Sample viewer

vx.netlux.org/Virus.DOS.HLLO.Harakiri.c

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:06:15.161819412Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:06:15.163655341Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:06:15.164856486Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:06:15.166005137Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:06:15.168152925Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:06:15.169257113Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:06:15.170619781Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:06:15.171881478Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:06:15.173120865Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:06:15.174222773Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:06:15.17526423Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:06:15.176786409Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:06:15.177894402Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:06:15.179028587Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:06:15.180919799Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:06:15.182103247Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:06:15.183769582Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:06:15.189072672Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:06:15.191126181Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:06:15.193092712Z	37	PC: 131df \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:06:15.195664456Z	37	PC: 131e7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:06:15.196722939Z	37	PC: 131ef \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:06:15.197984353Z	37	PC: 131f7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:06:15.200197499Z	68	PC: 13d43 \| I/O control for devices (Set for = '')
2018-12-17T22:06:15.20249825Z	64	PC: 135e8 \| Write file or device (Write 10 bytes on handle 1)
2018-12-17T22:06:15.207596507Z	26	PC: 13115 \| Set disk transfer address
2018-12-17T22:06:15.20913064Z	78	PC: 13121 \| Find first file
2018-12-17T22:06:15.215515441Z	64	PC: 135e8 \| Write file or device (Write 10 bytes on handle 1)
2018-12-17T22:06:15.220466153Z	48	PC: 13a6e \| Get DOS version
2018-12-17T22:06:15.222576386Z	61	PC: 13920 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:06:15.227371674Z	61	PC: 13920 \| Open file (Filename = '\TEST.EXE')
2018-12-17T22:06:15.231647581Z	64	PC: 135e8 \| Write file or device (Write 4 bytes on handle 1)
2018-12-17T22:06:15.240414538Z	64	PC: 135e8 \| Write file or device (Write 11 bytes on handle 1)
2018-12-17T22:06:15.244899587Z	63	PC: 139f3 \| Read file or device (Read 25 bytes on handle 5)
2018-12-17T22:06:15.246887723Z	63	PC: 139f3 \| Read file or device (Read 25 bytes on handle 6)
2018-12-17T22:06:15.249440701Z	62	PC: 13970 \| Close file
2018-12-17T22:06:15.254478614Z	62	PC: 13970 \| Close file
2018-12-17T22:06:15.256437716Z	64	PC: 135e8 \| Write file or device (Write 23 bytes on handle 1)
2018-12-17T22:06:15.262834681Z	26	PC: 13139 \| Set disk transfer address
2018-12-17T22:06:15.264066692Z	79	PC: 1313e \| Find next file
2018-12-17T22:06:15.266706443Z	26	PC: 13115 \| Set disk transfer address
2018-12-17T22:06:15.267930382Z	78	PC: 13121 \| Find first file
2018-12-17T22:06:15.274037949Z	26	PC: 13139 \| Set disk transfer address
2018-12-17T22:06:15.2752198Z	79	PC: 1313e \| Find next file
2018-12-17T22:06:15.277969843Z	26	PC: 13139 \| Set disk transfer address
2018-12-17T22:06:15.279773415Z	79	PC: 1313e \| Find next file
2018-12-17T22:06:15.282361351Z	26	PC: 13139 \| Set disk transfer address
2018-12-17T22:06:15.283393656Z	79	PC: 1313e \| Find next file
2018-12-17T22:06:15.286024493Z	26	PC: 13139 \| Set disk transfer address
2018-12-17T22:06:15.286941515Z	79	PC: 1313e \| Find next file
2018-12-17T22:06:15.289384645Z	26	PC: 13139 \| Set disk transfer address
2018-12-17T22:06:15.29159606Z	79	PC: 1313e \| Find next file
2018-12-17T22:06:15.302691358Z	26	PC: 13139 \| Set disk transfer address
2018-12-17T22:06:15.304338598Z	79	PC: 1313e \| Find next file
2018-12-17T22:06:15.306976017Z	26	PC: 13139 \| Set disk transfer address
2018-12-17T22:06:15.307887706Z	79	PC: 1313e \| Find next file
2018-12-17T22:06:15.310311691Z	26	PC: 13139 \| Set disk transfer address
2018-12-17T22:06:15.311608178Z	79	PC: 1313e \| Find next file
2018-12-17T22:06:15.314134253Z	26	PC: 13139 \| Set disk transfer address
2018-12-17T22:06:15.315051191Z	79	PC: 1313e \| Find next file
2018-12-17T22:06:15.321606107Z	64	PC: 135e8 \| Write file or device (Write 10 bytes on handle 1)
2018-12-17T22:06:15.326217753Z	26	PC: 13115 \| Set disk transfer address
2018-12-17T22:06:15.327170979Z	78	PC: 13121 \| Find first file
2018-12-17T22:06:15.333650439Z	64	PC: 135e8 \| Write file or device (Write 11 bytes on handle 1)
2018-12-17T22:06:15.338460639Z	48	PC: 13a6e \| Get DOS version
2018-12-17T22:06:15.339729806Z	61	PC: 13920 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:06:15.346804689Z	61	PC: 13920 \| Open file (Filename = '\SLEEP.COM')
2018-12-17T22:06:15.353338138Z	64	PC: 135e8 \| Write file or device (Write 4 bytes on handle 1)
2018-12-17T22:06:15.35613389Z	64	PC: 135e8 \| Write file or device (Write 12 bytes on handle 1)
2018-12-17T22:06:15.361511631Z	63	PC: 139f3 \| Read file or device (Read 25 bytes on handle 5)
2018-12-17T22:06:15.365225223Z	63	PC: 139f3 \| Read file or device (Read 25 bytes on handle 6)
2018-12-17T22:06:15.372167484Z	64	PC: 135e8 \| Write file or device (Write 20 bytes on handle 1)
2018-12-17T22:06:15.377819548Z	62	PC: 13970 \| Close file
2018-12-17T22:06:15.379493378Z	62	PC: 13970 \| Close file
2018-12-17T22:06:15.38142202Z	64	PC: 135e8 \| Write file or device (Write 16 bytes on handle 1)
2018-12-17T22:06:15.387600118Z	48	PC: 13a6e \| Get DOS version
2018-12-17T22:06:15.388687425Z	61	PC: 13920 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:06:15.392883093Z	64	PC: 135e8 \| Write file or device (Write 12 bytes on handle 1)
2018-12-17T22:06:15.395983023Z	61	PC: 13920 \| Open file (Filename = '\SLEEP.COM')
2018-12-17T22:06:15.400004474Z	63	PC: 139f3 \| Read file or device (Read 5488 bytes on handle 5)
2018-12-17T22:06:15.408166015Z	64	PC: 139f3 \| Write file or device (Write 5488 bytes on handle 6)
2018-12-17T22:06:15.424809485Z	62	PC: 13970 \| Close file
2018-12-17T22:06:15.426522173Z	62	PC: 13970 \| Close file
2018-12-17T22:06:15.434453379Z	64	PC: 135e8 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:06:15.439255351Z	26	PC: 13139 \| Set disk transfer address
2018-12-17T22:06:15.440141405Z	79	PC: 1313e \| Find next file
2018-12-17T22:06:15.443491603Z	64	PC: 135e8 \| Write file or device (Write 11 bytes on handle 1)
2018-12-17T22:06:15.449169109Z	48	PC: 13a6e \| Get DOS version
2018-12-17T22:06:15.45044771Z	61	PC: 13920 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:06:15.45683771Z	61	PC: 13920 \| Open file (Filename = '\PRINT.COM')
2018-12-17T22:06:15.463896226Z	64	PC: 135e8 \| Write file or device (Write 4 bytes on handle 1)
2018-12-17T22:06:15.466727462Z	64	PC: 135e8 \| Write file or device (Write 12 bytes on handle 1)
2018-12-17T22:06:15.471522085Z	63	PC: 139f3 \| Read file or device (Read 25 bytes on handle 5)
2018-12-17T22:06:15.474571662Z	63	PC: 139f3 \| Read file or device (Read 25 bytes on handle 6)
2018-12-17T22:06:15.481042916Z	64	PC: 135e8 \| Write file or device (Write 20 bytes on handle 1)
2018-12-17T22:06:15.486598011Z	62	PC: 13970 \| Close file
2018-12-17T22:06:15.489172497Z	62	PC: 13970 \| Close file
2018-12-17T22:06:15.491123456Z	64	PC: 135e8 \| Write file or device (Write 16 bytes on handle 1)
2018-12-17T22:06:15.495536195Z	48	PC: 13a6e \| Get DOS version
2018-12-17T22:06:15.497257842Z	61	PC: 13920 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:06:15.504586543Z	64	PC: 135e8 \| Write file or device (Write 12 bytes on handle 1)
2018-12-17T22:06:15.509802358Z	61	PC: 13920 \| Open file (Filename = '\PRINT.COM')
2018-12-17T22:06:15.516574317Z	63	PC: 139f3 \| Read file or device (Read 5488 bytes on handle 5)
2018-12-17T22:06:15.523584808Z	64	PC: 139f3 \| Write file or device (Write 5488 bytes on handle 6)
2018-12-17T22:06:15.539711717Z	62	PC: 13970 \| Close file
2018-12-17T22:06:15.542059951Z	62	PC: 13970 \| Close file
2018-12-17T22:06:15.550499746Z	64	PC: 135e8 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:06:15.554854641Z	26	PC: 13139 \| Set disk transfer address
2018-12-17T22:06:15.556941207Z	79	PC: 1313e \| Find next file
2018-12-17T22:06:15.560258828Z	64	PC: 135e8 \| Write file or device (Write 11 bytes on handle 1)
2018-12-17T22:06:15.567351114Z	48	PC: 13a6e \| Get DOS version
2018-12-17T22:06:15.569837519Z	61	PC: 13920 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:06:15.577050982Z	61	PC: 13920 \| Open file (Filename = '\HELLO.COM')
2018-12-17T22:06:15.583694965Z	64	PC: 135e8 \| Write file or device (Write 4 bytes on handle 1)
2018-12-17T22:06:15.588855697Z	64	PC: 135e8 \| Write file or device (Write 12 bytes on handle 1)
2018-12-17T22:06:15.595065769Z	63	PC: 139f3 \| Read file or device (Read 25 bytes on handle 5)
2018-12-17T22:06:15.59767424Z	63	PC: 139f3 \| Read file or device (Read 25 bytes on handle 6)
2018-12-17T22:06:15.604568616Z	64	PC: 135e8 \| Write file or device (Write 20 bytes on handle 1)
2018-12-17T22:06:15.608938623Z	62	PC: 13970 \| Close file
2018-12-17T22:06:15.610631513Z	62	PC: 13970 \| Close file
2018-12-17T22:06:15.613071568Z	64	PC: 135e8 \| Write file or device (Write 16 bytes on handle 1)
2018-12-17T22:06:15.617676007Z	48	PC: 13a6e \| Get DOS version
2018-12-17T22:06:15.618975912Z	61	PC: 13920 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:06:15.627184552Z	64	PC: 135e8 \| Write file or device (Write 12 bytes on handle 1)
2018-12-17T22:06:15.631675857Z	61	PC: 13920 \| Open file (Filename = '\HELLO.COM')
2018-12-17T22:06:15.638779287Z	63	PC: 139f3 \| Read file or device (Read 5488 bytes on handle 5)
2018-12-17T22:06:15.64630809Z	64	PC: 139f3 \| Write file or device (Write 5488 bytes on handle 6)
2018-12-17T22:06:15.655446707Z	62	PC: 13970 \| Close file
2018-12-17T22:06:15.657128196Z	62	PC: 13970 \| Close file
2018-12-17T22:06:15.666132214Z	64	PC: 135e8 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:06:15.670515151Z	26	PC: 13139 \| Set disk transfer address
2018-12-17T22:06:15.671454517Z	79	PC: 1313e \| Find next file
2018-12-17T22:06:15.675126728Z	64	PC: 135e8 \| Write file or device (Write 11 bytes on handle 1)
2018-12-17T22:06:15.681339539Z	48	PC: 13a6e \| Get DOS version
2018-12-17T22:06:15.683465651Z	61	PC: 13920 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:06:15.690823559Z	61	PC: 13920 \| Open file (Filename = '\PHANG.COM')
2018-12-17T22:06:15.697352946Z	64	PC: 135e8 \| Write file or device (Write 4 bytes on handle 1)
2018-12-17T22:06:15.700990009Z	64	PC: 135e8 \| Write file or device (Write 12 bytes on handle 1)
2018-12-17T22:06:15.709670485Z	63	PC: 139f3 \| Read file or device (Read 25 bytes on handle 5)
2018-12-17T22:06:15.712754706Z	63	PC: 139f3 \| Read file or device (Read 25 bytes on handle 6)
2018-12-17T22:06:15.719451613Z	64	PC: 135e8 \| Write file or device (Write 20 bytes on handle 1)
2018-12-17T22:06:15.722803516Z	62	PC: 13970 \| Close file
2018-12-17T22:06:15.724123342Z	62	PC: 13970 \| Close file
2018-12-17T22:06:15.737855158Z	64	PC: 135e8 \| Write file or device (Write 16 bytes on handle 1)
2018-12-17T22:06:15.743078659Z	48	PC: 13a6e \| Get DOS version
2018-12-17T22:06:15.744570288Z	61	PC: 13920 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:06:15.751377442Z	64	PC: 135e8 \| Write file or device (Write 12 bytes on handle 1)
2018-12-17T22:06:15.757442082Z	61	PC: 13920 \| Open file (Filename = '\PHANG.COM')
2018-12-17T22:06:15.763791054Z	63	PC: 139f3 \| Read file or device (Read 5488 bytes on handle 5)
2018-12-17T22:06:15.771168064Z	64	PC: 139f3 \| Write file or device (Write 5488 bytes on handle 6)
2018-12-17T22:06:15.787506202Z	62	PC: 13970 \| Close file
2018-12-17T22:06:15.789581718Z	62	PC: 13970 \| Close file
2018-12-17T22:06:15.798128734Z	64	PC: 135e8 \| Write file or device (Write 34 bytes on handle 1)
2018-12-17T22:06:15.805268968Z	64	PC: 135e8 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:06:15.807424021Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:06:15.809103016Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:06:15.811737209Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:06:15.813259405Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:06:15.815247427Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:06:15.817842146Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:06:15.819718662Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:06:15.820840876Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:06:15.823154964Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:06:15.824263434Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:06:15.825540042Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:06:15.82792643Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:06:15.829206803Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:06:15.830451236Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:06:15.832570837Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:06:15.833590039Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:06:15.834579637Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:06:15.83647141Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:06:15.837510926Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:06:15.838515825Z	76	PC: 13360 \| Terminate with return code (Return code = '0')