Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Mati.7572

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:11:04.943601209Z 48 PC: 12a4c | Get DOS version
2018-12-17T23:11:04.945645876Z 53 PC: 12bf2 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:04.946967075Z 53 PC: 12bff | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:11:04.948098563Z 53 PC: 12c0c | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T23:11:04.949768031Z 53 PC: 12c19 | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T23:11:04.951350052Z 37 PC: 12c2d | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:04.952904043Z 74 PC: 12af7 | Reallocate memory
2018-12-17T23:11:04.956022304Z 68 PC: 13785 | I/O control for devices (Set for = '�')
2018-12-17T23:11:04.958229532Z 68 PC: 13785 | I/O control for devices (Set for = '')
2018-12-17T23:11:04.961714223Z 25 PC: 1357a | Get default drive
2018-12-17T23:11:04.964770879Z 53 PC: 135e5 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:11:04.966080549Z 53 PC: 135e5 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:11:04.967576464Z 53 PC: 135e5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:04.96971854Z 37 PC: 135f8 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:11:04.971393069Z 37 PC: 135f8 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:11:04.973035646Z 37 PC: 135f8 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:04.97539918Z 67 PC: 134e3 | Get or set file attributes
2018-12-17T23:11:04.981519576Z 67 PC: 13503 | Get or set file attributes
2018-12-17T23:11:04.997666269Z 61 PC: 14a68 | Open file (Filename = '')
2018-12-17T23:11:05.005070052Z 63 PC: 137ee | Read file or device (Read 7572 bytes on handle 5)
2018-12-17T23:11:05.012793008Z 87 PC: 135ac | Get or set file date and time
2018-12-17T23:11:05.014186394Z 42 PC: 1368f | Get date 0x1368f: mov word ptr [si], cx
0x13691: mov word ptr [si + 2], dx
0x13694: pop si
0x13695: pop bp
0x13696: ret
0x13697: push bp
0x13698: mov bp, sp
0x1369a: push si
0x1369b: mov si, word ptr [bp + 4]
0x1369e: mov ah, 0x2c
0x136a0: int 0x21
0x136a2: mov word ptr [si], cx
0x136a4: mov word ptr [si + 2], dx
0x136a7: pop si
0x136a8: pop bp
0x136a9: ret
0x136aa: push bp
0x136ab: mov bp, sp
0x136ad: sub sp, 2
0x136b0: lea ax, word ptr [bp - 2]
2018-12-17T23:11:05.017232974Z 47 PC: 1476e | Get disk transfer address
2018-12-17T23:11:05.018371233Z 26 PC: 14777 | Set disk transfer address
2018-12-17T23:11:05.01937947Z 78 PC: 14781 | Find first file
2018-12-17T23:11:05.024808651Z 26 PC: 1478a | Set disk transfer address
2018-12-17T23:11:05.027687067Z 66 PC: 137a9 | Move file pointer
2018-12-17T23:11:05.029578473Z 63 PC: 137ee | Read file or device (Read 7572 bytes on handle 5)
2018-12-17T23:11:05.037840449Z 66 PC: 137a9 | Move file pointer
2018-12-17T23:11:05.040291576Z 64 PC: 14f40 | Write file or device (Write 7572 bytes on handle 5)
2018-12-17T23:11:05.049298957Z 66 PC: 147d8 | Move file pointer
2018-12-17T23:11:05.050756774Z 66 PC: 147e5 | Move file pointer
2018-12-17T23:11:05.05290435Z 66 PC: 147f4 | Move file pointer
2018-12-17T23:11:05.054459085Z 66 PC: 1463b | Move file pointer
2018-12-17T23:11:05.055861795Z 66 PC: 1464c | Move file pointer
2018-12-17T23:11:05.058086047Z 66 PC: 146be | Move file pointer
2018-12-17T23:11:05.05942619Z 64 PC: 146c6 | Write file or device (Write 0 bytes on handle 5)
2018-12-17T23:11:05.066914124Z 66 PC: 146d4 | Move file pointer
2018-12-17T23:11:05.073945066Z 37 PC: 135f8 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:11:05.075502222Z 37 PC: 135f8 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:11:05.076564966Z 37 PC: 135f8 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:05.079659204Z 47 PC: 13517 | Get disk transfer address
2018-12-17T23:11:05.080653302Z 26 PC: 13520 | Set disk transfer address
2018-12-17T23:11:05.081638907Z 78 PC: 1352a | Find first file
2018-12-17T23:11:05.088393433Z 26 PC: 13533 | Set disk transfer address
2018-12-17T23:11:05.090733472Z 41 PC: 1455c | Parse filename
2018-12-17T23:11:05.092105211Z 41 PC: 1457b | Parse filename
2018-12-17T23:11:05.094826489Z 75 PC: 145bb | Execute program
2018-12-17T23:11:05.111012933Z 9 PC: 250fc | Display string (String= '����{�JWUW����������������')
2018-12-17T23:11:05.116684023Z 76 PC: 25101 | Terminate with return code (Return code = '0')
2018-12-17T23:11:05.126970663Z 77 PC: 145df | Get program return code
2018-12-17T23:11:05.12874286Z 37 PC: 135f8 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:11:05.130383266Z 37 PC: 135f8 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:11:05.132843411Z 37 PC: 135f8 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:05.134124379Z 66 PC: 137a9 | Move file pointer
2018-12-17T23:11:05.13587004Z 64 PC: 14f40 | Write file or device (Write 7572 bytes on handle 5)
2018-12-17T23:11:05.145828155Z 66 PC: 137a9 | Move file pointer
2018-12-17T23:11:05.147375052Z 64 PC: 14f40 | Write file or device (Write 7572 bytes on handle 5)
2018-12-17T23:11:05.15665339Z 87 PC: 135cf | Get or set file date and time
2018-12-17T23:11:05.158803835Z 62 PC: 13335 | Close file
2018-12-17T23:11:05.167666181Z 67 PC: 13503 | Get or set file attributes
2018-12-17T23:11:05.177071227Z 37 PC: 135f8 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:11:05.179113416Z 37 PC: 135f8 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:11:05.180247827Z 37 PC: 135f8 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:05.181598435Z 37 PC: 12c39 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:05.183045911Z 37 PC: 12c44 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:11:05.184342838Z 37 PC: 12c4f | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T23:11:05.185365091Z 37 PC: 12c5a | Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T23:11:05.18670051Z 76 PC: 12be3 | Terminate with return code (Return code = '36')