Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Merlin.5870

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:10:20.829566504Z 53 PC: 13ca4 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:10:20.831383097Z 53 PC: 13d14 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:10:20.832902398Z 53 PC: 13d67 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:10:20.835530858Z 53 PC: 13ee4 | Get interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T22:10:20.837267379Z 53 PC: 13ef3 | Get interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T22:10:20.838267774Z 37 PC: 13f06 | Set interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T22:10:20.839139776Z 37 PC: 13f0f | Set interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T22:10:20.853212615Z 98 PC: 13f2d | Get current PSP
2018-12-17T22:10:20.856393585Z 53 PC: 1670a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:10:20.857503489Z 53 PC: 1670a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:10:20.873373344Z 53 PC: 1670a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:10:20.874441778Z 53 PC: 1670a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:10:20.875500223Z 53 PC: 1670a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:10:20.883658604Z 53 PC: 1670a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:10:20.884892332Z 53 PC: 1670a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:10:20.886044213Z 53 PC: 1670a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:10:20.887294521Z 53 PC: 1670a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:10:20.893635614Z 53 PC: 1670a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:10:20.894736809Z 53 PC: 1670a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:10:20.895770689Z 53 PC: 1670a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:10:20.903317252Z 53 PC: 1670a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:10:20.904453518Z 53 PC: 1670a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:10:20.90559695Z 53 PC: 1670a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:10:20.907606117Z 53 PC: 1670a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:10:20.909167378Z 53 PC: 1670a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:10:20.910711995Z 53 PC: 1670a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:10:20.913183568Z 53 PC: 1670a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:10:20.914785919Z 37 PC: 1671f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:10:20.916303742Z 37 PC: 16727 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:10:20.933570384Z 37 PC: 1672f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:10:20.934707696Z 37 PC: 16737 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:10:20.936127758Z 68 PC: 17399 | I/O control for devices (Set for = '��W&�.�>Y�&�&�eP.�h�&�EX<u &�U&�M�Z<u&�U�P<t�<t�<u&�U�><u.�b�@&�E&�]�+&�u&�MP&�Gt�� &�Gt��X&�Gt��')
2018-12-17T22:10:20.938396365Z 44 PC: 16366 | Get time 0x16366: mov word ptr cs:[0xcb6], cx
0x1636b: mov word ptr cs:[0xcb9], dx
0x16370: ret
0x16371: push bx
0x16372: push cx
0x16373: push dx
0x16374: push ax
0x16375: mov ax, 0
0x16378: mov bx, 0
0x1637b: mov cx, ax
0x1637d: mov dx, 0x8405
0x16380: mul dx
0x16382: shl cx, 3
0x16385: add ch, cl
0x16387: add dx, cx
0x16389: add dx, bx
0x1638b: shl bx, 2
0x1638e: add dx, bx
0x16390: add dh, bl
0x16392: mov cl, 5
2018-12-17T22:10:20.940883188Z 61 PC: 16e61 | Open file (Filename = 'c:\mirc\mirc.ini')
2018-12-17T22:10:20.94740598Z 61 PC: 16e61 | Open file (Filename = 'c:\progra~1\mirc\mirc.ini')
2018-12-17T22:10:20.953670102Z 60 PC: 16e61 | Create or truncate file
2018-12-17T22:10:21.761435653Z 62 PC: 16eb1 | Close file
2018-12-17T22:10:21.764264425Z 65 PC: 16faa | Delete file (Filename = '�')
2018-12-17T22:10:21.776235307Z 26 PC: 16575 | Set disk transfer address
2018-12-17T22:10:21.778239782Z 78 PC: 16581 | Find first file
2018-12-17T22:10:21.784744633Z 61 PC: 16e61 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:10:21.792085444Z 66 PC: 17498 | Move file pointer
2018-12-17T22:10:21.793437799Z 66 PC: 174a6 | Move file pointer
2018-12-17T22:10:21.794746138Z 66 PC: 174b4 | Move file pointer
2018-12-17T22:10:21.796790471Z 66 PC: 17498 | Move file pointer
2018-12-17T22:10:21.798130449Z 66 PC: 174a6 | Move file pointer
2018-12-17T22:10:21.799345485Z 66 PC: 174b4 | Move file pointer
2018-12-17T22:10:21.801016232Z 63 PC: 16f34 | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:10:21.803567951Z 62 PC: 16eb1 | Close file
2018-12-17T22:10:21.805275496Z 26 PC: 16599 | Set disk transfer address
2018-12-17T22:10:21.807608958Z 79 PC: 1659e | Find next file
2018-12-17T22:10:21.810420467Z 61 PC: 16e61 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:10:21.816350564Z 66 PC: 17498 | Move file pointer
2018-12-17T22:10:21.818127684Z 66 PC: 174a6 | Move file pointer
2018-12-17T22:10:21.819332988Z 66 PC: 174b4 | Move file pointer
2018-12-17T22:10:21.820765579Z 66 PC: 17498 | Move file pointer
2018-12-17T22:10:21.822692102Z 66 PC: 174a6 | Move file pointer
2018-12-17T22:10:21.823948146Z 66 PC: 174b4 | Move file pointer
2018-12-17T22:10:21.825349704Z 63 PC: 16f34 | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:10:21.82824466Z 66 PC: 17498 | Move file pointer
2018-12-17T22:10:21.829495825Z 66 PC: 174a6 | Move file pointer
2018-12-17T22:10:21.830736337Z 66 PC: 174b4 | Move file pointer
2018-12-17T22:10:21.833453179Z 66 PC: 17498 | Move file pointer
2018-12-17T22:10:21.834676287Z 66 PC: 174a6 | Move file pointer
2018-12-17T22:10:21.836071466Z 66 PC: 174b4 | Move file pointer
2018-12-17T22:10:21.837590301Z 66 PC: 17498 | Move file pointer
2018-12-17T22:10:21.839084603Z 66 PC: 174a6 | Move file pointer
2018-12-17T22:10:21.840238679Z 66 PC: 174b4 | Move file pointer
2018-12-17T22:10:21.841858412Z 62 PC: 16eb1 | Close file
2018-12-17T22:10:21.844144024Z 64 PC: 16b28 | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:10:21.845782548Z 37 PC: 16861 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:10:21.84685462Z 37 PC: 16861 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:10:21.848335626Z 37 PC: 16861 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:10:21.849344689Z 37 PC: 16861 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:10:21.850471015Z 37 PC: 16861 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:10:21.851958275Z 37 PC: 16861 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:10:21.853022355Z 37 PC: 16861 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:10:21.854126939Z 37 PC: 16861 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:10:21.856025425Z 37 PC: 16861 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:10:21.856977479Z 37 PC: 16861 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:10:21.858366011Z 37 PC: 16861 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:10:21.860199571Z 37 PC: 16861 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:10:21.861650868Z 37 PC: 16861 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:10:21.864199176Z 37 PC: 16861 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:10:21.865670259Z 37 PC: 16861 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:10:21.867084354Z 37 PC: 16861 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:10:21.868502228Z 37 PC: 16861 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:10:21.870532615Z 37 PC: 16861 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:10:21.871535625Z 37 PC: 16861 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:10:21.872677275Z 37 PC: 13f85 | Set interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T22:10:21.874396707Z 37 PC: 13f8f | Set interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T22:10:21.875676591Z 98 PC: 13f93 | Get current PSP
2018-12-17T22:10:21.876715702Z 26 PC: 13f9e | Set disk transfer address
2018-12-17T22:10:21.878586036Z 9 PC: 12a5c | Display string (Could not find end pointer)
2018-12-17T22:10:21.883799058Z 76 PC: 12a61 | Terminate with return code (Return code = '0')