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:05:15.661612795Z 68 PC: 15049 | I/O control for devices (Set for = '3����u?�=���V�6y��^�u�3���u%�3�B�u�;�!s����=')
2018-12-17T22:05:15.663042378Z 44 PC: 15180 | Get time 0x15180: mov word ptr [0x3e], cx
0x15184: mov word ptr [0x40], dx
0x15188: retf
0x15189: mov cx, di
0x1518b: mov si, 0xa
0x1518e: mov bx, dx
0x15190: or bx, bx
0x15192: jns 0x151a5
0x15194: neg bx
0x15196: neg ax
0x15198: sbb bx, 0
0x1519b: call 0x151a5
0x1519e: dec di
0x1519f: mov byte ptr es:[di], 0x2d
0x151a3: inc cx
0x151a4: ret
0x151a5: xor dx, dx
0x151a7: xchg ax, bx
0x151a8: div si
0x151aa: xchg ax, bx
2018-12-17T22:05:15.665206311Z 53 PC: 13ec1 | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T22:05:15.668705943Z 25 PC: 14bf2 | Get default drive
2018-12-17T22:05:15.669872331Z 71 PC: 14c05 | Get current directory
2018-12-17T22:05:15.67187603Z 48 PC: 14b65 | Get DOS version
2018-12-17T22:05:15.676260564Z 67 PC: 13de9 | Get or set file attributes
2018-12-17T22:05:15.677540989Z 65 PC: 14aec | Delete file (Filename = '')
2018-12-17T22:05:15.680040829Z 61 PC: 149a3 | Open file (Filename = 'A:\\TEST.INF')
2018-12-17T22:05:15.684006989Z 64 PC: 146fb | Write file or device (Write 26 bytes on handle 1)
2018-12-17T22:05:15.688601433Z 64 PC: 146fb | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:05:15.690248307Z 37 PC: 141d1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:05:15.692092636Z 37 PC: 141d1 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:05:15.69431241Z 37 PC: 141d1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:05:15.695754349Z 37 PC: 141d1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:05:15.697632702Z 37 PC: 141d1 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:05:15.69881186Z 37 PC: 141d1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:05:15.69994697Z 37 PC: 141d1 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:05:15.702162689Z 37 PC: 141d1 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:05:15.703294508Z 37 PC: 141d1 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:05:15.704874362Z 37 PC: 141d1 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:05:15.706333029Z 37 PC: 141d1 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:05:15.70786097Z 37 PC: 141d1 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:05:15.70902643Z 37 PC: 141d1 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:05:15.710792336Z 37 PC: 141d1 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:05:15.712297423Z 37 PC: 141d1 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:05:15.71344147Z 37 PC: 141d1 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:05:15.715102057Z 37 PC: 141d1 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:05:15.716605052Z 37 PC: 141d1 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:05:15.718009067Z 37 PC: 141d1 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:05:15.719992474Z 76 PC: 14210 | Terminate with return code (Return code = '0')