Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Enigma.6406

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:13:27.568263361Z 53 PC: 1383a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:13:27.570534718Z 53 PC: 1383a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:13:27.5717743Z 53 PC: 1383a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:13:27.573020651Z 53 PC: 1383a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:13:27.575247795Z 53 PC: 1383a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:13:27.57649066Z 53 PC: 1383a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:13:27.577703903Z 53 PC: 1383a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:13:27.580084626Z 53 PC: 1383a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:13:27.581271671Z 53 PC: 1383a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:13:27.582576459Z 53 PC: 1383a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:13:27.584200072Z 53 PC: 1383a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:13:27.586353592Z 53 PC: 1383a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:13:27.587751602Z 53 PC: 1383a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:13:27.589432855Z 53 PC: 1383a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:13:27.591620504Z 53 PC: 1383a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:13:27.59293658Z 53 PC: 1383a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:13:27.594325121Z 53 PC: 1383a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:13:27.596211738Z 53 PC: 1383a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:13:27.597443279Z 53 PC: 1383a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:13:27.598611085Z 37 PC: 1384f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:13:27.600404013Z 37 PC: 13857 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:13:27.60155722Z 37 PC: 1385f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:13:27.602765055Z 37 PC: 13867 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:13:27.606313659Z 68 PC: 140ca | I/O control for devices (Set for = '')
2018-12-17T22:13:27.651920517Z 37 PC: 13061 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:13:27.653822762Z 48 PC: 13df0 | Get DOS version
2018-12-17T22:13:27.656153Z 48 PC: 13df0 | Get DOS version
2018-12-17T22:13:27.66129409Z 61 PC: 13ca2 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:13:27.66569185Z 63 PC: 13d75 | Read file or device (Read 6400 bytes on handle 5)
2018-12-17T22:13:27.670733908Z 62 PC: 13cf2 | Close file
2018-12-17T22:13:27.67240033Z 26 PC: 13647 | Set disk transfer address
2018-12-17T22:13:27.673326142Z 78 PC: 13653 | Find first file
2018-12-17T22:13:27.678134485Z 26 PC: 1366b | Set disk transfer address
2018-12-17T22:13:27.67911561Z 79 PC: 13670 | Find next file
2018-12-17T22:13:27.681273913Z 48 PC: 13df0 | Get DOS version
2018-12-17T22:13:27.682817487Z 26 PC: 13647 | Set disk transfer address
2018-12-17T22:13:27.683975765Z 78 PC: 13653 | Find first file
2018-12-17T22:13:27.689874748Z 48 PC: 13df0 | Get DOS version
2018-12-17T22:13:27.6984133Z 67 PC: 13616 | Get or set file attributes
2018-12-17T22:13:27.84189277Z 61 PC: 13ca2 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:13:27.84868109Z 66 PC: 13dd4 | Move file pointer
2018-12-17T22:13:27.851467634Z 63 PC: 13d75 | Read file or device (Read 6400 bytes on handle 5)
2018-12-17T22:13:27.853382861Z 66 PC: 13dd4 | Move file pointer
2018-12-17T22:13:27.854794896Z 64 PC: 13cd3 | Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:13:27.85660736Z 66 PC: 13dd4 | Move file pointer
2018-12-17T22:13:27.858593213Z 64 PC: 13d75 | Write file or device (Write 6400 bytes on handle 5)
2018-12-17T22:13:27.866649084Z 62 PC: 13cf2 | Close file
2018-12-17T22:13:27.875157247Z 53 PC: 137b6 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:13:27.877169598Z 37 PC: 137bf | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:13:27.878332901Z 53 PC: 137b6 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:13:27.879427285Z 37 PC: 137bf | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:13:27.881283831Z 53 PC: 137b6 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:13:27.882649526Z 37 PC: 137bf | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:13:27.88421267Z 53 PC: 137b6 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:13:27.885941406Z 37 PC: 137bf | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:13:27.887059512Z 53 PC: 137b6 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:13:27.888362597Z 37 PC: 137bf | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:13:27.890671623Z 53 PC: 137b6 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:13:27.892040837Z 37 PC: 137bf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:13:27.893422142Z 53 PC: 137b6 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:13:27.895795426Z 37 PC: 137bf | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:13:27.897229688Z 53 PC: 137b6 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:13:27.898725206Z 37 PC: 137bf | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:13:27.900954117Z 53 PC: 137b6 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:13:27.902407248Z 37 PC: 137bf | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:13:27.903762026Z 53 PC: 137b6 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:13:27.905928352Z 37 PC: 137bf | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:13:27.907678697Z 53 PC: 137b6 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:13:27.90911438Z 37 PC: 137bf | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:13:27.911196256Z 53 PC: 137b6 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:13:27.913115822Z 37 PC: 137bf | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:13:27.914499567Z 53 PC: 137b6 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:13:27.916488538Z 37 PC: 137bf | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:13:27.918419976Z 53 PC: 137b6 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:13:27.920025299Z 37 PC: 137bf | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:13:27.92144089Z 53 PC: 137b6 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:13:27.923545341Z 37 PC: 137bf | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:13:27.924562369Z 53 PC: 137b6 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:13:27.925608503Z 37 PC: 137bf | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:13:27.927214336Z 53 PC: 137b6 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:13:27.92837078Z 37 PC: 137bf | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:13:27.929466032Z 53 PC: 137b6 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:13:27.931239558Z 37 PC: 137bf | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:13:27.932416874Z 53 PC: 137b6 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:13:27.933727861Z 37 PC: 137bf | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:13:27.936421638Z 41 PC: 1376d | Parse filename
2018-12-17T22:13:27.93790111Z 41 PC: 1377b | Parse filename
2018-12-17T22:13:27.939211478Z 75 PC: 13786 | Execute program
2018-12-17T22:13:27.961370777Z 80 PC: 19d09 | Set current PSP
2018-12-17T22:13:27.962220658Z 48 PC: 19d0e | Get DOS version
2018-12-17T22:13:27.965024361Z 99 PC: 204f0 | Get DBCS lead byte table pointer
2018-12-17T22:13:27.967762858Z 101 PC: 19d94 | Get extended country info
2018-12-17T22:13:27.968762786Z 99 PC: 19d9a | Get DBCS lead byte table pointer
2018-12-17T22:13:27.969809502Z 74 PC: 19dfc | Reallocate memory
2018-12-17T22:13:27.971369242Z 25 PC: 19e33 | Get default drive
2018-12-17T22:13:27.972397673Z 37 PC: 198f3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:13:27.973380897Z 37 PC: 198fa | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:13:27.975231147Z 37 PC: 19901 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:13:27.978934645Z 74 PC: 18a9c | Reallocate memory
2018-12-17T22:13:27.980341621Z 72 PC: 18add | Allocate memory
2018-12-17T22:13:27.982372581Z 72 PC: 18b15 | Allocate memory
2018-12-17T22:13:27.983874299Z 72 PC: 18b1d | Allocate memory