Sample viewer

vx.netlux.org/Virus.DOS.HLLC.Glenn.7568

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:13:20.356855791Z 53 PC: 1397a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:13:20.362439015Z 53 PC: 1397a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:13:20.363611557Z 53 PC: 1397a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:13:20.364712185Z 53 PC: 1397a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:13:20.366736672Z 53 PC: 1397a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:13:20.367894001Z 53 PC: 1397a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:13:20.368993846Z 53 PC: 1397a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:13:20.370818521Z 53 PC: 1397a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:13:20.372139662Z 53 PC: 1397a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:13:20.373251755Z 53 PC: 1397a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:13:20.374513236Z 53 PC: 1397a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:13:20.376889381Z 53 PC: 1397a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:13:20.378341586Z 53 PC: 1397a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:13:20.379705198Z 53 PC: 1397a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:13:20.381377198Z 53 PC: 1397a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:13:20.382481793Z 53 PC: 1397a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:13:20.383554545Z 53 PC: 1397a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:13:20.389232159Z 53 PC: 1397a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:13:20.415577596Z 53 PC: 1397a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:13:20.417187825Z 37 PC: 1398f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:13:20.420014457Z 37 PC: 13997 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:13:20.421550042Z 37 PC: 1399f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:13:20.423021383Z 37 PC: 139a7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:13:20.427193239Z 68 PC: 144dc | I/O control for devices (Set for = 'R�J�ӻ')
2018-12-17T22:13:20.481300679Z 37 PC: 133a1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:13:20.483325091Z 42 PC: 13097 | Get date 0x13097: xor ah, ah
0x13099: les di, ptr [bp + 6]
0x1309c: stosw word ptr es:[di], ax
0x1309d: mov al, dl
0x1309f: les di, ptr [bp + 0xa]
0x130a2: stosw word ptr es:[di], ax
0x130a3: mov al, dh
0x130a5: les di, ptr [bp + 0xe]
0x130a8: stosw word ptr es:[di], ax
0x130a9: xchg ax, cx
0x130aa: les di, ptr [bp + 0x12]
0x130ad: stosw word ptr es:[di], ax
0x130ae: pop bp
0x130af: retf 0x10
0x130b2: push bp
0x130b3: mov bp, sp
0x130b5: mov cx, word ptr [bp + 0xa]
0x130b8: mov dh, byte ptr [bp + 8]
0x130bb: mov dl, byte ptr [bp + 6]
0x130be: mov ah, 0x2b
2018-12-17T22:13:20.486408265Z 26 PC: 13169 | Set disk transfer address
2018-12-17T22:13:20.487616076Z 78 PC: 13175 | Find first file
2018-12-17T22:13:20.494333981Z 26 PC: 13169 | Set disk transfer address
2018-12-17T22:13:20.503187607Z 78 PC: 13175 | Find first file
2018-12-17T22:13:20.509021477Z 48 PC: 14202 | Get DOS version
2018-12-17T22:13:20.51071469Z 61 PC: 14040 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:13:20.517855164Z 60 PC: 14040 | Create or truncate file
2018-12-17T22:13:20.535760875Z 63 PC: 14113 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:13:20.542445744Z 64 PC: 14113 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:13:20.549929284Z 63 PC: 14113 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:13:20.558086837Z 64 PC: 14113 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:13:20.566533103Z 63 PC: 14113 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:13:20.575901915Z 64 PC: 14113 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:13:20.583980964Z 63 PC: 14113 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:13:20.590983122Z 64 PC: 14113 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:13:20.602319716Z 63 PC: 14113 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:13:20.610354769Z 64 PC: 14113 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:13:20.618879459Z 63 PC: 14113 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:13:20.62646173Z 64 PC: 14113 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:13:20.63604196Z 63 PC: 14113 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:13:20.643659529Z 64 PC: 14113 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:13:20.651790381Z 63 PC: 14113 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:13:20.660363512Z 64 PC: 14113 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:13:20.670162174Z 63 PC: 14113 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:13:20.676980235Z 64 PC: 14113 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:13:20.686250629Z 63 PC: 14113 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:13:20.695850548Z 64 PC: 14113 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:13:20.704893375Z 63 PC: 14113 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:13:20.712472389Z 64 PC: 14113 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:13:20.720319289Z 63 PC: 14113 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:13:20.728145161Z 64 PC: 14113 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:13:20.737131262Z 63 PC: 14113 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:13:20.744563969Z 64 PC: 14113 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:13:20.753232785Z 63 PC: 14113 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:13:20.761249986Z 64 PC: 14113 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:13:20.768913397Z 63 PC: 14113 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:13:20.771976653Z 64 PC: 14113 | Write file or device (Write 400 bytes on handle 6)
2018-12-17T22:13:20.776510032Z 63 PC: 14113 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:13:20.778882708Z 62 PC: 14090 | Close file
2018-12-17T22:13:20.780958585Z 62 PC: 14090 | Close file
2018-12-17T22:13:20.789770578Z 67 PC: 13138 | Get or set file attributes
2018-12-17T22:13:20.799911819Z 48 PC: 14202 | Get DOS version
2018-12-17T22:13:20.801907198Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:13:20.803501831Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:13:20.805656252Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:13:20.807045302Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:13:20.808404725Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:13:20.810705502Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:13:20.812024864Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:13:20.813404428Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:13:20.81565799Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:13:20.817052217Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:13:20.81837735Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:13:20.820604595Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:13:20.822656155Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:13:20.823975464Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:13:20.826104117Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:13:20.827778371Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:13:20.829055582Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:13:20.831064747Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:13:20.832645874Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:13:20.833969605Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:13:20.835933132Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:13:20.837549242Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:13:20.838818366Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:13:20.840774339Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:13:20.842205585Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:13:20.843265586Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:13:20.844394577Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:13:20.845942097Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:13:20.846997856Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:13:20.848070461Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:13:20.849692473Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:13:20.850773394Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:13:20.851806884Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:13:20.853806524Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:13:20.854848948Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:13:20.855905263Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:13:20.857938762Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:13:20.859015491Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:13:20.860213502Z 41 PC: 1328f | Parse filename
2018-12-17T22:13:20.862827856Z 41 PC: 1329d | Parse filename
2018-12-17T22:13:20.864162407Z 75 PC: 132a8 | Execute program
2018-12-17T22:13:20.869221493Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:13:20.871684251Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:13:20.873226727Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:13:20.874810562Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:13:20.87719167Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:13:20.878666792Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:13:20.880191183Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:13:20.882624471Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:13:20.884172286Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:13:20.885520293Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:13:20.88779367Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:13:20.889257106Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:13:20.890650774Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:13:20.892346318Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:13:20.894528801Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:13:20.895994666Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:13:20.897429715Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:13:20.900027767Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:13:20.901463908Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:13:20.902925798Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:13:20.905310724Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:13:20.906852226Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:13:20.908784844Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:13:20.910946441Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:13:20.912465725Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:13:20.914011929Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:13:20.916424798Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:13:20.917853927Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:13:20.919209027Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:13:20.921869339Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:13:20.923288022Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:13:20.924731491Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:13:20.926789956Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:13:20.928309333Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:13:20.929821612Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:13:20.931838734Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:13:20.933315472Z 53 PC: 132d8 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:13:20.934888403Z 37 PC: 132e1 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:13:20.937992475Z 77 PC: 132c6 | Get program return code
2018-12-17T22:13:20.939856551Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:13:20.941401138Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:13:20.943641282Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:13:20.945164906Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:13:20.946671519Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:13:20.949023114Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:13:20.950519262Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:13:20.951991088Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:13:20.954463146Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:13:20.955940899Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:13:20.957425524Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:13:20.959821834Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:13:20.961751568Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:13:20.963279035Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:13:20.965383796Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:13:20.970013102Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:13:20.971470352Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:13:20.973985723Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:13:20.975382545Z 37 PC: 13ad1 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:13:20.976762514Z 76 PC: 13b10 | Terminate with return code (Return code = '0')