Sample viewer

vx.netlux.org/Virus.DOS.HLLP.6128.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:11:09.903615222Z	53	PC: 1304a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:11:09.905285879Z	53	PC: 1304a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:11:09.906504836Z	53	PC: 1304a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:11:09.907736914Z	53	PC: 1304a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:11:09.909373575Z	53	PC: 1304a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:11:09.910828604Z	53	PC: 1304a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:11:09.912257834Z	53	PC: 1304a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:11:09.914942199Z	53	PC: 1304a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:11:09.916037288Z	53	PC: 1304a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:11:09.917040098Z	53	PC: 1304a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:11:09.923070534Z	53	PC: 1304a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:11:09.924047059Z	53	PC: 1304a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:11:09.924884157Z	53	PC: 1304a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:11:09.92616321Z	53	PC: 1304a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:11:09.927008015Z	53	PC: 1304a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:11:09.927807285Z	53	PC: 1304a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:11:09.92901778Z	53	PC: 1304a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:11:09.929824319Z	53	PC: 1304a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:11:09.930568053Z	53	PC: 1304a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:11:09.931779479Z	37	PC: 1305f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:11:09.932604579Z	37	PC: 13067 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:11:09.933327405Z	37	PC: 1306f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:11:09.93459691Z	37	PC: 13077 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:11:09.935641823Z	68	PC: 13d1c \| I/O control for devices (Set for = '')
2018-12-17T22:11:09.936653453Z	26	PC: 12ef5 \| Set disk transfer address
2018-12-17T22:11:09.938274514Z	78	PC: 12f01 \| Find first file
2018-12-17T22:11:09.94216935Z	26	PC: 12f19 \| Set disk transfer address
2018-12-17T22:11:09.943077392Z	79	PC: 12f1e \| Find next file
2018-12-17T22:11:09.946616592Z	61	PC: 13770 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:11:09.951171739Z	63	PC: 13843 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:11:09.955134137Z	62	PC: 137c0 \| Close file
2018-12-17T22:11:09.957301927Z	48	PC: 13932 \| Get DOS version
2018-12-17T22:11:09.95843167Z	61	PC: 13770 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:11:09.962478992Z	63	PC: 13843 \| Read file or device (Read 6128 bytes on handle 5)
2018-12-17T22:11:09.967400787Z	62	PC: 137c0 \| Close file
2018-12-17T22:11:09.969521057Z	61	PC: 13770 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:11:09.973560234Z	66	PC: 13e1b \| Move file pointer
2018-12-17T22:11:09.975090483Z	66	PC: 13e29 \| Move file pointer
2018-12-17T22:11:09.976086378Z	66	PC: 13e37 \| Move file pointer
2018-12-17T22:11:09.977167969Z	63	PC: 13843 \| Read file or device (Read 27 bytes on handle 5)
2018-12-17T22:11:09.979193089Z	66	PC: 138a2 \| Move file pointer
2018-12-17T22:11:09.980837557Z	64	PC: 13843 \| Write file or device (Write 6128 bytes on handle 5)
2018-12-17T22:11:09.991197512Z	64	PC: 13843 \| Write file or device (Write 27 bytes on handle 5)
2018-12-17T22:11:09.997241255Z	62	PC: 137c0 \| Close file
2018-12-17T22:11:10.006063736Z	48	PC: 13932 \| Get DOS version
2018-12-17T22:11:10.007784701Z	61	PC: 13770 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:11:10.014817924Z	66	PC: 13e1b \| Move file pointer
2018-12-17T22:11:10.017071426Z	66	PC: 13e29 \| Move file pointer
2018-12-17T22:11:10.019230373Z	66	PC: 13e37 \| Move file pointer
2018-12-17T22:11:10.021020037Z	63	PC: 13843 \| Read file or device (Read 6128 bytes on handle 5)
2018-12-17T22:11:10.029843094Z	63	PC: 13843 \| Read file or device (Read 29696 bytes on handle 5)
2018-12-17T22:11:10.038845746Z	62	PC: 137c0 \| Close file
2018-12-17T22:11:10.041142892Z	60	PC: 13770 \| Create or truncate file
2018-12-17T22:11:10.052678793Z	64	PC: 13843 \| Write file or device (Write 29696 bytes on handle 5)
2018-12-17T22:11:10.062200417Z	62	PC: 137c0 \| Close file
2018-12-17T22:11:10.07073027Z	41	PC: 12fad \| Parse filename
2018-12-17T22:11:10.072764013Z	41	PC: 12fbb \| Parse filename
2018-12-17T22:11:10.074101636Z	75	PC: 12fc6 \| Execute program
2018-12-17T22:11:10.081978735Z	65	PC: 138b9 \| Delete file (Filename = 'temp.com')
2018-12-17T22:11:10.094388379Z	64	PC: 136cb \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:11:10.096037258Z	37	PC: 131a1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:11:10.097069923Z	37	PC: 131a1 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:11:10.099054319Z	37	PC: 131a1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:11:10.100140383Z	37	PC: 131a1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:11:10.101177675Z	37	PC: 131a1 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:11:10.103390166Z	37	PC: 131a1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:11:10.104403536Z	37	PC: 131a1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:11:10.105429873Z	37	PC: 131a1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:11:10.106976791Z	37	PC: 131a1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:11:10.108528731Z	37	PC: 131a1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:11:10.109500851Z	37	PC: 131a1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:11:10.111363542Z	37	PC: 131a1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:11:10.112469364Z	37	PC: 131a1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:11:10.113843403Z	37	PC: 131a1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:11:10.115684099Z	37	PC: 131a1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:11:10.117211333Z	37	PC: 131a1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:11:10.118676468Z	37	PC: 131a1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:11:10.120560785Z	37	PC: 131a1 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:11:10.12169464Z	37	PC: 131a1 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:11:10.12312874Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.125742282Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.127641733Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.129521535Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.132125785Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.134400366Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.1362521Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.138619149Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.141135197Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.144140366Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.147776903Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.150064477Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.152043949Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.154994587Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.157333464Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.159465857Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.162529935Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.164723255Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.167012202Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.169767307Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.17197051Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.174923231Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.177994854Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.180066961Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.182108982Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.185014473Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.187001095Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.188931436Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.191763415Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.193824882Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.195882554Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.198580321Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.20055138Z	6	PC: 13228 \| Direct console I/O
2018-12-17T22:11:10.204180489Z	76	PC: 131e0 \| Terminate with return code (Return code = '103')