Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Spyect.5968

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:11:25.906480863Z 53 PC: 138ba | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:25.908558429Z 53 PC: 138ba | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:11:25.910433039Z 53 PC: 138ba | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:11:25.912324772Z 53 PC: 138ba | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:11:25.914109341Z 53 PC: 138ba | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:11:25.915904393Z 53 PC: 138ba | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:25.917743603Z 53 PC: 138ba | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:11:25.919425845Z 53 PC: 138ba | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:11:25.922601064Z 53 PC: 138ba | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:11:25.924301576Z 53 PC: 138ba | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:11:25.926400593Z 53 PC: 138ba | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:11:25.92765685Z 53 PC: 138ba | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:11:25.92921908Z 53 PC: 138ba | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:11:25.930968989Z 53 PC: 138ba | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:11:25.932044649Z 53 PC: 138ba | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:11:25.933083754Z 53 PC: 138ba | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:11:25.934978124Z 53 PC: 138ba | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:11:25.93613682Z 53 PC: 138ba | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:11:25.937245818Z 53 PC: 138ba | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:11:25.939028168Z 37 PC: 138cf | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:25.940112612Z 37 PC: 138d7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:11:25.941450025Z 37 PC: 138df | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:25.943385968Z 37 PC: 138e7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:11:25.945332907Z 68 PC: 14543 | I/O control for devices (Set for = '')
2018-12-17T23:11:26.057208533Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:11:26.059291039Z 44 PC: 1302d | Get time 0x1302d: xor ah, ah
0x1302f: mov al, dl
0x13031: les di, ptr [bp + 6]
0x13034: stosw word ptr es:[di], ax
0x13035: mov al, dh
0x13037: les di, ptr [bp + 0xa]
0x1303a: stosw word ptr es:[di], ax
0x1303b: mov al, cl
0x1303d: les di, ptr [bp + 0xe]
0x13040: stosw word ptr es:[di], ax
0x13041: mov al, ch
0x13043: les di, ptr [bp + 0x12]
0x13046: stosw word ptr es:[di], ax
0x13047: pop bp
0x13048: retf 0x10
0x1304b: push bp
0x1304c: mov bp, sp
0x1304e: mov ch, byte ptr [bp + 0xc]
0x13051: mov cl, byte ptr [bp + 0xa]
0x13054: mov dh, byte ptr [bp + 8]
2018-12-17T23:11:26.06161732Z 42 PC: 12ff7 | Get date 0x12ff7: xor ah, ah
0x12ff9: les di, ptr [bp + 6]
0x12ffc: stosw word ptr es:[di], ax
0x12ffd: mov al, dl
0x12fff: les di, ptr [bp + 0xa]
0x13002: stosw word ptr es:[di], ax
0x13003: mov al, dh
0x13005: les di, ptr [bp + 0xe]
0x13008: stosw word ptr es:[di], ax
0x13009: xchg ax, cx
0x1300a: les di, ptr [bp + 0x12]
0x1300d: stosw word ptr es:[di], ax
0x1300e: pop bp
0x1300f: retf 0x10
0x13012: push bp
0x13013: mov bp, sp
0x13015: mov cx, word ptr [bp + 0xa]
0x13018: mov dh, byte ptr [bp + 8]
0x1301b: mov dl, byte ptr [bp + 6]
0x1301e: mov ah, 0x2b
2018-12-17T23:11:26.063867266Z 59 PC: 141c7 | Change current directory
2018-12-17T23:11:26.068373469Z 48 PC: 14073 | Get DOS version
2018-12-17T23:11:26.069895421Z 67 PC: 13071 | Get or set file attributes
2018-12-17T23:11:26.075402542Z 67 PC: 13098 | Get or set file attributes
2018-12-17T23:11:26.094031754Z 61 PC: 13f25 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:11:26.100670979Z 63 PC: 13ff8 | Read file or device (Read 5968 bytes on handle 5)
2018-12-17T23:11:26.108561864Z 66 PC: 14642 | Move file pointer
2018-12-17T23:11:26.11065482Z 66 PC: 14650 | Move file pointer
2018-12-17T23:11:26.111981225Z 66 PC: 1465e | Move file pointer
2018-12-17T23:11:26.113646527Z 62 PC: 13f75 | Close file
2018-12-17T23:11:26.115856794Z 67 PC: 13098 | Get or set file attributes
2018-12-17T23:11:26.125808392Z 26 PC: 1310f | Set disk transfer address
2018-12-17T23:11:26.126872887Z 78 PC: 1311b | Find first file
2018-12-17T23:11:26.133119001Z 26 PC: 13133 | Set disk transfer address
2018-12-17T23:11:26.134578159Z 79 PC: 13138 | Find next file
2018-12-17T23:11:26.137369628Z 26 PC: 13133 | Set disk transfer address
2018-12-17T23:11:26.138825997Z 79 PC: 13138 | Find next file
2018-12-17T23:11:26.142072944Z 26 PC: 13133 | Set disk transfer address
2018-12-17T23:11:26.143538438Z 79 PC: 13138 | Find next file
2018-12-17T23:11:26.146596297Z 26 PC: 13133 | Set disk transfer address
2018-12-17T23:11:26.148121334Z 79 PC: 13138 | Find next file
2018-12-17T23:11:26.150961559Z 26 PC: 13133 | Set disk transfer address
2018-12-17T23:11:26.152466405Z 79 PC: 13138 | Find next file
2018-12-17T23:11:26.156329889Z 26 PC: 13133 | Set disk transfer address
2018-12-17T23:11:26.157644335Z 79 PC: 13138 | Find next file
2018-12-17T23:11:26.160566594Z 26 PC: 13133 | Set disk transfer address
2018-12-17T23:11:26.161973671Z 79 PC: 13138 | Find next file
2018-12-17T23:11:26.164432363Z 26 PC: 13133 | Set disk transfer address
2018-12-17T23:11:26.165385296Z 79 PC: 13138 | Find next file
2018-12-17T23:11:26.168183681Z 26 PC: 13133 | Set disk transfer address
2018-12-17T23:11:26.169168344Z 79 PC: 13138 | Find next file
2018-12-17T23:11:26.174491716Z 37 PC: 13a11 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:26.176804516Z 37 PC: 13a11 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:11:26.177866004Z 37 PC: 13a11 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:11:26.178890685Z 37 PC: 13a11 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:11:26.180523671Z 37 PC: 13a11 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:11:26.181599526Z 37 PC: 13a11 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:26.182725422Z 37 PC: 13a11 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:11:26.184519968Z 37 PC: 13a11 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:11:26.185695711Z 37 PC: 13a11 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:11:26.18695728Z 37 PC: 13a11 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:11:26.189043068Z 37 PC: 13a11 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:11:26.190230725Z 37 PC: 13a11 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:11:26.191384568Z 37 PC: 13a11 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:11:26.193205101Z 37 PC: 13a11 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:11:26.194633579Z 37 PC: 13a11 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:11:26.19584738Z 37 PC: 13a11 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:11:26.19765505Z 37 PC: 13a11 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:11:26.198779741Z 37 PC: 13a11 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:11:26.199854179Z 37 PC: 13a11 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:11:26.202837719Z 76 PC: 13a50 | Terminate with return code (Return code = '0')