Sample viewer

vx.netlux.org/Virus.DOS.HLLP.6880

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:11:27.822238022Z	53	PC: 134c2 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:27.82444819Z	53	PC: 134c2 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:11:27.826121256Z	53	PC: 134c2 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:11:27.82777683Z	53	PC: 134c2 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:11:27.830367302Z	53	PC: 134c2 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:11:27.832673659Z	53	PC: 134c2 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:27.834865111Z	53	PC: 134c2 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:11:27.836497722Z	53	PC: 134c2 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:11:27.839304801Z	53	PC: 134c2 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:11:27.840939255Z	53	PC: 134c2 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:11:27.842565233Z	53	PC: 134c2 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:11:27.846205449Z	53	PC: 134c2 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:11:27.84781129Z	53	PC: 134c2 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:11:27.849385912Z	53	PC: 134c2 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:11:27.852270557Z	53	PC: 134c2 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:11:27.853971886Z	53	PC: 134c2 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:11:27.855615227Z	53	PC: 134c2 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:11:27.85807852Z	53	PC: 134c2 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:11:27.860788898Z	53	PC: 134c2 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:11:27.862343702Z	37	PC: 134d7 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:27.864197538Z	37	PC: 134df \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:11:27.867134071Z	37	PC: 134e7 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:27.868804392Z	37	PC: 134ef \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:11:27.871024618Z	68	PC: 13ac2 \| I/O control for devices (Set for = '')
2018-12-17T23:11:27.874690844Z	48	PC: 14157 \| Get DOS version
2018-12-17T23:11:27.877191387Z	61	PC: 13f17 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:11:27.884943687Z	87	PC: 13250 \| Get or set file date and time
2018-12-17T23:11:27.887735678Z	60	PC: 13f17 \| Create or truncate file
2018-12-17T23:11:27.910479313Z	66	PC: 14049 \| Move file pointer
2018-12-17T23:11:27.912550749Z	63	PC: 13fea \| Read file or device (Read 8192 bytes on handle 5)
2018-12-17T23:11:27.922198855Z	64	PC: 13fea \| Write file or device (Write 5120 bytes on handle 6)
2018-12-17T23:11:27.931664888Z	66	PC: 140b3 \| Move file pointer
2018-12-17T23:11:27.933636627Z	66	PC: 140c1 \| Move file pointer
2018-12-17T23:11:27.936537873Z	66	PC: 140cf \| Move file pointer
2018-12-17T23:11:27.938725567Z	62	PC: 13f67 \| Close file
2018-12-17T23:11:27.941153103Z	87	PC: 1327d \| Get or set file date and time
2018-12-17T23:11:27.943567304Z	62	PC: 13f67 \| Close file
2018-12-17T23:11:27.953983925Z	67	PC: 1320f \| Get or set file attributes
2018-12-17T23:11:27.961632881Z	61	PC: 13f17 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:11:27.972272381Z	87	PC: 13250 \| Get or set file date and time
2018-12-17T23:11:27.975985394Z	63	PC: 13fea \| Read file or device (Read 6880 bytes on handle 5)
2018-12-17T23:11:27.984992464Z	66	PC: 14049 \| Move file pointer
2018-12-17T23:11:27.987316926Z	64	PC: 13fea \| Write file or device (Write 1 bytes on handle 5)
2018-12-17T23:11:27.991074102Z	87	PC: 1327d \| Get or set file date and time
2018-12-17T23:11:27.993181957Z	62	PC: 13f67 \| Close file
2018-12-17T23:11:28.000770519Z	67	PC: 13236 \| Get or set file attributes
2018-12-17T23:11:28.013683204Z	26	PC: 132ad \| Set disk transfer address
2018-12-17T23:11:28.015295567Z	78	PC: 132b9 \| Find first file
2018-12-17T23:11:28.025427012Z	61	PC: 13f17 \| Open file (Filename = 'C:\DOS\EDIT.COM')
2018-12-17T23:11:28.034787216Z	63	PC: 13fea \| Read file or device (Read 27 bytes on handle 5)
2018-12-17T23:11:28.040900995Z	62	PC: 13f67 \| Close file
2018-12-17T23:11:28.043511895Z	60	PC: 13f17 \| Create or truncate file
2018-12-17T23:11:28.400259308Z	67	PC: 1320f \| Get or set file attributes
2018-12-17T23:11:28.407388907Z	61	PC: 13f17 \| Open file (Filename = 'C:\DOS\EDIT.COM')
2018-12-17T23:11:28.414728741Z	87	PC: 13250 \| Get or set file date and time
2018-12-17T23:11:28.416742649Z	64	PC: 13fea \| Write file or device (Write 6880 bytes on handle 5)
2018-12-17T23:11:28.430102496Z	63	PC: 13fea \| Read file or device (Read 8192 bytes on handle 6)
2018-12-17T23:11:28.433387844Z	64	PC: 13fea \| Write file or device (Write 413 bytes on handle 5)
2018-12-17T23:11:28.440458974Z	66	PC: 140b3 \| Move file pointer
2018-12-17T23:11:28.443454577Z	66	PC: 140c1 \| Move file pointer
2018-12-17T23:11:28.445282936Z	66	PC: 140cf \| Move file pointer
2018-12-17T23:11:28.447189111Z	62	PC: 13f67 \| Close file
2018-12-17T23:11:28.450448151Z	87	PC: 1327d \| Get or set file date and time
2018-12-17T23:11:28.452434136Z	62	PC: 13f67 \| Close file
2018-12-17T23:11:28.460085917Z	65	PC: 140ec \| Delete file (Filename = 'C:\DOS\EDIT.COM')
2018-12-17T23:11:28.473775795Z	86	PC: 14122 \| Rename file
2018-12-17T23:11:28.47981885Z	67	PC: 13236 \| Get or set file attributes
2018-12-17T23:11:28.492000501Z	26	PC: 132d1 \| Set disk transfer address
2018-12-17T23:11:28.495029046Z	79	PC: 132d6 \| Find next file
2018-12-17T23:11:28.499585636Z	61	PC: 13f17 \| Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-17T23:11:28.508165643Z	26	PC: 132d1 \| Set disk transfer address
2018-12-17T23:11:28.509650606Z	79	PC: 132d6 \| Find next file
2018-12-17T23:11:28.514633548Z	61	PC: 13f17 \| Open file (Filename = 'C:\DOS\KEYB.COM')
2018-12-17T23:11:28.522515952Z	63	PC: 13fea \| Read file or device (Read 27 bytes on handle 6)
2018-12-17T23:11:28.528922422Z	62	PC: 13f67 \| Close file
2018-12-17T23:11:28.532414389Z	60	PC: 13f17 \| Create or truncate file
2018-12-17T23:11:28.548274828Z	67	PC: 1320f \| Get or set file attributes
2018-12-17T23:11:28.557624834Z	61	PC: 13f17 \| Open file (Filename = 'C:\DOS\KEYB.COM')
2018-12-17T23:11:28.569542648Z	87	PC: 13250 \| Get or set file date and time
2018-12-17T23:11:28.571534875Z	64	PC: 13fea \| Write file or device (Write 6880 bytes on handle 6)
2018-12-17T23:11:28.589348067Z	63	PC: 13fea \| Read file or device (Read 8192 bytes on handle 7)
2018-12-17T23:11:28.599888992Z	64	PC: 13fea \| Write file or device (Write 8192 bytes on handle 6)
2018-12-17T23:11:28.609956657Z	66	PC: 140b3 \| Move file pointer
2018-12-17T23:11:28.611901174Z	66	PC: 140c1 \| Move file pointer
2018-12-17T23:11:28.614252796Z	66	PC: 140cf \| Move file pointer
2018-12-17T23:11:28.616877042Z	63	PC: 13fea \| Read file or device (Read 8192 bytes on handle 7)
2018-12-17T23:11:28.625650012Z	64	PC: 13fea \| Write file or device (Write 7558 bytes on handle 6)
2018-12-17T23:11:28.63591086Z	66	PC: 140b3 \| Move file pointer
2018-12-17T23:11:28.63839406Z	66	PC: 140c1 \| Move file pointer
2018-12-17T23:11:28.640155162Z	66	PC: 140cf \| Move file pointer
2018-12-17T23:11:28.64203646Z	62	PC: 13f67 \| Close file
2018-12-17T23:11:28.645292625Z	87	PC: 1327d \| Get or set file date and time
2018-12-17T23:11:28.647126684Z	62	PC: 13f67 \| Close file
2018-12-17T23:11:28.654614537Z	65	PC: 140ec \| Delete file (Filename = 'C:\DOS\KEYB.COM')
2018-12-17T23:11:28.667141437Z	86	PC: 14122 \| Rename file
2018-12-17T23:11:28.67295973Z	67	PC: 13236 \| Get or set file attributes
2018-12-17T23:11:28.684707174Z	26	PC: 132d1 \| Set disk transfer address
2018-12-17T23:11:28.687223997Z	79	PC: 132d6 \| Find next file
2018-12-17T23:11:28.692318488Z	61	PC: 13f17 \| Open file (Filename = 'C:\DOS\SYS.COM')
2018-12-17T23:11:28.700449151Z	26	PC: 132d1 \| Set disk transfer address
2018-12-17T23:11:28.702342381Z	79	PC: 132d6 \| Find next file
2018-12-17T23:11:28.707275149Z	26	PC: 132ad \| Set disk transfer address
2018-12-17T23:11:28.708779368Z	78	PC: 132b9 \| Find first file
2018-12-17T23:11:28.716620495Z	61	PC: 13f17 \| Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T23:11:28.726188199Z	63	PC: 13fea \| Read file or device (Read 27 bytes on handle 7)
2018-12-17T23:11:28.733140955Z	62	PC: 13f67 \| Close file
2018-12-17T23:11:28.736037533Z	60	PC: 13f17 \| Create or truncate file
2018-12-17T23:11:28.750647511Z	67	PC: 1320f \| Get or set file attributes
2018-12-17T23:11:28.759118273Z	61	PC: 13f17 \| Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T23:11:28.767133096Z	87	PC: 13250 \| Get or set file date and time
2018-12-17T23:11:28.770778793Z	64	PC: 13fea \| Write file or device (Write 6880 bytes on handle 7)
2018-12-17T23:11:28.783083665Z	63	PC: 13fea \| Read file or device (Read 8192 bytes on handle 8)
2018-12-17T23:11:28.79306102Z	64	PC: 13fea \| Write file or device (Write 8192 bytes on handle 7)
2018-12-17T23:11:28.805441986Z	66	PC: 140b3 \| Move file pointer
2018-12-17T23:11:28.807623038Z	66	PC: 140c1 \| Move file pointer
2018-12-17T23:11:28.809661141Z	66	PC: 140cf \| Move file pointer
2018-12-17T23:11:28.811923586Z	63	PC: 13fea \| Read file or device (Read 8192 bytes on handle 8)
2018-12-17T23:11:28.822425698Z	64	PC: 13fea \| Write file or device (Write 3016 bytes on handle 7)
2018-12-17T23:11:28.832322411Z	66	PC: 140b3 \| Move file pointer
2018-12-17T23:11:28.834415207Z	66	PC: 140c1 \| Move file pointer
2018-12-17T23:11:28.837552107Z	66	PC: 140cf \| Move file pointer
2018-12-17T23:11:28.839623773Z	62	PC: 13f67 \| Close file
2018-12-17T23:11:28.842087908Z	87	PC: 1327d \| Get or set file date and time
2018-12-17T23:11:28.844791963Z	62	PC: 13f67 \| Close file
2018-12-17T23:11:28.852869305Z	65	PC: 140ec \| Delete file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T23:11:28.86531373Z	86	PC: 14122 \| Rename file
2018-12-17T23:11:28.872455592Z	67	PC: 13236 \| Get or set file attributes
2018-12-17T23:11:28.884368808Z	26	PC: 132d1 \| Set disk transfer address
2018-12-17T23:11:28.885888395Z	79	PC: 132d6 \| Find next file
2018-12-17T23:11:28.892167986Z	61	PC: 13f17 \| Open file (Filename = 'C:\DOS\CHKDSK.EXE')
2018-12-17T23:11:28.900667912Z	26	PC: 132d1 \| Set disk transfer address
2018-12-17T23:11:28.902671651Z	79	PC: 132d6 \| Find next file
2018-12-17T23:11:28.908289597Z	61	PC: 13f17 \| Open file (Filename = 'C:\DOS\DEBUG.EXE')
2018-12-17T23:11:28.91661247Z	63	PC: 13fea \| Read file or device (Read 27 bytes on handle 8)
2018-12-17T23:11:28.923400917Z	62	PC: 13f67 \| Close file
2018-12-17T23:11:28.926254885Z	60	PC: 13f17 \| Create or truncate file
2018-12-17T23:11:28.940634259Z	67	PC: 1320f \| Get or set file attributes
2018-12-17T23:11:28.96346595Z	61	PC: 13f17 \| Open file (Filename = 'C:\DOS\DEBUG.EXE')
2018-12-17T23:11:28.970396664Z	87	PC: 13250 \| Get or set file date and time
2018-12-17T23:11:28.973018115Z	64	PC: 13fea \| Write file or device (Write 6880 bytes on handle 8)
2018-12-17T23:11:28.982344235Z	63	PC: 13fea \| Read file or device (Read 8192 bytes on handle 9)
2018-12-17T23:11:28.99023754Z	64	PC: 13fea \| Write file or device (Write 8192 bytes on handle 8)
2018-12-17T23:11:29.001189358Z	66	PC: 140b3 \| Move file pointer
2018-12-17T23:11:29.002698426Z	66	PC: 140c1 \| Move file pointer
2018-12-17T23:11:29.004266876Z	66	PC: 140cf \| Move file pointer
2018-12-17T23:11:29.006709229Z	63	PC: 13fea \| Read file or device (Read 8192 bytes on handle 9)
2018-12-17T23:11:29.01545068Z	64	PC: 13fea \| Write file or device (Write 7526 bytes on handle 8)
2018-12-17T23:11:29.025207901Z	66	PC: 140b3 \| Move file pointer
2018-12-17T23:11:29.0277861Z	66	PC: 140c1 \| Move file pointer
2018-12-17T23:11:29.029666156Z	66	PC: 140cf \| Move file pointer
2018-12-17T23:11:29.031691595Z	62	PC: 13f67 \| Close file
2018-12-17T23:11:29.035956255Z	87	PC: 1327d \| Get or set file date and time
2018-12-17T23:11:29.037996312Z	62	PC: 13f67 \| Close file
2018-12-17T23:11:29.046161589Z	65	PC: 140ec \| Delete file (Filename = 'C:\DOS\DEBUG.EXE')
2018-12-17T23:11:29.061885291Z	86	PC: 14122 \| Rename file
2018-12-17T23:11:29.068545478Z	67	PC: 13236 \| Get or set file attributes
2018-12-17T23:11:29.07951586Z	26	PC: 132d1 \| Set disk transfer address
2018-12-17T23:11:29.082590022Z	79	PC: 132d6 \| Find next file
2018-12-17T23:11:29.088419015Z	41	PC: 13364 \| Parse filename
2018-12-17T23:11:29.09020859Z	41	PC: 13372 \| Parse filename
2018-12-17T23:11:29.09360079Z	75	PC: 1337d \| Execute program
2018-12-17T23:11:29.117522781Z	9	PC: 1b315 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T23:11:29.123585594Z	0	PC: 1b319 \| Program terminate
2018-12-17T23:11:29.128764484Z	65	PC: 140ec \| Delete file (Filename = 'A:\ux142.rqz')
2018-12-17T23:11:29.142105726Z	64	PC: 13bc5 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T23:11:29.144345208Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:29.146883541Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:11:29.148320434Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:11:29.149801058Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:11:29.152454259Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:11:29.154997252Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:29.156638709Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:11:29.158073527Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:11:29.160764698Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:11:29.162300126Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:11:29.163855591Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:11:29.166664444Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:11:29.168219619Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:11:29.169791756Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:11:29.172072125Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:11:29.174067658Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:11:29.175659482Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:11:29.177940632Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:11:29.179432848Z	37	PC: 135d6 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:11:29.180921227Z	76	PC: 13615 \| Terminate with return code (Return code = '0')