Sample viewer

vx.netlux.org/Virus.DOS.HLLP.BigRat.6279

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:11:16.94134882Z 53 PC: 13afa | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:16.943522376Z 53 PC: 13afa | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:11:16.944812952Z 53 PC: 13afa | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:11:16.946247125Z 53 PC: 13afa | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:11:16.94794687Z 53 PC: 13afa | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:11:16.949254682Z 53 PC: 13afa | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:16.950405193Z 53 PC: 13afa | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:11:16.952898151Z 53 PC: 13afa | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:11:16.954208399Z 53 PC: 13afa | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:11:16.955429391Z 53 PC: 13afa | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:11:16.958394111Z 53 PC: 13afa | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:11:16.959606179Z 53 PC: 13afa | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:11:16.961010084Z 53 PC: 13afa | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:11:16.963135013Z 53 PC: 13afa | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:11:16.964269571Z 53 PC: 13afa | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:11:16.96540197Z 53 PC: 13afa | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:11:16.967252989Z 53 PC: 13afa | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:11:16.96878182Z 53 PC: 13afa | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:11:16.970262583Z 53 PC: 13afa | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:11:16.972621879Z 37 PC: 13b0f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:16.973818049Z 37 PC: 13b17 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:11:16.975007712Z 37 PC: 13b1f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:16.980340361Z 37 PC: 13b27 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:11:16.982096077Z 61 PC: 1486c | Open file (Filename = ' ')
2018-12-17T23:11:16.987492644Z 60 PC: 1486c | Create or truncate file
2018-12-17T23:11:16.993499457Z 44 PC: 149bf | Get time 0x149bf: mov word ptr [0x1a6], cx
0x149c3: mov word ptr [0x1a8], dx
0x149c7: retf
0x149c8: mov bx, sp
0x149ca: mov al, byte ptr ss:[bx + 4]
0x149ce: cmp al, 0x61
0x149d0: jb 0x149d8
0x149d2: cmp al, 0x7a
0x149d4: ja 0x149d8
0x149d6: sub al, 0x20
0x149d8: retf 2
0x149db: mov di, 0x1ba
0x149de: push ds
0x149df: pop es
0x149e0: mov cx, 0xf86
0x149e3: sub cx, di
0x149e5: shr cx, 1
0x149e7: xor ax, ax
0x149e9: cld
0x149ea: rep stosd dword ptr es:[di], eax
2018-12-17T23:11:16.996188848Z 53 PC: 139de | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:11:16.997798824Z 53 PC: 139de | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:11:16.999423529Z 37 PC: 139fa | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:11:17.001550448Z 25 PC: 14445 | Get default drive
2018-12-17T23:11:17.002534649Z 71 PC: 14458 | Get current directory
2018-12-17T23:11:17.005437672Z 48 PC: 143b8 | Get DOS version
2018-12-17T23:11:17.007273359Z 67 PC: 138df | Get or set file attributes
2018-12-17T23:11:17.014265381Z 67 PC: 13906 | Get or set file attributes
2018-12-17T23:11:17.029185721Z 61 PC: 141f6 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:11:17.033679977Z 63 PC: 142c9 | Read file or device (Read 20 bytes on handle 5)
2018-12-17T23:11:17.036874837Z 62 PC: 14246 | Close file
2018-12-17T23:11:17.039203588Z 67 PC: 13906 | Get or set file attributes
2018-12-17T23:11:17.050068162Z 44 PC: 149bf | Get time 0x149bf: mov word ptr [0x1a6], cx
0x149c3: mov word ptr [0x1a8], dx
0x149c7: retf
0x149c8: mov bx, sp
0x149ca: mov al, byte ptr ss:[bx + 4]
0x149ce: cmp al, 0x61
0x149d0: jb 0x149d8
0x149d2: cmp al, 0x7a
0x149d4: ja 0x149d8
0x149d6: sub al, 0x20
0x149d8: retf 2
0x149db: mov di, 0x1ba
0x149de: push ds
0x149df: pop es
0x149e0: mov cx, 0xf86
0x149e3: sub cx, di
0x149e5: shr cx, 1
0x149e7: xor ax, ax
0x149e9: cld
0x149ea: rep stosd dword ptr es:[di], eax
2018-12-17T23:11:17.052614038Z 14 PC: 1449e | Set default drive (Drive = 'A')
2018-12-17T23:11:17.053948702Z 25 PC: 144a2 | Get default drive
2018-12-17T23:11:17.055890833Z 59 PC: 1450c | Change current directory
2018-12-17T23:11:17.05987113Z 48 PC: 143b8 | Get DOS version
2018-12-17T23:11:17.061318969Z 61 PC: 141f6 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:11:17.06868181Z 60 PC: 141f6 | Create or truncate file
2018-12-17T23:11:17.082805066Z 66 PC: 14328 | Move file pointer
2018-12-17T23:11:17.084359759Z 63 PC: 142c9 | Read file or device (Read 2048 bytes on handle 5)
2018-12-17T23:11:17.092393355Z 64 PC: 142c9 | Write file or device (Write 2048 bytes on handle 6)
2018-12-17T23:11:17.100119066Z 63 PC: 142c9 | Read file or device (Read 2048 bytes on handle 5)
2018-12-17T23:11:17.107598265Z 64 PC: 142c9 | Write file or device (Write 2048 bytes on handle 6)
2018-12-17T23:11:17.116182222Z 63 PC: 142c9 | Read file or device (Read 2048 bytes on handle 5)
2018-12-17T23:11:17.124822191Z 64 PC: 142c9 | Write file or device (Write 2048 bytes on handle 6)
2018-12-17T23:11:17.133139491Z 63 PC: 142c9 | Read file or device (Read 2048 bytes on handle 5)
2018-12-17T23:11:17.142009041Z 64 PC: 142c9 | Write file or device (Write 2048 bytes on handle 6)
2018-12-17T23:11:17.150016079Z 63 PC: 142c9 | Read file or device (Read 2048 bytes on handle 5)
2018-12-17T23:11:17.157835326Z 64 PC: 142c9 | Write file or device (Write 2048 bytes on handle 6)
2018-12-17T23:11:17.167109648Z 63 PC: 142c9 | Read file or device (Read 2048 bytes on handle 5)
2018-12-17T23:11:17.174749791Z 64 PC: 142c9 | Write file or device (Write 2048 bytes on handle 6)
2018-12-17T23:11:17.182698163Z 63 PC: 142c9 | Read file or device (Read 2048 bytes on handle 5)
2018-12-17T23:11:17.191094824Z 64 PC: 142c9 | Write file or device (Write 2048 bytes on handle 6)
2018-12-17T23:11:17.199113061Z 63 PC: 142c9 | Read file or device (Read 2048 bytes on handle 5)
2018-12-17T23:11:17.208901326Z 64 PC: 142c9 | Write file or device (Write 2048 bytes on handle 6)
2018-12-17T23:11:17.217630448Z 63 PC: 142c9 | Read file or device (Read 2048 bytes on handle 5)
2018-12-17T23:11:17.225038319Z 64 PC: 142c9 | Write file or device (Write 2048 bytes on handle 6)
2018-12-17T23:11:17.232971495Z 63 PC: 142c9 | Read file or device (Read 2048 bytes on handle 5)
2018-12-17T23:11:17.24201733Z 64 PC: 142c9 | Write file or device (Write 2048 bytes on handle 6)
2018-12-17T23:11:17.250276965Z 63 PC: 142c9 | Read file or device (Read 2048 bytes on handle 5)
2018-12-17T23:11:17.255049887Z 64 PC: 142c9 | Write file or device (Write 2048 bytes on handle 6)
2018-12-17T23:11:17.261172057Z 63 PC: 142c9 | Read file or device (Read 2048 bytes on handle 5)
2018-12-17T23:11:17.268037308Z 64 PC: 142c9 | Write file or device (Write 2048 bytes on handle 6)
2018-12-17T23:11:17.273342414Z 63 PC: 142c9 | Read file or device (Read 2048 bytes on handle 5)
2018-12-17T23:11:17.280419255Z 64 PC: 142c9 | Write file or device (Write 2048 bytes on handle 6)
2018-12-17T23:11:17.289660327Z 63 PC: 142c9 | Read file or device (Read 2048 bytes on handle 5)
2018-12-17T23:11:17.297225405Z 64 PC: 142c9 | Write file or device (Write 2048 bytes on handle 6)
2018-12-17T23:11:17.305706839Z 63 PC: 142c9 | Read file or device (Read 2048 bytes on handle 5)
2018-12-17T23:11:17.31320781Z 64 PC: 142c9 | Write file or device (Write 2048 bytes on handle 6)
2018-12-17T23:11:17.321310228Z 63 PC: 142c9 | Read file or device (Read 2048 bytes on handle 5)
2018-12-17T23:11:17.323972378Z 64 PC: 142c9 | Write file or device (Write 237 bytes on handle 6)
2018-12-17T23:11:17.330419575Z 63 PC: 142c9 | Read file or device (Read 2048 bytes on handle 5)
2018-12-17T23:11:17.332897383Z 62 PC: 14246 | Close file
2018-12-17T23:11:17.335477632Z 62 PC: 14246 | Close file
2018-12-17T23:11:17.341416541Z 67 PC: 13906 | Get or set file attributes
2018-12-17T23:11:17.347772325Z 44 PC: 149bf | Get time 0x149bf: mov word ptr [0x1a6], cx
0x149c3: mov word ptr [0x1a8], dx
0x149c7: retf
0x149c8: mov bx, sp
0x149ca: mov al, byte ptr ss:[bx + 4]
0x149ce: cmp al, 0x61
0x149d0: jb 0x149d8
0x149d2: cmp al, 0x7a
0x149d4: ja 0x149d8
0x149d6: sub al, 0x20
0x149d8: retf 2
0x149db: mov di, 0x1ba
0x149de: push ds
0x149df: pop es
0x149e0: mov cx, 0xf86
0x149e3: sub cx, di
0x149e5: shr cx, 1
0x149e7: xor ax, ax
0x149e9: cld
0x149ea: rep stosd dword ptr es:[di], eax
2018-12-17T23:11:17.349936477Z 37 PC: 139fa | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:11:17.351985292Z 41 PC: 13a60 | Parse filename
2018-12-17T23:11:17.353124447Z 41 PC: 13a6e | Parse filename
2018-12-17T23:11:17.354876322Z 75 PC: 13a79 | Execute program
2018-12-17T23:11:17.366347632Z 66 PC: 1c71f | Move file pointer
2018-12-17T23:11:17.370476134Z 63 PC: 1dded | Read file or device (Read 1024 bytes on handle 0)