Sample viewer

vx.netlux.org/Virus.DOS.HLLP.7840

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:11:41.993594749Z 53 PC: 1366a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:11:41.996408073Z 53 PC: 1366a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:11:41.999763449Z 53 PC: 1366a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:11:42.002032243Z 53 PC: 1366a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:11:42.004649554Z 53 PC: 1366a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:11:42.006044537Z 53 PC: 1366a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:11:42.007468269Z 53 PC: 1366a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:11:42.009418329Z 53 PC: 1366a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:11:42.010867811Z 53 PC: 1366a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:11:42.012259694Z 53 PC: 1366a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:11:42.014087954Z 53 PC: 1366a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:11:42.015215695Z 53 PC: 1366a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:11:42.01629564Z 53 PC: 1366a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:11:42.017582044Z 53 PC: 1366a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:11:42.018682778Z 53 PC: 1366a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:11:42.019686621Z 53 PC: 1366a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:11:42.020704137Z 53 PC: 1366a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:11:42.023462675Z 53 PC: 1366a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:11:42.024497657Z 53 PC: 1366a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:11:42.025662725Z 37 PC: 1367f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:11:42.027222394Z 37 PC: 13687 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:11:42.0284388Z 37 PC: 1368f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:11:42.029702375Z 37 PC: 13697 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:11:42.033053756Z 68 PC: 142f0 | I/O control for devices (Set for = 'w��ÿ7��')
2018-12-17T22:11:42.034949529Z 48 PC: 13ef2 | Get DOS version
2018-12-17T22:11:42.0367061Z 44 PC: 14427 | Get time 0x14427: mov word ptr [0x128], cx
0x1442b: mov word ptr [0x12a], dx
0x1442f: retf
0x14430: call 0x14477
0x14433: jb 0x14444
0x14435: mov cx, word ptr es:[di + 4]
0x14439: cmp cx, 1
0x1443c: je 0x14444
0x1443e: xor bx, bx
0x14440: push cs
0x14441: call 0x23fa4
0x14444: retf 4
0x14447: call 0x14477
0x1444a: jb 0x1445f
0x1444c: mov ax, cx
0x1444e: mov dx, bx
0x14450: mov cx, word ptr es:[di + 4]
0x14454: cmp cx, 1
0x14457: je 0x1445f
0x14459: xor bx, bx
2018-12-17T22:11:42.041260623Z 48 PC: 13ef2 | Get DOS version
2018-12-17T22:11:42.042790806Z 67 PC: 133ff | Get or set file attributes
2018-12-17T22:11:42.048664801Z 67 PC: 13426 | Get or set file attributes
2018-12-17T22:11:42.064870277Z 61 PC: 13d30 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:11:42.07279693Z 66 PC: 14491 | Move file pointer
2018-12-17T22:11:42.075038172Z 66 PC: 1449f | Move file pointer
2018-12-17T22:11:42.079158744Z 66 PC: 144ad | Move file pointer
2018-12-17T22:11:42.081176461Z 63 PC: 13e03 | Read file or device (Read 3090 bytes on handle 5)
2018-12-17T22:11:42.089509483Z 63 PC: 13e03 | Read file or device (Read 3090 bytes on handle 5)
2018-12-17T22:11:42.098005929Z 63 PC: 13e03 | Read file or device (Read 1660 bytes on handle 5)
2018-12-17T22:11:42.105821736Z 60 PC: 13d30 | Create or truncate file
2018-12-17T22:11:42.117153017Z 63 PC: 13e03 | Read file or device (Read 3090 bytes on handle 5)
2018-12-17T22:11:42.125898781Z 64 PC: 13e03 | Write file or device (Write 3090 bytes on handle 6)
2018-12-17T22:11:42.136025242Z 63 PC: 13e03 | Read file or device (Read 3090 bytes on handle 5)
2018-12-17T22:11:42.144752714Z 64 PC: 13e03 | Write file or device (Write 2030 bytes on handle 6)
2018-12-17T22:11:42.153034676Z 63 PC: 13e03 | Read file or device (Read 3090 bytes on handle 5)
2018-12-17T22:11:42.156218147Z 62 PC: 13d80 | Close file
2018-12-17T22:11:42.158222592Z 62 PC: 13d80 | Close file
2018-12-17T22:11:42.166501339Z 86 PC: 13ebd | Rename file
2018-12-17T22:11:42.189821125Z 48 PC: 13ef2 | Get DOS version
2018-12-17T22:11:42.191694483Z 86 PC: 13ebd | Rename file
2018-12-17T22:11:42.206203798Z 48 PC: 13ef2 | Get DOS version
2018-12-17T22:11:42.20860239Z 41 PC: 135d1 | Parse filename
2018-12-17T22:11:42.210320474Z 41 PC: 135df | Parse filename
2018-12-17T22:11:42.212016848Z 75 PC: 135ea | Execute program
2018-12-17T22:11:42.228025276Z 9 PC: 15ecc | Display string (Could not find end pointer)
2018-12-17T22:11:42.234279169Z 76 PC: 15ed1 | Terminate with return code (Return code = '0')
2018-12-17T22:11:42.237524134Z 67 PC: 13426 | Get or set file attributes
2018-12-17T22:11:42.249642946Z 86 PC: 13ebd | Rename file
2018-12-17T22:11:42.261284524Z 60 PC: 13d30 | Create or truncate file
2018-12-17T22:11:42.275999863Z 62 PC: 13d80 | Close file
2018-12-17T22:11:42.278472358Z 65 PC: 13e79 | Delete file (Filename = 'A:\29415567.TMP')
2018-12-17T22:11:42.289176693Z 48 PC: 13ef2 | Get DOS version
2018-12-17T22:11:42.290873858Z 86 PC: 13ebd | Rename file
2018-12-17T22:11:42.30346764Z 26 PC: 1349d | Set disk transfer address
2018-12-17T22:11:42.305403476Z 78 PC: 134a9 | Find first file
2018-12-17T22:11:42.311787276Z 26 PC: 134c1 | Set disk transfer address
2018-12-17T22:11:42.314034464Z 79 PC: 134c6 | Find next file
2018-12-17T22:11:42.317600037Z 26 PC: 134c1 | Set disk transfer address
2018-12-17T22:11:42.319019563Z 79 PC: 134c6 | Find next file
2018-12-17T22:11:42.322803984Z 26 PC: 134c1 | Set disk transfer address
2018-12-17T22:11:42.324262331Z 79 PC: 134c6 | Find next file
2018-12-17T22:11:42.327039938Z 26 PC: 134c1 | Set disk transfer address
2018-12-17T22:11:42.329402388Z 79 PC: 134c6 | Find next file
2018-12-17T22:11:42.332525123Z 26 PC: 134c1 | Set disk transfer address
2018-12-17T22:11:42.333698876Z 79 PC: 134c6 | Find next file
2018-12-17T22:11:42.338237396Z 26 PC: 134c1 | Set disk transfer address
2018-12-17T22:11:42.339773596Z 79 PC: 134c6 | Find next file
2018-12-17T22:11:42.342852508Z 26 PC: 134c1 | Set disk transfer address
2018-12-17T22:11:42.344871148Z 79 PC: 134c6 | Find next file
2018-12-17T22:11:42.348301866Z 26 PC: 134c1 | Set disk transfer address
2018-12-17T22:11:42.349687938Z 79 PC: 134c6 | Find next file
2018-12-17T22:11:42.352974572Z 26 PC: 134c1 | Set disk transfer address
2018-12-17T22:11:42.354471229Z 79 PC: 134c6 | Find next file
2018-12-17T22:11:42.357324028Z 26 PC: 134c1 | Set disk transfer address
2018-12-17T22:11:42.358731128Z 79 PC: 134c6 | Find next file
2018-12-17T22:11:42.362449852Z 26 PC: 134c1 | Set disk transfer address
2018-12-17T22:11:42.363742344Z 79 PC: 134c6 | Find next file
2018-12-17T22:11:42.366889097Z 26 PC: 134c1 | Set disk transfer address
2018-12-17T22:11:42.36855014Z 79 PC: 134c6 | Find next file
2018-12-17T22:11:42.371411111Z 26 PC: 134c1 | Set disk transfer address
2018-12-17T22:11:42.372682099Z 79 PC: 134c6 | Find next file
2018-12-17T22:11:42.376769318Z 26 PC: 134c1 | Set disk transfer address
2018-12-17T22:11:42.377857957Z 79 PC: 134c6 | Find next file
2018-12-17T22:11:42.381382621Z 26 PC: 134c1 | Set disk transfer address
2018-12-17T22:11:42.383112806Z 79 PC: 134c6 | Find next file
2018-12-17T22:11:42.385987973Z 60 PC: 13d30 | Create or truncate file
2018-12-17T22:11:42.396781536Z 48 PC: 13ef2 | Get DOS version
2018-12-17T22:11:42.40469769Z 61 PC: 13d30 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:11:42.411666521Z 63 PC: 13e03 | Read file or device (Read 3300 bytes on handle 6)
2018-12-17T22:11:42.419868028Z 64 PC: 13e03 | Write file or device (Write 3300 bytes on handle 5)
2018-12-17T22:11:42.429329091Z 63 PC: 13e03 | Read file or device (Read 3300 bytes on handle 6)
2018-12-17T22:11:42.437012895Z 64 PC: 13e03 | Write file or device (Write 3300 bytes on handle 5)
2018-12-17T22:11:42.445865779Z 63 PC: 13e03 | Read file or device (Read 1240 bytes on handle 6)
2018-12-17T22:11:42.454311402Z 64 PC: 13e03 | Write file or device (Write 1240 bytes on handle 5)
2018-12-17T22:11:42.4651797Z 62 PC: 13d80 | Close file
2018-12-17T22:11:42.467331045Z 67 PC: 133ff | Get or set file attributes
2018-12-17T22:11:42.473725605Z 67 PC: 13426 | Get or set file attributes
2018-12-17T22:11:42.48479051Z 61 PC: 13d30 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:11:42.497265331Z 87 PC: 13440 | Get or set file date and time
2018-12-17T22:11:42.499753112Z 63 PC: 13e03 | Read file or device (Read 3300 bytes on handle 6)
2018-12-17T22:11:42.509297061Z 64 PC: 13e03 | Write file or device (Write 3300 bytes on handle 5)
2018-12-17T22:11:42.51835521Z 63 PC: 13e03 | Read file or device (Read 3300 bytes on handle 6)
2018-12-17T22:11:42.528383351Z 64 PC: 13e03 | Write file or device (Write 3300 bytes on handle 5)
2018-12-17T22:11:42.538026306Z 63 PC: 13e03 | Read file or device (Read 3300 bytes on handle 6)
2018-12-17T22:11:42.547036436Z 64 PC: 13e03 | Write file or device (Write 3300 bytes on handle 5)
2018-12-17T22:11:42.556844482Z 63 PC: 13e03 | Read file or device (Read 3300 bytes on handle 6)
2018-12-17T22:11:42.565716519Z 64 PC: 13e03 | Write file or device (Write 3060 bytes on handle 5)
2018-12-17T22:11:42.574718067Z 63 PC: 13e03 | Read file or device (Read 3300 bytes on handle 6)
2018-12-17T22:11:42.577909525Z 62 PC: 13d80 | Close file
2018-12-17T22:11:42.579962142Z 87 PC: 1346d | Get or set file date and time
2018-12-17T22:11:42.581846487Z 62 PC: 13d80 | Close file
2018-12-17T22:11:42.59051987Z 65 PC: 13e79 | Delete file (Filename = 'A:\TEST.EXE')
2018-12-17T22:11:42.602247084Z 86 PC: 13ebd | Rename file
2018-12-17T22:11:42.613716354Z 67 PC: 13426 | Get or set file attributes
2018-12-17T22:11:42.624760675Z 77 PC: 13608 | Get program return code
2018-12-17T22:11:42.626683708Z 64 PC: 13a88 | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:11:42.628602899Z 37 PC: 137c1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:11:42.631124352Z 37 PC: 137c1 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:11:42.632578675Z 37 PC: 137c1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:11:42.634026344Z 37 PC: 137c1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:11:42.636611332Z 37 PC: 137c1 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:11:42.643219299Z 37 PC: 137c1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:11:42.644653685Z 37 PC: 137c1 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:11:42.646602226Z 37 PC: 137c1 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:11:42.647997732Z 37 PC: 137c1 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:11:42.649150529Z 37 PC: 137c1 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:11:42.651785786Z 37 PC: 137c1 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:11:42.653269729Z 37 PC: 137c1 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:11:42.654744507Z 37 PC: 137c1 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:11:42.656582955Z 37 PC: 137c1 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:11:42.658349116Z 37 PC: 137c1 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:11:42.659613739Z 37 PC: 137c1 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:11:42.661798097Z 37 PC: 137c1 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:11:42.662877415Z 37 PC: 137c1 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:11:42.664077074Z 37 PC: 137c1 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:11:42.666159423Z 76 PC: 13800 | Terminate with return code (Return code = '0')