Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Globe.5150

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:15:55.059567566Z 53 PC: 13706 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:15:55.065242365Z 53 PC: 13706 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:15:55.074092005Z 53 PC: 13706 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:15:55.075602892Z 53 PC: 13706 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:15:55.077815522Z 53 PC: 13706 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:15:55.079189088Z 53 PC: 13706 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:15:55.080439697Z 53 PC: 13706 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:15:55.083097351Z 53 PC: 13706 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:15:55.084549069Z 53 PC: 13706 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:15:55.085978986Z 53 PC: 13706 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:15:55.088176076Z 53 PC: 13706 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:15:55.089479667Z 53 PC: 13706 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:15:55.09100191Z 53 PC: 13706 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:15:55.093943689Z 53 PC: 13706 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:15:55.095406192Z 53 PC: 13706 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:15:55.096713837Z 53 PC: 13706 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:15:55.099263296Z 53 PC: 13706 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:15:55.100710249Z 53 PC: 13706 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:15:55.102230723Z 37 PC: 1371b | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:15:55.104098175Z 37 PC: 13723 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:15:55.105604381Z 37 PC: 1372b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:15:55.106749265Z 37 PC: 13733 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:15:55.117229479Z 68 PC: 13d1e | I/O control for devices (Set for = '')
2018-12-17T22:15:55.118761228Z 48 PC: 14092 | Get DOS version
2018-12-17T22:15:55.121629153Z 26 PC: 1352d | Set disk transfer address
2018-12-17T22:15:55.12349889Z 78 PC: 13539 | Find first file
2018-12-17T22:15:55.130090543Z 26 PC: 13551 | Set disk transfer address
2018-12-17T22:15:55.131478431Z 79 PC: 13556 | Find next file
2018-12-17T22:15:55.136320908Z 26 PC: 13551 | Set disk transfer address
2018-12-17T22:15:55.13792214Z 79 PC: 13556 | Find next file
2018-12-17T22:15:55.141278491Z 26 PC: 13551 | Set disk transfer address
2018-12-17T22:15:55.143181232Z 79 PC: 13556 | Find next file
2018-12-17T22:15:55.1468995Z 26 PC: 13551 | Set disk transfer address
2018-12-17T22:15:55.148483356Z 79 PC: 13556 | Find next file
2018-12-17T22:15:55.151768308Z 26 PC: 13551 | Set disk transfer address
2018-12-17T22:15:55.152942726Z 79 PC: 13556 | Find next file
2018-12-17T22:15:55.155764623Z 26 PC: 13551 | Set disk transfer address
2018-12-17T22:15:55.15796874Z 79 PC: 13556 | Find next file
2018-12-17T22:15:55.161347619Z 26 PC: 13551 | Set disk transfer address
2018-12-17T22:15:55.162585818Z 79 PC: 13556 | Find next file
2018-12-17T22:15:55.165623455Z 26 PC: 13551 | Set disk transfer address
2018-12-17T22:15:55.167252921Z 79 PC: 13556 | Find next file
2018-12-17T22:15:55.170979193Z 61 PC: 13eb8 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:15:55.178619559Z 66 PC: 14054 | Move file pointer
2018-12-17T22:15:55.180802672Z 66 PC: 14062 | Move file pointer
2018-12-17T22:15:55.182313056Z 66 PC: 14070 | Move file pointer
2018-12-17T22:15:55.184134383Z 66 PC: 13fea | Move file pointer
2018-12-17T22:15:55.186833498Z 63 PC: 13f8b | Read file or device (Read 5120 bytes on handle 5)
2018-12-17T22:15:55.194809938Z 62 PC: 13f08 | Close file
2018-12-17T22:15:55.197443094Z 26 PC: 13551 | Set disk transfer address
2018-12-17T22:15:55.199618312Z 79 PC: 13556 | Find next file
2018-12-17T22:15:55.203369694Z 26 PC: 1352d | Set disk transfer address
2018-12-17T22:15:55.204751271Z 78 PC: 13539 | Find first file
2018-12-17T22:15:55.215228902Z 61 PC: 13eb8 | Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T22:15:55.223088556Z 66 PC: 14054 | Move file pointer
2018-12-17T22:15:55.22481335Z 66 PC: 14062 | Move file pointer
2018-12-17T22:15:55.22719503Z 66 PC: 14070 | Move file pointer
2018-12-17T22:15:55.229061315Z 66 PC: 13fea | Move file pointer
2018-12-17T22:15:55.231300554Z 63 PC: 13f8b | Read file or device (Read 5120 bytes on handle 5)
2018-12-17T22:15:55.239214334Z 62 PC: 13f08 | Close file
2018-12-17T22:15:55.242209446Z 61 PC: 13eb8 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:15:55.249097329Z 87 PC: 134d0 | Get or set file date and time
2018-12-17T22:15:55.252100444Z 61 PC: 13eb8 | Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T22:15:55.259858318Z 63 PC: 13f8b | Read file or device (Read 5120 bytes on handle 6)
2018-12-17T22:15:55.26646911Z 66 PC: 14054 | Move file pointer
2018-12-17T22:15:55.269597042Z 66 PC: 14062 | Move file pointer
2018-12-17T22:15:55.271343989Z 66 PC: 14070 | Move file pointer
2018-12-17T22:15:55.273272413Z 66 PC: 13fea | Move file pointer
2018-12-17T22:15:55.276004745Z 64 PC: 13f8b | Write file or device (Write 5120 bytes on handle 6)
2018-12-17T22:15:55.620233104Z 66 PC: 13fea | Move file pointer
2018-12-17T22:15:55.621969877Z 63 PC: 13f8b | Read file or device (Read 5120 bytes on handle 5)
2018-12-17T22:15:55.62963666Z 66 PC: 13fea | Move file pointer
2018-12-17T22:15:55.6317969Z 64 PC: 13f8b | Write file or device (Write 5120 bytes on handle 6)
2018-12-17T22:15:55.663861012Z 66 PC: 14054 | Move file pointer
2018-12-17T22:15:55.67433677Z 66 PC: 14062 | Move file pointer
2018-12-17T22:15:55.676411285Z 66 PC: 14070 | Move file pointer
2018-12-17T22:15:55.678232427Z 66 PC: 13fea | Move file pointer
2018-12-17T22:15:55.68075055Z 64 PC: 13f8b | Write file or device (Write 30 bytes on handle 6)
2018-12-17T22:15:55.684404015Z 87 PC: 134fd | Get or set file date and time
2018-12-17T22:15:55.686270754Z 62 PC: 13f08 | Close file
2018-12-17T22:15:55.708671668Z 87 PC: 134fd | Get or set file date and time
2018-12-17T22:15:55.713344808Z 62 PC: 13f08 | Close file
2018-12-17T22:15:55.739872817Z 61 PC: 13eb8 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:15:55.747002222Z 87 PC: 134d0 | Get or set file date and time
2018-12-17T22:15:55.749000638Z 66 PC: 13fea | Move file pointer
2018-12-17T22:15:55.750869196Z 63 PC: 13f8b | Read file or device (Read 5120 bytes on handle 5)
2018-12-17T22:15:55.758563279Z 66 PC: 14054 | Move file pointer
2018-12-17T22:15:55.760314401Z 66 PC: 14062 | Move file pointer
2018-12-17T22:15:55.762715411Z 66 PC: 14070 | Move file pointer
2018-12-17T22:15:55.765977372Z 66 PC: 13fea | Move file pointer
2018-12-17T22:15:55.768841841Z 63 PC: 13f8b | Read file or device (Read 5120 bytes on handle 5)
2018-12-17T22:15:55.782570875Z 66 PC: 13fea | Move file pointer
2018-12-17T22:15:55.786050455Z 64 PC: 13f8b | Write file or device (Write 5120 bytes on handle 5)
2018-12-17T22:15:55.798317823Z 66 PC: 14054 | Move file pointer
2018-12-17T22:15:55.800300592Z 66 PC: 14062 | Move file pointer
2018-12-17T22:15:55.803338183Z 66 PC: 14070 | Move file pointer
2018-12-17T22:15:55.805873516Z 66 PC: 13fea | Move file pointer
2018-12-17T22:15:55.809188928Z 64 PC: 13f8b | Write file or device (Write 5120 bytes on handle 5)
2018-12-17T22:15:55.823838333Z 87 PC: 134fd | Get or set file date and time
2018-12-17T22:15:55.825933913Z 62 PC: 13f08 | Close file
2018-12-17T22:15:55.833626069Z 42 PC: 13457 | Get date 0x13457: xor ah, ah
0x13459: les di, ptr [bp + 6]
0x1345c: stosw word ptr es:[di], ax
0x1345d: mov al, dl
0x1345f: les di, ptr [bp + 0xa]
0x13462: stosw word ptr es:[di], ax
0x13463: mov al, dh
0x13465: les di, ptr [bp + 0xe]
0x13468: stosw word ptr es:[di], ax
0x13469: xchg ax, cx
0x1346a: les di, ptr [bp + 0x12]
0x1346d: stosw word ptr es:[di], ax
0x1346e: pop bp
0x1346f: retf 0x10
0x13472: push bp
0x13473: mov bp, sp
0x13475: mov cx, word ptr [bp + 0xa]
0x13478: mov dh, byte ptr [bp + 8]
0x1347b: mov dl, byte ptr [bp + 6]
0x1347e: mov ah, 0x2b
2018-12-17T22:15:55.83608736Z 44 PC: 1348d | Get time 0x1348d: xor ah, ah
0x1348f: mov al, dl
0x13491: les di, ptr [bp + 6]
0x13494: stosw word ptr es:[di], ax
0x13495: mov al, dh
0x13497: les di, ptr [bp + 0xa]
0x1349a: stosw word ptr es:[di], ax
0x1349b: mov al, cl
0x1349d: les di, ptr [bp + 0xe]
0x134a0: stosw word ptr es:[di], ax
0x134a1: mov al, ch
0x134a3: les di, ptr [bp + 0x12]
0x134a6: stosw word ptr es:[di], ax
0x134a7: pop bp
0x134a8: retf 0x10
0x134ab: push bp
0x134ac: mov bp, sp
0x134ae: mov ch, byte ptr [bp + 0xc]
0x134b1: mov cl, byte ptr [bp + 0xa]
0x134b4: mov dh, byte ptr [bp + 8]
2018-12-17T22:15:55.840047775Z 48 PC: 14092 | Get DOS version
2018-12-17T22:15:55.842199706Z 41 PC: 1360f | Parse filename
2018-12-17T22:15:55.843807904Z 41 PC: 1361d | Parse filename
2018-12-17T22:15:55.846364585Z 75 PC: 13628 | Execute program
2018-12-17T22:15:55.86690789Z 80 PC: 1bf39 | Set current PSP
2018-12-17T22:15:55.868063139Z 48 PC: 1bf3e | Get DOS version
2018-12-17T22:15:55.870421634Z 99 PC: 22720 | Get DBCS lead byte table pointer
2018-12-17T22:15:55.873371101Z 101 PC: 1bfc4 | Get extended country info
2018-12-17T22:15:55.875061437Z 99 PC: 1bfca | Get DBCS lead byte table pointer
2018-12-17T22:15:55.877446638Z 74 PC: 1c02c | Reallocate memory
2018-12-17T22:15:55.879155768Z 25 PC: 1c063 | Get default drive
2018-12-17T22:15:55.880595805Z 37 PC: 1bb23 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:15:55.882637216Z 37 PC: 1bb2a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:15:55.884058362Z 37 PC: 1bb31 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:15:55.888594141Z 74 PC: 1accc | Reallocate memory
2018-12-17T22:15:55.8911227Z 72 PC: 1ad0d | Allocate memory
2018-12-17T22:15:55.893135594Z 72 PC: 1ad45 | Allocate memory
2018-12-17T22:15:55.895855125Z 72 PC: 1ad4d | Allocate memory